Professional Documents
Culture Documents
全方位零信任策略資料安全強化規劃 for 新光醫院 20231002
全方位零信任策略資料安全強化規劃 for 新光醫院 20231002
全方位零信任策略資料安全強化規劃 for 新光醫院 20231002
Cost of a Data
Breach Report 2023
Executive Summary
獨立統計 2022 年 3 月至 2023 年 3 月 553 個遭受過資料外洩影響的機構,
分別從 16 個國家、17 個產業別進行基準評核,同時提供最佳資全保護對策
資料外洩年度調查報告
Cost of a Data Breach Report 2023
Launch Date: July 24 2023
1. Healthcare – USD 10.93 million 10. Consumer – USD 3.80 million (-1)
USD 4.82M
15. Hospitality – USD 3.36 million (+1)
6. Technology – USD 4.66 million (-2)
16. Retail – USD 2.96 million (-2)
7. Services – USD 4.47 million (-1)
17. Public sector – USD 2.60 million
8. Transportation – USD 4.18 million (+5)
製藥產業 (Pharmaceuticals) 平均資料外洩成本與損失
9. Communications – USD 3.90 million (+3)
USD 10.9M
Key statistics Root causes of a data breach
20%
Percentage of
health organizations
with extensive use
24%
USD 4.82M
Key statistics Root causes of a data breach
Percentage of 28%
pharmaceutical
45%
organizations with
27%
3rd highest cost 8% higher than the
of 17 industries studied USD 4.45M global average USD 850,000 Malicious attack IT failure Human error
Cost savings of fully deployed security AI and
automation versus global average cost of a breach
3.70
3.50
0% 2% 4% 6% 8% 10% 12% 14% 16% 18%
1 2 3 4
設計初期即融入安全設計思維 混合雲環境部署資料保護措施 採用 AI 技術提升安全偵測效率 持續風險分析強化資安韌性
Build security into every stage of Modernize data protection across Use security AI and automation to Strengthen resiliency by knowing
software development and hybrid cloud increase speed and accuracy your attack surface and
deployment—and test regularly practicing IR
– 雲安全服務諮詢與規劃
(Cloud Security Services)
an IBM Company
an IBM Company
IBM Security 8
Customer Case Study – Singpass
Singpass is every
Singapore resident's
trusted digital
identity, as well as a
platform that
bridges access to
over 700
government
agencies and
private sector
services. From
checking your CPF,
to renewing
insurance policies,
and signing digitally
on documents, we
have developed a
suite of services
and features to
bring convenience
to the everyday
lives of citizens.
Customer Case Study – Singpass – Technical Details
• Industry: Government Agencies Solution:
IBM Security Verify solution was chosen as the platform
• Location: South East Asia that can be used as digital identity system which allows
users to access a variety of government services online
• Services offered: Identity & Access Management using a single set of login credentials. The solution
Automation provides Two-Factor Authentication (2FA), Identity
Federation using SAML/OIDC standards, Session
• Number of Users: 4 million+ users
Management.
• Services used by : All government agencies,
banking and insurance
Benefits:
• Client requirements: Efficiency: The solution reduces the need for multiple
As part of Smart Nation initiatives, customer wanted sets of credentials for different services, streamlining
to modernize their national identity system by digital interactions.
deploying in AWS and leveraging on cloud native Security: With features like 2FA, Adaptive Access the
services. solution ensures that users’ identity is secure.
The system plays a crucial role in the country's User-Centricity: By continuously incorporating feedback
digitalization strategy, allowing citizen and residents and updating its features, solutions provides an ever-
to securely access a multitude of governmental and evolving, user-centric digital experience
private-sector services online.
Healthcare – GCG
posture. After ingested multiple data sources like security devices, identity management tools to maximize existing investment value
etc, it has out-of-the-box analysis capability to quickly detect threats, evaluate the risk, 6. Centrialized security logs management and
environment and prioritize the threats to support threat investigation quickly and effectively. meet compliance requirements
QRadar SIEM also provides templates for various audit reports, and supports customizable
dashboards to provide different views to management team and operation team, including
holistic security posture, and actionable insights, to facilitate the client build industry
leading SOC with limited resources. Solution Components:
• QRadar SIEM
• QRadar Apps like UBA etc.
