SlideShare a Scribd company logo

Rcs triumfant watchful_webinar_final

Patrick Florer
Patrick Florer

Are you controlling information disclosure? Exploring the causes, costs, and remedies for a data breach. This webinar will explore the causes and costs of data breaches, as well as ways to prevent and mitigate the impact that results from the inadvertent exposure of sensitive data. Attacks from the inside and outside of the network will be discussed, along with the various aspects of a data breach, including the types of data at risk and the variety of costs and impacts that an organization might incur. We will discuss a number of high profile breaches, including TJX, Heartland Payment Systems, Sony, and others. Costs from various industry reports will be presented, together with original statistical analyses from Risk Centric Security. The webinar will conclude with a discussion of cutting edge types of safeguards and controls, including integrated encryption-based rights management, egress filtering and control, and advanced malware detection and auto-remediation.

TechnologyBusiness
1 of 31
Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Risk Centric Security is an acknowledged authority on the costs and impacts of data breaches and other types of cyber-security events. The Company offers state of the art SaaS tools, training, and consulting that empower Information Security Professionals to perform credible, defensible, and reproducible risk and decision analyses, and to articulate the results and relevance of these analyses in language that business counterparts will understand. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved. Risk Analysis for the 21st Century® Patrick Florer has worked in Information Technology and Security for over 33 years. In addition, he worked a parallel track in evidence-based medicine for 17 of those years. He is the CTO and Cofounder of Risk Centric Security. In addition, he is a Distinguished Fellow of the Ponemon Institute. Mr. Florer graduated summa cum laude from the University of Texas at Austin and is a member of the scholastic honor society Phi Beta Kappa.
Deconstructing the causes and costs of a data breach: • Threat Landscape • Types of Data • Types of Costs • Breach Reports • Frameworks, Bias and Correlation • Breach Examples • Closing Remarks • Q & A Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
14% of data breaches / 69% of security incidents caused by internal agents (Verizon DBIR 2013) 33% of breaches in 18 companies studied were caused by malicious insiders (Ponemon/Symantec 2011 CODB – Mar, 2013) 21% of electronic crime events caused by insiders (CERT 2011 Cybersecurity Survey) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
The actions of agents outside of an organization that result in a data breach, including: Accidents Negligence Maliciousness: Hacking Phishing Malware delivery Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
92% of data breaches / 31% of security incidents caused by external agents (Verizon DBIR 2013) 76% of network intrusions exploited weak or stolen credentials (Verizon DBIR 2013) 58% of electronic crime events caused by external agents (CERT 2011 Cybersecurity Survey) 40% of breaches caused by malware (Verizon DBIR 2013) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
55% - Organized Crime 21% - State affiliated agents 2% - activist/hacktivist 1% - former employees 21% - other or unknown (all figures from Verizon 2013 DBIR Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
78% of initial compromises rated as low (68%) or very low (10%) difficulty 73% of subsequent actions rated as low (71%) or very low (2%) difficulty 22% of initial compromises rated as moderately difficult / 7% of subsequent actions rate the same <1% of initial compromises rated as highly difficult / 21% of subsequent actions rate the same Almost all moderate and highly difficult actions pertain to espionage and NOT to organized crime. (all figures from Verizon 2013 DBIR) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Operational Data Intellectual Property Financial Information Personally Identifiable Information (PII) Protected Health Information (PHI) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
• Breached entity? • Shareholders? • Citizens / the public at large? • Card brands? • Issuing banks? • Customers? • Business partners? • Consumers? • Taxpayers (law enforcement costs)? Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Fixed / Overall Costs Per record costs: • Direct/Primary • Indirect/Secondary • Variable costs that scale with magnitude of breach Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Costs that we should be able to discover and/or estimate: • Lost productivity • Incident response and forensics costs • Costs of replacing lost or damaged hardware, software, or information • Public relations costs • Legal costs • Costs of sending letters to notify customers and business partners • Costs of providing credit monitoring • Fines from governmental action (HIPAA/HITECH, FTC, State Attorneys General, etc.)
Costs that we should be able to discover and/or estimate: • Fines and indemnifications imposed by contracts with business partners • Contractual fines and penalties resulting from PCI DSS related incidents - either data loss or compliance failure • Judgments and legal settlements - customers, business partners, shareholders • Additional compliance and audit costs related to legal settlements (20 years of additional reporting, for example) Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Costs that might be difficult to discover and/or estimate: • Loss of competitive advantage • Loss of shareholder value • Reputation loss • Opportunity and Sales losses from customers and business partners who went elsewhere • Value of intellectual property Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Ponemon Institute 2011 Cost of Data Breach Study: United States (March, 2013) 49 Companies surveyed – multiple people per company. Breach sizes ranged from 5K – 100K exposed records. Participants estimated the minimum and maximum amounts for a number of costs, from which the mid-point value was selected. According to some legal experts, Ponemon Institute numbers are the “gold” standard in the Federal Courts. The raw data are published in the report appendix. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
