SlideShare una empresa de Scribd logo

How secure are you?

Descargar como PPTX, PDF
Joe Morris
Joe Morris

Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.

TecnologíaNoticias y política
1 de 17
How Secure are You?
A bunch of guys drinking brewskies?
One day in 2013 . . . .
The past month . . . May 1 – DOJ indicts five PRC PLA Officers on 31 counts including theft of trade secrets, and economic espionage May 15 - Lockheed admits cyber-attacks into its systems have quadrupled since 2007 May 23 - eBay admits to massive cyber-attack affecting 145million users May 29 - Spotify tells eBay 'Me, too' as cyber attack compromises 40 million user accounts May 29 – FireEye reports that Cyberattacks spiked as Russia annexed Crimea May 30 - Brazilian government hit by cyber attack June 1 - Western intelligence agencies in consensus predict a "powerful computer attack"from two malware software programs known as GOZeuS and CryptoLocker. June 3 – Justice Department indicts Russian cyber-criminal mastermind on 14 counts related to the GOZeuS and CryptoLocker malware software programs June 13 -- P.F. Chang's China Bistro breached. The breach has resulted in the probable loss of sensitive debit and credit card information of its customers.
Security Incident Patterns
92% of security incidents can be described by just nine patterns* * Based on analysis of over 100,000 incidents from between 2004 and 2013
POS Intrusions = 1% Crimeware = 19% Web App Attacks = 8% Card Skimmers = 1% Insider Misuse = 19% DoS Attacks = 2% Physical Theft/Loss = 16% Cyber-espionage = 1% Misc. Errors = 27% Everything Else = 8% Based on analysis of over 100,000 incidents from between 2004 and 2013 Share of Incidents, All Industries
OF MISUSE ATTACKS HAPPENED ACROSS THE CORPORATE LAN. 85% What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Is my industry a target? A wide range of industries were represented: real estate; public sector; mining; administrative and others. Insider Misuse
OF ALL THEFT/LOSS HAPPENED IN THE WORK AREA. 43% What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor. Physical Theft and Loss
What is it? Any mistake that compromises security, such as accidentally posting private data to a public site, or failing to dispose of documents or assets securely. Is my industry a target? Industries that communicate with the public — such as public sector, administration, education and healthcare — suffer most. Miscellaneous Errors OF ERRORS INVOLVED PRINTED DOCUMENTS. 49%
THE MAJORITY OF CRIMEWARE INCIDENTS START VIA WEB ACTIVITY, NOT LINKS OR ATTACHMENTS IN EMAIL. What is it? Any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities, and manufacturing were most at risk. Crimeware
86% OF SKIMMING ATTACKS WERE ON ATMS. What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets, but anybody that processes card “cardholder present” transaction is vulnerable — like healthcare providers. Payment Card Skimmers
+115% MORE POWERFUL BOTNETS AND REFLECTION ATTACKS HAVE HELPED DRIVE THE SCALE OF DOS ATTACKS UP 115% SINCE 2011. What is it? Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks are often on mission-critical transactional systems in finance, retail and similar sectors. Denial of Service
3x THIS YEAR’S DATA SET SHOWS A THREEFOLD INCREASE IN ESPIONAGE ATTACKS YEAR ON YEAR. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Not just a problem for government and military organizations, but professional, manufacturing, mining, transportation and public sector are all popular targets. Cyber-espionage
Take aways . . . • The physical component is important in both the physical and digital domain – exercise vigilance, be paranoid, expect the unexpected. • Ensure you are aware of your surroundings. • Where possible use a credit vs. debit card. • Vet your employees. • Limit access to critical systems and data. • Have a security audit performed routinely to ensure your enterprise is optimized for security – you can pay a little now or a lot later. You decide.
Links • Metcalf Incident: “Assault on California Power Station Raises Alarm on Potential for Terrorism” http://online.wsj.com/news/articles/SB100014240527023048511045793591419 41621778 • Milken Institute “High Stakes in Cyber Security” http://www.milkeninstitute.org/presentations/mediapage.taf?ID=4818 • Verizon Data Breach Investigation Report: http://www.verizonenterprise.com/DBIR/ • The New Threat Landscape: http://www.fireeye.com/info- center/videos/?video=new_threat_landscape
How secure are you?

Recomendados

What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 
Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are LurkingCharlie Lewis M.S.
 
Cybercrime blog
Cybercrime blogCybercrime blog
Cybercrime blogCharlie Lewis M.S.
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Safety, Sanctuary and Security
Safety, Sanctuary and SecuritySafety, Sanctuary and Security
Safety, Sanctuary and SecurityPaige Rasid
 
Forensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in CameroonForensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in CameroonSARON MESSEMBE OBIA
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomStanford GSB Corporate Governance Research Initiative
 
Global Commision on Internet Governance
Global Commision on Internet GovernanceGlobal Commision on Internet Governance
Global Commision on Internet GovernanceDominic A Ienco
 

Recomendados

What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 
Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are LurkingCharlie Lewis M.S.
 
Cybercrime blog
Cybercrime blogCybercrime blog
Cybercrime blogCharlie Lewis M.S.
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Safety, Sanctuary and Security
Safety, Sanctuary and SecuritySafety, Sanctuary and Security
Safety, Sanctuary and SecurityPaige Rasid
 
Forensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in CameroonForensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in CameroonSARON MESSEMBE OBIA
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomStanford GSB Corporate Governance Research Initiative
 
Global Commision on Internet Governance
Global Commision on Internet GovernanceGlobal Commision on Internet Governance
Global Commision on Internet GovernanceDominic A Ienco
 
Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Marcio Kanamaru
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceBrian Arellanes
 
Understanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminalsUnderstanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminalsSARON MESSEMBE OBIA
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paperaymancoo
 
Cybercriminality
CybercriminalityCybercriminality
CybercriminalityChantal Abam
 
Cyber laws
Cyber lawsCyber laws
Cyber lawsManali Khadaria
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...jsnyder40
 
Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Omkar Walavalkar
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightPaul Wright MSc
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...David Sweigert
 
Cybercrime
CybercrimeCybercrime
CybercrimeVasiliki Zioga
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
Class 21 and 22
Class 21 and 22Class 21 and 22
Class 21 and 22Dr. Ajith Sundaram
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexAndreanne Clarke
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
Cyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji BankoleCyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji BankoleBolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Sooraj Maurya
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
 
Road Travel Safety
Road Travel SafetyRoad Travel Safety
Road Travel SafetyRudi Nieuwoudt
 
Travel safety
Travel safetyTravel safety
Travel safetyprofmel27
 

Más contenido relacionado

La actualidad más candente

Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Marcio Kanamaru
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceBrian Arellanes
 
Understanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminalsUnderstanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminalsSARON MESSEMBE OBIA
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paperaymancoo
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...jsnyder40
 
Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Omkar Walavalkar
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightPaul Wright MSc
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...David Sweigert
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexAndreanne Clarke
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimesrinushalu
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Sooraj Maurya
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial CrimesRaj Goel
 

La actualidad más candente (20)

Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
 
Understanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminalsUnderstanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminals
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paper
 
Cybercriminality
CybercriminalityCybercriminality
Cybercriminality
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
 
Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wright
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 
Class 21 and 22
Class 21 and 22Class 21 and 22
Class 21 and 22
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimes
 
Cyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji BankoleCyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji Bankole
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
 

Destacado

Travel safety
Travel safetyTravel safety
Travel safetyprofmel27
 
5 Essential Tips for Travel Safety Presentation
5 Essential Tips for Travel Safety Presentation5 Essential Tips for Travel Safety Presentation
5 Essential Tips for Travel Safety PresentationMickael Marsali
 
Travel safety presentation
Travel safety presentationTravel safety presentation
Travel safety presentationUK Meds
 
Office safety
Office safetyOffice safety
Office safetyGPurssell
 
Tips for Setting Healthy and Safe Boundaries To Reduce Stress by
Tips for Setting Healthy and Safe Boundaries To Reduce Stress byTips for Setting Healthy and Safe Boundaries To Reduce Stress by
Tips for Setting Healthy and Safe Boundaries To Reduce Stress byAtlantic Training, LLC.
 