Business challenge
Hospital das Clínicas de Ribeirão Preto (HCRP) had limited visibility into
the maturity of its security posture, hampering its ability to protect highly
sensitive patient data. HCRP sought a reliable security consultant to
assess its IT environment for vulnerabilities and provide recommendations
for remediation.
Transformation
HCRP engaged IBM Security Services to provide a comprehensive
cybersecurity assessment of its IT environment. After reviewing and
analyzing the infrastructure, the IBM team provided the hospital with a list
of recommendations intended to eliminate vulnerabilities. The
recommendations covered areas such as social media, cloud security,
data privacy and user-authentication processes.
Business benefits
Gained
Hospital das Clínicas de Solution components
•IBM Security Services
Full visibility into security
vulnerabilities across the IT
infrastructure
Ribeirão Preto •Cyber Security Assessment and
Response
Improved
assessing vulnerabilities
Security posture by addressing
vulnerabilities identified by the
assessment Hospital das Clínicas de Ribeirão Preto (HCRP) is a teaching hospital in
Ribeirão Preto, Brazil. It provides a population of approximately 2.5 million
people with a wide array of healthcare services. Operating as a tertiary
Increased hospital, it employs doctors that are trained in all medical specialties and
medico-surgical services. Founded in 1952, HCRP has more than 500 beds.
Protection of patient data and
critical assets from internal and
external threats
12 ©©2018 IBM
2016 IBM Corporation
Corporation
Healthcare
Business challenge
During an annual audit, this pharmacy-benefits management company
uncovered IT security and IT change management deficiencies that were
not in adherence with section 404 of the Sarbanes-Oxley Act (SOX). The
company sought a reliable IT provider that could help it remediate these
issues and provide guidance to improve identity and access management
processes overall.
Transformation
IBM consultants with deep expertise in healthcare, internal controls and
regulatory compliance helped the company resolve the audit deficiencies
and address security weaknesses. This work included revalidating user
access accounts, removing inappropriate and unneeded user-access
accounts and strengthening application change-control procedures that
could affect data security overall.
Business benefits
Improved internal controls.
Pharmacy-benefits- Solution components
Addressed compliance.
and avoids legal action Security Assessment and
Response
•IBM Security Services –
Avoided legal action and This US-based provides pharmacy-benefit-management software and Identity and Access
increased regulatory scrutiny. Management
services to the healthcare-benefits-management industry. The company
serves many large organizations in the pharmaceutical supply chain, including •IBM Security Services –
Gained new insight. employers, government agencies, health plans and retail pharmacy chains. Security Strategy Risk and
Founded in 1993, the company employs nearly 5,000 people and generates Compliance
Gained insight from experts on annual revenue of almost USD 22 billion.
how to modernize identity and
access management processes..
13 ©©2018 IBM
2016 IBM Corporation
Corporation
Healthcare
Business challenge
Florida Health Care Plans Inc. (FHCP) operates a network of medical and
retail locations that accept credit and debit cards for payment. Prior to its
acquisition by the Florida Blue Cross Blue Shield organization, FHCP was
a small organization and lacked the ability to sufficiently assess and secure
its payment environment on its own.
Transformation
FHCP engaged IBM Security Services to provide security consulting
focused on internal vulnerability scanning, database security, e-commerce
security, and penetration testing for Health Insurance Portability and
Accountability Act (HIPAA) and PCI compliance. The IBM team advised
the client to deploy security controls and solutions to increase security
visibility and responsiveness in its cardholder data environment. The team
also provided PCI gap assessments and completed required reports.
Business benefits
Boosted
Florida Health Care Plans Solution components
•IBM Security Strategy Risk and
Overall security posture and its
ability to address PCI DSS
requirements
Small insurer gets help Compliance Services
•PCI compliance advisory
14 ©©2018 IBM
2016 IBM Corporation
Corporation
Healthcare
Business challenge
Infirmary Health System needed to automate and strengthen security and
endpoint management to better protect Electronic Health Record (EHR)
data and meet HIPPAA and federal meaningful use requirements. The IT
team found it difficult to meet guidelines using point technologies and
manual processes for patching more than 4,000 workstations.
Business benefits
Improved compliance.
Infirmary Health System Solution components
•IBM® BigFix® Compliance
Went from an average of 40
percent patch compliance to 90
percent.
