Cyber attacks can negatively impact firm stock prices in the short term. Analyzing 3 datasets of cyber attacks on public companies from 2011-2016, the researchers found:
1) Stock prices dropped on average 0.63% on the day of the attack announcement and for 2 days after, with over 50% of attacks resulting in negative returns.
2) Company size and diversification were the most important factors determining the size of the stock price drop.
3) Machine learning models could predict short term stock price drops based on attack and company characteristics but were not highly accurate.
4) Long term impacts may include reduced profitability and increased costs rather than just stock price effects.
With malware attacks growing more sophisticated, swift, and dangerous by the day — and billions of dollars spent to combat them — surprisingly few organizations have a grip on the problem. Only 20 percent of security professionals surveyed by Information Security Media Group (ISMG) rated their incident response program “very effective.” Nearly two-thirds struggle to detect APTs, limiting their ability to defend today’s most pernicious threats. In addition, more than 60 percent struggle with the speed of detection, and more than 40 percent struggle with the accuracy of detection. Those shortcomings give attackers more time to steal data and embed their malware deeper into targeted systems. For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
Etude PwC sécurité de l’information et protection des données (2014)PwC France
http://pwc.to/1gXASnC
Le "Global State of Information Security 2012" est une étude mondiale de PwC, du CIO Magazine et du CSO Magazine. C’est la 15ème année consécutive que PwC réalise cette enquête par PwC, et la 9ème année avec “CIO magazine” et “CSO magazine”. Plus de 9 600 réponses de PDG, Directeurs Financiers, DSI, RSSI et responsables IT et sécurité, répartis dans 115 pays. 36% des répondants sont d’Amérique du Nord, 26% d’Europe, 21% d’Asie-Pacifique, 16% d’Amérique du Sud, et 2% du Moyen-Orient et de l’Afrique.
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
With malware attacks growing more sophisticated, swift, and dangerous by the day — and billions of dollars spent to combat them — surprisingly few organizations have a grip on the problem. Only 20 percent of security professionals surveyed by Information Security Media Group (ISMG) rated their incident response program “very effective.” Nearly two-thirds struggle to detect APTs, limiting their ability to defend today’s most pernicious threats. In addition, more than 60 percent struggle with the speed of detection, and more than 40 percent struggle with the accuracy of detection. Those shortcomings give attackers more time to steal data and embed their malware deeper into targeted systems. For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
Etude PwC sécurité de l’information et protection des données (2014)PwC France
http://pwc.to/1gXASnC
Le "Global State of Information Security 2012" est une étude mondiale de PwC, du CIO Magazine et du CSO Magazine. C’est la 15ème année consécutive que PwC réalise cette enquête par PwC, et la 9ème année avec “CIO magazine” et “CSO magazine”. Plus de 9 600 réponses de PDG, Directeurs Financiers, DSI, RSSI et responsables IT et sécurité, répartis dans 115 pays. 36% des répondants sont d’Amérique du Nord, 26% d’Europe, 21% d’Asie-Pacifique, 16% d’Amérique du Sud, et 2% du Moyen-Orient et de l’Afrique.
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
The law of unintended consequences strikes again. In an effort to address security risks in enterprise IT systems and the critical data in them, numerous security standards and requirement frameworks have emerged over the years. But most of these efforts have had the opposite effect — diverting organizations’ limited resources away from actual cyber defense toward reports and compliance.
Recognizing this serious problem, the U.S. National Security Agency (NSA) in 2008 launched Critical Security Controls (CSCs), a prioritized list of controls likely to have the greatest impact in protecting organizations from evolving real-world threats. This SANS Institute survey of nearly 700 IT professionals across a range of industries examines how well the CSCs are known in government and industry and how they are being used.
For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html.
SANS 2013 Report: Digital Forensics and Incident Response Survey FireEye, Inc.
Cloud computing and bring-your-own-device (BYOD) workplace policies are expanding the endpoints in IT infrastructures — and more complexity when it comes to investigating cyber attacks. The SANS 2013 Report on Digital Forensics and Incident Response Survey reveals some of the major difficulties that security professionals face in this new environment and how to better prepare for future investigations. Collecting responses from more than 450 security professionals across a range of industries and company sizes, the survey found that nearly 90 percent of respondents had conducted at least one forensics investigation within the last two years. But just 54 percent called their digital forensics capabilities “reasonably effective.” For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement. According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident.
This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline. Finally, it will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from industry-leader iSIGHT Partners.
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Organizations are improving cyber resilience and showing they can perform better under greater pressure as the number of targeted attacks more than doubles.
