The Business

This example considers a Financial Services Company. This company provides public ISA investments. It also includes a financial investment division which provides a return on client funds.
Clients can access information regarding their ISA via the internet. The internal financial services division contains a significant amount of proprietary commercial data.
The company is governed by, amongst others, the Financial Services Authority and the Information Commissioners Office.
All staff are well- trained and aware of phishing scams. Anti-virus and SIEM systems are in place. Prior to the installation of Precision Genie the company had an ad-hoc approach to updates, applied as necessary.

Today’s hit

At 11:00pm the Managing Director and Finance Director received an email telling them that they had been compromised. The details of twelve thousand high value clients were to be put-up for sale on a dark web auction. The records were worth far in excess of the reported average value of $158 each [Ponemon2015a]. Fifty examples were given and these included credit card details, transactions, financial holdings and extensive personal information.

The Business Impact

The breach went public. All clients were informed of the breach. Client churn increased by 8% but the lost business far exceeded the industry average cost of $1,570,000 [Ponemon2015b].

The brand suffered severe damage. Post event analysis revealed the attack used an ‘industry-wide software weakness’ to access the firm’s systems.

How could Predictive Actionable Intelligence have helped?

The breach was caused by an ‘industry-wide software weakness’. The simple fact is more than 70% of attacks exploit known vulnerabilities with available patches [NTT2015a]. Some exploits have used vulnerabilities dating back to 1999.
Of the exploited vulnerabilities 99.9% had been compromised more than a year after the exploit was published [Verizon2015a]. Almost 9% of system vulnerabilities were over 10 years old [NTT2015a].

Dashboard showing the high risk of data loss
Illustration 1: Predictive actionable intelligence. A simple dashboard provides stakeholders with an overview of the risk to the business. 90% indicates that there is a high risk of exposure of vital data.

 

Patch management in a complex business is formidable. The CERT Vulnerability Database includes over 76,000 vulnerabilities! Without analytics, evaluating the impact of these threats on the business in real-time is not possible.

Predictive Actionable Intelligence would incorporates the latest threat intelligence. It would identify where critical data is vulnerable. It would identify the systems at risk. It would detail the threat and vulnerability. It would pro-actively warn stake-holders.

 

Illustration 1 shows an example of actionable intelligence. A simple dashboard display gives a rapid view of the analytics. The data vulnerability indicator on the left is the one of interest. Red indicates at least one severe issue and the impact level is indicated as high.

 

A list of potential breaches in the system
llustration 2: Drilling down to understand the details of the threats.

Threats and vulnerabilities are classified, amongst other parameters, in terms of how difficult they are to implement and use.

The analytics allow the stake-holder to select the level of the threat. Is it easy to use (such as simple manipulation of a URL or a set of readily available scripts for use by ‘Script kiddies’), does it take more knowledge or would it take a skilled adversary to exploit the threat?

This allows stakeholders to identify the level of risk they are willing to endure.
Illustration 2 shows the drill-down available to obtain the detail of the threats and vulnerabilities, the systems and the data that can be exposed.

 

 

The value of Predictive Intelligence?

The cost of a data breach is staggering. The threat landscape is complex and understanding the real risk to the business, without predictive analytics, is infeasible.

What is the value of predictive intelligence? Early identification of the business impact allowed remediation to take place.

No data breach occurred and the business avoided losing its operating license.

 

Bibliography

Ponemon2015c: Ponemon Institute, 2015 Cost of Cyber Crime Study: United Kingdom, 2015

Ponemon2015a: Ponemon Institute, 2015 Cost of Data Breach Study: Global Analysis, 2015

Ponemon2015b: Ponemon Institute, 2015 Cost of Data Breach Study 2015, 2015

NTT2015a: NTT Group, 2015 Global Threat Intelligence Report, 2015

Verizon2015a: Verizon, 2015 Data Breach Investigations Report, 2015

Ponemon2015d: Ponemon Institute, 2015 Cost of Cyber Crime Study: Global, 2015

SunTzua: Sun-tzu, The Art of War, , https://en.wikipedia.org/wiki/The_Art_of_War