SlideShare a Scribd company logo

How secure are you?

Download as PPTX, PDF
Joe Morris
Joe Morris

Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.

TechnologyNews & Politics
1 of 17
How Secure are You?
A bunch of guys drinking brewskies?
One day in 2013 . . . .
The past month . . . May 1 – DOJ indicts five PRC PLA Officers on 31 counts including theft of trade secrets, and economic espionage May 15 - Lockheed admits cyber-attacks into its systems have quadrupled since 2007 May 23 - eBay admits to massive cyber-attack affecting 145million users May 29 - Spotify tells eBay 'Me, too' as cyber attack compromises 40 million user accounts May 29 – FireEye reports that Cyberattacks spiked as Russia annexed Crimea May 30 - Brazilian government hit by cyber attack June 1 - Western intelligence agencies in consensus predict a "powerful computer attack"from two malware software programs known as GOZeuS and CryptoLocker. June 3 – Justice Department indicts Russian cyber-criminal mastermind on 14 counts related to the GOZeuS and CryptoLocker malware software programs June 13 -- P.F. Chang's China Bistro breached. The breach has resulted in the probable loss of sensitive debit and credit card information of its customers.
Security Incident Patterns
92% of security incidents can be described by just nine patterns* * Based on analysis of over 100,000 incidents from between 2004 and 2013
POS Intrusions = 1% Crimeware = 19% Web App Attacks = 8% Card Skimmers = 1% Insider Misuse = 19% DoS Attacks = 2% Physical Theft/Loss = 16% Cyber-espionage = 1% Misc. Errors = 27% Everything Else = 8% Based on analysis of over 100,000 incidents from between 2004 and 2013 Share of Incidents, All Industries
OF MISUSE ATTACKS HAPPENED ACROSS THE CORPORATE LAN. 85% What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Is my industry a target? A wide range of industries were represented: real estate; public sector; mining; administrative and others. Insider Misuse
OF ALL THEFT/LOSS HAPPENED IN THE WORK AREA. 43% What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor. Physical Theft and Loss
What is it? Any mistake that compromises security, such as accidentally posting private data to a public site, or failing to dispose of documents or assets securely. Is my industry a target? Industries that communicate with the public — such as public sector, administration, education and healthcare — suffer most. Miscellaneous Errors OF ERRORS INVOLVED PRINTED DOCUMENTS. 49%
THE MAJORITY OF CRIMEWARE INCIDENTS START VIA WEB ACTIVITY, NOT LINKS OR ATTACHMENTS IN EMAIL. What is it? Any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities, and manufacturing were most at risk. Crimeware
86% OF SKIMMING ATTACKS WERE ON ATMS. What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets, but anybody that processes card “cardholder present” transaction is vulnerable — like healthcare providers. Payment Card Skimmers
+115% MORE POWERFUL BOTNETS AND REFLECTION ATTACKS HAVE HELPED DRIVE THE SCALE OF DOS ATTACKS UP 115% SINCE 2011. What is it? Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks are often on mission-critical transactional systems in finance, retail and similar sectors. Denial of Service
3x THIS YEAR’S DATA SET SHOWS A THREEFOLD INCREASE IN ESPIONAGE ATTACKS YEAR ON YEAR. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Not just a problem for government and military organizations, but professional, manufacturing, mining, transportation and public sector are all popular targets. Cyber-espionage
Take aways . . . • The physical component is important in both the physical and digital domain – exercise vigilance, be paranoid, expect the unexpected. • Ensure you are aware of your surroundings. • Where possible use a credit vs. debit card. • Vet your employees. • Limit access to critical systems and data. • Have a security audit performed routinely to ensure your enterprise is optimized for security – you can pay a little now or a lot later. You decide.
Links • Metcalf Incident: “Assault on California Power Station Raises Alarm on Potential for Terrorism” http://online.wsj.com/news/articles/SB100014240527023048511045793591419 41621778 • Milken Institute “High Stakes in Cyber Security” http://www.milkeninstitute.org/presentations/mediapage.taf?ID=4818 • Verizon Data Breach Investigation Report: http://www.verizonenterprise.com/DBIR/ • The New Threat Landscape: http://www.fireeye.com/info- center/videos/?video=new_threat_landscape
How secure are you?