M-Trends® 2010: The Advanced Persistent ThreatFireEye, Inc.
The inaugural M-Trends report details threat intelligence learned while conducting intrusion investigations for the U.S. government, the defense industrial base, and commercial organizations. This report focuses on the Advanced Persistent Threat (APT), and outlines trends, techniques, and real details of how the APT successfully compromises any target it desires. For the latest M-Trends report, visit https://www.fireeye.com/mtrends
Mandiant’s annual threat report reveals key insights, statistics and case studies illustrating how the tools and tactics of advanced targeted attackers, including the Advanced Persistent Threat (APT), have evolved over the last year. The report, based on hundreds of advanced threat investigations, also shares approaches that organizations can take to improve the way they detect, respond to, and contain complex breaches. For the latest M-Trends report, https://www.fireeye.com/mtrends
How close is your organization to being breached | Safe SecurityRahul Tyagi
Traditional methods are certainly limited in
their capabilities and this is easily proven by
the multitude of breaches businesses were a
victim of, across the globe. The 2020 Q3 Data
Breach QuickView Report revealed that the
number of records exposed in 2020 has
increased to 36 billion globally. The report
stated that there were 2,953 publicly
reported breaches in the first three quarters
of 2020 itself! 2020 is already named the
“worst year on record” by the end of Q2 in
terms of the total number of records
exposed. With the growing sophistication of
cyber-attacks and global damages related
to cybercrime reaching $6 trillion by 2021, we
need a solution that simplifies
cybersecurity.
To know more about breach probability visit : www.safe.security
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
WhiteHat Security, the Web security company, today released the twelfth installment of the WhiteHat Security Website Security Statistics Report. The report reviewed serious vulnerabilities* in websites during the 2011 calendar year, examining the severity and duration of the most critical vulnerabilities from 7,000 websites across major vertical markets. Among the findings in the report, WhiteHat research suggests that the average number of serious vulnerabilities found per website per year in 2011 was 79, a substantial reduction from 230 in 2010 and down from 1,111 in 2007. Despite the significant improvement in the state of website security, organizational challenges in creating security programs that balance breadth of coverage and depth of testing leave large-scale attack surfaces or small, but very high-risk vulnerabilities open to attackers.
The report examined data from more than 7,000 websites across over 500 organizations that are continually assessed for vulnerabilities by WhiteHat Security’s family of Sentinel Services. This process provides a real-world look at website security across a range of vertical markets, including findings from the energy and non-profit verticals for the first time this year. The metrics provided serve as a foundation for improving enterprise application security online.
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.
In 2010, Mandiant's first M-Trends report detailed how the Advanced Persistent Threat (APT) successfully compromised its victims. In 2011, the attackers continued to expand their targets and innovated their techniques. In this report, those attack techniques are explored further and key steps you can take are identified so you can address the threat in your enterprise. For the latest M-Trends report, visit https://www.fireeye.com/mtrends
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
Slides from Tony Martin-Vegue's presentation at the ISACA Fall Conference: October 15th, 2014
"How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling"
Abstract:
CISO’s and risk analysts alike often get caught up in checking boxes on a list of control objectives in order to satisfy compliance and regulatory requirements. However, companies that only view risk through a narrow, regulatory or compliance-focused lens have the potential to overlook a myriad of threats that could impact business continuity, customer privacy and security and financial solvency. The last several high-profile data breaches prove that compliance does not equal security.
There are many ways to assess risk in a meaningful, efficient way that drives business value. Many top companies are moving away from control-based and vulnerability-based risk assessments and are instead putting themselves in the shoes of an attacker. In order to keep up with the rapidly evolving world of cyber criminals and crime rings, organizations are learning to utilize threat intelligence to ascertain the methods, goals, and objectives of threat agents that are targeting their firm or similar firms in their sector. This helps an organization produce focused risk assessments that take a business-centric approach.
This is a beginner to intermediate-level presentation designed to provide an introduction to threat modeling, a primer on threat modeling techniques, ways to integrate threat modeling into risk management frameworks (such as FAIR and NIST), and how to build a library of threat agents specific to one’s firm. Attendees will learn hands-on techniques to perform threat modeling that they will be able to immediately integrate into their risk assessment processes.
Demonstrating Information Security Program EffectivenessDoug Copley
Doug Copley outlines how to demonstrate progress of your information security program, how to display metrics and provides some sample scorecards and dashboards.
SANS 2013 Report: Digital Forensics and Incident Response Survey FireEye, Inc.
