Cyber Security Xperience Group & Sophos
https://player.vimeo.com/video /135044595?width=800&heigh t=450&iframe=true&portrait=0
Cybercrime Prevention Seminar Law Society - Belfast Dermot Hayden 12 th Oct 2018
Sophos Snapshot • Founded 1985 in Oxford, UK • $768.6 million in FY18 billings • 3,300 employees • 300,000+ customers at end of FY18 • Mid Market Focus • 100+ million users • 39,000+ channel partners at H1 FY18 • SophosLabs threat research facility Sophos Headquarters, Abingdon, UK • 100% channel-based go to market model • Endpoint & Network Security split 50/50
Free Tools Sophos gives out free tools that check for security risk, remove viruses, and protect home networks Sophos Home Free, including a free XG Firewall Mobile Security Antivirus for Linux Home Edition 30-day trial of Sophos Home Premium for iOS 275,000+ average monthly visitors! Free 30-day trial of Mobile Security UTM Home HitmanPro and HitmanPro.Alert for Android Edition
The IT Security Challenge
IT Security Challenge GROWING RISK AWARENESS EXPANDING ATTACK SURFACE • High profile corporate hacks (Sony, Target, Home Depot) • Multiple platforms (Windows, OS X, Linux) • High profile personal hacks (UK News International phone hacking scandal, • Mobile devices (iOS, Android, phones, tablets, wearables) • Internet of Things (IoT) iCloud celebrity nude photos) • Government surveillance allegations (Snowden leaks) • Regional compliance regulations (e.g. PCI compliance, data privacy) Layers of Complexity & Cost INCREASED ATTACK VANISHED PERIMETER SOPHISTICATION • Cloud-based storage (Dropbox, Box, OneDrive) • Crimeware-as-a-service (Vawtrak, Lizard • Social media (Facebook, Twitter, LinkedIn) Squad) • Remote offices • Cross-pollination • Roaming workers (APTs <--> crimeware) • Public cloud (AWS, Rackspace) • Crypto ransomware (CryptoLocker, • BYOD CryptoWall) • Free Wifi
SMBs Don’t Have Adequate Resources to Respond An Enterprise Approach Is Not Realistic Key Security Challenges Faced by Mid-Market Average Number of People Dedicated to Growing number and sophistication of security IT Security threats Increasing cost and exposure of "getting it Large Enterprises Mid-Market Enterprises wrong" Traditional, complex point solutions increase 5,000 - 19,999 100 - 499 Employees Employees cost and erode usability and manageability Fragmented and constantly changing vendor landscape is difficult to navigate and understand 500 - 999 Employees Limited in-house IT security personnel and 20,000+ Employees expertise Pressure on resources, budgets and time 1,000 - 4,999 Employees Enterprise security issues without enterprise class budgets “While bigger businesses can often dedicate greater resources towards cybersecurity, small and medium-sized businesses and entrepreneurs face the same cybersecurity challenges and threats with limited resources, capacity, and personnel.” (1) Note: 1. Source: U.S. Department of Homeland Security, 2014
Operation ‘ Honeybadger ’ • Sophos ‘Black Ops’ Project to determine threat to Irish businesses with online presence • Two websites – C1 (Best Practice) & C2 (Typical SMB) each with firewall, web server and file server. • Immediate sustained attacks on both sites – US, Germany, China with website and RDP services the primary focus of sustained brute force attacks • WAF and IPS on C1 responsible for reduction in bandwidth usage • Reduced password complexity on C2 led to hacker gaining access after 3 hours 8 minutes – more followed before systems were shut down!
