In our Cyber Security Insider series of eBooks, we take a look at three critical topics around advanced cyber security. This is the second part of the this Ebook series.
Article link: https://business.f-secure.com/the-cyber-security-insider-series
1. CYBER SECURITY INSIDER – EBOOK 2/3
A research report
about the current
state of advanced
cyber security
in Europe
HowCISOsdeal
withadvanced
cyberthreats
3. 3CYBER SECURITY INSIDER – EBOOK 2/3
The
changing
faceof
cyber
security
The faster IT evolves, the harder it becomes
to secure.
So while IT’s recent evolution into a leaner,
more agile business function has been
thrilling for all the right reasons, it’s also
made the CISO’s job exponentially harder.
For one thing, while the paradigm of
companies hosting their own services,
machines and networks had many flaws,
it did give you full control over storage,
network connectivity and security.
This kind of control and oversight is sorely
missing now that you’re dealing with externally
hosted cloud solutions, multiple network
connections, huge volumes of data passing
through applications from multiple vendors
and a growing range of mobile devices.
More important, the attackers you’re up
against are increasingly sophisticated and
the nature of their attacks are increasingly
innovative and unpredictable.
Securing your infrastructure and rapidly
responding to breaches has never been
harder – or more important.
To cut through all this complexity, we spent
the past year conducting in-depth interviews
with twenty-six CISOs, from several verticals,
across Europe and the United States.
We talked to them about the challenges
they’re facing, how they’re set up to deal
with advanced cyber threats and targeted
attacks and what their overall cyber security
strategies look like.
4. 4CYBER SECURITY INSIDER – EBOOK 2/3
The
changing
faceof
cyber
security
Needless to say, the overall state of
European cyber security is nowhere near
where it can or should be. But you can’t
deploy a comprehensive cyber security
strategy without knowing what your options
are. And you can’t compare yourself to
everyone else until you know how
everyone else is doing.
In this eBook, we’ll give you a summary of
the most common trends and issues we
uncovered through those twenty-six in-depth
conversations. On the way, we’ll explain the
limitations of some of the more common
approaches to cyber security, as identified
by your peers.
Let’sdivein.
Note: We don’t sell any of the solutions
we’re covering in this eBook.
Europe still playing catch-up
Our research found some massive
differences in the maturity levels of the
US and European companies we studied.
On the whole, US companies were a
lot more committed to cyber security,
spending roughly twice as much as
European companies.
In terms of approach however, US
CISOs were largely doing their own
research, buying their own products and
implementing their own infrastructure.
While Europeans were mostly interested
in purchasing managed services to deal
with cyber security.
That may sound like US CISOs have it all
figured out. But for reasons we’ll discuss
later in this eBook, doing it all yourself
isn’t necessarily the right move. So while
European CISOs do need to catch up
in terms of their commitment to cyber
security, they are making some very
smart choices.
6. 6CYBER SECURITY INSIDER – EBOOK 2/3
Thecurrent
stateof
advanced
cybersecurity
Most of the companies we spoke to were struggling with
poor levels of security awareness, insufficient defensive
measures and severely impaired contingency planning.
That’s because, like most companies, they weren’t investing
enough into getting cyber security right. So we compiled all
the reasons CISOs and IT managers gave for not committing
more to cyber security, and found five distinct groups:
All of our infrastructure is
strictly regulated. Our servers
are not reachable from the internet.
It’s impossible for anyone to hack us.
We have systems analyzing our
emails. None of our employees
open spam. Cyber security is quite
easy. We don’t let people bring in
USB sticks or CDs.
1. The “old-school” crowd.
This group was under the assumption that their decades-old
protection methods were still foolproof in 2016.
7. 7CYBER SECURITY INSIDER – EBOOK 2/3
Thecurrent
stateof
advanced
cybersecurity
2. The “too small to fail” crowd.
This group figures they’re too small to be an interesting
target – security through obscurity.
We’re too small to be the
focus of organized crime
groups or foreign governments.
We’re just not all that interesting.
(A 3500 employee company)
We are not that big. Big
companies are the ones that
we expect to be hacked. I don’t think
we stand to lose a lot of money, even
if we do get attacked.
8. 8CYBER SECURITY INSIDER – EBOOK 2/3
Thecurrent
stateof
advanced
cybersecurity
3. The “security isn’t important” crowd.
This group believes they have bigger fish to fry.
Don’t bother me about
that stuff. I’m migrating my
datacenter to the cloud.