Cloud computing and bring-your-own-device (BYOD) workplace policies are expanding the endpoints in IT infrastructures — and more complexity when it comes to investigating cyber attacks. The SANS 2013 Report on Digital Forensics and Incident Response Survey reveals some of the major difficulties that security professionals face in this new environment and how to better prepare for future investigations. Collecting responses from more than 450 security professionals across a range of industries and company sizes, the survey found that nearly 90 percent of respondents had conducted at least one forensics investigation within the last two years. But just 54 percent called their digital forensics capabilities “reasonably effective.” For the latest threat intelligence reports, visit https://www.fireeye.com/current-threats/threat-intelligence-reports.html
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement. According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident.
This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline. Finally, it will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from industry-leader iSIGHT Partners.
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
Information technology experts can now take advantage of How To Handle Cybersecurity Risk PowerPoint Presentation Slides. This information security PPT theme infuses top-quality design with data obtained by industry experts. Explain the present situation of the target firm’s information security management employing this PowerPoint layout. The data visualizations featured here simplify the elucidation of complex data such as the analysis of the current IT department. Showcase the cybersecurity framework roadmap and risks of the internet using our PPT presentation. Elaborate on the cybersecurity risk management action plan using the tabular format via this PowerPoint slideshow. Demonstrate the cybersecurity contingency plan with appreciable ease. Our information security management system PPT templates deck assists you in assigning risk handling responsibilities to the staff. Explain the duties of the management in successful information security governance. This PowerPoint presentation also addresses the cost of cybersecurity management and staff training. Hit the download icon and start personalization. Our How To Handle Cybersecurity Risk PowerPoint Presentation Slides are explicit and effective. They combine clarity and concise expression. https://bit.ly/3o0xDkR
Organizations are improving cyber resilience and showing they can perform better under greater pressure as the number of targeted attacks more than doubles.
M-Trends® 2010: The Advanced Persistent ThreatFireEye, Inc.
The inaugural M-Trends report details threat intelligence learned while conducting intrusion investigations for the U.S. government, the defense industrial base, and commercial organizations. This report focuses on the Advanced Persistent Threat (APT), and outlines trends, techniques, and real details of how the APT successfully compromises any target it desires. For the latest M-Trends report, visit https://www.fireeye.com/mtrends
Mandiant’s annual threat report reveals key insights, statistics and case studies illustrating how the tools and tactics of advanced targeted attackers, including the Advanced Persistent Threat (APT), have evolved over the last year. The report, based on hundreds of advanced threat investigations, also shares approaches that organizations can take to improve the way they detect, respond to, and contain complex breaches. For the latest M-Trends report, https://www.fireeye.com/mtrends
How close is your organization to being breached | Safe SecurityRahul Tyagi
Traditional methods are certainly limited in
their capabilities and this is easily proven by
the multitude of breaches businesses were a
victim of, across the globe. The 2020 Q3 Data
Breach QuickView Report revealed that the
number of records exposed in 2020 has
increased to 36 billion globally. The report
stated that there were 2,953 publicly
reported breaches in the first three quarters
of 2020 itself! 2020 is already named the
“worst year on record” by the end of Q2 in
terms of the total number of records
exposed. With the growing sophistication of
cyber-attacks and global damages related
to cybercrime reaching $6 trillion by 2021, we
need a solution that simplifies
cybersecurity.
To know more about breach probability visit : www.safe.security
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
WhiteHat Security, the Web security company, today released the twelfth installment of the WhiteHat Security Website Security Statistics Report. The report reviewed serious vulnerabilities* in websites during the 2011 calendar year, examining the severity and duration of the most critical vulnerabilities from 7,000 websites across major vertical markets. Among the findings in the report, WhiteHat research suggests that the average number of serious vulnerabilities found per website per year in 2011 was 79, a substantial reduction from 230 in 2010 and down from 1,111 in 2007. Despite the significant improvement in the state of website security, organizational challenges in creating security programs that balance breadth of coverage and depth of testing leave large-scale attack surfaces or small, but very high-risk vulnerabilities open to attackers.
The report examined data from more than 7,000 websites across over 500 organizations that are continually assessed for vulnerabilities by WhiteHat Security’s family of Sentinel Services. This process provides a real-world look at website security across a range of vertical markets, including findings from the energy and non-profit verticals for the first time this year. The metrics provided serve as a foundation for improving enterprise application security online.
McAfee Labs explores top threats expected in the coming year.
Welcome to the McAfee Labs 2017 Threats Predictions
report. We have split this year’s report into two sections.
The first section digs into three very important topics,
looking at each through a long lens.
The second section makes specific predictions about
threats activity in 2017. Our predictions for next year
cover a wide range of threats, including ransomware,
vulnerabilities of all kinds, the use of threat intelligence
to improve defenses, and attacks on mobile devices.
Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.
In 2010, Mandiant's first M-Trends report detailed how the Advanced Persistent Threat (APT) successfully compromised its victims. In 2011, the attackers continued to expand their targets and innovated their techniques. In this report, those attack techniques are explored further and key steps you can take are identified so you can address the threat in your enterprise. For the latest M-Trends report, visit https://www.fireeye.com/mtrends
How to Improve Your Risk Assessments with Attacker-Centric Threat ModelingTony Martin-Vegue
Slides from Tony Martin-Vegue's presentation at the ISACA Fall Conference: October 15th, 2014
"How to Improve Your Risk Assessments with Attacker-Centric Threat Modeling"
Abstract:
CISO’s and risk analysts alike often get caught up in checking boxes on a list of control objectives in order to satisfy compliance and regulatory requirements. However, companies that only view risk through a narrow, regulatory or compliance-focused lens have the potential to overlook a myriad of threats that could impact business continuity, customer privacy and security and financial solvency. The last several high-profile data breaches prove that compliance does not equal security.
There are many ways to assess risk in a meaningful, efficient way that drives business value. Many top companies are moving away from control-based and vulnerability-based risk assessments and are instead putting themselves in the shoes of an attacker. In order to keep up with the rapidly evolving world of cyber criminals and crime rings, organizations are learning to utilize threat intelligence to ascertain the methods, goals, and objectives of threat agents that are targeting their firm or similar firms in their sector. This helps an organization produce focused risk assessments that take a business-centric approach.
This is a beginner to intermediate-level presentation designed to provide an introduction to threat modeling, a primer on threat modeling techniques, ways to integrate threat modeling into risk management frameworks (such as FAIR and NIST), and how to build a library of threat agents specific to one’s firm. Attendees will learn hands-on techniques to perform threat modeling that they will be able to immediately integrate into their risk assessment processes.
Demonstrating Information Security Program EffectivenessDoug Copley
Doug Copley outlines how to demonstrate progress of your information security program, how to display metrics and provides some sample scorecards and dashboards.
Ciberseguridad: Retos, oportunidades y riesgos de las tecnologías emergentesLuis Joyanes
Análisis del impacto de las tecnologías emergentes como big data, internet de las cosas, cloud computing, movilidad... en la ciberseguridad. Noticias más relevantes sobre seguridad de la segunda quincena de septiembre de 2015. Análisis y descripción de las tendencias en ciberseguridad para 2015 y siguientes años. Definiciones de ciberseguridad y análisis de ciberiesgos según organizaciones internacionales como UIT o ISACA. Enumeración y descripción de las organizaciones nacionales e internacionales relacionadas con la ciberseguridad. Opotunidades y riesgos para organizaciones y empresas de la ciberseguridad. Nuevas profesiones relacionadas con la ciberseguridad y necesidad de formación especializada. Bibliografía y referencias de internet sobre seguridad y ciberseguridad. Breve glosario de los términos de mayor impacto en la actualidad en ciberseguridad
The cyber criminal community has evolved from pranksters, lone wolves, and organized
gangs to nation-states and hacktivist groups whose primary results have been increased
costs and lost productivity. As enterprises and governments connect literally everything to
the Internet, the size of their attack surface has grown, opening more opportunities for
cyber criminals. Many of their current exploits are going unnoticed.
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
In the past few years, a new approach to cybersecurity has emerged, based on the analysis of data on successful attacks. In this approach, continuous diagnostics and mitigation replace the reactive network security methods used in the past. The approach combines continuous monitoring of network health with relatively straightforward mitigation strategies. The strategies used in this approach reduce the opportunities for attack and force attackers to develop more sophisticated (and expensive) techniques or to give up on the target. In combination, continuous monitoring and mitigation strategies provide the basis for better cybersecurity.
Cyber-security is the number one technology issue in the C-suite and Board Room. No wonder that many senior executives are asking what they can be doing to stem the tide of cyber-attacks on their firms.
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
The single largest threat your organization faces today is network breach. Spear-phishing, poisoned search results, drive-by downloads, and legitimate sites being compromised to push malware are all part of our current reality. The most successful and common attacks vectors stem from targeted attacks on your employees. Organizations need to utilize solutions that protect their network from user error and support requirements for continuous monitoring, real-time situational awareness and providing actionable threat intelligence for their security teams.