Recommended

What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
United Security Providers AG
 
Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are Lurking
Charlie Lewis M.S.
 
Cybercrime blog
Cybercrime blogCybercrime blog
Cybercrime blog
Charlie Lewis M.S.
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
PwC France
 
Safety, Sanctuary and Security
Safety, Sanctuary and SecuritySafety, Sanctuary and Security
Safety, Sanctuary and Security
Paige Rasid
 
Forensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in CameroonForensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in Cameroon
SARON MESSEMBE OBIA
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Stanford GSB Corporate Governance Research Initiative
 
Global Commision on Internet Governance
Global Commision on Internet GovernanceGlobal Commision on Internet Governance
Global Commision on Internet Governance
Dominic A Ienco
 

Recommended

What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
United Security Providers AG
 
Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are Lurking
Charlie Lewis M.S.
 
Cybercrime blog
Cybercrime blogCybercrime blog
Cybercrime blog
Charlie Lewis M.S.
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
PwC France
 
Safety, Sanctuary and Security
Safety, Sanctuary and SecuritySafety, Sanctuary and Security
Safety, Sanctuary and Security
Paige Rasid
 
Forensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in CameroonForensic Investigations and Staff Dishonesty in Cameroon
Forensic Investigations and Staff Dishonesty in Cameroon
SARON MESSEMBE OBIA
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Stanford GSB Corporate Governance Research Initiative
 
Global Commision on Internet Governance
Global Commision on Internet GovernanceGlobal Commision on Internet Governance
Global Commision on Internet Governance
Dominic A Ienco
 
Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2
Marcio Kanamaru
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
Brian Arellanes
 
Understanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminalsUnderstanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminals
SARON MESSEMBE OBIA
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paper
aymancoo
 
Cybercriminality
CybercriminalityCybercriminality
Cybercriminality
Chantal Abam
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
Manali Khadaria
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
jsnyder40
 
Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.
Omkar Walavalkar
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Ben Griffith
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
David Sweigert
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wright
Paul Wright MSc
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
David Sweigert
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Vasiliki Zioga
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
mharbpavia
 
Class 21 and 22
Class 21 and 22Class 21 and 22
Class 21 and 22
Dr. Ajith Sundaram
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
Andreanne Clarke
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimes
rinushalu
 
Cyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji BankoleCyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji Bankole
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
Sooraj Maurya
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
Raj Goel
 
Road Travel Safety
Road Travel SafetyRoad Travel Safety
Road Travel Safety
Rudi Nieuwoudt
 
Travel safety
Travel safetyTravel safety
Travel safety
profmel27
 

More Related Content

What's hot

HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
Brian Arellanes
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paper
aymancoo
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
jsnyder40
 
Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.
Omkar Walavalkar
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Ben Griffith
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
mharbpavia
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
Raj Goel
 

What's hot (20)

Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2Rp economic-impact-cybercrime2
Rp economic-impact-cybercrime2
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
 
Understanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminalsUnderstanding the new modus operandi of cybercriminals
Understanding the new modus operandi of cybercriminals
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paper
 
Cybercriminality
CybercriminalityCybercriminality
Cybercriminality
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
CORPORATE ESPIONAGE "How Really Safe Are Your Secrets" presented by Argus Int...
 
Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.Cyber crime:The Transformation Of Crime In The Information Age.
Cyber crime:The Transformation Of Crime In The Information Age.
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
Article global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wrightArticle global it systems are now even more vulnerable - paul wright
Article global it systems are now even more vulnerable - paul wright
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 
Class 21 and 22
Class 21 and 22Class 21 and 22
Class 21 and 22
 
IBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence IndexIBM 2015 Cyber Security Intelligence Index
IBM 2015 Cyber Security Intelligence Index
 
111cyber crimes
111cyber crimes111cyber crimes
111cyber crimes
 
Cyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji BankoleCyber Fraud and Risk Management By Bolaji Bankole
Cyber Fraud and Risk Management By Bolaji Bankole
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
 
2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes2009 10 21 Rajgoel Trends In Financial Crimes
2009 10 21 Rajgoel Trends In Financial Crimes
 

Viewers also liked

Office safety
Office safetyOffice safety
Office safety
GPurssell
 
Internet Security
Internet SecurityInternet Security
Internet Security
Peter R. Egli
 
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHSBack Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Atlantic Training, LLC.
 
Electrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia TechElectrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia Tech
Atlantic Training, LLC.
 

Viewers also liked (20)

Road Travel Safety
Road Travel SafetyRoad Travel Safety
Road Travel Safety
 
Travel safety
Travel safetyTravel safety
Travel safety
 
5 Essential Tips for Travel Safety Presentation
5 Essential Tips for Travel Safety Presentation5 Essential Tips for Travel Safety Presentation
5 Essential Tips for Travel Safety Presentation
 
Travel safety presentation
Travel safety presentationTravel safety presentation
Travel safety presentation
 
Travel Safety.ppt
Travel Safety.pptTravel Safety.ppt
Travel Safety.ppt
 
Office safety
Office safetyOffice safety
Office safety
 
Patient Safety Indicators by
Patient Safety Indicators byPatient Safety Indicators by
Patient Safety Indicators by
 
Stress in the Workplace by CCHA
Stress in the Workplace by CCHAStress in the Workplace by CCHA
Stress in the Workplace by CCHA
 
Workplace Stress Management by PASFAA
Workplace Stress Management by PASFAAWorkplace Stress Management by PASFAA
Workplace Stress Management by PASFAA
 
Tips for Setting Healthy and Safe Boundaries To Reduce Stress by
Tips for Setting Healthy and Safe Boundaries To Reduce Stress byTips for Setting Healthy and Safe Boundaries To Reduce Stress by
Tips for Setting Healthy and Safe Boundaries To Reduce Stress by
 
Managing Psychosocial Risks at Work by EU-OSHA
Managing Psychosocial Risks at Work by EU-OSHAManaging Psychosocial Risks at Work by EU-OSHA
Managing Psychosocial Risks at Work by EU-OSHA
 
Coping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrintCoping with Workplace Stress by SmallPrint
Coping with Workplace Stress by SmallPrint
 
Workplace Stress for Manager’s Training by IOSH
Workplace Stress for Manager’s Training by IOSHWorkplace Stress for Manager’s Training by IOSH
Workplace Stress for Manager’s Training by IOSH
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Emergency Evacuation Training by UMES
Emergency Evacuation Training by UMESEmergency Evacuation Training by UMES
Emergency Evacuation Training by UMES
 
Emergency Action Plan by NOAO
Emergency Action Plan by NOAOEmergency Action Plan by NOAO
Emergency Action Plan by NOAO
 
Preventing Back Injuries Training by PATHS
Preventing Back Injuries Training by PATHSPreventing Back Injuries Training by PATHS
Preventing Back Injuries Training by PATHS
 
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHSBack Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
Back Safety & Safe Lifting by Bureau of Workers’ Comp PATHS
 
Electrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia TechElectrical Safety Training by Georgia Tech
Electrical Safety Training by Georgia Tech
 
Back & Lifting Safety by NPCA
Back & Lifting Safety by NPCABack & Lifting Safety by NPCA
Back & Lifting Safety by NPCA
 

Similar to How secure are you?

www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
ericbrooks84875
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
Numaan Huq
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
Diaspark
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
Fas (Feisal) Mosleh
 
BREACH LEVEL INDEX
BREACH LEVEL INDEXBREACH LEVEL INDEX
BREACH LEVEL INDEX
- Mark - Fullbright
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theft
IJCNCJournal
 

Similar to How secure are you? (20)

www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docxwww.pwc.comgsiss2015Managing cyber risks in an intercon.docx
www.pwc.comgsiss2015Managing cyber risks in an intercon.docx
 
IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016IBM X-Force Threat Intelligence Report 2016
IBM X-Force Threat Intelligence Report 2016
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bb
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
 
Securing information in the New Digital Economy- Oracle Verizon WP
Securing information in the New Digital Economy- Oracle Verizon WPSecuring information in the New Digital Economy- Oracle Verizon WP
Securing information in the New Digital Economy- Oracle Verizon WP
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
 