Gains meaningful use dollars •IBM BigFix Inventory
•IBM BigFix Lifecycle
with improved security and •IBM BigFix Patch
•IBM BigFix Protection
Reduced risk. audit reporting •IBM QRadar® Log Manager
Has comprehensive and near real •IBM QRadar SIEM
time visibility into offenses and •Solution delivered by IBM
threats.
This large non-government healthcare system in Alabama treats more than Business Partner ESM
100,000 patients annually. The organization includes three acute-care Technology
hospitals, three rehabilitation hospitals, three outpatient facilities and more
Reduced costs. than 30 medical clinics.
Reduced endpoint licensing costs
and reduced time to deploy
software by 95 percent.
15 ©©2018 IBM
2016 IBM Corporation
Corporation
Healthcare
Business challenge
A US-based healthcare technology company has experienced rapid growth
across Eastern Europe, Asia and South America, resulting in the need for
increased security. The client sought a security partner with the depth and
breadth of an end-to-end software and services portfolio.
Transformation
The company engaged IBM to implement an intrusion protection system
(IPS) solution with managed services, enabling it to focus on core business
initiatives and to scale more quickly. In addition, the implementation of an
IPS formed the solid first step of its proactive security posture. With an
effective IPS and the benefit of managed security services, the client is
poised to execute its security strategy more effectively.
Business benefits
Increased security.
Medical device company Solution components
•IBM® Security Network
Protects business-critical assets—
such as networks, servers,
endpoints and applications—from
IBM Security helps a Intrusion Prevention System
•IBM Managed Security Services
malicious threats.
healthcare company expand
globally
Reduced complexity.
Reduces cost and complexity by This global medical device company develops and markets industry-leading
consolidating point solutions and
integrating with other security innovative products that help dental professionals achieve the clinical results
tools. they expect and deliver cutting-edge options to their patients.
Business growth.
Stronger security posture helps
enable international growth.
16 ©©2018 IBM
2016 IBM Corporation
Corporation
Healthcare
Business challenge
With sensitive personal health information and research intellectual
property housed on its networks, this university health center’s
infrastructure presented a high-profile target. The security staff wanted to
more quickly identify and respond potential threats to better protect patient
information and network operations.
Transformation
“We can identify threats as they emerge Working with IBM and IBM Business Partner Trend Micro, the health
and act quickly so we can stop them center implemented a sophisticated security intelligence platform that
very early on, before they can do any helps it detect and respond to attacks that would otherwise get lost in the
damage.” “noise.” Advanced analytics and anomaly detection help turn event data
into actionable insight. The integrated solution also helps uncover
Senior Security Analyst, Center of Surveillance malware-driven attacks and evasive threats such as zero-day malware.
and Security
Business benefits
Thwarted attacks
University health center Solution components
•IBM® QRadar® Security
The platform analyzes 700 events
per second, correlating network
noise into a coherent story that
Strengthening its security Intelligence Platform
• IBM QRadar SIEM
helps staff s identify and stop
approximately 5 events a year. posture with in-depth global • IBM QRadar Risk
Manager
Patient care.
Monitoring biomedical equipment
critical to human life and
confirming its availability is an
added benefit.
17 ©©2018 IBM
2016 IBM Corporation
Corporation
Healthcare/Life Sciences
Business challenge
The company needed technology that would enable its limited security staff
to monitor and react to threats to their global business operations. The
client had been addressing the internal security functions within separate IT
silos with limited skilled manpower. The client wanted a more
comprehensive, integrated approach that would strengthen its overall
security posture.
Transformation
The client sought a partner with the experience and personnel to help
them meet their security objectives. The solution provided powerful
analytics and context that helped the client’s staff to detect threats faster,
identify vulnerabilities, prioritize risks, perform forensics analysis and
automate compliance activities.
Business benefits
Reduced risk.
Biomedical company Solution components
•IBM® QRadar® Security
Enhanced ability to address
security emergencies and daily
access to security expertise
Enhances ability to address Intelligence Platform
•IBM Managed Security Services
security emergencies
Met budget requirements.
Cost-effective staff augmentation Based in the US, this industry-leading company researches, develops,
manufactures and markets biotherapies that are used to treat serious and rare
Improved decision making. conditions. Users of their therapies around the globe rely on them for their
quality of life and, in many cases, for life itself. It employs more than 14,000
Access to valuable security people worldwide.
intelligence for better, more
informed decisions about high-
priority threats
18 ©©2018 IBM
2016 IBM Corporation
Corporation