Paying for security is like
buying expensive insurance,
and there’s little need, since we’ve
had no incidents.
9. 9CYBER SECURITY INSIDER – EBOOK 2/3
Thecurrent
stateof
advanced
cybersecurity
4. THE “KNOW-IT-ALL” CROWD.
This group assumes an Incident Detection System (IDS)
implementation from years ago has them covered because
they aren’t seeing a whole lot of alerts coming out of it.
I think I would know if we were
being hacked, although perhaps
not if the Russian government or NSA
were doing it. We log everything. We
are checking for specific patterns on
the network. We’re safe.
I think we are in a good position
regarding security. We have
less than two or three minor security
issues per year. If it stays like this,
I’m happy.
10. 10CYBER SECURITY INSIDER – EBOOK 2/3
Thecurrent
stateof
advanced
cybersecurity
5. The “we get it” crowd.
This group knows the risks, and more importantly,
knows they haven’t done enough to address the problem.
They’re worried that they’ve already been hacked.
I think it’s likely we’ll be attacked
at some point. We are probed
every day, but we’ve never seen any
damage being done. Given that the
risk is high, we’re investing money
into trying to prevent attacks.
We would not know if advanced
criminals were hacking us.
On the whole, while a fair number of the CISOs we
interviewed did understand the risks of targeted attacks,
most CISOs are being forced to use a great deal of creativity
and corner-cutting to make their tight budgets work.
On the one hand, this speaks to the challenges of getting
management buy-in for your cyber security needs. But it
also indicates how little most business leaders know about
the very real threats to their business.
12. 12CYBER SECURITY INSIDER – EBOOK 2/3
Ourstudyfound
thatthefollowing
preventative
measureswerethe
mostcommonly
deployed:
• Centrally managed endpoint protection
• Firewalls or next-generation firewalls
• Network segmentation
• Well-configured access control lists
• Application white-listing mechanisms
• URL blocking mechanisms
• Mandatory disk encryption
• Frequent over-the-network backups
• Enforced VPN connectivity to the company network
13. 13CYBER SECURITY INSIDER – EBOOK 2/3
The first thing you’ll notice is that most of
these defensive measures are static in nature.
That is, they’re simply preventative measures
that bolster your perimeter. The problem is
that while static defenses do hinder attackers,
they aren’t guaranteed to prevent them.
As a result, it isn’t enough to build and
maintain a solid defensive perimeter.
Your cyber security strategy needs to be
dynamic and proactive enough to deal
with modern threats, leveraging situational
awareness, incident response, contingency
plans, and extensive, up-to-date threat
intelligence to be comprehensive.
Put another way, you need to be able to
answer the following questions if you want
to implement a robust security architecture:
- Can I track everything moving through my
internal network?
- Which communication paths are encrypted
and which aren’t?
- How can I spot known malicious traffic or
analyze traffic patterns in my network?
- How can I find out if something malicious
happens on an endpoint?
- Do I know about all of the software on my
network and whether it is patched?
- How can I forensically investigate a system
when it gets compromised?
- How do I find out what is happening on
my web or application servers?
- How do I track the creation of accounts on
each machine in my organization?
- How can I track all authentication attempts
in the systems on my network?
- Can I see when a user tries to access a file
they don’t have permissions to access?
- Can I identify when someone abuses
privileges to gain access to data they
normally shouldn’t be touching?
- Do we have a coherent incident
response plans?
Staticdefenses:
predominant
butnotenough
The static defensive measures we listed above,
while popular, simply cannot help CISOs
answer these questions.
Which is why so many CISOs turn to more
proactive solutions for incident detection
and security operations, the likes of which
we’ll discuss in the next chapters.
15. 15CYBER SECURITY INSIDER – EBOOK 2/3
For many years, purely defensive security
measures were considered enough. But
the increasing complexity of corporate
infrastructures and the growing sophistication
of attackers mean that if you aren’t proactively
looking for incidents, you’re bound to miss
out – and likelier to get hacked.
The good news is that a lot of the CISOs
we interviewed were planning to or had
already deployed Security Operations
Centers (SOCs) and Security Information
and Event Management (SIEM) systems.
That’s important, because a properly configured
SIEM gives SOC staff a comprehensive data
set with which to detect intrusion attempts,
breaches and anomalous behavior inside
a network.
Even beyond detecting threats, they also
make it a lot easier to audit an organization’s
IT and security infrastructure so you can
manage and maintain compliance with
local or industry regulations.
