Founders Our Partners The Old Web The Web Today Source: - - PowerPoint PPT Presentation

founders our partners the old web the web today
SMART_READER_LITE
LIVE PREVIEW

Founders Our Partners The Old Web The Web Today Source: - - PowerPoint PPT Presentation

Nov 13, 2022 323 likes •507 views

The Evolving Cyber Threat and what businesses can do about it Larry Clinton, President Direct 703/907-7028 lclinton@isalliance.org Founders Our Partners The Old Web The Web Today Source:

slide-1
SLIDE 1

The Evolving Cyber Threat

and what businesses can do about it

Larry Clinton, President

Direct 703/907-7028 lclinton@isalliance.org

slide-2
SLIDE 2

Founders

slide-3
SLIDE 3

Our Partners

slide-4
SLIDE 4

The Old Web

slide-5
SLIDE 5

Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html

The Web Today

slide-6
SLIDE 6

The Earlier Threat:

Growth in vulnerabilities (CERT/cc)

4,129 2,437 171 345 311 262 417 1,090

500 1,000 1,500 2,000 2,500 3,000 3,500 4,000 4,500

1995 2002

slide-7
SLIDE 7

The Earlier Threat:

Cyber incidents

1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 132 110,000 55,100 21,756 9,859 3,734 2,134 2,573 2,412 2,340 1,334 773 406 252 6

20000 40000 60000 80000 100000 120000

slide-8
SLIDE 8

The Changing Threat

A fast-moving virus or worm pandemic is not the threat it was...

  • 2002-2004 almost 100 medium-to-high risk

attacks (“Slammer”; “SoBig”).

  • 2005, there were only 6
  • 2006 and 2007……….. Zero
slide-9
SLIDE 9

The Threat Landscape is Changing

New Era Attacks

Organized criminals, corporate spies, disgruntled employees, terrorists Who: Kids, researchers, hackers, isolated criminals

Early Attacks

Why: Seeking fame & glory, use widespread attacks for maximum publicity Seeking profits, revenge, use targeted stealth attacks to avoid detection Risk Exposure: Downtime, business disruption, information loss, defacement Direct financial loss via theft and/or embezzlement, breach disclosure, IP compromised, business disruption, infrastructure failure

slide-10
SLIDE 10

The Threat Landscape is Changing

New Era Attacks

Multilayer pre-emptive and behavioral systems Defense: Reactive AV signatures

Early Attacks

Recovery: Scan & remove System wide, sometimes impossible without re-image of system Type: Virus, worm, spyware Targeted malware, root kits, spear phishing, ransomware, denial of service, back door taps, trojans, IW

slide-11
SLIDE 11

Digital Defense?

  • 29% of Senior Executives “acknowledged” that they did not

know how many negative security events they had in the past year

  • 50% of Senior Executives said they did not know how much

money was lost due to attacks

Maybe Not

Source: PricewaterhouseCoopers survey of 7,000 companies 9/06

slide-12
SLIDE 12

Digital Defense

  • 23% of CTOs did not know if cyber losses

were covered by insurance.

  • 34% of CTOs thought cyber losses would be

covered by insurance----and were wrong.

  • “The biggest network vulnerability in

American corporations are extra connections added for senior executives without proper security.”

  • --Source: DHS Chief Economist Scott Borg

Not So Much

slide-13
SLIDE 13

Percentage of Participants Who Experienced an Insider Incident

41 39 55 20 40 60 80 100 2004 2005 2006

slide-14
SLIDE 14

Insider Incidents - 2006

In 2006 insiders committed more theft of IP & proprietary information and sabotage than outsiders! Total (%) Insider (%) Outsider (%) Theft of IP 30 63 45 Theft of Proprietary Info. 36 56 49 Sabotage 33 49 41 Most common insider incidents in 2006 survey:

  • rogue wireless access points (72%),
  • theft of IP (64%),
  • exposure of sensitive or confidential information (56%)
slide-15
SLIDE 15

Economic Effects of Attacks

  • 25% of our wealth---$3 trillion---is transmitted over

the Internet daily

  • FBI: Cyber crime cost business

$26 billion (probably LOW estimate)

  • Financial Institutions are generally considered the

safest---their losses were up 450% in the last year

  • There are more electronic financial transfers than

paper checks now: Only 1% of cyber crooks are caught.

slide-16
SLIDE 16

Cyber Attacks Effect Stock Price

“Investigations into the stock price impact of cyber attacks show that identified target firms suffer losses of one to five percent in the days after an attack. For the average NYSE corporation, price drops of these magnitudes translate into shareholder losses between $50 and $200 million.”

Source: US Congressional Research Service 2004

slide-17
SLIDE 17

Indirect Economic Effects

“While the tangible effects of a security incident can be measured in terms of lost productivity and staff time to recover and restore systems, the intangible effects can be of an order of magnitude larger. Intangible effects include the impact on an

  • rganizations trust relationships, harm to its

reputation, and loss of economical and society confidence”

Source Carnegie Mellon CyLab 2007