reflections from rsa 2016 and advisen cyber risk insights conferences
TRANSCRIPT
Reflections from RSA 2016 and Advisen Cyber Risk Insights ConferencesMarch 15, 2016
2
“Uncertainty is an uncomfortable
position. But certainty
is an absurd one.” Voltaire
3
March 2016 – Two Major Cybersecurity Conferences in San Francisco
4
Reflections from the two conferences from
Evolver VP and Cybersecurity Expert Chip Block
5
RSA ConferenceThe technology world likes to live in certainty
2016 buzz word:
“machine learning”
Products are built that learn expected behavior over time
Then look for anomalous activity to alert that a cyber attack may have, or is, occurring
6
Machine learning approaches work well:In a relatively static operational environment that can be modeled and refined over time.
BUTHighly dynamic and flexible environments are not good candidates for a machine learning approach
Because the models never refine and defining expected behavior with confidence is never achieved.
Many vendors/speakers said:Machine learning is a “solution” to cybersecurity
7
Does have a role in a total cyber solution But machine learning is clearly not the “certain” solution that was being presented at the RSA conference
Machine learning
8
• The Advisen Cyber Risk Insights Conference was attended by risk managers, insurance underwriters and brokers.
• From weather to auto accidents to randomly falling trees, the insurance world looks to find ways to support very uncertain areas.
Advisen – the insurance industry operates in a very UNcertain world
Advisen presented the
specific costs for over 18,000
cybersecurity events
Advisen Cyber Risk Insights Conference 2016
Litigation Cases
Economic Loss
Response Cost
Fines and Penalties
10
Advisen Cyber Risk Insights Conference 2016
Predictable Risk Non-Predictable Risk
• Insurance companies such as Chubb, Beazley and CNA presented on the trends in cyber insurance claims
• Discussions: what they believed were predictable risks and what were not
11
More data has been collected and analyzed about cyber attacks than most of the people who attended the RSA conference realize.
Insights from Advisen Conference
How many attacks
Nature of attacks
Cost of attacks
Specific numbers about cybersecurity events are being collected at an impressive rate.
12
Technology and insurance need to come closer together. Major takeaway
Insurance IndustryDevelop quantified cyber risk models
based on company and market profiles.
Technology MarketPresent products in terms of
reducing cybersecurity risk for specific markets
and specific challenges.
13
• The risks to an online retail company are significantly different than the risks to a power company.
• Insurance companies recognize this (premiums for retail and healthcare are higher than other markets) and the technology world needs to adjust as well.
For Example: Different technology and different insurance coverage for
each vertical market
14
By next year’s cyber conferences, we will see if these two worlds
have moved any closer together.
Cybersecurity Technology
Cyber Insurance
15
Evolver is a technology company headquartered in Reston, VA.
Our cybersecurity solutions move businesses away from reactive activities
and directs them into a logical risk-based cybersecurity posture.
Click here to read more on our website. Or inquire: [email protected]