Welcome to the course Cyber Threat Intelligence, brought to you by IBM. In this course, you will learn to identify the key concepts around threat intelligence, describe examples of network defensive tactics. Discuss data loss prevention and endpoint protection concepts and tools. Explore data loss prevention tool, and learn how to classify data in your database environment. Describe security vulnerability scanning technologies and tools, recognize application security threats and common vulnerabilities, and explore a SIEM product and review suspicious alert, and how to take action. Hi, I'm Corinne Ryskamp, a cybersecurity professional in the IBM Security Learning Services team. I will be presenting several lessons as part of this course. You will hear from several subject matter experts within IBM throughout the series of videos. You will also have the opportunity to apply your knowledge with several virtual labs. Let's get started. Welcome to Threat Intelligence, brought to you by IBM. In this video, you will learn to identify the key concepts around threat intelligence. Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace. Cyber threat intelligence provides a number of benefits, including empowering organizations to develop a proactive cybersecurity posture. Driving momentum towards the cybersecurity posture that is predictable, enabling improved detection of threats, and informing better decision making during and following the detection of a cyber intrusion. Every organization today is facing similar challenges when it comes to IT security. IT solutions need to be easy to use and access, but securing data assets and network access is paramount for almost every industry. Let us look at some of the most prevalent drivers. Here are just a few key data points for multiple reports studying cybersecurity trends in 2019. Breach records, the number of breach records jumped significantly in 2019, with over 8.5 billion records exposed, more than 3 times greater than 2018 year over year. The number one reason for the significant rise in the records exposed due to misconfigurations increase nearly tenfold year-over-year. These records made up 86% of the records compromised in 2019. Human error, at 31%, fishing was the most frequent vector used for initial access in 2019. But that is down from 2018, when it comprised nearly half of the total. IoT innovation, targeting of IoT devices includes Enterprise Realms. With over 38 billion devices expected to be connected to the Internet in 2020, the Internet of Things, or IoT, the threat landscape. Has been gradually shaping up to be one of the threat vectors that can affect both consumers and enterprise level operations by using relatively simplistic malware, and an automated, often scripted attacks. Within the sphere of malicious code used to infect IoT devices, IBM X-Force Research has track multiple malware campaigns in 2019 that have notably shifted from targeting consumer electronics, to targeting enterprise grade hardware, as well activity that we did not observe in 2018. Compromised devices with network access can be used by attackers as a pivoting point and potential attempts to establish a foothold in the organization. Cost amplifiers, cloud migration, IT complexity, and third-party breaches were cost amplifiers. Out of 26 factors that were studied contributing to the cost of a data breach, the five that contributed the most costs were third party involvement, compliance failures, extensive cloud migration, system complexity, and operational technology. If a third party caused the data breach, the cost increased by more than $370,000 for an app adjusted average total cost of 4.29 million. Organizations undergoing a major cloud migration at the time of a breach saw a cost increase of 300,000 for an adjusted average cost of 4.22 million. And system complexity increased the cost of a breach by 290,000 for an average cost of 4.21 million. Finally, the skills gap. The recently published 2019 ISC2 Cybersecurity Workforce study pointed to a severe shortage of cybersecurity professionals. The study estimated for the first time, that there are 2.8 million skilled professionals worldwide currently working in the field, and that an additional 4.07 million more are needed to defend organizations. Today's threats continue to rise in numbers and scale, as sophisticated attackers break through conventional safeguards every day. Organized criminals, hacktivists, governments and adversaries are compelled by financial gain politics and notoriety to attack your most valuable assets. Their operations are well-funded and businesslike. Attackers patiently evaluate targets based on potential effort and reward. Their methods are extremely targeted. They use social media and other entry points to track down people with access, take advantage of trust, and exploit them as vulnerabilities. Meanwhile, negligent employees inadvertently put the business at risk via human error. Even worse, security investments of the past can fail to protect against these new classes of attacks. As you can see from this cost of breach report in 2019, average total cost of a data breach is now 3.92 million, with an average size of more than 25,000 records in each data breach. One of the main things that cause a breach to cost so much to an organization is the time to identify and contain a breach, which had an average of 279 days within 2019. We will explore additional threat intelligence data throughout this course. The context of this research, insider threats occur because of the following. A negligent or inadvertent employee or contractor, a criminal or a malicious insider, or a credential thief. The key takeaway is the costliest insider threat per incident, is theft of credentials. These incidents have increased significantly in frequency and cost. In fact, the frequency of incidents per company has tripled since 2016 from an average of 1 to 3.2. And the average cost has increased from $493,000 to over $871,000 in 2019 on an annual basis. Organizations are spending more to deal with Insider negligence, but the per incident cost is much lower.
