Security expert Stephen Cobb looks at the goals and motives of criminal hackers, and how to mitigate the two main avenues of attack using smart scanning and strong authentication.
5. 720 breaches by size of organization (employees)
Over 100,000
10,001 to 100,000
1,001 to 10,000
101 to 1,000
11 to 100
1 to 10
SMBs
0 100 200 300 400 500 600
Verizon 2012 Data Breach Investigations Report
6. The SMB sweet spot for the cyber-
criminally inclined
Big enterprise
Assets
SMB “sweet spot”
worth
looting
Consumers
Level of protection
7. How do they get to your devices?
1. Malware involved in 69% of breaches
2. Hacking* used in 81% of breaches
Breaches combining malware and hacking: 61%
*80% of hacking is passwords:
default, missing, guessed, stolen, cracked
Verizon 2012 Data Breach Investigations Report
13. So how do you defend your devices?
Two main attacks…. …and
defenses
Malware Scanning
Hacking Authentication
14. Scanning requires proper implementation
Measures in use at a sample of healthcare facilities
Require AV on mobile devices
Scan devices prior to connection
Scan devices while connected
0% 10% 20% 30% 40%
Ponemon Institute Third Annual Benchmark Study on Patient Privacy & Data Security
15. Authentication requires more than passwords
Passwords exposed in 2012: 75,000,000
And those are just the ones we know about
Need to add a second factor to authentication
16. The defenses you need
Malware SMART Scanning
Hacking STRONG Authentication
Plus polices and training to implement effectively