CONFIDENTIAL: For Seminar Attendees Only 1 · ©2020 Verisk Analytics, Inc. CONFIDENTIAL: For...
Transcript of CONFIDENTIAL: For Seminar Attendees Only 1 · ©2020 Verisk Analytics, Inc. CONFIDENTIAL: For...
1©2020 Verisk Analytics, Inc. 1CONFIDENTIAL: For Seminar Attendees Only
2©2020 Verisk Analytics, Inc. 2CONFIDENTIAL: For Seminar Attendees Only
The Next Frontier of
Cyber Modeling
Scott Stransky Vijay RamanPamela Eck
3©2020 Verisk Analytics, Inc. 3CONFIDENTIAL: For Seminar Attendees Only
Agenda
Recent Cyber Events
Individual Risk Events Still Drive the Majority of Claims
Systemic Ransomware
Aggregation Beyond the Cloud
Cyber as a Peril (aka Silent Cyber)
Cyber Modeling Platform – Key Enhancements
4©2020 Verisk Analytics, Inc. 4CONFIDENTIAL: For Seminar Attendees Only
Recent Events: Marriott and Continued Data
Breaches
Estimated insurance loss: USD 350 million
5©2020 Verisk Analytics, Inc. 5CONFIDENTIAL: For Seminar Attendees Only
Recent Events: Norsk Hydro and the Targeted
Ransomware
Estimated insurance loss: GBP 75 million
6©2020 Verisk Analytics, Inc. 6CONFIDENTIAL: For Seminar Attendees Only
Recent Events: NotPetya and the Rise of
Systemic Ransomware
Estimated insurance loss: USD 320 million(to traditional affirmative
cyber policies)
7©2020 Verisk Analytics, Inc. 7CONFIDENTIAL: For Seminar Attendees Only
Cyber Regulatory Environment Is Ramping Up
Source: enforcementtracker.com
GDPR fines Continue to Ramp Up New regulations in the U.S.
month
Am
ou
nt
of
Fin
es
(Eu
ros)
month
Co
un
ts o
f fin
es
Counts of fines
8©2020 Verisk Analytics, Inc. 8CONFIDENTIAL: For Seminar Attendees Only
Individual Risk Events Still
Drive the Majority of
Claims
9©2020 Verisk Analytics, Inc. 9CONFIDENTIAL: For Seminar Attendees Only
Business Interruption
By Country Frequency
Predictors by Attack
Vector
Correlation by Attack
Vector
Individual Risk Modeling: The Next Generation
of Data Compromise
10©2020 Verisk Analytics, Inc. 10CONFIDENTIAL: For Seminar Attendees Only
Business Interruption Continues to Drive Losses
11©2020 Verisk Analytics, Inc. 11CONFIDENTIAL: For Seminar Attendees Only
Costs of Data Compromises Vary by Country
Source: IBM/Ponemon
12©2020 Verisk Analytics, Inc. 12CONFIDENTIAL: For Seminar Attendees Only
Different Predictors for Different Modes of Attack
Machine learning helps us understand which potential cyber predictors lead to incidents
Separate predictors for each attack vector scenario
13©2020 Verisk Analytics, Inc. 13CONFIDENTIAL: For Seminar Attendees Only
Data Compromise Correlation: The Impact of
a Common Vulnerability Being Exploited
The Local Bakery The Food truck The Coffee Shop
Correlation specific to each attack vector – lost device events have no
correlation, while phishing has stronger correlation
14©2020 Verisk Analytics, Inc. 14CONFIDENTIAL: For Seminar Attendees Only
Understanding Risk from
Systemic Ransomware
15©2020 Verisk Analytics, Inc. 15CONFIDENTIAL: For Seminar Attendees Only
•Yes
•NoSystemic
•Windows
•Mac
•AndroidOperating system
•Ukraine
•Bosnia
•Etc.Geotargeting
•Trojan
•DatabaseDelivery mechanism
•Particular vulnerable programs (Adobe, Java, Flash, etc.)
•Does it destroy data or just encrypt it?
