Making Cyber Security Part of Your Business
Cybercrime • The rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. • Nearly 60% of anticipated data breaches worldwide in 2015 will occur in North America, but this proportion will decrease over time as other countries become both richer and more digitized. • The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected. Source: Juniper Research, May 2015
Cybercrime • The likely annual cost to the global economy from cybercrime is more than $400 billion. • A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion. Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014
Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014
Cybercrime More data Source: Symantec, 2013
Cybercrime More data Source: 41 st Parameter
Cybercrime Menu for Full Service Hacking Monthly Onetime Malware Checking $30 $50 Botnet Framework $40 $125 Bulletproof Hosting $52 $0 Exploit Kit $38 $120 DDoS Attack for 24 hours $70 $205 Dropper File and Crypt $8 $80 Total $238 $600 Source: Trend Micro
OAS Cybersecurity Report An online quantitative survey was conducted in January 2015 among the heads of Security of CIOs of the major critical infrastructure in all countries in the Americas A total of 575 respondents completed the survey
Internet Use in Brazil • According to 2013 data, 85.9 million Brazilians were users of the Internet, which accounts for 51% of the population. • Latin America had nearly 255 million users in 2012, 32% of them Brazilians. Another important factor is the increase in the percentage and number of Internet users in Latin America — 18 million people in 2000 to almost 255 million in 2012, which represent 1300%. Source: CETIC, TIC Domicílios e Empresas 2013, 2014. McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014.
Cybercrime in Brazil • A survey of Brazilian companies found that a third had been victims of cybercrime. In February of 2012, a group calling itself “Anonymous Brasil ” launched a denial-of-service attack, which took down a number of Brazilian financial websites, including that of Citigroup. • In another attack, Brazilian hackers compromised 4.5 million home DSL routers. Using the hacked routers and careful social engineering, the criminals encouraged users to provide sensitive personal information or to install malware. • Many experts agree that Brazil’s weak laws for cybercrime and intellectual property protection means that domestic hackers, who have become increasingly professionalized, face little risk of arrest or prosecution. These factors make Brazilian cybercriminals successful locally, but there is little to prevent them from turning to a global crime. Brazil also faces external cyberthreats, and information on the Brazilian economy from key crops — from soybeans to oil production — are targets . Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014
Cybercrime in Brazil • Today, cybercrime is one of the top four economic crimes in the world. In Brazil, cybercrime is in second place. • According to data from FEBRABAN (Brazilian Federation of Banks), Brazil had losses of R $1.4 billion in 2012 (US $591 million),down 6.7% over the previous year. It is also important to note that although the absolute number is impressive, it represents only 0.06% of bank transactions. • According to the “Global Economic Crime Survey 2011 —Brazil,” 40% of Brazilian respondents said they had never received any training in cybersecurity, 57% of Brazilian companies said they do not have the resources to fight cybercrime or know if they are capable of cybercrime investigations, and 50% of Brazilians said they didn’t know that their companies could detect and prevent cybercrime. • . Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014
What can we do… 1. Employ defense-in-depth adequate security protections strategies 8. Implement a removable media 2. Monitor for network incursion policy attempts, vulnerabilities and 9. Be aggressive in your updating brand use and patching 3. Antivirus on endpoints is not 10. Enforce an effective password enough policy 4. Secure your websites against 11. Ensure regular backups are Man In the Middle attacks and available malware infection 12. Restrict emails attachments 5. Protect your private keys 13. Ensure that you have infection 6. Use encryption to protect and incident response sensitive data procedures in place 7. Ensure all devices allowed on 14. Educate users on basic security company networks have protocols Source: OAS and Symantec, Latin America + Caribbean Cybersecurity Trends, 2014
What can we do… 5 Simple Steps Source: GovLoop and Symantec
Trust and Stakeholder Participation • There is a need for trust-building: – Wikileaks and the “Snowden Effect” – NSA and mining Metada – Retail attacks and reporting • How to build trust? – Multi-sectorial inclusion in policymaking – Engagement with civil society – Public-Private Partnerships
OAS 7-Point Action Plan
OAS Model is based on COLLABORATION
Thank you
Recommend
More recommend