Five principles for improving your cyber securityWGroup
Corporate assets have been shifting from physical assets to virtual assets over the past 20 years. This trend has been accompanied by a corresponding increase in the vulnerability of intangible assets, leading to a greater general awareness of corporate cyber security risks. The alteration or destruction of a company’s data can result in harm to reputation, loss of public confidence, disruption to infrastructure, and legal sanctions. The security risk can adversely impact a company’s stock price and competitive position in the marketplace. In this document, WGroup cites 5 principles that will help improve a business's cyber security. The 5 principles are risk identification, risk management, legal implications, technical expertise, and expectations.
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Sam Maccherola - VP and General Manager Public Sector Guidance Software Inc.
Brasília, 04 de agosto de 2010
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone.
Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Developing a Continuous Monitoring Action PlanTripwire
At the direction of OMB and NIST, security and IT pros in federal government must develop plans to implement "continuous monitoring," the practice of using IT security controls to constantly monitor and manage the security status of their information systems and networks. The transition from static security to continuous monitoring requires a new approach to IT security, and IT teams must devise a strategy and roadmap to be successful.
In this editorial Webcast, cybersecurity experts will help discuss the tools and processes involved in moving from a traditional security environment to one designed around continuous monitoring. This Webcast will help government IT pros:
Understand the objectives of continuous monitoring, such as reduced threat exposure through real time risk assessment and response.
Identify the steps involved, including determining the security impact of changes to IT systems and producing assessment reports.
Assess system requirements in areas such as malware detection and event and incident management.
Determine the need for upgrades and investment in new technologies.
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
ScottMadden, Inc., one of North America’s leading energy consulting firms, has released a report on cybersecurity within the energy sector. This new report helps utilities understand how their cybersecurity practices and perceptions compare to those of industry peers. It is a resource for utility executives evaluating their cybersecurity capabilities. Additional industry cybersecurity information can be found on ScottMadden’s sponsored website: GridCyberSec.com.
Hear how security pros are responding and adapting to increased attacks and breaches, including facilitating more comprehensive cyber threat management strategies and best practices and the increasing investments and resource utilization to mitigate these challenges. Listen to the webinar, based on the Cybersecurity Resource Allocation & Efficacy (CRAE) Index study for Q1 2021, from CyberRisk Alliance Business Intelligence to hear the panel of experts:
•Review survey results from CRAE Index’s Q1 global research study;
•Discuss the latest trends on proactive and reactive cybersecurity; and
•Hear insights on what lies ahead.
Chatty Kathy - UNC Bootcamp Final Project Presentation - Final Version - 5.23...John Andrews
SlideShare Description for "Chatty Kathy - UNC Bootcamp Final Project Presentation"
Title: Chatty Kathy: Enhancing Physical Activity Among Older Adults
Description:
Discover how Chatty Kathy, an innovative project developed at the UNC Bootcamp, aims to tackle the challenge of low physical activity among older adults. Our AI-driven solution uses peer interaction to boost and sustain exercise levels, significantly improving health outcomes. This presentation covers our problem statement, the rationale behind Chatty Kathy, synthetic data and persona creation, model performance metrics, a visual demonstration of the project, and potential future developments. Join us for an insightful Q&A session to explore the potential of this groundbreaking project.
Project Team: Jay Requarth, Jana Avery, John Andrews, Dr. Dick Davis II, Nee Buntoum, Nam Yeongjin & Mat Nicholas
StarCompliance is a leading firm specializing in the recovery of stolen cryptocurrency. Our comprehensive services are designed to assist individuals and organizations in navigating the complex process of fraud reporting, investigation, and fund recovery. We combine cutting-edge technology with expert legal support to provide a robust solution for victims of crypto theft.
Our Services Include:
Reporting to Tracking Authorities:
We immediately notify all relevant centralized exchanges (CEX), decentralized exchanges (DEX), and wallet providers about the stolen cryptocurrency. This ensures that the stolen assets are flagged as scam transactions, making it impossible for the thief to use them.
Assistance with Filing Police Reports:
We guide you through the process of filing a valid police report. Our support team provides detailed instructions on which police department to contact and helps you complete the necessary paperwork within the critical 72-hour window.
Launching the Refund Process:
Our team of experienced lawyers can initiate lawsuits on your behalf and represent you in various jurisdictions around the world. They work diligently to recover your stolen funds and ensure that justice is served.
At StarCompliance, we understand the urgency and stress involved in dealing with cryptocurrency theft. Our dedicated team works quickly and efficiently to provide you with the support and expertise needed to recover your assets. Trust us to be your partner in navigating the complexities of the crypto world and safeguarding your investments.