•Has the encryption already been broken?Other characteristics
Ransomware Science: Hierarchy of Ransomware
16©2020 Verisk Analytics, Inc. 16CONFIDENTIAL: For Seminar Attendees Only
Email Downloads MessagingVulnerability Exploitation
Ransomware Science: What Happens in a
Ransomware Event
Windows MAC Android Linux
Backups Scareware Compromised Encryption
Payment Destruction
De
live
ry
Me
tho
dO
pe
ratin
g
Syste
mR
em
ed
iatio
n
Typ
e
17©2020 Verisk Analytics, Inc. 17CONFIDENTIAL: For Seminar Attendees Only
Ransomware Modeling: The Stochastic Catalog
Point of aggregation
Infection rate
Severity (BI)
18©2020 Verisk Analytics, Inc. 18CONFIDENTIAL: For Seminar Attendees Only
Ransomware Modeling: Loss Calculation
0
0.2
0.4
0.6
0.8
1
0 1 2 3 4 5 6
Day
BI cost experienced
SMB V1 Vulnerable Computers (2017): 1 billion
NotPeyta impacts: 12.5K devices
Infection rate: 1/80,000
19©2020 Verisk Analytics, Inc. 19CONFIDENTIAL: For Seminar Attendees Only
Aggregation
Beyond the Cloud
20©2020 Verisk Analytics, Inc. 20CONFIDENTIAL: For Seminar Attendees Only
Manufacturers
Sources of Aggregation
Operating Systems
Browsers
DNS
CDN
Cloud
Email Payment Processors
ISPInfrastructure providers
VPN Providers
Managed Services
Ad
SSL Certificates
…are numerous!
21©2020 Verisk Analytics, Inc. 21CONFIDENTIAL: For Seminar Attendees Only
Manufacturers
Sources of Aggregation
Operating Systems
Browsers
DNS
CDN
Cloud
How severe would an event be?
Payment Processors
ISPInfrastructure providers
VPN Providers
Managed Services
Ad
SSL Certificates
22©2020 Verisk Analytics, Inc. 22CONFIDENTIAL: For Seminar Attendees Only
Manufacturers
Sources of Aggregation
Operating Systems
Browsers
DNS
CDN
Cloud
How frequent would an event be?
ISPInfrastructure providers
Managed Services
SSL Certificates
23©2020 Verisk Analytics, Inc. 23CONFIDENTIAL: For Seminar Attendees Only
Sources of Aggregation
Browsers
DNS
CDN
Cloud
ISPInfrastructure providers
How much aggregation would the event have?
Managed Services
24©2020 Verisk Analytics, Inc. 24CONFIDENTIAL: For Seminar Attendees Only
Sources of Aggregation
CDN
Cloud
DNS
Infrastructure providersISP
What’s left?
25©2020 Verisk Analytics, Inc. 25CONFIDENTIAL: For Seminar Attendees Only
Email Provider Model
26©2020 Verisk Analytics, Inc. 26CONFIDENTIAL: For Seminar Attendees Only
How Does a Content Delivery Network (CDN) Work?
Original server
CDN server
User
27©2020 Verisk Analytics, Inc. 27CONFIDENTIAL: For Seminar Attendees Only
How Do DNS, CDN, and Cloud Work Together?
User
Dynamic Content
Routed to nearest Edge Location
Region of the
Cloud
CDN
28©2020 Verisk Analytics, Inc. 28CONFIDENTIAL: For Seminar Attendees Only
Cyber as a Peril (aka
Silent Cyber)
29©2020 Verisk Analytics, Inc. 29CONFIDENTIAL: For Seminar Attendees Only
Silent Cyber: The Continually Evolving Definition
Cyber
Event
30©2020 Verisk Analytics, Inc. 30CONFIDENTIAL: For Seminar Attendees Only
What Modeling Solutions Are Currently Available?
Dep
th
Breadth
Blackout
*NEW*
Commercial
Fire
31©2020 Verisk Analytics, Inc. 31CONFIDENTIAL: For Seminar Attendees Only
Overview of the Commercial Fire Model
Fire/No Fire
Damage Function
Fire Alarm Control Panel
Building Characteristics P-factor
σ𝑆𝑐𝑒𝑛𝑎𝑟𝑖𝑜 𝑁𝑢𝑚𝑏𝑒𝑟 (1 - 8)
33©2020 Verisk Analytics, Inc. 33CONFIDENTIAL: For Seminar Attendees Only
What Modeling Solutions Are Coming Soon?