But here’s the thing: an SIEM is only useful if
it’s configured and fine-tuned to trigger alerts
on valid events.
And configuring an SIEM to provide relevant,
actionable incident reporting information
can be a painstaking process that ultimately
involves a lot of trial and error. The trouble
is if you get this early configuration process
wrong, you’ll be drowning in false positives.
SOLUTIONSINFOCUS:
SECURITYOPERATIONS
CENTERS(SOC)ANDSECURITY
INFORMATIONANDEVENT
MANAGEMENT(SIEM)SYSTEMS
16. 16CYBER SECURITY INSIDER – EBOOK 2/3
Configuring an SIEM
1. SIEM systems must first be set up to capture
and aggregate data from multiple sources
within the organization.
2. Then, events must be correlated over
multiple separate streams so you can
identify suspicious or anomalous activity
across multiple boundaries.
3. Finally, since you’re dealing with such large
volumes of data, you need to fine-tune
the system to cancel out all the ‘noise’
and capture real incident indicators.
While your SIEM can eventually be configured
to aggregate data from a wide range of
sources, it only ever gives you a fraction
of the picture at any given point in time.
That’s because you need to be pruning
your information streams as they arrive
to make sure huge volumes of data
aren’t overwhelming your team and your
infrastructure. In fact, if you need to store
detailed historical data for audit trails or
forensics, you’ll only find yourself drowning
in more data.
So while SIEMs do give you the kind of
comprehensive data set you need to analyze
the state of your corporate infrastructure, if
you aren’t careful, they could end up flagging
so many false positives you actually ignore the
real, advanced, persistent threats.
An important –
but incomplete view
SOLUTIONSINFOCUS:
SECURITYOPERATIONS
CENTERS(SOC)ANDSECURITY
INFORMATIONANDEVENT
MANAGEMENT(SIEM)SYSTEMS
17. 17CYBER SECURITY INSIDER – EBOOK 2/3
Getting SIEMs right
Our advice: when it comes to configuring your
SIEM, start by carefully constructing a set of
use cases based on an in-depth knowledge
of the threats and tactics, techniques and
procedures that are most likely to target
your region and industry vertical.
You can get this data through research or
tactical threat intelligence feeds (more on
these later). Once you’ve constructed these
use cases, you’ll know which data sources
to collect, how to correlate them, how
to configure alerts, what data to prune,
and how long to retain collected data.
As a final step, you should test your system
against real-world attack scenarios to
make sure your strategy is sound.
Of course, you should be repeating this
whole process regularly, as the threat
landscape changes.
SOLUTIONSINFOCUS:
SECURITYOPERATIONS
CENTERS(SOC)ANDSECURITY
INFORMATIONANDEVENT
MANAGEMENT(SIEM)SYSTEMS
18. 18CYBER SECURITY INSIDER – EBOOK 2/3
Deploying SOCs and SIEMs
If you haven’t already started deploying an
SOC or an SIEM, our advice would be to look
into Managed Security Service Providers
(MSSPs). With an MSSP, you can avoid the costs
and lengthy projects required to research,
purchase, deploy and configure SOC and
SIEM. You’ll also spend less time and money
hiring a staff of competent security experts.
The importance of SOCs
A well-configured SIEM presents a series
of dashboards and ‘radiators’ conveying
critical counters, graphs and alert indicators.
Of course, all this well-organized information
is of little use unless you’ve got people
monitoring it around-the-clock.
Some of the companies we interviewed had
set up a Security Operations Center (SOC)
as a central point for security experts to
efficiently communicate, collaborate and
keep their eyes on the right data.
An SOC is great because it promotes an
environment where experts can share
their knowledge of the organization’s
infrastructure, security alert levels,
and the global threat landscape.
SOCs are traditionally manned in shifts,
and some compliance regulations require a
minimum number of staff at any given moment.
Although establishing and operating an SOC
can be expensive and resource consuming, it
does make sure cyber security is constantly
evaluated and monitored, so you can respond
to incidents in a quick and efficient way.
SOLUTIONSINFOCUS:
SECURITYOPERATIONS
CENTERS(SOC)ANDSECURITY
INFORMATIONANDEVENT
MANAGEMENT(SIEM)SYSTEMS
20. 20CYBER SECURITY INSIDER – EBOOK 2/3
Due to a relatively low barrier to entry
(there are a number of commercial IDS
solutions that come as stand-alone solutions
or managed services), a lot of the CISOs we
interviewed had already deployed an IDS
on their networks.
