Leveraging AI in Cybersecurity Risk Modeling & Mitigation


Christopher Novak
Director, Threat Advisory Research
Verizon Wireless

Introduction

Originally, there was a poor understanding of why cyber breaches were happening. In the early 2000s, Verizon began developing standardized methodology for describing breach incidents. This helped to prioritize which breaches were most troubling or urgent.

Challenge: most businesses have limited budgets, resources, and technology that would be needed to effectively deal with breaches. 

What is needed: the ability to build a strategic plan for predictive elements. 

Bottom line: we want to get better at figuring out when and where a security breach is likely to happen.

Watch Christopher Novak’s full presentation here

Training the modeling with real-world data

To achieve results, Verizon invited expert collaborators to do the necessary research. One of the initial goals was not to present this project as a marketing or sales tool, but rather a project based on real knowledge. 

All the data published in the resulting reports is based on actual evidence, from hundreds of thousands of breach incidents. The project gathered hundreds of thousands of metrics about every single breach. 

Note: none of this is survey-based. Verizon needed to be sure that the data was concrete/rock solid. In other words, apples-to-apples comparisons. 

Unique sources of cybersecurity threat intelligence

Verizon doesn’t get its data only from its own breaches. It also looks to breaches found in other organizations: financial services, retail, transportation, hospitality, energy utilities, manufacturing, healthcare and others. 

Also, Verizon is a giant Internet service provider (ISP). Analytics can be performed on the data it carries in order to look for threats and risks. This also can feed into its overall data pool. 

The nine incident classification patterns

After reviewing and researching hundreds of thousands of incidents, information was broken down and analyzed. 

90 percent of all the incidents in the entire data set fit into one of these nine breach-type categories:

  • Point of sale intrusions
  • Web app attacks
  • Insider misuse
  • Physical theft/loss
  • Misc. errors
  • Crimeware
  • Card skimmers
  • Denial-of-service attacks 
  • Cyber espionage
  • Everything else

Who (and where) are the threat actors?

One of the most common questions asked: is the threat coming from the inside or the outside? The difference is fairly stark. 

Not all breaches are the same. Most insiders already have insider access, or put another way, the “keys to the kingdom.”

Most of the breaches seen in this research are inside actors exploiting the access that they’ve already been granted. Behavioral patterns are assessed for analytics and predictions. 

External actors can be anyone from organized crime to a nation state. 

Dollar impact of internal vs. external threat actors

  • external threat actor incidents sometimes go on for weeks, months and even years before the victim identifies it. 
  • internal threats tend to be lower and slower. It all depends on the kind of data you’re dealing with. 

Threat actions include: 

  • Hacking 
  • Malware

Key takeaway: securing against an insider is dramatically different from securing against an outsider. 

From this data, Verizon created a risk report.

How do you take this data and make it relevant? How do you predict the likelihood of certain breaches? 

  • There is no perfect solution. The data is honed on a daily basis to try to get it better and closer to reality. It’s based on the large quantities of data that feeds into it. 
  • That data is scored so that companies can understand where they stand in terms of the threats and risks that they face. Issues can be carved out by industry, sector, size, geography, and the systems being used. 

Three perspectives in the report:

Outside-in view (this is the easiest of the three). Looking at the surface of what can be seen about the organization. 

Inside-out view: hooking into tools within the inside of the organization and collecting metrics.  The goal is to discover how they compare to other companies that have data collected by Verizon. This view gives a deeper granularity of what that organization looks like. 

Culture and process: a lot of these breaches are not just about gaps in technology. Organizations often become overwhelmed and buy so much technology that they don’t know how to use it. That could be more problematic than beneficial. It can also present new and different types of exposures. Usually, people are a big component of the problem. It’s often about human error (example: somebody didn’t close a port on a firewall). Therefore, questions must be asked: how effective is the company policy? Is there a gap that could lead to breaches? A lot of people tend to not report unusual activity, thinking that it’s just IT working, or that IT is already on top of it. 

Note: breaches have a really long tail in terms of costs. You’re spending massive amounts of money on incident response, legal support, PR, and crisis communications — usually within those first six months to a year, but it can go on even longer. 

Bottom line: take all of this data, map it out, and let it allow you to make predictions of a breach. The program is fed with real data where actual breaches have occurred. It continues to evolve.


