3426 IBM deck for CISO perspective v1.pdf

《3426 IBM deck for CISO perspective v1.pdf》由会员分享，可在线阅读，更多相关《3426 IBM deck for CISO perspective v1.pdf（20页珍藏版）》请在三个皮匠报告上搜索。

1、A CISOs Perspective on Building Cyber ProgramsSteve WinterfeldAdvisory CISOWhat SASE got right leveraging vendor partnerships Text Vendor vs Partner Processes People Technology Operations vs Compliance Situational Awareness Changes Board Compliance Operational Tactical Risk of Material Impact Risk o

2、f Regulatory Impact Risk of Business Impact Risk of System Impact CustomerEmployeeCompanyCardinal Directions are becoming key to strategy Environment components InternalImpactScaleNorthEastSouthWestL3/4 DDoS Attacks by Industry Financial ServicesGamesHigh TechManufacturingPharma/HealthcareCommerceBu

3、siness Services GamblingVideo MediaNon-profit/EducationPublic Sector3,0002,5002,0001,5001,0005000DDoS Attack EventsAPI vs Web attacks by industry CL0P leverages SQLi vulnerability In May 2023,the group behind CL0P ransomware launched attacks on myriad organizations by exploiting an SQLi vulnerabilit

4、y in MOVEit Transfer(CVE-2023-34362).Attackers used this security flaw to gain access to the file transfer servers that hold sensitive data and exfiltrate them,with the goal of using stolen information to demand ransom payout to victimized companies.Clop Techniques UsedInvestment strategies APIWeb S

5、kimmingAI(LLM/Gen)Build or Buy Next Steps 1.Visibility(Situational awareness)2.Leverage Frameworks(Plagerize)3.Reduce Complexity(Vendor consolidation)4.Exercises(Validation testing)“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”Stephane Nappo Resources Securit

6、y Research Hub https:/ https:/ Threat Hub: Title:A CISOs Perspective on Building Cyber ProgramsDont miss an engaging session with Akamais Advisory CISO as he reflects on key lessons learned from his 25-year journey in cybersecurity operatio