Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk,...
Transcript of Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk,...
![Page 1: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/1.jpg)
CYBER BREACHIMPACT
QUANTIFICATION
![Page 2: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/2.jpg)
CYBER SECURITY IS A PROCESS
Understand your risk, know your attack surface,
uncover weak spots
React to breaches,mitigate the damage,
analyze and learn
Minimize attack surface, prevent incidents
Recognize incidents and threats, isolate and
contain them
![Page 3: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/3.jpg)
$4 MILLION
According to a study by IBM in 2016: http://www-03.ibm.com/security/data-breach/
AVERAGE COST OF DATA BREACH?
![Page 4: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/4.jpg)
WHAT IS CBIQ?
CBIQ is a service that quantifies the cost of a cyber breach impact to an organisation.
This is achieved by factoring a number of operational loss forms associated with breaches and running a simulation to solve the most likely outcomes.
It’s for those who want something else than averages.
4
![Page 5: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/5.jpg)
OBJECTIVESANALYZE OPERATIONAL ACTIVITIES
PRODUCE A DEFENDABLE RISK CALCULATION ON EXPECTEDIMPACT OF A BREACH
GIVE RECOMMENDATIONS BASED ON EXPERT OBSERVATIONS
![Page 6: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/6.jpg)
HOW DOES IT WORKCUSTOMER’S UNIT
COSTSF-SECURE’S WORKSHOP
APPROACH
SIMULATED RESULTS
• Advanced quantification model• 3-point estimations• Insight on how an incident
leads to various forms of losses: • Productivity• Response• Replacement• Reputation• Revenue• Sanctions
Illustrated distribution of losses
Bounds, average, median
• Lost revenue from interruption• Lost business opportunities• IT work (internal/external)• Cyber incident response• Legal work• PR and marketing work• Customer support• Privacy expert (Privacy Officer)
SCOPEInformation asset or system
SIMULATOR
![Page 7: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/7.jpg)
THE RESULT
![Page 8: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/8.jpg)
BENEFITS
HOW MUCH IS AT STAKE?
ENABLE INFORMED CYBER RISK DECISIONS
HOW MUCH SHOULD WE SPEND IN CYBER INSURANCES
OR INVEST?
JUSTIFY CYBER SECURITY SPENDING
HOW DO GREEN, YELLOW AND RED RISKS ADD TO
EUROS?
IMPROVE QUALITY OF
RISK REPORTING
![Page 9: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/9.jpg)
LOSSESWHAT TO EXPECT FROM A BREACH?
![Page 10: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/10.jpg)
Identify what has happened and who
should be involved in responding.
Investigate what has happened and if it is still happening, run crisis management,
initiate recovery.
Restore the IT services and data,
prevent new hacks, communicate,
resume business.
Document the incident, adjust
plans and controls, prepare for sanctions.
AFTERMATHRECOVERYCONTAINMENTIDENTIFICATIONDETECTION
ACTIVITY AFTER BREACH
![Page 11: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/11.jpg)
DAMAGES
REPUTATION
DOES REQUIRE
RESPONSE
EXPOSES TO
SANCTIONS
MIGHT CALL FOR A
REPLACEMENT
DEGRADES
PRODUCTIVITY
HURTS
REVENUE
A BREACH
![Page 12: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/12.jpg)
DELIVERYTHE WAY TO RESULTS
![Page 13: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/13.jpg)
DELIVERY STEPS
ADDITIONALINFORMATION
KICK-OFF WORKSHOP PRESENTING THE RESULTS
Presenting CBIQ method
Presenting the target
Deciding who will be invited to the workshop
C-level executives (CRO, CIO), Asset owners/managers, CISO
Information needed to ensure accuracy of the simulations
Customer provides as agreed
Interviews with relevant stakeholders
Business, Legal, Comms, Customer service, IT, Infosec
![Page 15: Cyber Breach Impact Quantification - F-Secure...CYBER SECURITY IS A PROCESS Understand your risk, know your attack surface, uncover weak spots React to breaches, mitigate the damage,](https://reader034.fdocuments.net/reader034/viewer/2022050417/5f8d6c49e433151f236879b0/html5/thumbnails/15.jpg)
f-secure.com