In practice, IDS and IDP systems provide
a slightly superior level of visibility into
opportunistic and targeted attacks
than SIEMs.
The trouble is that most companies turn to
network-based IDS systems. These systems,
unfortunately, have three crucial limitations:
They can’t cope with noise on the network,
and are therefore prone to false alerts. Since
real attacks happen infrequently, indicators
of these attacks will often go unnoticed.
They can’t process encrypted network traffic,
which is becoming increasingly common
both on the Internet and on company
internal networks.
They’re susceptible to protocol-based attacks
and can’t properly process faked IP packets.
SOLUTIONSINFOCUS:
INTRUSIONDETECTION
SYSTEMS(IDS)AND
INTRUSIONDETECTIONAND
PREVENTIONSYSTEMS(IDP)
But perhaps the most important issue with
network-based IDS systems is that the nature
of corporate networks is changing. Today,
employees switch between different devices,
use a range of public and private cloud
applications and use different network
connections for different services.
The edge of the network is incredibly dynamic.
So a network-based IDS system is only useful
if it can account for all this variability.
And while the IDS industry has matured quite
significantly over the last few years, with the
latest IDS systems adopting new approaches
to network security, they still lack the agility
and intelligence needed to protect against
modern threats.
Specifically, they still struggle to deal with large
amounts of noise and give you way too many
false positives. So attackers can still evade most
signature-based IDS systems.
The issue with an IDS is similar to the one we
described in the previous section on SIEMs:
unless it’s carefully configured, it can’t provide
the useful, actionable alerts you’re expecting.
Our advice: follow a similar configuration
approach to the one we described for SIEM,
or, alternatively, choose a managed IDS service.
22. 22CYBER SECURITY INSIDER – EBOOK 2/3
Only a few of the companies we interviewed
were planning to use threat intelligence feeds.
And even fewer were actually using them.
In fact, only US-based companies had started
to embrace threat intelligence.
Here’s why we believe they’re so important.
SOLUTIONS
INFOCUS:
Threat
intelligence
feeds
When you build and staff an SOC and then
deploy SIEM and IDS solutions, you give your
staff a huge amount of data and alerts relevant
to the security of your infrastructure.
But even a team of well-trained experts will
have a hard time crunching, filtering and
interpreting the vast amounts of data
being collected by these systems.
Threat intelligence feeds – basically
information about different types of attacks
and attackers – give your team context about
the ‘who’, ‘why’ and ‘how’ of cyber threats.
That way, when your team’s looking at a vast
amount of data, they know which connections
will help them identify anomalies and
credible threats.
23. 23CYBER SECURITY INSIDER – EBOOK 2/3
Threat intelligence falls into a wide range
of categories, from extremely high-level
political and strategic advice all the way down
to fine-grained technical data in easily parsed
formats. And there are a number of threat
intelligence feed services to pick from.
The feeds that most private companies source
to support their security infrastructure come
from tactical and technical threat intelligence.
Tactical threat intelligence feeds typically
describe the TTPs (tactics, techniques
and procedures) used by threat actors.
They allow your security experts to make
decisions about how to configure your
systems, which technologies to deploy,
and which technical threat intelligence
feeds to source.
Technical threat intelligence feeds typically
contain lists of malicious data such as URLs,
IP addresses, phishing email patterns, CC
server addresses, file hashes, and indicators
of compromise.
You can feed them directly into systems
(like SIEM) via scripts and automation.
The data provided by these feeds is then
correlated against other incoming data
streams so the system can identify anomalies
and threats in your infrastructure.
TACTICAL AND TECHNICAL
THREAT INTELLIGENCE FEEDS
SOLUTIONS
INFOCUS:
Threat
intelligence
feeds
24. 24CYBER SECURITY INSIDER – EBOOK 2/3
Choosing the right feeds
In order to pick the feeds your business
needs, you have to start by assessing your
processes, your infrastructure and your
security requirements. This should include
research into the types of threats your
region and industry vertical typically faces.
Once you’ve defined your requirements,
you need to assess all the available threat
intelligence feeds from different vendors
to figure out what data, service levels and
additional features you’ll need.
Keep the following points in mind:
- The quality of threat intelligence feeds
can vary substantially. They can be subject
to industry biases and can often contain
numerous false positives.
- Although most feeds are provided in
standard formats so you can include them
into various security systems like firewalls,
SIEM and other appliances, some vendor
feeds are tied to specific hardware
or software.
- Threat intelligence feeds typically
follow subscription-based models and
are tied to the number of nodes being
protected, making them pretty expensive.
