Cyber Security Xperience Group & Sophos - - PowerPoint PPT Presentation

cyber security xperience group sophos https player vimeo
SMART_READER_LITE
LIVE PREVIEW

Cyber Security Xperience Group & Sophos - - PowerPoint PPT Presentation

Jun 10, 2023 100 likes •470 views

Cyber Security Xperience Group & Sophos https://player.vimeo.com/video /135044595?width=800&heigh t=450&iframe=true&portrait=0 Cybercrime Prevention Seminar Law Society - Belfast Dermot Hayden 12 th Oct 2018 Sophos Snapshot

slide-1
SLIDE 1

Cyber Security Xperience Group & Sophos

slide-2
SLIDE 2
slide-3
SLIDE 3
slide-4
SLIDE 4
slide-5
SLIDE 5

https://player.vimeo.com/video /135044595?width=800&heigh t=450&iframe=true&portrait=0

slide-6
SLIDE 6

Cybercrime Prevention Seminar Law Society - Belfast

Dermot Hayden

12th Oct 2018

slide-7
SLIDE 7

Sophos Snapshot

  • Founded 1985 in Oxford, UK
  • $768.6 million in FY18 billings
  • 3,300 employees
  • 300,000+ customers at end of FY18
  • Mid Market Focus
  • 100+ million users
  • 39,000+ channel partners at H1 FY18
  • SophosLabs threat research facility
  • 100% channel-based go to market model
  • Endpoint & Network Security split 50/50

Sophos Headquarters, Abingdon, UK

slide-8
SLIDE 8

Free Tools

Sophos gives out free tools that check for security risk, remove viruses, and protect home networks

Sophos Home Free, including a free 30-day trial of Sophos Home Premium Free 30-day trial of HitmanPro and HitmanPro.Alert Mobile Security for iOS Mobile Security for Android UTM Home Edition XG Firewall Home Edition Antivirus for Linux

275,000+ average monthly visitors!

slide-9
SLIDE 9

The IT Security Challenge

slide-10
SLIDE 10

IT Security Challenge

EXPANDING ATTACK SURFACE

  • Multiple platforms (Windows, OS X, Linux)
  • Mobile devices (iOS, Android, phones, tablets, wearables)
  • Internet of Things (IoT)

VANISHED PERIMETER

  • Cloud-based storage (Dropbox, Box,

OneDrive)

  • Social media(Facebook, Twitter, LinkedIn)
  • Remote offices
  • Roaming workers
  • Public cloud (AWS, Rackspace)
  • BYOD
  • Free Wifi

INCREASED ATTACK SOPHISTICATION

  • Crimeware-as-a-service (Vawtrak, Lizard

Squad)

  • Cross-pollination

(APTs <--> crimeware)

  • Crypto ransomware (CryptoLocker,

CryptoWall)

GROWING RISK AWARENESS

  • High profile corporate hacks (Sony, Target, Home Depot)
  • High profile personal hacks (UK News International phone hacking scandal,

iCloud celebrity nude photos)

  • Government surveillance allegations (Snowden leaks)
  • Regional compliance regulations (e.g. PCI compliance, data privacy)

Layers of Complexity & Cost

slide-11
SLIDE 11

SMBs Don’t Have Adequate Resources to Respond

 Growing number and sophistication of security threats  Increasing cost and exposure of "getting it wrong"  Traditional, complex point solutions increase cost and erode usability and manageability  Fragmented and constantly changing vendor landscape is difficult to navigate and understand  Limited in-house IT security personnel and expertise  Pressure on resources, budgets and time  Enterprise security issues without enterprise class budgets “While bigger businesses can often dedicate greater resources towards cybersecurity, small and medium-sized businesses and entrepreneurs face the same cybersecurity challenges and threats with limited resources, capacity, and personnel.” (1) Large Enterprises Mid-Market Enterprises

500 - 999 Employees 100 - 499 Employees 1,000 - 4,999 Employees 20,000+ Employees 5,000 - 19,999 Employees

Average Number of People Dedicated to IT Security

An Enterprise Approach Is Not Realistic Key Security Challenges Faced by Mid-Market

Note:

  • 1. Source: U.S. Department of Homeland Security, 2014
slide-12
SLIDE 12

Operation ‘Honeybadger’