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
Explore our comprehensive data analysis project presentation on predicting product ad campaign performance. Learn how data-driven insights can optimize your marketing strategies and enhance campaign effectiveness. Perfect for professionals and students looking to understand the power of data analysis in advertising. for more details visit: https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
A Case Study on the Effects of Cyber Attacks on Firms' Stock Price
1. A Case Study on the Effects of Cyber
Attacks on Firm Stock Price
IEORE4211 Applied Consulting
Group 1: Cedric Canovas, Shravan Kumar Chandrasekaran, Michelle Liu,
Xiaomeng Luo, Andrew Tang, Ran Wang, and Ruyue Xu
2. Executive Summary
Cyber Security Overview
Three Data Sets Used
Literature Review
Model 1: The Market Model
Model 2: Multiple Regression Analysis
Model 3: Machine Learning
Conclusion & Further Thoughts
Methodology
3. Introduction
❖ Over 169 million personal records were
exposed in 2015, from 781 publicized breaches
❖ Average global cost for lost/stolen records
containing confidential and sensitive data was
$154/record, highest cost was $363/record for
health care
❖ In 2015, there were 38% more security incidents
detected than in 2014
❖ Attackers stay dormant within a network before
detection for a median of over 200 days
❖ 74% of CISOs are concerned about employees
stealing sensitive company information
❖ Only 38% of global organizations claim they are
prepared to handle a sophisticated cyberattack
Cyber security spending in the US, percent of
GDP and USD billions, 2009 - 2017
4. Introduction
Most Prevalent Cyber Threats - Top
TenTypes of Threats:
❖ Insider threats (employees)
❖ Outside threats (hackers,
organized crime outfits,
activists or other parties)
Common Methods of Attacks:
❖ Malware: Trojans, viruses,
worms
❖ Phishing: emails
❖ Password Attack: brute
force attack
❖ Denial-of-Service (DoS)
Attack: distributed-denial-
of-service (DDoS) attack
❖ SQL Injection
5. High-Target Industries:
❖ Healthcare: personal information, most highly
targeted industry for data breaches
❖ Education: colleges and universities, educational
records
❖ Government: foreign nation-states, militant groups,
crime rings benefit from government-related data
❖ Retail: credit card information, which can be sold on
the Dark Web
❖ Financial: bank account information
Top Cyber Attack Motives:
❖ Information Theft: acquire information owned by
the target
❖ Espionage: monitor the activities of the targets and
steal information that these targets may have
❖ Sabotage: destroy, defame or blackmail the target
Introduction
6. Three Datasets:
First Data Set
❖ 4000+ raw data from
2011-2016
❖ 500+ major incidents
happened to public
companies in US
❖ Source:
Hackmageddon-
Information Security
Timelines and Statistics
Website
❖ Number of major
industries affected: 25+
Second Data Set:
❖ World’s largest data
breaches (>30000
records)
❖ 185 raw data from
2004-2015
❖ 50 incidents happened
to public companies at
the time of incident
❖ Source: A data
website- Information Is
Beautiful
❖ Number of major
industries affected: 5
Third Data Set:
❖ 400+ raw incident data
from 2005-2016
❖ 150+ major public
companies targeted in
the US
❖ Source:
Study on major data
leakages by the
Verizon Risk Team for
their Verizon Data
Breach Investigation
Report
❖ Number of major
industries affected: 15+
7. Evolution of the Number of Attacks
Source: Hackmageddon Dataset
Average monthly attacks has gradually steadied to around 90 from 2012, when the attacks were
very erratic
8. Types of Attacks Across Time
Source: Hackmageddon Dataset
Cyber crime has steadily increased from 61.6% of total cyber attacks in 2012 to 94.3% in 2015
There was a sudden spurt in Hacktivism in 2013, contributing to almost 80% of total cyber attacks
9. Attacks Are Affecting Industries at Different Levels
❖ E- Commerce & Software reign as the two major technological submarkets that are most affected by cyber
incidents
❖ Technology in general makes up 40% of the targeted industries consistently through the graphs of the three
data sets above
❖ Retail next most significantly hit area in all 3 charts after technology
10. Literature Review
Author Period
Studied
Sample
Size
Focus of Study Major Findings
Campbell et
al. (2003)
1995 - 2000 43 Two types (access to
confidential or not)
❖ Significant negative return involving confidential information and
no changes in return for other types of breaches
Garg et al.
