FICO Cyber Security Analytics Hot Topics Q&A
2
© 2015 Fair Isaac Corporation. All rights reserved. 1 EXECUTIVE BRIEF With 2014 — “The Year of the Data Breach” — still fresh in every executive’s mind, 2015 has gotten off to an equally chilling start; malware launched by the “Carbanak Gang” is alleged to have netted cyber criminals up to $1 billion, stolen from banks worldwide. FICO’s executive team weighs in with its first Cyber Security Analytics Hot Topics Q&A. Q: Malware attacks and data breaches are putting CEOs on the hot seat. Why is cyber security at the top of the list of CEO concerns? Doug: The “long tail” of impacts associated with cyber security breaches translates into an unquantifiable liability. Beyond the immediate hit to market capitalization – Target’s dropped $7 billion after its data breach in late 2013 – there are reputational risks, customer impacts, increased regulatory and Board-level scrutiny. Aside from the actual monetary losses due to subsequent fraud, CEOs are deeply concerned with the unknown costs of protecting shareholders, customers and employees long-term. Cyber vulnerabilities are terrifying because they are today’s great unknown. Zero-day threats are being exposed continuously, but typically aren’t discovered for weeks or months after the damage has been done. Compounding the problem, most CEOs don’t have an honest, understandable assessment of their current cyber risk profile. They can’t answer the question, “How vulnerable is our company?” Q: How are other executives in the C-suite affected by heightened security vulnerability and concerns? Vickie: We need to see greater collaboration between members of the C-suite. The mantra to security leaders has been “think like a business leader” or “know the business you’re in” and there have been remarkable shifts as a result of that movement. Now it’s time for the business to think more about security – it’s not just the CISO’s job. This is increasingly reflected in banking, as CROs become increasingly Q1–2015 EXECUTIVE BRIEF Doug Clare Vice President, Cyber Solutions Executive in charge; deep understanding of customer needs and FICO’s cyber solution portfolio Scott Zoldi Chief Analytics Officer Senior data scientist; author of 58 analytic patents with 34 granted and 24 in process Vickie Miller Chief Information Security Officer Cyber security expert; former CISO with strong experience in protecting enterprise information assets
-
Upload
fico -
Category
Technology
-
view
441 -
download
0
Transcript of FICO Cyber Security Analytics Hot Topics Q&A
© 2015 Fair Isaac Corporation. All rights reserved. 1
EXECUTIVE BRIEF
With 2014 — “The Year of the Data Breach” — still fresh in every executive’s mind, 2015 has gotten off to an equally chilling start; malware launched by the “Carbanak Gang” is alleged to have netted cyber criminals up to $1 billion, stolen from banks worldwide. FICO’s executive team weighs in with its first Cyber Security Analytics Hot Topics Q&A.
Q: Malware attacks and data breaches are putting CEOs on the hot seat. Why is cyber security at the top of the list of CEO concerns?
Doug: The “long tail” of impacts associated with cyber security breaches translates into an unquantifiable liability. Beyond the immediate hit to market capitalization – Target’s dropped $7 billion after its data breach in late 2013 – there are reputational risks, customer impacts, increased regulatory and Board-level scrutiny. Aside from the actual monetary losses due to subsequent fraud, CEOs are deeply concerned with the unknown costs of protecting shareholders, customers and employees long-term.
Cyber vulnerabilities are terrifying because they are today’s great unknown. Zero-day threats are being exposed continuously, but typically aren’t discovered for weeks or months after the damage has been done. Compounding the problem, most CEOs don’t have an honest, understandable assessment of their current cyber risk profile. They can’t answer the question, “How vulnerable is our company?”
Q: How are other executives in the C-suite affected by heightened security vulnerability and concerns?
