Measuring Cyber Risk Understanding the Right Data Sources. Sponsored By:

Size: px

Start display at page:

Download "Measuring Cyber Risk Understanding the Right Data Sources. Sponsored By:"

Angela Parker
6 years ago
Views:

1 Measuring Cyber Risk Understanding the Right Data Sources Sponsored By:

2 Measuring Cyber Risk Understanding the Right Data Sources Visit at the end of this webinar to download: Copy of these slides Recording of today s webinar

3 Many Thanks to our Sponsor!

Bring sophistication by driving cyber decisions from the analysis of security data 3,000+ Engineers & researchers 2,500+ Patents worldwide 500+ Security researchers 4 Trillion Events tracked using

4 Bring sophistication by driving cyber decisions from the analysis of security data 3,000+ Engineers & researchers 2,500+ Patents worldwide 500+ Security researchers 4 Trillion Events tracked using big data 2 Billion s scanned daily 1 Billion Web requests categorized daily 150 Billion Objects mined for relationships 1 Million Threats analyzed daily with machine learning 99% Automated protection Copyright 2016 Symantec Corporation 4

5 About Advisen Leading the way to smarter and more efficient risk and insurance communities, Advisen delivers: the right information into the right hands at the right time to power performance.

6 Today s Moderator Erin Ayers Editor, Cyber Front Page News Advisen Contact at eayers@advisen.com

7 Today s Panelists Tudor Dumitras Assistant Professor, Maryland Cybersecurity Center University of Maryland, College Park Joshua Pyle Senior Principal Actuary Symantec Darren Shou Senior Director Symantec

Modeling cyber risk requires a comprehensive understanding of the entire security value chain Threat Actor Vulnerability Exploit Incident Compromise Loss Copyright 2017 Symantec Corporation The

databases covering 89K vulnerabilities from 25K vendors across two decades 500 Symantec Security Researchers, including those responsible for helping to uncover some of the most complex global cyber

8 Modeling cyber risk requires a comprehensive understanding of the entire security value chain Threat Actor Vulnerability Exploit Incident Compromise Loss Copyright 2017 Symantec Corporation The largest civilian cyber intelligence network, leveraging 6 global threat centers, tracking thousands of threat actor groups and deep tracking of 60 core actors One of the world s largest vulnerability databases covering 89K vulnerabilities from 25K vendors across two decades 500 Symantec Security Researchers, including those responsible for helping to uncover some of the most complex global cyber attacks, including Stuxnet Attack sensors in 157 countries, as a leader in endpoint security with 50MM consumer, 4MM small business and 100Ks enterprise customers Security solution scanning 30% of enterprise s daily BlueCoat network and web security solution used by 70% of the Fortune year Gartner Managed Security Services leader providing 24x7 monitoring, backed by 1,000 services professionals, including 3 of the top 5 cyber insurers Hundreds of Norton incident support representatives in 25 languages for consumers and small business; with global incident response capabilities for Fortune 50 firms. Symantec Cyber Insurance group with >50 individuals dedicated to analytic software for insurers of cyber risk 8

Business 251 2,500 Employees Small Business (SMB) 1 250 Employees 1 in 2.7 38% 3.

10 90% of data breaches begin with a spear-phishing attack Org Size 2015 Risk Ratio 2015 Risk Ratio as Percentage Attacks per Org Large Enterprises 2,500+ Employees Medium Business 251 2,500 Employees Small Business (SMB) Employees 1 in % in % in % Internet Security Threat Report Volume 21

11 Data suggests that attackers are more selective in who they target Average Number of Attacks Per Campaign Recipients per Campaign Campaigns ,305 1,500 1,200 55% increase Internet Security Threat Report Volume 21

14 The pitfall of using number of vulnerabilities as a security metric Historical data used: 300 million attack entries on over 6 million hosts 90% of vulnerabilities attacked within 94 days from disclosure most in < 30 days The exploitation ratio varies for different products IE 5 and Office 2000 have the same number of exploited vulnerabilities (27), but the exploitation ratio of Office is 3x Copyright 2016 Symantec Corporation Research in Attacks, Intrusions and Defenses (RAID) 2014 Product Exploitation Ratio Office Office Office Office Adobe Reader Adobe Reader Adobe Reader Adobe Reader Internet Explorer Exploited vuln

15 Easy to make the wrong conclusion without all the facts Security, as seen from the outside Security, as seen from the inside Copyright 2016 Symantec Corporation Research in Attacks, Intrusions and Defenses (RAID) 2014

16 Data suggests that newer security measures are working Product Exploitation Ratio Windows XP Windows Adobe Reader Adobe Reader Adobe Reader Adobe Reader Exploited vulnerabilities Newer versions have fewer exploited vulnerabilities likely due to security countermeasures Copyright 2016 Symantec Corporation Research in Attacks, Intrusions and Defenses (RAID) 2014

1000000 100000 Hacking tools present in an organization pose a risk

Assess security risk for each organization in a

21 Measuring Cyber Risk Understanding the Right Data Sources Erin Ayers Advisen Tudor Dumitras University of Maryland, College Park Joshua Pyle Symantec Darren Shou Symantec 21

22 Thank you, panelists! Tudor Dumitras Assistant Professor, Maryland Cybersecurity Center University of Maryland, College Park Joshua Pyle Senior Principal Actuary Symantec Darren Shou Senior Director Symantec

23 Measuring Cyber Risk Understanding the Right Data Sources Visit at the end of this webinar to download: Copy of these slides Recording of today s webinar

24 Advisen s 2017 Cyber Guide the most comprehensive independent guide to the service providers available in cyber and the products they offer. Download it today at

com/media/2017-awards/ Thursday, October 26 th at

25 Upcoming Cyber events Wednesday, June 14 th at the Grand Hyatt New York Thursday, October 26 th at the Grand Hyatt New York

26 Contact Us Advisen Ltd Broadway 8 th Floor New York, NY Phone advisenevents@advisen.com

27 Leading the way to smarter and more efficient risk and insurance communities. Advisen delivers: the right information into the right hands at the right time to power performance. About Advisen Ltd. Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market. Advisen's proprietary data sets and applications focus on large, specialty risks. Through Web Connectivity Ltd., Advisen provides messaging services, business consulting, and technical solutions to streamline and automate insurance transactions. Advisen connects a community of more than 200,000 professionals through daily newsletters, conferences, and webinars. The company was founded in 2000 and is headquartered in New York City, with offices in the US and the UK. +1 (212) info@advisen.com

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582