Managing Psychosocial Risks at Work by EU-OSHA
Managing Psychosocial Risks at Work by EU-OSHAManaging Psychosocial Risks at Work by EU-OSHA
Managing Psychosocial Risks at Work by EU-OSHAAtlantic Training, LLC.
 
Coping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrintCoping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrintAtlantic Training, LLC.
 
Workplace Stress for Manager’s Training by IOSH
Workplace Stress for Manager’s Training by IOSHWorkplace Stress for Manager’s Training by IOSH
Workplace Stress for Manager’s Training by IOSHAtlantic Training, LLC.
 
Preventing Back Injuries Training by PATHS
Preventing Back Injuries Training by PATHSPreventing Back Injuries Training by PATHS
Preventing Back Injuries Training by PATHSAtlantic Training, LLC.
 
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHSBack Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHSAtlantic Training, LLC.
 
Electrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia TechElectrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia TechAtlantic Training, LLC.
 

Destacado (20)

Road Travel Safety
Road Travel SafetyRoad Travel Safety
Road Travel Safety
 
Travel safety
Travel safetyTravel safety
Travel safety
 
5 Essential Tips for Travel Safety Presentation
5 Essential Tips for Travel Safety Presentation5 Essential Tips for Travel Safety Presentation
5 Essential Tips for Travel Safety Presentation
 
Travel safety presentation
Travel safety presentationTravel safety presentation
Travel safety presentation
 
Travel Safety.ppt
Travel Safety.pptTravel Safety.ppt
Travel Safety.ppt
 
Office safety
Office safetyOffice safety
Office safety
 
Patient Safety Indicators by
Patient Safety Indicators byPatient Safety Indicators by
Patient Safety Indicators by
 
Stress in the Workplace by CCHA
Stress in the Workplace by CCHAStress in the Workplace by CCHA
Stress in the Workplace by CCHA
 
Workplace Stress Management by PASFAA
Workplace Stress Management by PASFAAWorkplace Stress Management by PASFAA
Workplace Stress Management by PASFAA
 
Tips for Setting Healthy and Safe Boundaries To Reduce Stress by
Tips for Setting Healthy and Safe Boundaries To Reduce Stress byTips for Setting Healthy and Safe Boundaries To Reduce Stress by
Tips for Setting Healthy and Safe Boundaries To Reduce Stress by
 
Managing Psychosocial Risks at Work by EU-OSHA
Managing Psychosocial Risks at Work by EU-OSHAManaging Psychosocial Risks at Work by EU-OSHA
Managing Psychosocial Risks at Work by EU-OSHA
 
Coping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrintCoping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrint
 
Workplace Stress for Manager’s Training by IOSH
Workplace Stress for Manager’s Training by IOSHWorkplace Stress for Manager’s Training by IOSH
Workplace Stress for Manager’s Training by IOSH
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Emergency Evacuation Training by UMES
Emergency Evacuation Training by UMESEmergency Evacuation Training by UMES
Emergency Evacuation Training by UMES
 
Emergency Action Plan by NOAO
Emergency Action Plan by NOAOEmergency Action Plan by NOAO
Emergency Action Plan by NOAO
 
Preventing Back Injuries Training by PATHS
Preventing Back Injuries Training by PATHSPreventing Back Injuries Training by PATHS
Preventing Back Injuries Training by PATHS
 
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHSBack Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
 
Electrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia TechElectrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia Tech
 
Back & Lifting Safety by NPCA
Back & Lifting Safety by NPCABack & Lifting Safety by NPCA
Back & Lifting Safety by NPCA
 

Similar a How secure are you?

www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxericbrooks84875
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016thinkASG
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bbmarukanda
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enBankir_Ru
 
Securing information in the New Digital Economy- Oracle Verizon WP
Securing information in the New Digital Economy- Oracle Verizon WPSecuring information in the New Digital Economy- Oracle Verizon WP
Securing information in the New Digital Economy- Oracle Verizon WPPhilippe Boivineau
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?Diaspark
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfEarlvonDeiparine1
 
Verizon's DBIR-A look into each industry
Verizon's DBIR-A look into each industryVerizon's DBIR-A look into each industry
Verizon's DBIR-A look into each industrySOCRadar Inc
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Grant Barker
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftIJCNCJournal
 

Similar a How secure are you? (20)

www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bb
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
 
Securing information in the New Digital Economy- Oracle Verizon WP
Securing information in the New Digital Economy- Oracle Verizon WPSecuring information in the New Digital Economy- Oracle Verizon WP
Securing information in the New Digital Economy- Oracle Verizon WP
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
 
BREACH LEVEL INDEX
BREACH LEVEL INDEXBREACH LEVEL INDEX
BREACH LEVEL INDEX
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Verizon's DBIR-A look into each industry
Verizon's DBIR-A look into each industryVerizon's DBIR-A look into each industry
Verizon's DBIR-A look into each industry
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theft
 
223 - Computer ethics
223 - Computer ethics223 - Computer ethics
223 - Computer ethics
 

Último

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

How secure are you?

  • 2. A bunch of guys drinking brewskies?
  • 3. One day in 2013 . . . .
  • 4. The past month . . . May 1 – DOJ indicts five PRC PLA Officers on 31 counts including theft of trade secrets, and economic espionage May 15 - Lockheed admits cyber-attacks into its systems have quadrupled since 2007 May 23 - eBay admits to massive cyber-attack affecting 145million users May 29 - Spotify tells eBay 'Me, too' as cyber attack compromises 40 million user accounts May 29 – FireEye reports that Cyberattacks spiked as Russia annexed Crimea May 30 - Brazilian government hit by cyber attack June 1 - Western intelligence agencies in consensus predict a "powerful computer attack"from two malware software programs known as GOZeuS and CryptoLocker. June 3 – Justice Department indicts Russian cyber-criminal mastermind on 14 counts related to the GOZeuS and CryptoLocker malware software programs June 13 -- P.F. Chang's China Bistro breached. The breach has resulted in the probable loss of sensitive debit and credit card information of its customers.
  • 6. 92% of security incidents can be described by just nine patterns* * Based on analysis of over 100,000 incidents from between 2004 and 2013
  • 7. POS Intrusions = 1% Crimeware = 19% Web App Attacks = 8% Card Skimmers = 1% Insider Misuse = 19% DoS Attacks = 2% Physical Theft/Loss = 16% Cyber-espionage = 1% Misc. Errors = 27% Everything Else = 8% Based on analysis of over 100,000 incidents from between 2004 and 2013 Share of Incidents, All Industries
  • 8. OF MISUSE ATTACKS HAPPENED ACROSS THE CORPORATE LAN. 85% What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Is my industry a target? A wide range of industries were represented: real estate; public sector; mining; administrative and others. Insider Misuse
  • 9. OF ALL THEFT/LOSS HAPPENED IN THE WORK AREA. 43% What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor. Physical Theft and Loss
  • 10. What is it? Any mistake that compromises security, such as accidentally posting private data to a public site, or failing to dispose of documents or assets securely. Is my industry a target? Industries that communicate with the public — such as public sector, administration, education and healthcare — suffer most. Miscellaneous Errors OF ERRORS INVOLVED PRINTED DOCUMENTS. 49%
  • 11. THE MAJORITY OF CRIMEWARE INCIDENTS START VIA WEB ACTIVITY, NOT LINKS OR ATTACHMENTS IN EMAIL. What is it? Any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities, and manufacturing were most at risk. Crimeware
  • 12. 86% OF SKIMMING ATTACKS WERE ON ATMS. What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets, but anybody that processes card “cardholder present” transaction is vulnerable — like healthcare providers. Payment Card Skimmers
  • 13. +115% MORE POWERFUL BOTNETS AND REFLECTION ATTACKS HAVE HELPED DRIVE THE SCALE OF DOS ATTACKS UP 115% SINCE 2011. What is it? Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks are often on mission-critical transactional systems in finance, retail and similar sectors. Denial of Service
  • 14. 3x THIS YEAR’S DATA SET SHOWS A THREEFOLD INCREASE IN ESPIONAGE ATTACKS YEAR ON YEAR. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Not just a problem for government and military organizations, but professional, manufacturing, mining, transportation and public sector are all popular targets. Cyber-espionage
  • 15. Take aways . . . • The physical component is important in both the physical and digital domain – exercise vigilance, be paranoid, expect the unexpected. • Ensure you are aware of your surroundings. • Where possible use a credit vs. debit card. • Vet your employees. • Limit access to critical systems and data. • Have a security audit performed routinely to ensure your enterprise is optimized for security – you can pay a little now or a lot later. You decide.
  • 16. Links • Metcalf Incident: “Assault on California Power Station Raises Alarm on Potential for Terrorism” http://online.wsj.com/news/articles/SB100014240527023048511045793591419 41621778 • Milken Institute “High Stakes in Cyber Security” http://www.milkeninstitute.org/presentations/mediapage.taf?ID=4818 • Verizon Data Breach Investigation Report: http://www.verizonenterprise.com/DBIR/ • The New Threat Landscape: http://www.fireeye.com/info- center/videos/?video=new_threat_landscape