So it makes sense to interview the feed
providers themselves and, if possible, their
customers, before you make a final decision.
- You’ll probably need to subscribe to multiple
feeds, in the long run, in order to make sure
you have access to an appropriate amount
of threat intelligence data.
- Once you’ve chosen the right feeds, run
further analysis on the feed and automate
the process of turning feeds into usable
data sources.
SOLUTIONS
INFOCUS:
Threat
intelligence
feeds
25. 25CYBER SECURITY INSIDER – EBOOK 2/3
Our advice: determine the type of threats
your organization is likely to face and then
use that information to determine which set
of feeds you’ll need to detect those threats.
Additionally, we’d recommend turning to
threat intelligence feeds only when you deem
them necessary to your security strategy. That
moment will become apparent once you have
enough infrastructure deployed and running.
By waiting until you need a certain type of
feed, you’ll be more likely to make the right
choice. And as usual, once you have your
feeds in place, test them against real attacks
to ensure your strategy is solid.
SOLUTIONS
INFOCUS:
Threat
intelligence
feeds
27. 27CYBER SECURITY INSIDER – EBOOK 2/3
1. If you aren’t seeing security
incidents, you aren’t doing
the right things.
2. If you’re not constantly
improving your cyber
security infrastructure,
you’re falling behind.
THREE
BIGLESSONS
If you’ve gone long periods without any
suspicious activity on your network, you
should be worried. It’s nice to think that might
be down to the fact that not a single thing
has gone wrong and no one’s even trying
to breach you. But it’s most likely because
you just can’t properly detect breaches and
intrusions. If you aren’t seeing any incidents,
you need to look closer.
The global threat landscape is not only fluid;
it’s evolving rapidly. Keeping up with these
changes can be an arduous, ongoing process.
But it’s crucial. So even if you have SOC, SIEM,
IDS and threat intelligence feeds to support
you, you need to stay on top of things.
That means reading white papers, talking
to industry peers, re-testing your systems,
evaluating and deploying new technologies
and threat intelligence feeds, and constantly
accumulating fresh information on the global
threat landscape. Cyber security’s a process.
28. 28CYBER SECURITY INSIDER – EBOOK 2/3
3. Processes and technologies
are easy to come by.
People are not.
1. Make sure the technology you have in place
is carefully configured so you reduce the
amount of noise and false positives your
people have to deal with.
2. Make sure you work with a small, trusted
group of experts, rather than a large group
that lacks the right skills.
Good security experts aren’t just hard to
find, they’re hard to keep. You’ll want these
experts manning your systems at all times,
but you aren’t going to get your senior
experts doing shift work very easily – they’ll
inevitably end up moving into jobs that allow
them to work normal office hours. One way
to address this dilemma is to scale the reach
of your people with the help of technology.
The more advanced, artificial intelligence-
based automation you have in place, the
easier it’ll be for your staff. The key to
getting this right is two-fold:
THREE
BIGLESSONS
30. 30CYBER SECURITY INSIDER – EBOOK 2/3
The prevalence and danger of advanced
persistent threats has forced CISOs throughout
Europe into quickly re-thinking their cyber
security strategies.
Our interviews with CISOs from companies
in different verticals across Europe and the
US revealed that they are approaching the
situation by:
Planningfor
advanced
cybersecurity
- Building and staffing SOC
- Deploying SIEM
- Installing IDS
- Sourcing threat intelligence feeds.
That might sound fairly straightforward.
But it isn’t.
In fact, we’ve found that implementation
projects of this scale typically run between
three and five years. They require planning,
industry research, deployment of new
products, and massive systems integration
efforts involving numerous, complex
moving parts.
In fact, because you often need new expertise
to achieve all these goals and then to maintain
and improve your infrastructure, companies
also have to recruit and retain experienced
security experts.
So the costs are meaningful.
31. 31CYBER SECURITY INSIDER – EBOOK 2/3
- The cost of purchasing, deploying,
configuring and maintaining SOC, SIEM or
IDS is roughly 1,000,000 EUR per year.
- The cost of employing two skilled security
experts will often exceed 200,000 EUR
per year.
- Individual threat intelligence feeds can run
as high as 25,000 EUR per year, and you will
need several of these.