Tags   •   Cybersecurity

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Leon Jackson

I got this web site from my friend who told me about this web page and
now this time I am visiting this web site and reading very informative posts at this
time.

Related Posts

Recent Posts

COVID-19 Curfew and Social Distancing Enforcement using AI enabled Drones - https://youtu.be/A41BASN9TA8 Amarjot Singh, PhDFounder & CEOSkyLark Labs LLC The SARS-CoV-2(also known as COVID-19 or Novel Corona Virus) infectious outbreak has rapidly…
“Ask Me Anything” with Roboticist & Program Lead of Racing Vehicles at General Motors - Harish SkumarRoboticist & Program Lead of Racing Vehicles General Motors Ai4 recently hosted an “Ask Me Anything” session with Harish…
Bottlenecks in Supply Chains & How AI Can Help - During this panel, industry experts (showed above) discussed the impact of COVID-19 on AI on Supply Chains. We’ve included a…
How COVID-19 is Impacting the State of AI in Supply Chains - During this panel, industry experts (showed above) discussed the impact of COVID-19 on AI on Supply Chains. We’ve included a…
How COVID-19 is Impacting the State of AI in Investment Management - On this panel, industry experts (listed above) discussed the impact of COVID-19 on AI on Investment Management. We've included a…
The State of AI in Investment Management - On this panel, industry experts (listed above) discussed the affects of AI on Investment Management. We've included a short transcription…
The State of AI in Banking - On this panel, industry experts (listed above) discussed what they are most excited about in AI in Banking. We've included…
How COVID-19 is Impacting the State of AI in Banking - On this panel, industry experts (listed above) discussed The State of AI in Banking and how COVID-19 is affecting it.…
The Ethics of AI: Who will be Responsible for the Decisions of AI Applications? - Ayodele Odubela Data Scientist SambaSafety One of the issues often debated in AI as it regards to ethics is who…
“Ask Me Anything” with Krzysztof Geras, PhD - Krzysztof Geras Assistant Professor NYU Department of Radiology Ai4's recently hosted an "Ask Me Anything" session with one of our…

Popular Posts

Does Healthcare AI Meet Basic Ethics Principles? - Ingrid Vasiliu-Feltes Chief Quality and Innovation Officer MEDNAX, Health Solutions Partner Over the past decade we have noticed an exponential…
AI/ML in Investment and Risk Management: Recent Applications, Use Cases, and Implementation Challenges - Arvind Rajan Managing Director - Head of Global & Macro PGIM Fixed Income Introduction Investing is a completely different ballgame…
Top AI Conferences - Interested in learning the latest in AI this year? We’ve compiled a list of the top artificial intelligence conferences in…
Artificial Intelligence & Cybersecurity: Math Not Magic - Wayne Chung CTO FBI Introduction The field of cybersecurity has slowly progressed from an art to a science. It has…
Machine Learning for Pricing and Inventory Optimization @ Macy’s - Jolene Mork Senior Data Scientist Macy's Iain Stitt Data Scientist Macy's Bhagyesh Phanse VP, Data Science Macy's Overview In this…
“Ask Me Anything” with Zappos’s Head of AI/ML Research & Platforms, Ameen Kazerouni - Ameen Kazerouni Head of AI/ML Research & Platforms Zappos Family of Companies Ai4 recently hosted an "Ask Me Anything" session…
Advancements at Siemens Healthineers in AI for Medical Imaging - Bimba Rao Head of Global Artificial Intelligence Engineering Siemens Healthineers Ultrasound Siemens Healthineers background  Siemens Healthineers builds healthcare products and…
Leveraging AI in Cybersecurity Risk Modeling & Mitigation - Christopher Novak Director, Threat Advisory Research Verizon Wireless Introduction Originally, there was a poor understanding of why cyber breaches were…
An Ensemble Approach to Predict Default Risk in Stress Testing - Yun Zheng VP of Innovation & Global Risk Analytics HSBC Overview This presentation discussed the importance of performing stress tests…
Machine Learning and Artificial Intelligence in Banking - Artit "Art" Wangperawong Distinguished Engineer US Bank Introduction Every company’s AI journey is different. We’re all trying to figure out…