Leveraging AI in Cybersecurity Risk Modeling & Mitigation


Christopher Novak
Director, Threat Advisory Research
Verizon Wireless

Introduction

Originally, there was a poor understanding of why cyber breaches were happening. In the early 2000s, Verizon began developing standardized methodology for describing breach incidents. This helped to prioritize which breaches were most troubling or urgent.

Challenge: most businesses have limited budgets, resources, and technology that would be needed to effectively deal with breaches. 

What is needed: the ability to build a strategic plan for predictive elements. 

Bottom line: we want to get better at figuring out when and where a security breach is likely to happen.

Watch Christopher Novak’s full presentation here

Training the modeling with real-world data

To achieve results, Verizon invited expert collaborators to do the necessary research. One of the initial goals was not to present this project as a marketing or sales tool, but rather a project based on real knowledge. 

All the data published in the resulting reports is based on actual evidence, from hundreds of thousands of breach incidents. The project gathered hundreds of thousands of metrics about every single breach. 

Note: none of this is survey-based. Verizon needed to be sure that the data was concrete/rock solid. In other words, apples-to-apples comparisons. 

Unique sources of cybersecurity threat intelligence

Verizon doesn’t get its data only from its own breaches. It also looks to breaches found in other organizations: financial services, retail, transportation, hospitality, energy utilities, manufacturing, healthcare and others. 

Also, Verizon is a giant Internet service provider (ISP). Analytics can be performed on the data it carries in order to look for threats and risks. This also can feed into its overall data pool. 

The nine incident classification patterns

After reviewing and researching hundreds of thousands of incidents, information was broken down and analyzed. 

90 percent of all the incidents in the entire data set fit into one of these nine breach-type categories:

  • Point of sale intrusions
  • Web app attacks
  • Insider misuse
  • Physical theft/loss
  • Misc. errors
  • Crimeware
  • Card skimmers
  • Denial-of-service attacks 
  • Cyber espionage
  • Everything else

Who (and where) are the threat actors?

One of the most common questions asked: is the threat coming from the inside or the outside? The difference is fairly stark. 

Not all breaches are the same. Most insiders already have insider access, or put another way, the “keys to the kingdom.”

Most of the breaches seen in this research are inside actors exploiting the access that they’ve already been granted. Behavioral patterns are assessed for analytics and predictions. 

External actors can be anyone from organized crime to a nation state. 

Dollar impact of internal vs. external threat actors

  • external threat actor incidents sometimes go on for weeks, months and even years before the victim identifies it. 
  • internal threats tend to be lower and slower. It all depends on the kind of data you’re dealing with. 

Threat actions include: 

  • Hacking 
  • Malware

Key takeaway: securing against an insider is dramatically different from securing against an outsider. 

From this data, Verizon created a risk report.

How do you take this data and make it relevant? How do you predict the likelihood of certain breaches? 

  • There is no perfect solution. The data is honed on a daily basis to try to get it better and closer to reality. It’s based on the large quantities of data that feeds into it. 
  • That data is scored so that companies can understand where they stand in terms of the threats and risks that they face. Issues can be carved out by industry, sector, size, geography, and the systems being used. 

Three perspectives in the report:

Outside-in view (this is the easiest of the three). Looking at the surface of what can be seen about the organization. 

Inside-out view: hooking into tools within the inside of the organization and collecting metrics.  The goal is to discover how they compare to other companies that have data collected by Verizon. This view gives a deeper granularity of what that organization looks like. 

Culture and process: a lot of these breaches are not just about gaps in technology. Organizations often become overwhelmed and buy so much technology that they don’t know how to use it. That could be more problematic than beneficial. It can also present new and different types of exposures. Usually, people are a big component of the problem. It’s often about human error (example: somebody didn’t close a port on a firewall). Therefore, questions must be asked: how effective is the company policy? Is there a gap that could lead to breaches? A lot of people tend to not report unusual activity, thinking that it’s just IT working, or that IT is already on top of it. 

Note: breaches have a really long tail in terms of costs. You’re spending massive amounts of money on incident response, legal support, PR, and crisis communications — usually within those first six months to a year, but it can go on even longer. 

Bottom line: take all of this data, map it out, and let it allow you to make predictions of a breach. The program is fed with real data where actual breaches have occurred. It continues to evolve.


Tags   •   Cybersecurity

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Leon Jackson

I got this web site from my friend who told me about this web page and
now this time I am visiting this web site and reading very informative posts at this
time.

Related Posts

Recent Posts

Does Healthcare AI Meet Basic Ethics Principles? - Ingrid Vasiliu-Feltes Chief Quality and Innovation Officer MEDNAX, Health Solutions Partner Over the past decade we have noticed an exponential…
“Ask Me Anything” with Zappos’s Head of AI/ML Research & Platforms, Ameen Kazerouni - Ameen Kazerouni Head of AI/ML Research & Platforms Zappos Family of Companies Ai4 recently hosted an "Ask Me Anything" session…
Top AI Conferences - Interested in learning the latest in AI this year? We’ve compiled a list of the top artificial intelligence conferences in…
Securing Personal Data for AI/ML Computing in the Cloud - Serge Vilvovsky Cybersecurity & Big Data Engineer MIT Startup Exchange Overview In this presentation, Serge Vilvovsky, a Cyber Security and…
Secure Your Code Via AI - Eliezer Kanal Technical Manager, Cyber Security Foundations, CERT Division Carnegie Mellon University Software Engineering Institute Introduction In this presentation Eliezer…
Leveraging AI in Cybersecurity Risk Modeling & Mitigation - Christopher Novak Director, Threat Advisory Research Verizon Wireless Introduction Originally, there was a poor understanding of why cyber breaches were…
Using AI to Build More Secure Software - Mark Sherman Technical Director, Cyber Security Foundations, CERT Division Carnegie Mellon University Software Engineering Institute Introduction MITRE's Common Vulnerabilities and…
Artificial Intelligence & Cybersecurity: Math Not Magic - Wayne Chung CTO FBI Introduction The field of cybersecurity has slowly progressed from an art to a science. It has…
Life Hacks for Thrilling the Customer with Your Data Science Technical Summary Products - Anne Lifton Manager of Data Science Nordstrom Overview Anne Lifton is a Manager of Data Science at Nordstrom and in…
Machine Learning for Pricing and Inventory Optimization @ Macy’s - Jolene Mork Senior Data Scientist Macy's Iain Stitt Data Scientist Macy's Bhagyesh Phanse VP, Data Science Macy's Overview In this…

Popular Posts

Leveraging AI in Cybersecurity Risk Modeling & Mitigation - Christopher Novak Director, Threat Advisory Research Verizon Wireless Introduction Originally, there was a poor understanding of why cyber breaches were…
Machine Learning for Pricing and Inventory Optimization @ Macy’s - Jolene Mork Senior Data Scientist Macy's Iain Stitt Data Scientist Macy's Bhagyesh Phanse VP, Data Science Macy's Overview In this…
Machine Learning and Artificial Intelligence in Banking - Artit "Art" Wangperawong Distinguished Engineer US Bank Introduction Every company’s AI journey is different. We’re all trying to figure out…
Convergent AI in Reducing Overdiagnosis, Overtreatment, and Misdiagnosis - Stephen Wong Chief Research Information Officer & Chair Professor Houston Methodist The current healthcare situation:  High-cost/low-quality healthcare is now a…
Figuring Out Applied ML: Building Frameworks and Teams to Operationalize ML at Scale - Dr. Nels Lindahl Director of Clinical Systems CVS Health How do you operationalize machine learning at scale? How do you…
The Autonomous Pharmacy: Applying AI and ML to Medication Management Across the Care Continuum - Ken Perez VP of Healthcare Policy Omnicell, Inc. Ken applies artificial intelligence (AI) and machine learning (ML) solutions to medication…
Unleashing the Power of AI on R&D: The Potential, The Pitfalls, The Progress - Dr. Jim Weatherall VP, Data Science & AI Astrazeneca R&D Intro to AstraZeneca R&D Here we see an end-to-end case…
Advancements at Siemens Healthineers in AI for Medical Imaging - Bimba Rao Head of Global Artificial Intelligence Engineering Siemens Healthineers Ultrasound Siemens Healthineers background  Siemens Healthineers builds healthcare products and…
What AI Will Bring to Medicine and Why Human Experts Are Here to Stay - Hakima Ibaroudene Group Leader - Research & Development Southwest Research Institute Overview Hakima Ibaroudene discusses how she and her team…
Does Healthcare AI Meet Basic Ethics Principles? - Ingrid Vasiliu-Feltes Chief Quality and Innovation Officer MEDNAX, Health Solutions Partner Over the past decade we have noticed an exponential…