THREAT
INTELLIGENCE
INTERNAL
NETWORK
DETECTION
(IDS)
SITUATIONAL
AWARENESS
(SOC/SIEM)
PREVENTIVE
(END-POINT
PROTECTION
FIREWALLS)
Planningfor
advanced
cybersecurity
32. 32CYBER SECURITY INSIDER – EBOOK 2/3
As you deploy and configure these systems
and services, you’ll start to experience
incremental improvements in your ability to
detect attacks and breaches. But if you want
to see a tangible improvement in security,
you’ll have to wait till the entire project is
completed.
These projects move forward slowly, and
during the course of a project, costs increase,
corners are cut, people leave, reorganizations
happen, and delays become inevitable.
We bring up all these challenges because
it’s important you don’t take this kind of
an implementation lightly.
Some of the organizations we met had
performed research, purchased a solution,
put it into use and then just left it alone.
By purchasing an IDS or SIEM, they had lulled
themselves into a false sense of security,
even though they weren’t actually seeing
any tangible benefits from it.
The waste and inefficiency of all that spend
and effort is bad. But what’s worse is taking
cyber security for granted and leaving
your organization susceptible to attack –
even after such serious investment.
Planningfor
advanced
cybersecurity
33. 33CYBER SECURITY INSIDER – EBOOK 2/3
Given the massive undertaking and cost
involved in implementing a working cyber
security strategy, some CISOs are outsourcing
parts of the solution to Managed Security
Service Providers.
By taking this route, CISOs can eliminate
part of the cost and complexity of the
implementation work, and worry less about
the need to hire and retain a large staff of
experts. These services are often more
cost-effective and provide better security
than an in-house solution.
Since managed security services are deployed
relatively quickly, they also provide a quick
return on investment when compared to
going it alone.
As we said at the start of this eBook, European
CISOs are more likely to outsource parts of
their cyber security strategy to managed
service providers. On the back of all this
evidence, that sounds like a good move.
Making your cyber security
strategy work
Planningfor
advanced
cybersecurity
36. 36CYBER SECURITY INSIDER – EBOOK 2/3
THEBEST
DEFENSEIS
PROACTIVE
You now have what most other CISOs don’t
have: a solid overview of the solutions other
CISOs are turning to, and an understanding
of the pitfalls involved in the implementation
and deployment of those technologies
and services.
Plan your strategy carefully, learn about the
threats your organization is likely to face, and
become acquainted with the options available
to you. The more you know, the easier it’ll be
for you to make informed decisions, create a
solid plan and present convincing arguments
to your leadership team.
Your company’s upper management spend
most of their time thinking about how to
keep their business profitable, growing, and
ahead of the competition. To do this, they
constantly re-evaluate the company’s goals,
vision and strategy, and make organizational
and strategic changes accordingly.
Cyber security should be treated in the same
way. Your competitors are the threat actors,
and they’re becoming more sophisticated,
organized and ingenious all the time. You
need to know what they’re doing and how
they’re doing it so you can use that knowledge
to stay ahead of them.
37. 37CYBER SECURITY INSIDER – EBOOK 2/3
We’re
f-secure
And we’ve been a part of the security industry
for over 25 years. It’s why we’ve become a
trusted advisor to both industries and EU law
enforcement agencies across Europe.
In fact, we’ve been involved in more European
crime scene investigations than any other
company on the market.
Our Cyber Security Services help companies
react faster, learn more and respond more
intelligently to threats and breaches of all
sizes. So if you’re one of the smart ones and
you’re getting serious about cyber security,
we should talk.
Next in thE CYBER
SECURITY INSIDER series
Read the first part of this series,
‘The Chaos of a Corporate Attack’
eBook to find out how one company was
breached and how it impacted them.
In the third and final part, we’ll take
you through the top five critical
requirements for protecting your
organization against advanced threats
and breaches. Read ‘Five Imperatives
for Advanced Cyber Security’ now.
38. 38CYBER SECURITY INSIDER – EBOOK 2/3
Aboutthe
cybersecurity
servicedesignstudy
F-Secure’s cyber security service design
study was run during 2015 with the help
of an external partner. Here’s a breakdown
of the survey demographics:
Companies surveyed:
26
Regional breakdown:
Finland: 23%
US: 20%
Germany: 30%
Other (EU): 27%
Company size breakdown:
Largest company size: 40,000
Smallest company size: 500
Average company size: 4000
Industry verticals breakdown:
Financial, Insurance, Real Estate: 6
Educational: 2
Industrial: 2
Healthcare: 3
Technology: 4
Global Non-Profit: 1
Media: 2
Pharmaceutical: 1
Retail: 2
Governmental: 2
Gaming and Gambling: 1