International Computer Association July 27 th , 2017 Leveraging Artificial Intelligence to detect New, Emerging Cyber Threats in Realtime John Kirch Regional Director - North Asia
ICA Darktrace : Background & Growth • Founded by world-leading mathematicians, from the University of Cambridge, and “Darktrace detects threats cyber operations experts without having to define the • Fundamental technology innovation activity in advance” • