Unveiling the Latest Threat Intelligence Practical Strategies for Strengthening Your Security Postu
0 likes•85 views
Watch the webinar on demand with the Department of Homeland Security, Black Kite, & Auxis for exclusive insights from the latest ransomware report & steps for reducing your cyber-risk.
Unveiling the Latest Threat Intelligence Practical Strategies for Strengthening Your Security Postu
- 1. Proprietary and Confidential Unveiling the Latest Threat Intelligence Practical Strategies for Strengthening July 30, 2025 12:00 pm ET Your Security Posture in 2025 WEBINAR ON DEMAND
- 2. Proprietary and Confidential Proprietary and Confidential Speakers Michael Hastings Cybersecurity Advisor Michael Hastings is a Cyber Security Advisor with the US Department of Homeland Security CISA in South Florida. Michael’s background includes experience as Vice President of IT Risk Management for a national commercial bank, and operational positions in cyber security, IT governance and infrastructure organizations. Michael holds an MBA in Technology and Management, and is a Certified Information Systems Security Professional. Jeffrey Wheatman Senior VP, Cyber Risk Strategy Jeffrey is a cybersecurity leader at Black Kite, where he is helping redefine third-party risk management on a global scale. Prior to joining Black Kite, he was a Vice President at Gartner's Cybersecurity and Risk Management Group, where he developed executive-level security research and frameworks adopted by thousands of organizations. With extensive experience advising senior business leaders, speaking at industry events, and shaping cybersecurity strategies, he brings a practical, business-driven approach to managing cyber risk. Alvaro Prieto Founder/Sr. Managing Director of Tech Services Alvaro is an Auxis co-founder with over 30 years of leadership, achievement, and strong business and information technology experience to Auxis. Since the early 2000s, he has been at the forefront of launching and leading thefirm’s IT managed services, opening nearshore delivery centers, and working closely with clients to design, implement, and operate custom IT solutions. His expertise spans across industries, including financial services, manufacturing, distribution, retail, and hospitality, where he has assisted organizations in developing and deploying comprehensivetechnology and security strategies to improve their IT operations. Jose Alvarez Managing Director of IT Services Jose leads our IT Outsourcing and Solutions practice. Jose has extensive experience with large multinational companies delivering technology best practices. His expertise includes IT strategic planning, cost control programs, emerging technologies, IT operations, security and infrastructure management. An Information Systems Executive with over 25 years of IT technical and management experience, Jose is a dynamic leader and mentor able to build team cohesion and inspire individuals to strive toward ever higher levels of achievement.
- 3. Proprietary and Confidential v Proprietary and Confidential Agenda • The Modern Threat Landscape • Key Findings from Black Kite’s 2025 Ransomware report • Top 5 Security Gaps We See in Most Businesses • Key Security Practices Your Business Must Have • Case Studies • Live Q&A
- 4. Proprietary and Confidential Proprietary and Confidential Average cost of a breach Annual cybercrime costs More than the economy of most countries – a staggering indicator of threat scale (Cybersecurity Ventures Cybercrime Report). $10.5T $4.88M Since the public release of ChatGPT, demonstrating how Generative AI is powering advanced social engineering (SlashNext State of Phishing). A 16.7% rise year-over-year, leading to over 1.7 billion stolen credentials now circulating on the dark web (FortiGuard Labs 2025 Global Threat Landscape Report). 36,000 Key Cybercrime Stats for 2025 Today’s Cybersecurity Landscape A 10% jump from a year earlier; United States has the highest average data breach cost: $9.36M (IBM Cost of a Data Breach Report 2024). Increase in phishing attacks 4,151% Automated scans/second 50+% of organizations that suffer a breach are grappling with a cybersecurity skills shortage. (IBM Cost of a Data Breach Report 2024).
- 5. Proprietary and Confidential Proprietary and Confidential Key Cybercrime Stats for 2025 Black Kite 2025 Ransomware Report Surge in publicly disclosed ransomware attacks in just 2 years. 123% Active ransomware groups, including 52 new entrants. Average ransom demand in 2024; highest known demand: $70M. Ransomware responsible for 67% of known third- party breaches. Once targeted, orgs remain on threat actor radars for as long as 6 months. Manufacturing, professional services, and healthcare. Behind incident disclosures. 96 $4.32M 67% Repeat victims Most targeted industries Victim organizations are in the U.S. 47% Regulatory enforcement lags
- 6. Proprietary and Confidential Proprietary and Confidential Download the New 2025 Ransomware Report
- 7. Proprietary and Confidential Polling Question #1 R Which trend do you believe will most disrupt your cybersecurity strategy in 2025? (Select all that apply) AI-powered threats 86% Remote/hybrid workforce risks 28% Emerging technologies (e.g., quantum, IoT) 43% Data privacy challenges 28%
- 8. Proprietary and Confidential Proprietary and Confidential Top Security Gaps We Come Across in Most Businesses Weak Access Management Practices Basic password practices. Poor Patch Management Lack of resources and strong disciplines. Shadow IT Limited incident response planning Manpower and proper automation to handle Cybersecurity Operations Introducing unmonitored, unmanaged, and often insecure systems into an organization's environment. One of the biggest contributors to prolonged, costly, and damaging security breaches. Not only weakens your security posture—it increases response time, burnout, and exposure to threats. Human error contributed to 95% of data breaches in 2024, driven by insider threats, credential misuse, and user-driven mistakes. 8% of employees trigger 80% of security incidents. (Mimecast State of Human Risk 2025). 32% of ransomware attacks start with an unpatched vulnerability (Sophos State of Ransomware 2025). Companies using AI and automation for cybersecurity resolved breaches 108 days faster and saved an average of $1.76M per incident compared to those without. (IBM Cost of a Data Breach Report 2024). Just 30% of organizations routinely test their incident response plans — yet those that do save an average of $1.49M per breach. (IBM Cost of a Data Breach Report 2024).
- 9. Proprietary and Confidential Proprietary and Confidential Having a security program is essential because it provides a structured, proactive, and repeatable approach to protecting an organization’s information assets, systems, and people from cyber threats. Key Security Practices Your Business Must Have Define Security Program This is especially critical in today’s environment, where threats are: • Fast-moving • Often stealthy • Powered by automation and AI Proactive Detection / IR 24x7 Operations The Right Team Having 24x7 security operations is essential because cyber threats can occur at any time (especially outside of business hours) when organizations are most vulnerable. Constant monitoring ensures faster detection and response, reducing dwell time and limiting the damage and cost of attacks. Having the right team is important for cybersecurity operations because skilled professionals are essential to detect, respond to, and prevent threats effectively. 80+% of organizations experienced at least one successful cyberattack in the past year. (CyberEdge 2024 Cyberthreat Defense Report). 70+% suffered financial losses as a result. (2024 Keeper Security Insight Report).
- 10. Proprietary and Confidential Proprietary and Confidential Cyber Security Operations Framework Governance, Risk & Compliance (GRC) Service Management Incident Management Theat Intelligence & Hunting Vulnerability Management SIEM SOAR EDR/XDR SecOps TIP Scripting EDR SIEM CVSS Patching Integrations Scripting • Event Monitoring • Theat Detection • Event Aggregation • Event Correlation • Data Analysis • Incident Management • Escalations & Notifications • Response playbooks • Threat feed ingestion & Analysis • IOC (Indicator of Compromise) management • Threat actor profiling • Enrichment of detections and incidents • Deep log and telemetry analysis • Vulnerability scanning • Patch management • Coordination • Risk-based prioritization • Reporting & compliance tracking Collaboration Analytics Intelligent Automation Visualization Data Warehousing Analytic Engines Communication Workflow Knowledge Management AI Machine Learning Robotics Process Automation
- 11. Proprietary and Confidential Proprietary and Confidential How MSSPs are Supporting Operations Cybersecurity is the #1 outsourced business function, with 77% of businesses leveraging a third-party security provider. (Deloitte Global Outsourcing Survey 2024). Businesses confronted an average of 1,900+ weekly attacks in Q1 2025, a nearly 50% increase year-over- year. (Check Point’s 2025 Global Cyber Attack Report). Company Challenges • Lack of In-House Expertise • 24x7 Coverage Gaps • Tool Complexity and Maintenance Burden • Alert Fatigue and False Positives • Slow Incident Response Times • Resource and Staffing Limitations • Lack of Centralized Visibility • Difficulty Meeting Compliance Requirements • Inability to Keep Pace with Threat Landscape MSSP Key Features • 24/7 Continuous Security Monitoring for threats • Strong and defined Incident Detection and Response • Enrichment of alerts with global threat intelligence to improve accuracy and speed of detection and response. • Consistent Vulnerability Management program • Proactive Threat Hunting using behavioral analytics, threat indicators, and advanced telemetry data. • Security Tool Management and Optimization • Compliance Reporting and Auditing Support • Great visibility Security Metrics and KPIs • Development and maintenance of Incident Playbooks and Runbooks • Support for Forensic Analysis
- 12. Proprietary and Confidential Proprietary and Confidential • Reduced vulnerability task volume by 49%, after 90 days of engagement, strengthening overall security posture. • Exceeded containment, MTTA and Ticket Age SLA compliance. • Elevated cybersecurity rating to Advanced on, significantly improving organizational security performance and risk profile. • Boosted Threat Intelligence metrics by 80% through automated IOC ingestion, resulting in fewer incident tickets. • Decreased false positives by automating the filtering of low-confidence IOCs, reducing unnecessary SOC tickets, and enabling focus on high-priority threats. • Accelerated incident response by automating repetitive containment tasks, minimizing manual delays, and expediting remediation. • Enhanced operational threat intelligence by refining detection logic and advanced IOC analysis, improving identification of global and enterprise-specific threats. Accomplishments Use Case I: Cybersecurity Operations for Large Organization Challenges • Suboptimal SOC Performance: Inadequate threat monitoring, detection, and response capabilities. • Vulnerable Security Posture: Critical gaps in cybersecurity defenses, elevating the risk of potential attacks and increasing costs associated with security insurance premiums. • Reactive Incident Management: Insufficient root cause analysis and proactive measures for addressing cybersecurity incidents. • Persistent SLA Non-Compliance: Recurring failures to meet agreed-upon Service Level Agreements. • Limited Threat Visibility: Inadequate insight into both external and internal hidden threats, hampering preparedness for unforeseen attacks. Auxis Scope Auxis has been engaged to assume full responsibility for the client's Security Operations, previously managed by an Asia-based provider. The scope of services includes Security Operations Center (SOC) management, Vulnerability Management, and Threat Intelligence operations.
- 13. Proprietary and Confidential Proprietary and Confidential Challenges • Absence of Continuous 24x7 Security Monitoring. • Lack of a Centralized Security Operations Center (SOC) • No Role-Based Access Control (RBAC) • Stagnant Vulnerability Management • Lack of Risk Surface Visibility • Not Aligned with any Security Frameworks. • Absence of an Incident Response Plan Accomplishments • 24/7 Security Monitoring Implemented The client now benefits from around-the-clock security event monitoring through the deployment of a SIEM and XDR, • Establishment of a Centralized SOC A dedicated Security Operations Center (SOC) has been established, streamlining incident management and alleviating the operational burden on the internal IT team. • IT Infrastructure Modernization Underway The organization has initiated a comprehensive modernization effort, deploying updated software and hardware. • Implementation of a Robust Password Policy As part of a broader initiative to enhance security hygiene, a formal password policy has been enforced across the organization. • Ongoing Vulnerability Remediation The client is actively addressing critical and high-severity vulnerabilities based on prioritized recommendations from the Auxis SOC team. • Monthly Risk Surface Reporting Established A structured monthly attack surface report is now delivered, enabling leadership to make informed decisions on system hardening and mitigation strategies. • Security Framework Alignment Initiative Launched A strategic project proposal is in place to align automation workflows and supply chain infrastructure with industry-standard security frameworks. • NIST Incident Response Framework Adopted The organization's incident response activities, as managed by Auxis, are now aligned with the NIST framework, ensuring a structured and compliant approach to incident handling. • Significant Alert Volume Managed Successfully For 2025. a thousands of security alerts were detected, analyzed, and remediated, demonstrating the effectiveness and maturity of the newly implemented security operations. Use Case II: Cybersecurity Operations for a Manufacturing Organization Auxis scope is to provide comprehensive Managed Security Services to support the client’s cybersecurity program as they adopt formal security operations for the first time, including 24x7 Security Operations Center (SOC), Security Incident Response services , Proactive Threat Hunting and Vulnerability Management services. Auxis Scope
- 14. Proprietary and Confidential Polling Question #2 R Would you be interested in learning more about the complimentary assessment? Not at this time 75% Yes 25%
- 15. Proprietary and Confidential Proprietary and Confidential Method: Over the phone / 1 hr. + Website Scan Who Should Attend: Head of Security, VP of IT or Director Cyber Security Assessment 1. Governance & Risk Awareness. 2. Asset Visibility & Data Protection 3. User Awareness & Insider Risk 4. Incident Readiness 5. Third-Party & Cloud Risk (Black Kite Report) Areas of Focus: Witten Summary and follow up call including: 1. Risk Assessment Dashboard 2. Current state snapshot (Red/Yellow/Green per category) 3. Top 2–3 risks or gaps 4. Recommended next steps (e.g., basic actions, further assessment, tools to consider) Deliverable: If you are interested, please email [email protected] Schedule your Free Cyber-risk Assessment To help you evaluate and improve your security posture.
- 16. Proprietary and Confidential Michael Hastings Cybersecurity Advisor Jeffrey Wheatman Senior VP, Cyber Risk Strategy Alvaro Prieto Founder/Sr. Managing Director of Tech Services Jose Alvarez Managing Director of IT Services Thank you for attending! [email protected] [email protected] [email protected] [email protected]