the onslaught of cyber security threats and what that
play

The Onslaught of Cyber Security Threats and What that Means to You - PowerPoint PPT Presentation

The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel


  1. The Onslaught of Cyber Security Threats and What that Means to You

  2. No End in Sight for Cyber Crime Growth Number of mobile 200M devices affected IBM 11.6M Number of accounts hacked CNN Money 432M Number of malware samples collected Intel Security

  3. Cyber Crime is Hurting Us All Americans who have 43% experienced a malicious attack Norton By Symantic Enterprises in U.S. that 68% suffered a security breach USA Today Employees steal proprietary 54% corporate data when they quit or fired Heimdal Security

  4. Agenda – Breach landscape – Evolution – Regulators Response – Summary – Q&A

  5. Staying Ahead of The Trends

  6. An Ever-Changing Threat Landscape 100,000+ Threats are more sophisticated malware variants daily and evolving 2014 2010 50,000 2007 known viruses 2004 1,300 known 1997 RANSOMWARE viruses HACTIVISM STATE SPONSORED CYBERWEAPONS INDUSTRIAL ESPIONAGE NEXT GEN APTS DDOS ADWARE MOBILE MALWARE VIRUSES APTS AND CLOUD & WEB SERVICES ATTACKS AND SPYWARE WORMS

  7. Evolution of Vulnerability's Mobile Device Loss/theft Managed Endpoints External Threats Malware Social Engineering Insider Threats Business Partners

  8. Explosion of Connected Devices

  9. Results

  10. Data Compromised – Seemingly everything stored in the network. • Entrance Method – Stolen system administrator credentials • Time Undetected – Unknown • Discovery Method – On Nov. 22 employee computers received • messages threatening public distribution Estimated Damages - Could exceed $100 million. •

  11. • Data Compromised – 80 million • Entrance Method – Attackers used credentials of at least five different employees. • Time Undetected – A month and a half . • Discovery Method – The admin himself noticed his credentials being used to query their data warehouse. • Estimated Damages - $100 million

  12. Data Compromised – 40 million credit and debit cards, 70 • million phone numbers Entrance Method – HVAC company • Time Undetected – About two weeks • Discovery Method – The Department of Justice • Estimated Damages - $148 million •

  13. Data Compromised – Estimated 7 million • Entrance Method – Compromised computer with special • privileges. Time Undetected – Three months • Discovery Method – Internal investigation • Estimated Damages - $200 million •

  14. • Data Compromised – 56 million credit • Entrance Method – Third-party vendor’s credentials • Time Undetected – Six months • Discovery Method – 3 rd party notification • Estimated Damages - $62 million

  15. Number of People Affected • Sony – 6,000 • Anthem Inc. – 80,000,000 • Target – 70,000,000 • JP Morgan – 76,000,000 • Home Depot – 56,000,000

  16. Regulators Response

  17. PCI-DSS: Security Penalties The Payment Card Industry has established fines of up to $500,000 per incident for security breaches when merchants are not PCI compliant. Potential cost of a security breach Fines of $500,000 per incident for being PCI non-compliant • Increased audit requirements • Potential for campus wide shut down of credit card activity • by their merchant bank Cost of printing and postage for customer notification • mailing Cost of staff time (payroll) during security recovery • Cost of lost business during register or store closures and • processing time Decreased sales due to marred public image and loss of • customer confidence

  18. HIPAA Penalties 1) Covered entity or individual did not know $100 - $50,000 for each violation, up to a (and by exercising reasonable diligence would maximum of $1.5 million for identical provisions not have known) the act was a HIPAA violation. during a calendar year. $1,000 - $50,000 for each violation, up to a 2) The HIPAA violation had a reasonable cause maximum of $1.5 million for identical provisions and was not due to willful neglect. during a calendar year. 3) The HIPAA violation was due to willful neglect $10,000 - $50,000 for each violation, up to a but violation is corrected within the required time maximum of $1.5 million for identical provisions period. during a calendar year. $50,000 for each violation, up to a maximum of 4) The HIPAA violation is due to willful neglect $1.5 million for identical provisions during a and is not corrected. calendar year.

  19. GLBA Penalties Violation of GLBA: Gramm-Leach-Bliley Act and Financial Privacy • The financial institution shall be subject to a civil penalty of not more than $100,000 for each violation; and • The officers and directors of the financial institution shall be subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation • Also, fines in accordance with Title 18 of the US Code, imprisonment for not more than five years, or both

  20. Average Cost of a Data Breach US $5,403,644 DE $4,823,583 AU $4,104,932 FR $3,763,299 UK $3,143,048 JP $2,282,095 IT $2,275,404 BZ $1,321,903 IN $1,115,804 $1,000,000 $2,000,000 $3,000,000 $4,000,000 $5,000,000 $6,000,000

  21. Security Approaches

  22. Siloed Security Approach

  23. Single Vendor Approach

  24. Interconnected Approach

  25. Our Approach Detect & Protect Compliance Secure Access Advanced Threat Data Protection Protection

  26. Threat Landscape New threats every minute, or almost 4 every 236 ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ second 46% Increase in malicious signed binaries in Q1 2014 Increase in new threats attacking the master boot 49% record in Q1 2014 Increase in the amount of mobile malware samples in 167% the past year 1,000,000 Number of new ransomware samples in 2013 New malicious URLs in Q1 2014 – a 19% increase over 18,000,000 the previous quarter 200,000,000+ Known Malware samples as of Q1 2014

Recommend


More recommend