Threat Landscape
Cybercrime Dynamics TODAY INTEGRATED BUSINESS MODEL (WannaCry, Locky, CryptoLocker) INDUSTRIALIZATION (RIG Exploit Kit, Neutrino Exploit Kit) AUTOMATION (Asprox botnet, Blackhole, Zeus) EFFICIENT ECOSYSTEMS (Mpack, Conficker) EARLY COMMERCIALIZATION (Loveletter, Pump & Dump email) DIGITAL GRAFFITI (Melissa, CodeRed worm) EVOLUTION OF CYBERCRIME OVER TIME > COMPOUNDING FACTORS LEVEL / SOURCES OF FUNDING NUMBER OF THREATS THREAT SOPHISTICATION RANSOMWARE NON-WINDOWS/ MOBILE NUMBER & RANGE OF ACTORS PROLIFERATION / NATION STATE
The Challenge Of Addressing New Threats Software Vulnerabilities Reported By Year 14647 7937 Up to 1 May 2018 6487 6446 5990 5286 5186 4639 4150 2010 2011 2012 2013 2014 2015 2016 2017 2018 Source information NIST National Vulnerability Database as of 1 May 2018 https://beta.nvd.nist.gov/vuln-metrics/visualizations/cvss-severity-distribution-over-time
Top Threats Worldwide • Active Adversary Generic Cryptojacking o Privilege escalation, cred theft, lateral Malware 3% movement, exploits, process injection 5% Active • Advanced Malware Ransomware Adversary o Zero-day attacks w/multiple stages 21% 38% o Worms, Trojans, VB script, PDF, File-less attacks (cryptominers, powershell, etc … ), bots, rats • Cryptomining/Cryptojacking 33% o Legitimate and malicious use of CPU cycles to generate digital currency Advanced Malware
The Threat Landscape Has Shifted Generic Cryptojacking Malware 3% 5% Active Ransomware Adversary RANSOMWARE 21% 38% 54% OF ORGS HIT BY RANSOMWARE *Source: State of Endpoint Protection Study 2018 33% Advanced Malware
Data Protection How far do you want to go to manage the risk to your data and IT assets? Risk mitigation BASIC IT SECURITY SCALE LOWEST RISK Top causes for Hacking, malware, or Portable devices and Unintended disclosure Other (4%) malicious code (57%) physical loss (17%) (22%) data loss* Lost or stolen Human error, Unauthorized Lost or stolen Common ways mobile devices, loss via email, Advanced Ransomware and Malicious insider access and laptops and malware exploits to lose data tablets, and or loss via credential theft storage devices IoT devices cloud storage Remediation SafeGuard Encryption Endpoint Protection Server Security Device Encryption Intercept X Sophos Mobile Effort LOWER HIGHER * Percentages based on number of incidents according to data from Privacy Rights Clearinghouse
93% of breaches include phishing Verizon 2018 Data Breach Investigations Report 19
Education
Spotting the Phish Any attempt to bait a user into: • Opening a malicious email attachment • Clicking a link • Transferring funds or confidential information 21
Global spam and phishing volumes 2015 2016 2017 22
Users five times more susceptible to Phishing Emails Phishing Attacks 13% B2B Email CTR B2C Email CTR 3.5% 2.4% Consumer marketing emails 5.4x / Business emails 3.7x 23 Sources: Sophos Phish Threat simulation data , Experian Email Benchmark Report Q4 2016
The threat landscape for phishing 41% OF IT P ROS REPORT AT LEAST DAILY 62% OF O RGANIZATIONS FAIL TO TEST PHISHING ATTACKS USER AWARENESS HOURLY 9% DAILY 32% WEEKLY 26% FORTNIGHTLY 5% 62% MONTHLY 6% INFREQUENTLY 15% NEVER 5% I DON’T KNOW 3% Phishing Temperature Check, Freeform Dynamics 2017 (for Sophos) 24 Data from 330 global IT professionals
The threat landscape for phishing 41% OF IT P ROS REPORT AT LEAST DAILY 62% OF O RGANIZATIONS FAIL TO TEST PHISHING ATTACKS USER AWARENESS HOURLY 9% DAILY 32% WEEKLY 26% FORTNIGHTLY 5% 62% MONTHLY 6% INFREQUENTLY 15% NEVER 5% I DON’T KNOW 3% Phishing Temperature Check, Freeform Dynamics 2017 (for Sophos) 25 Data from 330 global IT professionals
Solution: Phish like a bad guy Educate and test your users to spot attacks USER BASELINE TESTING REAL-WORLD ATTACK SIMULATION EFFECTIVE TRAINING MODULES COMPREHENSIVE REPORTING 26
Sophos Phish Threat • Simulated phishing campaigns in 3 easy steps 1 2 3 Monitor activity Choose an Choose and measure attack training awareness • 100’s of customizable • Over 30 interactive • Campaign reporting • Security posture by attack templates fed training courses by latest threat covering security and organization, group, or intelligence compliance topics individual
100’s of customizable attack simulation templates Multiple scenarios and difficulties • Realistic simulations powered by global threat intelligence • Library of international templates from beginner to expert Growing library of international content • • Australian Federal New Zealand Inland Police Revenue Department • Amazon.co.uk • Parcelforce • DVLA • Royal Bank of • Canada Post Canada • London Underground 28
Over 30 end user training modules Security Topics • • Phishing Malicious attachments • • Credential harvesting Passwords & passphrases • • Vishing (phone phishing) Two-factor • Social engineering authentication • • Ransomware Principle of least privilege • • Secure social media use Physical security and data • Public Wi-Fi protection Compliance Topics • EU General Data Protection Regulation (GDPR) • Gramm-Leach-Bliley Act (GLBA) • Health Insurance Portability and Accountability Act (HIPAA) • Payment Card Industry Data Security Standard (PCI DSS) 29
Recommend
More recommend