(2003)
1996 - 2002 22 All ❖ On average, the loss is 2.7% over one day and 4.5%
over a 3-day period
Hovav & D’
arcy (2003)
1998 - 2002 23 DOS attacks ❖ Negative abnormal returns of the Internet-specific companies
were larger
Hovav & D’
arcy (2004)
1988 - 2002 186 Virus attacks ❖ No negative returns over 5 days after the
announcement
Telang &
Wattal (2007)
1999 - 2004 147 Vulnerability
announcements
❖ Average loss of 0.63% conditioned by various factors
❖ Vendors lose more value in competitive markets, larger software
vendors are less affected
❖ More severe and confidentiality-related vulnerabilities cause
more stock price losses
Arcuri & Brogi
(2014)
1995 - 2012 128 All ❖ Cyber attack announcements affect stock market returns of firms
❖ Stock market reaction differs with economic sector of firms
11. Methodology: Event—Study
Event-Study
❖ Assume that returns on a stock are significantly impacted by an event of interest (a cyber
security attack). The period of interest for which we observe is known as the event window.
❖ In practice and in academic research, the event window includes two days: day 0 and day 1
to capture the effect of an announcement. Sometimes -1 day is also used to incorporate
possible information leaks before the announcement date.
❖ The methodology has been widely used in the banking and finance literature when
analyzing information breaches and other related events. Based on efficient market theory.
Design of the
testing
framework
for the
abnormal
returns
Determine
the model for
computing
the abnormal
returns:
Determine
the entities
involved and
choose the
reasonable
event
window:
MacKinlay (1997) presents a comprehensive review for this type of research and clearly defines the required steps:
❖ What are considered normal returns?
❖ How to define abnormal returns? Test Statistic Z
Day 0 as the announcement
day; Can vary according to
research interests
12. Estimate Normal Stock Return
Event—Study: Three Important Calculations
Define Abnormal Stock Return Calculate Cumulative Abnormal. Return
: the return of stock i in period t
: the return of market portfolio
(benchmark)
: error term with mean 0
: risk-adjusted performance of stock i
: a measure of risk compared to the
market
The equation is based on the assumption that
daily stock returns are consistent with the
Capital Asset Pricing Model (CAPM).
Used for running regressions to get the normal
stock returns
Gather 120-day data prior to the
announcement date for estimating the model
: abnormal return of stock i in period t
: actual return of stock i in period t
Aggregate the abnormal returns for stock i
over time interval [t1, t2]. Could calculate a
mean CAR if want to know average
impact.
The shortest commonly
accepted estimation period
is 120 days. Many past
literatures used the 120-day
period.
120 data points for both
stock returns as well as
market returns within the
same period.
A short-term event period (3
days, 5 days, etc.) is
generally accepted in similar
studies. K.Campbell et al.
points out that extending the
window would increase the
likelihood of confounding
events and adding much
noise.
13. Model 1: The Market Model
Results
❖ How do we know if the abnormal returns are
not random but due to the effects of cyber
attacks?
Z statistics
Null hypothesis (abnormal returns are not significantly different from 0 )
Method discussed by Arcuri et al. (2014):
N: number of stocks in the sample
SCAR(t1,t2): the standardized CAR on stock i in period t
: : average return on market index in period t
: : estimated standard deviation of Abnormal Return on stock i
T: number of days in the estimation period
Ts: number of days in the event window
Z-statistics has a t-distribution with T-2 degrees of freedom and
converges to a unit normal
Days Event
Wind
ow
Mean
CAR
Total
CAR
Z-Test
Statisti
cs
Negative
CARs
3-Day (-1,1) -0.63% -1.89% -4.962** 53.36%
5-day (-1,3) -0.42% -2.10% -2.125* 52.88%
7-day (-1,5) -0.21% -1.47% -1.207 51.06%
9-day (-1,7) -0.13% -1.17% -1.021 50.25%
The second dataset, World’s Major Attacks, is used.
** statistically significant at 5% level; * at 10% level
We can reject the null hypothesis that cyber attack does
have an effect on the company’s stock returns over the event
window (-1,1) and (-1,3). Hence 3-day and 5-day are critical.
However, we did not find enough evidence to reject the null
hypothesis for 7-day and 9-day, which means that the effect
is not obvious 3 days after the announcement. Overall, the
effect is relatively short-lived. A little more than 50% of the
total incidents have seen negative CARs over (-1,1) and (-1,3).
14. Model 2: Multiple Regression Model
Cyber attacks might not affect all firms in the same way.
Company-specific characters would also influence how
serious a cyber attack would be on the company stock
return.
Total
Assets (in
$ billion)
Growth
Rate
Competiti
ve or Not
Diversificati
on
Max 4,808.200 86.19% 1 0.74
Min 0.460 -9.58% 0 0
Mean 401.952 7.66% 0.44 0.43
S.D. 880.12 0.17 0.50 0.18
Follow the method adopted by Telang and Wattal (2007):
Measure diversification in terms of the Herfindahl index.