Vickie: We need to see greater collaboration between members of the C-suite. The mantra to security leaders has been “think like a business leader” or “know the business you’re in” and there have been remarkable shifts as a result of that movement. Now it’s time for the business to think more about security – it’s not just the CISO’s job. This is increasingly reflected in banking, as CROs become increasingly
Q1–2015 EXECUTIVE BRIEF
Doug Clare Vice President, Cyber SolutionsExecutive in charge; deep understanding of customer needs and FICO’s cyber solution portfolio
Scott Zoldi Chief Analytics OfficerSenior data scientist; author of 58 analytic patents with 34 granted and 24 in process
Vickie Miller Chief Information Security OfficerCyber security expert; former CISO with strong experience in protecting enterprise information assets
FICO is a trademark or registered trademark of Fair Isaac Corporation in the United States and in other countries. Other product and company names herein may be trademarks of their respective owners. © 2015 Fair Isaac Corporation. All rights reserved. 4091EX_EN 12/15 PDF
NORTH AMERICA +1 888 342 6336 [email protected]
FOR MORE INFORMATION www.fico.com www.fico.com/en/blogs
LATIN AMERICA & CARIBBEAN +55 11 5189 8267 [email protected]
EUROPE, MIDDLE EAST & AFRICA +44 (0) 207 940 8718 [email protected]
ASIA PACIFIC +65 6422 7700 [email protected]
responsible for addressing business risk associated with cyber attacks. CROs are working closely CISOs on developing the processes and infrastructure to protect organizations against cyber crime.
Q: Doug, you talk about FICO solving “two ends of the same problem” in the lifecycle of cyber crime. How does that work?
Doug: It’s clear that today’s data breach is tomorrow’s fraud, in the form of payment card fraud, account compromise and account takeover. FICO plays a unique role within this lifecycle; from our history in fighting payment card fraud, we have the technology, infrastructure and relationship assets necessary to effectively combat cyber crime.
In the financial arena, FICO is a trusted brand and holds a unique position in this ecosystem. More than 9,000 of the world’s banks use our software and analytics for fraud protection, and we are a trusted steward of the consortium information that drives it.
Q: How does FICO’s consortium experience differentiate FICO® Cyber Security Analytics Solutions?
Scott: Banks provide anonymized transaction and fraud data to FICO, trusting us to use all the data to build the best fraud models to benefit all
participants through actionable data sharing. This means the data is utilized to improve analytic models/scores that can be used to automatically improve fraud detection in models used by the banks. We have provided this service for about two decades.
FICO’s cyber consortium is built on the same model. With analytics, FICO can ensure that cyber events are qualified, their trustworthiness quantified and they can be incorporated into analytic scores for actionable use of the data. These learnings then can be propagated out to the FICO Cyber Security Analytics systems installed in all the organizations that comprise the consortium – all in real time.
Q: How do FICO’s self-learning analytics fill the gap left by current signature-based solutions?
Scott: Current methods are largely signature-based methods; an organization needs to experience a breach and detect it in a timely fashion so the threat can be codified and a signature created to detect the same threat elsewhere. These methods do not respond to new threats or morphing of the threat signature.
FICO’s self-calibrating technology looks for abnormal behavior of end devices utilizing behavioral analytics that indicate a new threat is active, before signature based methods can catch up. These
self-learning analytics at the device level are significantly enhanced with the continuous learnings derived from consortium data, which are disseminated in real-time. In this way, FICO can provide true zero-day threat detection.
Q: Worldwide security spending is predicted to reach $83.2 billion in 2016.1 Will this decrease the severity of the damage caused by cybercrime?
Vickie: Maybe. But so much good work can be undone by a user’s susceptibility to a flashing “Click Here” link or unknowingly infecting their system with malware delivered via spear-phishing. There needs to be an enormous amount of employee education to help everyone understand that individuals are the “last mile” in their organization’s cyber security.
For more information about FICO® Cyber Security Analytics Solutions, including videos featuring Doug Clare, Scott Zoldi and Vickie Miller, please visit:
www.fico.com/en/fraud-
security/cyber-security
Q1–2015 EXECUTIVE BRIEFFICO® Cyber Security Analytics Hot Topics Q&A
1 Source: Gartner/Wall Street Journal