  • Sophos ‘Black Ops’ Project to determine threat to Irish businesses with online presence
  • Two websites – C1 (Best Practice) & C2 (Typical SMB) each with firewall, web server and file server.
  • Immediate sustained attacks on both sites – US, Germany, China with website and RDP services the primary focus of sustained

brute force attacks

  • WAF and IPS on C1 responsible for reduction in bandwidth usage
  • Reduced password complexity on C2 led to hacker gaining access after 3 hours 8 minutes – more followed before systems were

shut down!

slide-13
SLIDE 13

Threat Landscape

slide-14
SLIDE 14

Cybercrime Dynamics

DIGITAL GRAFFITI (Melissa, CodeRed worm) EARLY COMMERCIALIZATION (Loveletter, Pump & Dump email) EFFICIENT ECOSYSTEMS (Mpack, Conficker) AUTOMATION (Asprox botnet, Blackhole, Zeus) INDUSTRIALIZATION (RIG Exploit Kit, Neutrino Exploit Kit) INTEGRATED BUSINESS MODEL (WannaCry, Locky, CryptoLocker)

EVOLUTION OF CYBERCRIME OVER TIME > TODAY

THREAT SOPHISTICATION NUMBER OF THREATS NUMBER & RANGE OF ACTORS LEVEL / SOURCES OF FUNDING RANSOMWARE PROLIFERATION / NATION STATE NON-WINDOWS/ MOBILE

COMPOUNDING FACTORS

slide-15
SLIDE 15

The Challenge Of Addressing New Threats

Software Vulnerabilities Reported By Year

Source information NIST National Vulnerability Database as of 1 May 2018 https://beta.nvd.nist.gov/vuln-metrics/visualizations/cvss-severity-distribution-over-time

4639 4150 5286 5186 7937 6487 6446 14647 5990

2010 2011 2012 2013 2014 2015 2016 2017 2018 Up to 1 May 2018

slide-16
SLIDE 16

Top Threats Worldwide

  • Active Adversary
  • Privilege escalation, cred theft, lateral

movement, exploits, process injection

  • Advanced Malware
  • Zero-day attacks w/multiple stages
  • Worms, Trojans, VB script, PDF,

File-less attacks (cryptominers, powershell, etc…), bots, rats

  • Cryptomining/Cryptojacking
  • Legitimate and malicious use of CPU

cycles to generate digital currency

38% 21% 33% 5%

Advanced Malware Active Adversary Ransomware Cryptojacking

3%

Generic Malware

slide-17
SLIDE 17

The Threat Landscape Has Shifted

54%

OF ORGS HIT BY RANSOMWARE

RANSOMWARE

*Source: State of Endpoint Protection Study 2018

38% 21% 33% 5%

Advanced Malware Active Adversary Ransomware Cryptojacking

3%

Generic Malware

slide-18
SLIDE 18

Data Protection

How far do you want to go to manage the risk to your data and IT assets?

Risk mitigation

IT SECURITY SCALE BASIC LOWEST RISK LOWER HIGHER Hacking, malware, or malicious code (57%) Portable devices and physical loss (17%) Unintended disclosure (22%) Other (4%) Advanced malware Ransomware and exploits Unauthorized access and credential theft Lost or stolen laptops and storage devices Lost or stolen mobile devices, tablets, and IoT devices Human error, loss via email,

  • r loss via

cloud storage Malicious insider

Endpoint Protection Intercept X Server Security Device Encryption Sophos Mobile SafeGuard Encryption

Top causes for data loss* Common ways to lose data Remediation Effort

* Percentages based on number of incidents according to data from Privacy Rights Clearinghouse

slide-19
SLIDE 19

93% of breaches include phishing

Verizon 2018 Data Breach Investigations Report 19

slide-20
SLIDE 20

Education

slide-21
SLIDE 21

Spotting the Phish

Any attempt to bait a user into:

  • Opening a malicious

email attachment

  • Clicking a link
  • Transferring funds or

confidential information

21

slide-22
SLIDE 22

2015 2016 2017

Global spam and phishing volumes

22

slide-23
SLIDE 23

Users five times more susceptible to Phishing Emails

Phishing Attacks 13% B2B Email CTR 3.5% B2C Email CTR 2.4%

Consumer marketing emails 5.4x / Business emails 3.7x Sources: Sophos Phish Threat simulation data , Experian Email Benchmark Report Q4 2016 23

slide-24
SLIDE 24

The threat landscape for phishing

3% 5% 15% 6% 5% 26% 32% 9% I DON’T KNOW NEVER INFREQUENTLY MONTHLY FORTNIGHTLY WEEKLY DAILY HOURLY

41% OF IT PROS REPORT AT LEAST DAILY

PHISHING ATTACKS

Phishing Temperature Check, Freeform Dynamics 2017 (for Sophos) Data from 330 global IT professionals