BREACH LEVEL INDEX
BREACH LEVEL INDEXBREACH LEVEL INDEX
BREACH LEVEL INDEX
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Verizon's DBIR-A look into each industry
Verizon's DBIR-A look into each industryVerizon's DBIR-A look into each industry
Verizon's DBIR-A look into each industry
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
Cyber security for ia and risk 150601
Cyber security for ia and risk 150601Cyber security for ia and risk 150601
Cyber security for ia and risk 150601
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theft
 
223 - Computer ethics
223 - Computer ethics223 - Computer ethics
223 - Computer ethics
 

Recently uploaded

Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
UK Journal
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
Neo4j
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 

Recently uploaded (20)

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptxBT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
BT & Neo4j _ How Knowledge Graphs help BT deliver Digital Transformation.pptx
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 

How secure are you?

  • 2. A bunch of guys drinking brewskies?
  • 3. One day in 2013 . . . .
  • 4. The past month . . . May 1 – DOJ indicts five PRC PLA Officers on 31 counts including theft of trade secrets, and economic espionage May 15 - Lockheed admits cyber-attacks into its systems have quadrupled since 2007 May 23 - eBay admits to massive cyber-attack affecting 145million users May 29 - Spotify tells eBay 'Me, too' as cyber attack compromises 40 million user accounts May 29 – FireEye reports that Cyberattacks spiked as Russia annexed Crimea May 30 - Brazilian government hit by cyber attack June 1 - Western intelligence agencies in consensus predict a "powerful computer attack"from two malware software programs known as GOZeuS and CryptoLocker. June 3 – Justice Department indicts Russian cyber-criminal mastermind on 14 counts related to the GOZeuS and CryptoLocker malware software programs June 13 -- P.F. Chang's China Bistro breached. The breach has resulted in the probable loss of sensitive debit and credit card information of its customers.
  • 6. 92% of security incidents can be described by just nine patterns* * Based on analysis of over 100,000 incidents from between 2004 and 2013
  • 7. POS Intrusions = 1% Crimeware = 19% Web App Attacks = 8% Card Skimmers = 1% Insider Misuse = 19% DoS Attacks = 2% Physical Theft/Loss = 16% Cyber-espionage = 1% Misc. Errors = 27% Everything Else = 8% Based on analysis of over 100,000 incidents from between 2004 and 2013 Share of Incidents, All Industries
  • 8. OF MISUSE ATTACKS HAPPENED ACROSS THE CORPORATE LAN. 85% What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Is my industry a target? A wide range of industries were represented: real estate; public sector; mining; administrative and others. Insider Misuse
  • 9. OF ALL THEFT/LOSS HAPPENED IN THE WORK AREA. 43% What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor. Physical Theft and Loss
  • 10. What is it? Any mistake that compromises security, such as accidentally posting private data to a public site, or failing to dispose of documents or assets securely. Is my industry a target? Industries that communicate with the public — such as public sector, administration, education and healthcare — suffer most. Miscellaneous Errors OF ERRORS INVOLVED PRINTED DOCUMENTS. 49%
  • 11. THE MAJORITY OF CRIMEWARE INCIDENTS START VIA WEB ACTIVITY, NOT LINKS OR ATTACHMENTS IN EMAIL. What is it? Any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities, and manufacturing were most at risk. Crimeware
  • 12. 86% OF SKIMMING ATTACKS WERE ON ATMS. What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets, but anybody that processes card “cardholder present” transaction is vulnerable — like healthcare providers. Payment Card Skimmers
  • 13. +115% MORE POWERFUL BOTNETS AND REFLECTION ATTACKS HAVE HELPED DRIVE THE SCALE OF DOS ATTACKS UP 115% SINCE 2011. What is it? Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks are often on mission-critical transactional systems in finance, retail and similar sectors. Denial of Service
  • 14. 3x THIS YEAR’S DATA SET SHOWS A THREEFOLD INCREASE IN ESPIONAGE ATTACKS YEAR ON YEAR. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Not just a problem for government and military organizations, but professional, manufacturing, mining, transportation and public sector are all popular targets. Cyber-espionage
  • 15. Take aways . . . • The physical component is important in both the physical and digital domain – exercise vigilance, be paranoid, expect the unexpected. • Ensure you are aware of your surroundings. • Where possible use a credit vs. debit card. • Vet your employees. • Limit access to critical systems and data. • Have a security audit performed routinely to ensure your enterprise is optimized for security – you can pay a little now or a lot later. You decide.
  • 16. Links • Metcalf Incident: “Assault on California Power Station Raises Alarm on Potential for Terrorism” http://online.wsj.com/news/articles/SB100014240527023048511045793591419 41621778 • Milken Institute “High Stakes in Cyber Security” http://www.milkeninstitute.org/presentations/mediapage.taf?ID=4818 • Verizon Data Breach Investigation Report: http://www.verizonenterprise.com/DBIR/ • The New Threat Landscape: http://www.fireeye.com/info- center/videos/?video=new_threat_landscape