The index of a firm is calculated as:
N: the number of segments in which the firm operates
Pi: the ratio of segment, represented as segment i’s revenue
to total revenue
DIV=0, not diversified
DIV=1, diversified
Variable Coefficient
Total Asset (Natural Log) 0.0037*(0.08)
Growth Rate 0.0021 (0.56)
Competitive or Not -0.0015 (0.48)
Diversification 0.0054** (0.03)
Results ** statistically significant at 5% level; * at 10% level
: average abnormal return over 3-day period
Xi : company-specific factors
15. Model 3: Machine Learning
This analysis uses the third dataset with many input
variables
Again, we try to predict 3-day abnormal return
Algorithms tested: Gradient Boosting, Generalized Linear
Model, K-nearest-neighbors, Random Forest
Random Forest
Absolute RMSE: 0.01
Variables: Discovery method, industry, type of attack, employee
count, type of affected asset, governance of affected asset
❖ Many parameters influence the market reaction, but hard to
get a reliable predictive model due to the low number of
datapoints
Example of a generated decision tree
16. Model 3: Machine Learning
Parameter Importance
Discovery method:
employee
1.61
# of employees: 1001-
10000
1.41
Type of attack 1.40
Industry 1.20
Relative importance of variables
❖ Some correlations between input variables and the impact
on the stock price, no guarantee of causality
17. Conclusion
Industry analysts inferred that shareholders are numb to news of data
breaches. A widely accepted notion goes that there are only two types of
companies: those that have been breached and those that don’t know they
have.
Deeper reasons for the market’s failure to respond to these incidents:
❖ Shareholders have neither enough information about security incidents
nor sufficient tools to measure their impact.
❖ Shareholders only react to breach news when it has direct impact or
immediate hit to a company’s expected profitability.
❖ Delays in disclosing information security incidents often contribute to
shareholders’ hesitation and uncertainty with regard to how to factor in
the effects of the breaches. Oftentimes, when an attack is disclosed, it
is almost impossible for shareholders to assess its full implications.
(example: an attack happened last June, discovered this January, but
disclosed this March)
“... look beyond short-term effects
and examine the impact on other
factors, such as overall security
plans, profitability, cash flow, cost
of capital, legal fees associated
with the breach, and potential
changes in management ...”
Return on Assets (ROA)
Return on Sales (ROS)
Cost of Goods Sold to Sales (COGS/S)
Performance Variables
❖ Cyber attacks only affect stock return in a relatively short time window:
3- day and 5-day
❖ The size of the company and diversification are the two most important
factors that determine the impact of an attack on a specific company
Based on our findings, firms should focus more not
on the stock price, but on looking into factors that could
affect profitability in the long-term in a more subtle
way.
18. Further Thoughts
Cyber Attack
Discovery
Full/Limited
Disclosure
Recovery
Plan/No
Action
Announcement
Abnormal
Return
By Attack Source
By FirmBy Third Party
Limited Disclosure
Only Report to Firm
Full Disclosure Limited Disclosure
Attack Type and
Characteristics
Investor Expectation
and Response
Cyber Attack
Disclosure Process
❖ The most important factor that affects
the accuracy of the study is the source
and date, to better guarantee that the
date of the stock market return we
analyze is the correct one associated
with the attack.
❖ However, in an age of information
explosion with so many means to
transfer information, it is getting much
harder to pinpoint the first release date
of a cyber attack.
❖ The process of attack disclosure also
complicates the problem.
❖ Loss is ameliorated by 0.82% if the
company provides a patch at time of
disclosure. Presence of a patch reduces
customer loss and reflects commitment
to customers (Telang & Wattal).
19. Closing Remarks
Factors that contribute to cyber security vulnerability:
❖ Technical Failure
➢ Lack of fundamental cyber security measures
➢ Outdated software
➢ Failure to encrypt critical employee and user data
❖ Managerial Failure
➢ Not understanding potential cyber security risks
■ Lack of financial and talent support
■ Lack of awareness and training among
employees
➢ Lack of cyber security oversight processes
■ Lack of a recovery plan
➢ Not prioritizing cyber security policy
❖ Human Factor Failure
➢ Motives and methods that can trigger an “inside job”
■ Damage inflicted from social engineering,
remote access and laptop
➢ Allowing personal device at work
➢ Lack of awareness in HR department
20. THANKS!— Special thanks to Brian Krebs for advice (former Washington Post journalist
and expert on cyber crimes and other Internet security topics) and Paolo Passeri for
providing one of our datasets ( founder of www.hackmageddon.com, a website
offering information security timelines and statistics)