62% OF ORGANIZATIONS FAIL TO TEST

USER AWARENESS

62%

24

slide-25
SLIDE 25

The threat landscape for phishing

3% 5% 15% 6% 5% 26% 32% 9% I DON’T KNOW NEVER INFREQUENTLY MONTHLY FORTNIGHTLY WEEKLY DAILY HOURLY

41% OF IT PROS REPORT AT LEAST DAILY

PHISHING ATTACKS

Phishing Temperature Check, Freeform Dynamics 2017 (for Sophos) Data from 330 global IT professionals

62% OF ORGANIZATIONS FAIL TO TEST

USER AWARENESS

62%

25

slide-26
SLIDE 26

Solution: Phish like a bad guy

Educate and test your users to spot attacks USER BASELINE TESTING REAL-WORLD ATTACK SIMULATION EFFECTIVE TRAINING MODULES COMPREHENSIVE REPORTING

26

slide-27
SLIDE 27

Sophos Phish Threat

  • Simulated phishing campaigns in 3 easy steps
  • 100’s of customizable

attack templates fed by latest threat intelligence

Choose an attack

1

  • Over 30 interactive

training courses covering security and compliance topics

Choose training

2

  • Campaign reporting
  • Security posture by
  • rganization, group, or

individual

Monitor activity and measure awareness

3

slide-28
SLIDE 28

100’s of customizable attack simulation templates

  • Realistic simulations powered by global

threat intelligence

  • Library of international templates from

beginner to expert

Multiple scenarios and difficulties

  • Australian Federal

Police

  • Amazon.co.uk
  • DVLA
  • Canada Post
  • London

Underground

  • New Zealand Inland

Revenue Department

  • Parcelforce
  • Royal Bank of

Canada

Growing library of international content

28

slide-29
SLIDE 29

Over 30 end user training modules

  • Phishing
  • Credential harvesting
  • Vishing (phone phishing)
  • Social engineering
  • Ransomware
  • Secure social media use
  • Public Wi-Fi
  • Malicious attachments
  • Passwords & passphrases
  • Two-factor

authentication

  • Principle of least privilege
  • Physical security and data

protection

  • EU General Data Protection Regulation (GDPR)
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS)

Security Topics Compliance Topics

29

slide-30
SLIDE 30

Don’t be Phished Top Tips:

  • Forceful/faked urgency to get you to respond before you think
  • Offer a prize or reward to tempt you to click on a link
  • Ask you to provide your password or other confidential data for security

purposes

  • Website addresses that are similar to, but not the same as the real thing,

e.g. www.gØØgle.com vs www.google.com www.twiter.com vs www.twitter.com

Top tip — hovering over the link should display the actual address

  • Emails that appear to come from a senior employee at your organization
  • Poor spelling and/or unusual grammar
slide-31
SLIDE 31

Synchronized Security

Cloud Intelligence

Sophos Labs Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions | 24x7x365, multi-continent operation |

Malware Identities | URL Database | Machine Learning | Threat Intelligence | Genotypes | Reputation | Behavioral Rules | APT Rules | App Identities | Anti-Spam | DLP | SophosID | Sandboxing | API Everywhere

Sophos Central

Admin Self Service Partner

| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations

In Cloud On Prem

Next-Gen Endpoint Mobile Server Encryption UTM/Next-Gen Firewall Wireless Email Web

slide-32
SLIDE 32

IT Security Top Tips

  • 1. Use unique passwords for every service you use
  • 2. Keep your software up to date
  • 3. Make backups of your files
  • 4. Be mindful of what you share
  • 5. Use protective software to fight the nasty stuff
slide-33
SLIDE 33
slide-34
SLIDE 34
  • Put Appropriate Security in Place
  • Educate Staff
  • Check & Double Check
  • If in doubt…. Call or Delete
slide-35
SLIDE 35