Leveraging AI in Cybersecurity Risk Modeling & Mitigation


Christopher Novak
Director, Threat Advisory Research
Verizon Wireless

Introduction

Originally, there was a poor understanding of why cyber breaches were happening. In the early 2000s, Verizon began developing standardized methodology for describing breach incidents. This helped to prioritize which breaches were most troubling or urgent.

Challenge: most businesses have limited budgets, resources, and technology that would be needed to effectively deal with breaches. 

What is needed: the ability to build a strategic plan for predictive elements. 

Bottom line: we want to get better at figuring out when and where a security breach is likely to happen.

Watch Christopher Novak’s full presentation here

Training the modeling with real-world data

To achieve results, Verizon invited expert collaborators to do the necessary research. One of the initial goals was not to present this project as a marketing or sales tool, but rather a project based on real knowledge. 

All the data published in the resulting reports is based on actual evidence, from hundreds of thousands of breach incidents. The project gathered hundreds of thousands of metrics about every single breach. 

Note: none of this is survey-based. Verizon needed to be sure that the data was concrete/rock solid. In other words, apples-to-apples comparisons. 

Unique sources of cybersecurity threat intelligence

Verizon doesn’t get its data only from its own breaches. It also looks to breaches found in other organizations: financial services, retail, transportation, hospitality, energy utilities, manufacturing, healthcare and others. 

Also, Verizon is a giant Internet service provider (ISP). Analytics can be performed on the data it carries in order to look for threats and risks. This also can feed into its overall data pool. 

The nine incident classification patterns

After reviewing and researching hundreds of thousands of incidents, information was broken down and analyzed. 

90 percent of all the incidents in the entire data set fit into one of these nine breach-type categories:

  • Point of sale intrusions
  • Web app attacks
  • Insider misuse
  • Physical theft/loss
  • Misc. errors
  • Crimeware
  • Card skimmers
  • Denial-of-service attacks 
  • Cyber espionage
  • Everything else

Who (and where) are the threat actors?

One of the most common questions asked: is the threat coming from the inside or the outside? The difference is fairly stark. 

Not all breaches are the same. Most insiders already have insider access, or put another way, the “keys to the kingdom.”

Most of the breaches seen in this research are inside actors exploiting the access that they’ve already been granted. Behavioral patterns are assessed for analytics and predictions. 

External actors can be anyone from organized crime to a nation state. 

Dollar impact of internal vs. external threat actors

  • external threat actor incidents sometimes go on for weeks, months and even years before the victim identifies it. 
  • internal threats tend to be lower and slower. It all depends on the kind of data you’re dealing with. 

Threat actions include: 

  • Hacking 
  • Malware

Key takeaway: securing against an insider is dramatically different from securing against an outsider. 

From this data, Verizon created a risk report.

How do you take this data and make it relevant? How do you predict the likelihood of certain breaches? 

  • There is no perfect solution. The data is honed on a daily basis to try to get it better and closer to reality. It’s based on the large quantities of data that feeds into it. 
  • That data is scored so that companies can understand where they stand in terms of the threats and risks that they face. Issues can be carved out by industry, sector, size, geography, and the systems being used. 

Three perspectives in the report:

Outside-in view (this is the easiest of the three). Looking at the surface of what can be seen about the organization. 

Inside-out view: hooking into tools within the inside of the organization and collecting metrics.  The goal is to discover how they compare to other companies that have data collected by Verizon. This view gives a deeper granularity of what that organization looks like. 

Culture and process: a lot of these breaches are not just about gaps in technology. Organizations often become overwhelmed and buy so much technology that they don’t know how to use it. That could be more problematic than beneficial. It can also present new and different types of exposures. Usually, people are a big component of the problem. It’s often about human error (example: somebody didn’t close a port on a firewall). Therefore, questions must be asked: how effective is the company policy? Is there a gap that could lead to breaches? A lot of people tend to not report unusual activity, thinking that it’s just IT working, or that IT is already on top of it. 

Note: breaches have a really long tail in terms of costs. You’re spending massive amounts of money on incident response, legal support, PR, and crisis communications — usually within those first six months to a year, but it can go on even longer. 

Bottom line: take all of this data, map it out, and let it allow you to make predictions of a breach. The program is fed with real data where actual breaches have occurred. It continues to evolve.


Tags   •   Cybersecurity

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Leon Jackson

I got this web site from my friend who told me about this web page and
now this time I am visiting this web site and reading very informative posts at this
time.

Related Posts

Recent Posts

How AI is Revolutionizing Education -   Artificial intelligence has become increasingly relevant in a number of major industries. We read a lot about how it’s…
Three Amazing Ways AI is Revolutionizing Healthcare - It may not seem like it was too long ago when the idea of artificial intelligence playing a major role…
How 5G is Going to Impact AI in Automation Within Telecom - During this webinar, an industry expert discussed how an automation project comes to life from the initial business problem through…
How Automation Projects Come to Life in Telecom - During this webinar, an industry expert discussed how an automation project comes to life from the initial business problem through…
The Future of AI in Marketing - During this webinar, industry experts discussed where AI in marketing was heading in the future. We’ve included a short transcription…
How AI Has Changed Marketing - During this webinar, industry experts discussed how AI has changed the marketing industry. We’ve included a short transcription of the…
Key Takeaways From Ai4 2020 - Artificial Intelligence Creates the Demand of Innovation, Autonomy, and Personalization Amidst a Crisis There is a seemingly quiet, yet enormous…
Computer Vision Versus Other ML Projects - During this webinar, industry experts discussed computer vision projects versus other machine learning projects within an enterprise setting. We’ve included…
Computer Vision in the Enterprise - During this webinar, industry experts discussed if computer vision computer is commonplace within enterprises that have machine learning models in…
How AI is Enabling Banks to Provide a Better User Experience - During this webinar, industry experts discussed how AI is enabling banks to provide a better user experience for having both…

Popular Posts

Does Healthcare AI Meet Basic Ethics Principles? - Ingrid Vasiliu-Feltes Chief Quality and Innovation Officer MEDNAX, Health Solutions Partner Over the past decade we have noticed an exponential…
Machine Learning and Artificial Intelligence in Banking - Artit "Art" Wangperawong Distinguished Engineer US Bank Introduction Every company’s AI journey is different. We’re all trying to figure out…
Machine Learning for Pricing and Inventory Optimization @ Macy’s - Jolene Mork Senior Data Scientist Macy's Iain Stitt Data Scientist Macy's Bhagyesh Phanse VP, Data Science Macy's Overview In this…
Artificial Intelligence & Cybersecurity: Math Not Magic - Wayne Chung CTO FBI Introduction The field of cybersecurity has slowly progressed from an art to a science. It has…
AI/ML in Investment and Risk Management: Recent Applications, Use Cases, and Implementation Challenges - Arvind Rajan Managing Director - Head of Global & Macro PGIM Fixed Income Introduction Investing is a completely different ballgame…
Top AI Conferences - Interested in learning the latest in AI this year? We’ve compiled a list of the top artificial intelligence conferences in…
Machine Learning in Production: From Research to the Customer - Ameen Kazerouni Lead Data Scientist Zappos Overview In this presentation Ameen Kazerouni, the Lead Data Scientist at Zappos, walks through…
How COVID-19 is Impacting the State of AI in Banking - On this panel, industry experts (listed above) discussed The State of AI in Banking and how COVID-19 is affecting it.…
“Ask Me Anything” with Zappos’s Head of AI/ML Research & Platforms, Ameen Kazerouni - Ameen Kazerouni Head of AI/ML Research & Platforms Zappos Family of Companies Ai4 recently hosted an "Ask Me Anything" session…
The Autonomous Pharmacy: Applying AI and ML to Medication Management Across the Care Continuum - Ken Perez VP of Healthcare Policy Omnicell, Inc. Ken applies artificial intelligence (AI) and machine learning (ML) solutions to medication…