Leveraging AI in Cybersecurity Risk Modeling & Mitigation


Christopher Novak
Director, Threat Advisory Research
Verizon Wireless

Introduction

Originally, there was a poor understanding of why cyber breaches were happening. In the early 2000s, Verizon began developing standardized methodology for describing breach incidents. This helped to prioritize which breaches were most troubling or urgent.

Challenge: most businesses have limited budgets, resources, and technology that would be needed to effectively deal with breaches. 

What is needed: the ability to build a strategic plan for predictive elements. 

Bottom line: we want to get better at figuring out when and where a security breach is likely to happen.

Watch Christopher Novak’s full presentation here

Training the modeling with real-world data

To achieve results, Verizon invited expert collaborators to do the necessary research. One of the initial goals was not to present this project as a marketing or sales tool, but rather a project based on real knowledge. 

All the data published in the resulting reports is based on actual evidence, from hundreds of thousands of breach incidents. The project gathered hundreds of thousands of metrics about every single breach. 

Note: none of this is survey-based. Verizon needed to be sure that the data was concrete/rock solid. In other words, apples-to-apples comparisons. 

Unique sources of cybersecurity threat intelligence

Verizon doesn’t get its data only from its own breaches. It also looks to breaches found in other organizations: financial services, retail, transportation, hospitality, energy utilities, manufacturing, healthcare and others. 

Also, Verizon is a giant Internet service provider (ISP). Analytics can be performed on the data it carries in order to look for threats and risks. This also can feed into its overall data pool. 

The nine incident classification patterns

After reviewing and researching hundreds of thousands of incidents, information was broken down and analyzed. 

90 percent of all the incidents in the entire data set fit into one of these nine breach-type categories:

  • Point of sale intrusions
  • Web app attacks
  • Insider misuse
  • Physical theft/loss
  • Misc. errors
  • Crimeware
  • Card skimmers
  • Denial-of-service attacks 
  • Cyber espionage
  • Everything else

Who (and where) are the threat actors?

One of the most common questions asked: is the threat coming from the inside or the outside? The difference is fairly stark. 

Not all breaches are the same. Most insiders already have insider access, or put another way, the “keys to the kingdom.”

Most of the breaches seen in this research are inside actors exploiting the access that they’ve already been granted. Behavioral patterns are assessed for analytics and predictions. 

External actors can be anyone from organized crime to a nation state. 

Dollar impact of internal vs. external threat actors

  • external threat actor incidents sometimes go on for weeks, months and even years before the victim identifies it. 
  • internal threats tend to be lower and slower. It all depends on the kind of data you’re dealing with. 

Threat actions include: 

  • Hacking 
  • Malware

Key takeaway: securing against an insider is dramatically different from securing against an outsider. 

From this data, Verizon created a risk report.

How do you take this data and make it relevant? How do you predict the likelihood of certain breaches? 

  • There is no perfect solution. The data is honed on a daily basis to try to get it better and closer to reality. It’s based on the large quantities of data that feeds into it. 
  • That data is scored so that companies can understand where they stand in terms of the threats and risks that they face. Issues can be carved out by industry, sector, size, geography, and the systems being used. 

Three perspectives in the report:

Outside-in view (this is the easiest of the three). Looking at the surface of what can be seen about the organization. 

Inside-out view: hooking into tools within the inside of the organization and collecting metrics.  The goal is to discover how they compare to other companies that have data collected by Verizon. This view gives a deeper granularity of what that organization looks like. 

Culture and process: a lot of these breaches are not just about gaps in technology. Organizations often become overwhelmed and buy so much technology that they don’t know how to use it. That could be more problematic than beneficial. It can also present new and different types of exposures. Usually, people are a big component of the problem. It’s often about human error (example: somebody didn’t close a port on a firewall). Therefore, questions must be asked: how effective is the company policy? Is there a gap that could lead to breaches? A lot of people tend to not report unusual activity, thinking that it’s just IT working, or that IT is already on top of it. 

Note: breaches have a really long tail in terms of costs. You’re spending massive amounts of money on incident response, legal support, PR, and crisis communications — usually within those first six months to a year, but it can go on even longer. 

