cyber breach impact quantification - f-secure...cyber security is a process understand your risk,...
TRANSCRIPT
CYBER BREACHIMPACT
QUANTIFICATION
CYBER SECURITY IS A PROCESS
Understand your risk, know your attack surface,
uncover weak spots
React to breaches,mitigate the damage,
analyze and learn
Minimize attack surface, prevent incidents
Recognize incidents and threats, isolate and
contain them
$4 MILLION
According to a study by IBM in 2016: http://www-03.ibm.com/security/data-breach/
AVERAGE COST OF DATA BREACH?
WHAT IS CBIQ?
CBIQ is a service that quantifies the cost of a cyber breach impact to an organisation.
This is achieved by factoring a number of operational loss forms associated with breaches and running a simulation to solve the most likely outcomes.
It’s for those who want something else than averages.
4
OBJECTIVESANALYZE OPERATIONAL ACTIVITIES
PRODUCE A DEFENDABLE RISK CALCULATION ON EXPECTEDIMPACT OF A BREACH
GIVE RECOMMENDATIONS BASED ON EXPERT OBSERVATIONS
HOW DOES IT WORKCUSTOMER’S UNIT
COSTSF-SECURE’S WORKSHOP
APPROACH
SIMULATED RESULTS
• Advanced quantification model• 3-point estimations• Insight on how an incident
leads to various forms of losses: • Productivity• Response• Replacement• Reputation• Revenue• Sanctions
Illustrated distribution of losses
Bounds, average, median
• Lost revenue from interruption• Lost business opportunities• IT work (internal/external)• Cyber incident response• Legal work• PR and marketing work• Customer support• Privacy expert (Privacy Officer)
SCOPEInformation asset or system
SIMULATOR
THE RESULT
BENEFITS
HOW MUCH IS AT STAKE?
ENABLE INFORMED CYBER RISK DECISIONS
HOW MUCH SHOULD WE SPEND IN CYBER INSURANCES
OR INVEST?
JUSTIFY CYBER SECURITY SPENDING
HOW DO GREEN, YELLOW AND RED RISKS ADD TO
EUROS?
IMPROVE QUALITY OF
RISK REPORTING
LOSSESWHAT TO EXPECT FROM A BREACH?
Identify what has happened and who
should be involved in responding.
Investigate what has happened and if it is still happening, run crisis management,
initiate recovery.
Restore the IT services and data,
prevent new hacks, communicate,
resume business.
Document the incident, adjust
plans and controls, prepare for sanctions.
AFTERMATHRECOVERYCONTAINMENTIDENTIFICATIONDETECTION
ACTIVITY AFTER BREACH
DAMAGES
REPUTATION
DOES REQUIRE
RESPONSE
EXPOSES TO
SANCTIONS
MIGHT CALL FOR A
REPLACEMENT
DEGRADES
PRODUCTIVITY
HURTS
REVENUE
A BREACH
DELIVERYTHE WAY TO RESULTS
DELIVERY STEPS
ADDITIONALINFORMATION
KICK-OFF WORKSHOP PRESENTING THE RESULTS
Presenting CBIQ method
Presenting the target
Deciding who will be invited to the workshop
C-level executives (CRO, CIO), Asset owners/managers, CISO
Information needed to ensure accuracy of the simulations
Customer provides as agreed
Interviews with relevant stakeholders
Business, Legal, Comms, Customer service, IT, Infosec
f-secure.com