Notas del editor

  1. Does anyone know what this video represents? I’ll give you a hint – April 16, 2013. Still no ideas? If you watch the video closely, you will see streaks of light, those streaks of light represent sniper rounds impacting metal surfaces. Still no ideas? This is early morning video surveillance footage of a Pacific Gas and Electric electrical transmission substation in Metcalf California being attacked by snipers. 12:58 – 1:07 AM: attackers slip into an underground AT&T vault and expertly severed six AT&T fiber optic telecommunication lines in a way that would make repair difficult. The lid over this vault was so heavy that it would take at least two people to lift it.  1:31 AM: snipers began firing at the power station, destroying 17 giant transformers and six circuit breakers. 1:41 AM: first call to LE from plant operator 1:45 AM: transformers all over the substation start crashing 1:50 AM: gunmen cease fire and depart 1:51 AM: LE arrive, but can’t enter substation & leave, as everything appears “normal” 3:15 AM when utility electrician arrives the full scope of the damage is appreciated The Metcalf power station was down for 27 days and the cost of the damage was estimated to be $15.4 million. Members of the Joint Warfare Analysis Center found fingerprint-free shell casings, & small piles of rocks, probably left by an advance scout to tell the attackers where to get the best shots. This was a low tech attack, but it wasn’t just a bunch of guys drinking brewskies.
  2. Picture of an actual attack on the financial infrastructure of the United States sometime in 2013 Blue dots are victims, suffering from a denial of service attack Yellow dots were underpinning infrastructure Red dots represent where attacks were being launched – but in fact they were most likely orchestrated from Iran (according to the Washington Post), this group hijacked the infrastructure of global telecommunications companies to disrupt the financial infrastructure of the United States. This attack was 3X what most global telecommunications companies could bear. What is scary about this attack is that the aggressor stopped and pulled back. Why? We don’t know. Tens of millions were spent trying to shed these attacks
  3. This is a bit of an eye chart. The picture I am painting here is that the threat is persistent and growing. While you’re reading this slide, be sure to check your phone and ensure its not a Tianxing N9500. Today’s WSJ reports that this device comes to you preloaded with malware – in the firmware!
  4. Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you
  5. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.
  6. What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Culprits cover every level of business, from the frontline assistants to the boardroom. Is my industry a target? Wherever a business trusts people, you’ll find this risk.
  7. What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor.
  8. What is it? Simply, any mistake that compromises security: which may mean posting private data to a public site accidentally, sending information to the wrong recipients, or failing to dispose of documents or assets securely. Is my industry a target? People make mistakes, no matter what industry they work in. But industries that deal in the communication of information — such as public sector, administration, education and healthcare — suffer most.
  9. What is it? Crimeware is a broad category, covering any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities and manufacturing were most at risk.
  10. What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets.
  11. What is it? These are attacks, not attempted breaches. Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks focused on mission-critical transactional systems in finance, retail and similar sectors.
  12. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Espionage is not just a problem for government and military organizations. Professional, transportation, manufacturing, mining and public sector are all popular targets. If a developing economy, without respect of rule of law or intellectual property rights can jump start their R&D process they will – the industries most often target here are those with large investments in R&D