Bottom line: take all of this data, map it out, and let it allow you to make predictions of a breach. The program is fed with real data where actual breaches have occurred. It continues to evolve.


Tags   •   Cybersecurity

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Leon Jackson

I got this web site from my friend who told me about this web page and
now this time I am visiting this web site and reading very informative posts at this
time.

Related Posts

Recent Posts

How Frauds are Combated by AI and Machine Learning in Times of COVID-19 - Introduction With the world battling COVID-19, a significant increase in fraud has been observed worldwide. As more and more people…
AI vs Bots – The Evolution of Technology - Tokologo "The Commodore" Phetla Managing DirectorChristopher Africa Technology has evolved more rapidly in the past two decades, than it has…
How Machine Intelligence is Saving Lives - Artificial intelligence is improving healthcare and changing the lives of patients. In 2019, the AI in the global healthcare market…
The Changing Roles within Cybersecurity Due to AI - During this panel, industry experts (showed above) discussed the changing roles within the cybersecurity industry due to AI. We’ve included…
How COVID-19 Is Impacting Cybersecurity - During this panel, industry experts (showed above) discussed how COVID-19 is affecting cybersecurity. We’ve included a short transcription of the…
Artificial Intelligence for Secure Payments - David SmithConsultantSmart Card Institute In recent years, the world has seen a transformation of all industries to a digital world.…
Leveraging AI in the Travel Industry at Airports - https://youtu.be/T7OpY6P0cE8 Bespoke is the developer of “Bebot”, the first AI-powered chatbot developed specifically for travel and emergency response. Bebot assists…
“Ask Me Anything” with Reid Blackman, PhD & AI Ethics Consultant - Reid Blackman, PhDAI Ethics Consultant & CEOVirtue Ai4 recently hosted an “Ask Me Anything” session with Reid Blackman, PhD on…
How Hackers are Using AI - During this panel, industry experts (showed above) discussed how hackers are using AI and the changes that they've noticed. We’ve…
AI in the Context of Cyber Adversaries - During this panel, industry experts (showed above) discussed AI in the Context of Cyber Adversaries. We’ve included a short transcription…

Popular Posts

Does Healthcare AI Meet Basic Ethics Principles? - Ingrid Vasiliu-Feltes Chief Quality and Innovation Officer MEDNAX, Health Solutions Partner Over the past decade we have noticed an exponential…
Artificial Intelligence & Cybersecurity: Math Not Magic - Wayne Chung CTO FBI Introduction The field of cybersecurity has slowly progressed from an art to a science. It has…
AI/ML in Investment and Risk Management: Recent Applications, Use Cases, and Implementation Challenges - Arvind Rajan Managing Director - Head of Global & Macro PGIM Fixed Income Introduction Investing is a completely different ballgame…
Machine Learning for Pricing and Inventory Optimization @ Macy’s - Jolene Mork Senior Data Scientist Macy's Iain Stitt Data Scientist Macy's Bhagyesh Phanse VP, Data Science Macy's Overview In this…
Top AI Conferences - Interested in learning the latest in AI this year? We’ve compiled a list of the top artificial intelligence conferences in…
Machine Learning and Artificial Intelligence in Banking - Artit "Art" Wangperawong Distinguished Engineer US Bank Introduction Every company’s AI journey is different. We’re all trying to figure out…
Machine Learning in Production: From Research to the Customer - Ameen Kazerouni Lead Data Scientist Zappos Overview In this presentation Ameen Kazerouni, the Lead Data Scientist at Zappos, walks through…
How COVID-19 is Impacting the State of AI in Banking - On this panel, industry experts (listed above) discussed The State of AI in Banking and how COVID-19 is affecting it.…
The Autonomous Pharmacy: Applying AI and ML to Medication Management Across the Care Continuum - Ken Perez VP of Healthcare Policy Omnicell, Inc. Ken applies artificial intelligence (AI) and machine learning (ML) solutions to medication…
Leveraging AI in Cybersecurity Risk Modeling & Mitigation - Christopher Novak Director, Threat Advisory Research Verizon Wireless Introduction Originally, there was a poor understanding of why cyber breaches were…