Dep
th
Breadth
Blackout
*NEW*
Commercial
Fire
Area of Focus
34©2020 Verisk Analytics, Inc. 34CONFIDENTIAL: For Seminar Attendees Only
Cyber Risk Continues to Evolve
Bad actors are a step ahead
Business interruption continues to be a driver of major losses
Systemic ransomware is a concern
Aggregation risk extends beyond the cloud
Cyber as a peril is here to stay
35©2020 Verisk Analytics, Inc. 35CONFIDENTIAL: For Seminar Attendees Only
Cyber Risk Modeling
Platform: Analytics of Risk
from Cyber (ARC)
36©2020 Verisk Analytics, Inc. 36CONFIDENTIAL: For Seminar Attendees Only
The Cyber Risk Modeling Platform
Flexibility and Transparency
Comprehensive Risk Modeling
Cyber Risk Data Augmentation
37©2020 Verisk Analytics, Inc. 37CONFIDENTIAL: For Seminar Attendees Only
Manage Your Cyber Risk Program from Start to Finish
Verisk Cyber Data Standard
Includes Cyber Exposure Database
Includes technographic and firmographic data
User Data Management Data Enhancement
AnalyticsReporting
38©2020 Verisk Analytics, Inc. 38CONFIDENTIAL: For Seminar Attendees Only
What’s Inside Our Cyber Risk Platform Today?C
yb
er
Da
ta S
ou
rce
s
Server and Database
Cyber Analytics
Loss Engine
Monitoring and
Reporting
User Interface
Probabilistic Loss Analytics
Deterministic Loss Analytics
Scenarios
Cyber Analytics
Industry Exposure Database (IED)
Data Import and Validation
Matching Algorithms for Augmentation
Exposure Data management
Selective Backfilling
39©2020 Verisk Analytics, Inc. 39CONFIDENTIAL: For Seminar Attendees Only
Roadmap and Key
Enhancements
40©2020 Verisk Analytics, Inc. 40CONFIDENTIAL: For Seminar Attendees Only
A Comprehensive Roadmap Ahead
Workflow Enhancements(Web based Interface)
Loss Reporting by Coverages(Enhanced Financial Modeling for support
up to 14 business coverages)
Loss Breakdown by Attack Vectors(Single Risk Ransomware, Phishing, Physical
Tampering etc.)
Public API Support(Loss Analysis workflow support via RESTful
API’s)
Systemic Ransomware(Using Market Share Data)
Systemic Ransomware(Using Detailed Data)
Global Industry Exposure
Database(Support for 300M+ organizations)
Complete Aggregation Models(Complete aggregation support for new
scenarios with catalogs)
Enhanced Individual Risk
Models
(Enhanced GDPR, BI losses & attack
vector correlation)
Summer 2020 (v3.0) Q1 2021 (v4.0)
Reinsurance Policy Workflows (Support for Single Risk & CAT Treaty)
Cyber-as-a-Peril(Ability to analyze affirmative & silent
cyber exposure for Property, D&O, E&O and other Lines)
Q4 2021 (v5.0)
41©2020 Verisk Analytics, Inc. 41CONFIDENTIAL: For Seminar Attendees Only
You Will Experience Rich Configurable Graphics
Upload Exposures Validate Exposures Configure workflows for company match & data enhancements
Run Loss Analytics
Exposure Summary Dashboard Loss Metrics Dashboard Workflow Manager
42©2020 Verisk Analytics, Inc. 42CONFIDENTIAL: For Seminar Attendees Only
Leveraging Cloud-Native Platform Services
Application UI and API’s
Loss Analytics
Data Management
Cloud Data
Platform Services
Functions
Clo
ud
Pla
tfo
rm S
erv
ice
s
• Identity management
• API management
• Serverless processing
• Batch processing
• Data Warehousing as
Service (DWaaS)
• BI & reporting
Cloud Services
Elastic Auto-Scaling
ARC Platform (Servers and DB)
AIR Cloud /Public Cloud
43©2020 Verisk Analytics, Inc. 43CONFIDENTIAL: For Seminar Attendees Only
Providing You With the Most Comprehensive
View of Your Cyber Risk
44©2020 Verisk Analytics, Inc. 44CONFIDENTIAL: For Seminar Attendees Only