In the 2011 report: Overall weighted average per record = $194 (down from $214 in 2010) Overall average total = $5.5 M (down from $7.2M in 2011) Minimum total cost = $566 K Median total cost = $4.5 M Maximum total cost = $20.9 M Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Ponemon Institute 2013 Cost of Cyber Crime Study: United States 56 Organizations Companies surveyed, > 1,000 seats Costs were due to cyber crime – no errors or accidental exposures 4 week study period extrapolated to 52 weeks. The 56 organizations in the study experienced 102 cyber attacks per week; 1.8 attacks each per week. Annualized costs per company ranged from $1.4M to $46M, with the average = $8.9M and the median = $6.2M Average attack took 24 days to resolve and cost $592K Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Net Diligence 2013 Cyber Liability & Data Breach Insurance Claims study 137 events between 2009 and 2011 – claims data were provided by underwriters Average cost per breach = $3.7 million Payouts were net of deductibles/retentions, which ranged from $50K to $1M Report breaks out many types of costs: Crisis services, Legal Defense, Legal Settlements Cyber insurance does not reimburse for “soft” costs like lost customers, brand damage, and lost stock value. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
TJX Heartland Sony Global Payments Department of Revenue of South Carolina
Plans for the Presidential Helicopter Coca-Cola Merger Acquisitions Insider Threat Ford Motor Company
Measured on a per record basis, the cost per record declines as the size of the breach increases Measured on a total cost basis, the total cost increases as the number of exposed records increases Both of these correlations are weak Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
We have covered many topics today. To summarize: • Data breaches are caused by threats from the inside and threats from the outside. • Data breaches are caused by accidents, negligence, and maliciousness. • Data breaches involve many types of data. • Data breaches involve many types of costs. • There are many useful preventative technologies. • There are many effective technologies for breach detection and mitigation. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
Watchful Software is focused on providing data-centric information protection that works. With the massive amounts that have been invested in securing the network perimeter, one thing has become painfully clear: today's enterprises must secure the information itself. Charles Foley is the Chairman and CEO of Watchful Software, Inc. Mr. Foley has over 20 years experience leading both private and public company teams to success. Prior to Watchful Software, Mr. Foley was the Chairman and CEO of TimeSight Systems, Inc., a developer of leading-edge storage and video management solutions for the physical security market. He also served as President of Tacit Networks, Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved. a leader in Wide Area Network acceleration systems, where he designed the marketing and business development strategies that led to their profitable acquisition by Packeteer (NASDAQ: PKTR).
Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved. Heather Goodnight is the Regional Sales director for Triumfant, Inc. She is one of the most accomplished business and sales development professionals working in the information security space. By focusing on customers’ business needs and aligning products and services, she helps bring forth the benefits of successful selling fundamentals and best practices that positively impact bottom-line results. Triumfant leverages patented analytics to detect, analyze and remediate the malicious attacks that evade traditional endpoint protection solutions such as the Advanced Persistent Threat, Zero Day Attacks, targeted attacks, and rootkits. Triumfant automates the process of building a contextual and surgical remediation that addresses the malware and all of the associated collateral damage. Endpoints go from infection to remediation in five minutes without the need to reboot or re-image.
Thank you ! Patrick Florer, CTO and Co-founder Risk Centric Security, Inc patrick@riskcentricsecurity.com 214.828.1172 Heather Goodnight, Regional Sales Director Triumfant, Inc. heather.goodnight@triumfant.com 214.405.5789 Charles Foley, Chairman and CEO Thomas McClinton, Central US Sales Director Watchful Software, Inc. thomas.mcclinton@watchfulsoftware.com 832.754.8501 Risk Analysis for the 21st Century®

Recommended

Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5Patrick Florer
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaTechBiz Forense Digital
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 

Recommended

Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5Patrick Florer
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaTechBiz Forense Digital
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFERMA
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent ThreatsBooz Allen Hamilton
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftWhat Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftCBIZ, Inc.
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
The State of Ransomware 2020
The State of Ransomware 2020The State of Ransomware 2020
The State of Ransomware 2020Netpluz Asia Pte Ltd
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingEric Jernigan MSIA, CISSP, CISM, CRISC
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisEMC
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 

