The Onslaught of Cyber Security Threats and What that Means to You
No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel Security
Cyber Crime is Hurting Us All Americans who have 43% experienced a malicious attack Norton By Symantic Enterprises in U.S. that 68% suffered a security breach USA Today Employees steal proprietary 54% corporate data when they quit or fired Heimdal Security
Agenda – Breach landscape – Evolution – Regulators Response – Summary – Q&A
Staying Ahead of The Trends
An Ever-Changing Threat Landscape 100,000+ Threats are more sophisticated malware variants daily and evolving 2014 2010 50,000 2007 known viruses 2004 1,300 known 1997 RANSOMWARE viruses HACTIVISM STATE SPONSORED CYBERWEAPONS INDUSTRIAL ESPIONAGE NEXT GEN APTS DDOS ADWARE MOBILE MALWARE VIRUSES APTS AND CLOUD & WEB SERVICES ATTACKS AND SPYWARE WORMS
Evolution of Vulnerability's Mobile Device Loss/theft Managed Endpoints External Threats Malware Social Engineering Insider Threats Business Partners
Explosion of Connected Devices
Results
Data Compromised – Seemingly everything stored in the network. • Entrance Method – Stolen system administrator credentials • Time Undetected – Unknown • Discovery Method – On Nov. 22 employee computers received • messages threatening public distribution Estimated Damages - Could exceed $100 million. •
• Data Compromised – 80 million • Entrance Method – Attackers used credentials of at least five different employees. • Time Undetected – A month and a half . • Discovery Method – The admin himself noticed his credentials being used to query their data warehouse. • Estimated Damages - $100 million
Data Compromised – 40 million credit and debit cards, 70 • million phone numbers Entrance Method – HVAC company • Time Undetected – About two weeks • Discovery Method – The Department of Justice • Estimated Damages - $148 million •
Data Compromised – Estimated 7 million • Entrance Method – Compromised computer with special • privileges. Time Undetected – Three months • Discovery Method – Internal investigation • Estimated Damages - $200 million •
• Data Compromised – 56 million credit • Entrance Method – Third-party vendor’s credentials • Time Undetected – Six months • Discovery Method – 3 rd party notification • Estimated Damages - $62 million
Number of People Affected • Sony – 6,000 • Anthem Inc. – 80,000,000 • Target – 70,000,000 • JP Morgan – 76,000,000 • Home Depot – 56,000,000
Regulators Response
PCI-DSS: Security Penalties The Payment Card Industry has established fines of up to $500,000 per incident for security breaches when merchants are not PCI compliant. Potential cost of a security breach Fines of $500,000 per incident for being PCI non-compliant • Increased audit requirements • Potential for campus wide shut down of credit card activity • by their merchant bank Cost of printing and postage for customer notification • mailing Cost of staff time (payroll) during security recovery • Cost of lost business during register or store closures and • processing time Decreased sales due to marred public image and loss of • customer confidence
HIPAA Penalties 1) Covered entity or individual did not know $100 - $50,000 for each violation, up to a (and by exercising reasonable diligence would maximum of $1.5 million for identical provisions not have known) the act was a HIPAA violation. during a calendar year. $1,000 - $50,000 for each violation, up to a 2) The HIPAA violation had a reasonable cause maximum of $1.5 million for identical provisions and was not due to willful neglect. during a calendar year. 3) The HIPAA violation was due to willful neglect $10,000 - $50,000 for each violation, up to a but violation is corrected within the required time maximum of $1.5 million for identical provisions period. during a calendar year. $50,000 for each violation, up to a maximum of 4) The HIPAA violation is due to willful neglect $1.5 million for identical provisions during a and is not corrected. calendar year.
GLBA Penalties Violation of GLBA: Gramm-Leach-Bliley Act and Financial Privacy • The financial institution shall be subject to a civil penalty of not more than $100,000 for each violation; and • The officers and directors of the financial institution shall be subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation • Also, fines in accordance with Title 18 of the US Code, imprisonment for not more than five years, or both
Average Cost of a Data Breach US $5,403,644 DE $4,823,583 AU $4,104,932 FR $3,763,299 UK $3,143,048 JP $2,282,095 IT $2,275,404 BZ $1,321,903 IN $1,115,804 $1,000,000 $2,000,000 $3,000,000 $4,000,000 $5,000,000 $6,000,000
Security Approaches
Siloed Security Approach
Single Vendor Approach
Interconnected Approach
Our Approach Detect & Protect Compliance Secure Access Advanced Threat Data Protection Protection
Threat Landscape New threats every minute, or almost 4 every 236 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ second 46% Increase in malicious signed binaries in Q1 2014 Increase in new threats attacking the master boot 49% record in Q1 2014 Increase in the amount of mobile malware samples in 167% the past year 1,000,000 Number of new ransomware samples in 2013 New malicious URLs in Q1 2014 – a 19% increase over 18,000,000 the previous quarter 200,000,000+ Known Malware samples as of Q1 2014
Recommend
More recommend