Editor's Notes

  1. Does anyone know what this video represents? I’ll give you a hint – April 16, 2013. Still no ideas? If you watch the video closely, you will see streaks of light, those streaks of light represent sniper rounds impacting metal surfaces. Still no ideas? This is early morning video surveillance footage of a Pacific Gas and Electric electrical transmission substation in Metcalf California being attacked by snipers. 12:58 – 1:07 AM: attackers slip into an underground AT&T vault and expertly severed six AT&T fiber optic telecommunication lines in a way that would make repair difficult. The lid over this vault was so heavy that it would take at least two people to lift it.  1:31 AM: snipers began firing at the power station, destroying 17 giant transformers and six circuit breakers. 1:41 AM: first call to LE from plant operator 1:45 AM: transformers all over the substation start crashing 1:50 AM: gunmen cease fire and depart 1:51 AM: LE arrive, but can’t enter substation & leave, as everything appears “normal” 3:15 AM when utility electrician arrives the full scope of the damage is appreciated The Metcalf power station was down for 27 days and the cost of the damage was estimated to be $15.4 million. Members of the Joint Warfare Analysis Center found fingerprint-free shell casings, & small piles of rocks, probably left by an advance scout to tell the attackers where to get the best shots. This was a low tech attack, but it wasn’t just a bunch of guys drinking brewskies.
  2. Picture of an actual attack on the financial infrastructure of the United States sometime in 2013 Blue dots are victims, suffering from a denial of service attack Yellow dots were underpinning infrastructure Red dots represent where attacks were being launched – but in fact they were most likely orchestrated from Iran (according to the Washington Post), this group hijacked the infrastructure of global telecommunications companies to disrupt the financial infrastructure of the United States. This attack was 3X what most global telecommunications companies could bear. What is scary about this attack is that the aggressor stopped and pulled back. Why? We don’t know. Tens of millions were spent trying to shed these attacks
  3. This is a bit of an eye chart. The picture I am painting here is that the threat is persistent and growing. While you’re reading this slide, be sure to check your phone and ensure its not a Tianxing N9500. Today’s WSJ reports that this device comes to you preloaded with malware – in the firmware!
  4. Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you
  5. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.
  6. What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Culprits cover every level of business, from the frontline assistants to the boardroom. Is my industry a target? Wherever a business trusts people, you’ll find this risk.
  7. What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor.
  8. What is it? Simply, any mistake that compromises security: which may mean posting private data to a public site accidentally, sending information to the wrong recipients, or failing to dispose of documents or assets securely. Is my industry a target? People make mistakes, no matter what industry they work in. But industries that deal in the communication of information — such as public sector, administration, education and healthcare — suffer most.
  9. What is it? Crimeware is a broad category, covering any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities and manufacturing were most at risk.
  10. What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets.
  11. What is it? These are attacks, not attempted breaches. Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks focused on mission-critical transactional systems in finance, retail and similar sectors.
  12. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Espionage is not just a problem for government and military organizations. Professional, transportation, manufacturing, mining and public sector are all popular targets. If a developing economy, without respect of rule of law or intellectual property rights can jump start their R&D process they will – the industries most often target here are those with large investments in R&D