More Related Content

What's hot

Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFERMA
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent ThreatsBooz Allen Hamilton
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftWhat Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftCBIZ, Inc.
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisEMC
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 

What's hot (20)

Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforce
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftWhat Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
 
Security on a budget
Security on a budget Security on a budget
Security on a budget
 
The State of Ransomware 2020
The State of Ransomware 2020The State of Ransomware 2020
The State of Ransomware 2020
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modeling
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
The VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth AnalysisThe VOHO Campaign: An In Depth Analysis
The VOHO Campaign: An In Depth Analysis
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 

Similar to Rcs triumfant watchful_webinar_final

Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAbdullahKanash
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 

Similar to Rcs triumfant watchful_webinar_final (20)

Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Rcs triumfant watchful_webinar_final

  • 1. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 2. Risk Centric Security is an acknowledged authority on the costs and impacts of data breaches and other types of cyber-security events. The Company offers state of the art SaaS tools, training, and consulting that empower Information Security Professionals to perform credible, defensible, and reproducible risk and decision analyses, and to articulate the results and relevance of these analyses in language that business counterparts will understand. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved. Risk Analysis for the 21st Century® Patrick Florer has worked in Information Technology and Security for over 33 years. In addition, he worked a parallel track in evidence-based medicine for 17 of those years. He is the CTO and Cofounder of Risk Centric Security. In addition, he is a Distinguished Fellow of the Ponemon Institute. Mr. Florer graduated summa cum laude from the University of Texas at Austin and is a member of the scholastic honor society Phi Beta Kappa.
  • 3. Deconstructing the causes and costs of a data breach: • Threat Landscape • Types of Data • Types of Costs • Breach Reports • Frameworks, Bias and Correlation • Breach Examples • Closing Remarks • Q & A Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 4.
  • 5. 14% of data breaches / 69% of security incidents caused by internal agents (Verizon DBIR 2013) 33% of breaches in 18 companies studied were caused by malicious insiders (Ponemon/Symantec 2011 CODB – Mar, 2013) 21% of electronic crime events caused by insiders (CERT 2011 Cybersecurity Survey) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 6. The actions of agents outside of an organization that result in a data breach, including: Accidents Negligence Maliciousness: Hacking Phishing Malware delivery Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 7. 92% of data breaches / 31% of security incidents caused by external agents (Verizon DBIR 2013) 76% of network intrusions exploited weak or stolen credentials (Verizon DBIR 2013) 58% of electronic crime events caused by external agents (CERT 2011 Cybersecurity Survey) 40% of breaches caused by malware (Verizon DBIR 2013) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 8. 55% - Organized Crime 21% - State affiliated agents 2% - activist/hacktivist 1% - former employees 21% - other or unknown (all figures from Verizon 2013 DBIR Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 9. 78% of initial compromises rated as low (68%) or very low (10%) difficulty 73% of subsequent actions rated as low (71%) or very low (2%) difficulty 22% of initial compromises rated as moderately difficult / 7% of subsequent actions rate the same <1% of initial compromises rated as highly difficult / 21% of subsequent actions rate the same Almost all moderate and highly difficult actions pertain to espionage and NOT to organized crime. (all figures from Verizon 2013 DBIR) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 10.
  • 11. Operational Data Intellectual Property Financial Information Personally Identifiable Information (PII) Protected Health Information (PHI) Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 12.
  • 13. • Breached entity? • Shareholders? • Citizens / the public at large? • Card brands? • Issuing banks? • Customers? • Business partners? • Consumers? • Taxpayers (law enforcement costs)? Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 14. Fixed / Overall Costs Per record costs: • Direct/Primary • Indirect/Secondary • Variable costs that scale with magnitude of breach Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 15. Costs that we should be able to discover and/or estimate: • Lost productivity • Incident response and forensics costs • Costs of replacing lost or damaged hardware, software, or information • Public relations costs • Legal costs • Costs of sending letters to notify customers and business partners • Costs of providing credit monitoring • Fines from governmental action (HIPAA/HITECH, FTC, State Attorneys General, etc.)
  • 16. Costs that we should be able to discover and/or estimate: • Fines and indemnifications imposed by contracts with business partners • Contractual fines and penalties resulting from PCI DSS related incidents - either data loss or compliance failure • Judgments and legal settlements - customers, business partners, shareholders • Additional compliance and audit costs related to legal settlements (20 years of additional reporting, for example) Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 17. Costs that might be difficult to discover and/or estimate: • Loss of competitive advantage • Loss of shareholder value • Reputation loss • Opportunity and Sales losses from customers and business partners who went elsewhere • Value of intellectual property Risk Centric Security, Inc. Confidential and Proprietary. Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 18. Ponemon Institute 2011 Cost of Data Breach Study: United States (March, 2013) 49 Companies surveyed – multiple people per company. Breach sizes ranged from 5K – 100K exposed records. Participants estimated the minimum and maximum amounts for a number of costs, from which the mid-point value was selected. According to some legal experts, Ponemon Institute numbers are the “gold” standard in the Federal Courts. The raw data are published in the report appendix. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 19. In the 2011 report: Overall weighted average per record = $194 (down from $214 in 2010) Overall average total = $5.5 M (down from $7.2M in 2011) Minimum total cost = $566 K Median total cost = $4.5 M Maximum total cost = $20.9 M Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 20. Ponemon Institute 2013 Cost of Cyber Crime Study: United States 56 Organizations Companies surveyed, > 1,000 seats Costs were due to cyber crime – no errors or accidental exposures 4 week study period extrapolated to 52 weeks. The 56 organizations in the study experienced 102 cyber attacks per week; 1.8 attacks each per week. Annualized costs per company ranged from $1.4M to $46M, with the average = $8.9M and the median = $6.2M Average attack took 24 days to resolve and cost $592K Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 21. Net Diligence 2013 Cyber Liability & Data Breach Insurance Claims study 137 events between 2009 and 2011 – claims data were provided by underwriters Average cost per breach = $3.7 million Payouts were net of deductibles/retentions, which ranged from $50K to $1M Report breaks out many types of costs: Crisis services, Legal Defense, Legal Settlements Cyber insurance does not reimburse for “soft” costs like lost customers, brand damage, and lost stock value. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 22.
  • 24. Plans for the Presidential Helicopter Coca-Cola Merger Acquisitions Insider Threat Ford Motor Company
  • 25. Measured on a per record basis, the cost per record declines as the size of the breach increases Measured on a total cost basis, the total cost increases as the number of exposed records increases Both of these correlations are weak Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 26. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 27. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 28. We have covered many topics today. To summarize: • Data breaches are caused by threats from the inside and threats from the outside. • Data breaches are caused by accidents, negligence, and maliciousness. • Data breaches involve many types of data. • Data breaches involve many types of costs. • There are many useful preventative technologies. • There are many effective technologies for breach detection and mitigation. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved.
  • 29. Watchful Software is focused on providing data-centric information protection that works. With the massive amounts that have been invested in securing the network perimeter, one thing has become painfully clear: today's enterprises must secure the information itself. Charles Foley is the Chairman and CEO of Watchful Software, Inc. Mr. Foley has over 20 years experience leading both private and public company teams to success. Prior to Watchful Software, Mr. Foley was the Chairman and CEO of TimeSight Systems, Inc., a developer of leading-edge storage and video management solutions for the physical security market. He also served as President of Tacit Networks, Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved. a leader in Wide Area Network acceleration systems, where he designed the marketing and business development strategies that led to their profitable acquisition by Packeteer (NASDAQ: PKTR).
  • 30. Risk Centric Security, Inc. Confidential and Proprietary . Copyright © 2013 Risk Centric Security, Inc . All rights reserved. Heather Goodnight is the Regional Sales director for Triumfant, Inc. She is one of the most accomplished business and sales development professionals working in the information security space. By focusing on customers’ business needs and aligning products and services, she helps bring forth the benefits of successful selling fundamentals and best practices that positively impact bottom-line results. Triumfant leverages patented analytics to detect, analyze and remediate the malicious attacks that evade traditional endpoint protection solutions such as the Advanced Persistent Threat, Zero Day Attacks, targeted attacks, and rootkits. Triumfant automates the process of building a contextual and surgical remediation that addresses the malware and all of the associated collateral damage. Endpoints go from infection to remediation in five minutes without the need to reboot or re-image.
  • 31. Thank you ! Patrick Florer, CTO and Co-founder Risk Centric Security, Inc patrick@riskcentricsecurity.com 214.828.1172 Heather Goodnight, Regional Sales Director Triumfant, Inc. heather.goodnight@triumfant.com 214.405.5789 Charles Foley, Chairman and CEO Thomas McClinton, Central US Sales Director Watchful Software, Inc. thomas.mcclinton@watchfulsoftware.com 832.754.8501 Risk Analysis for the 21st Century®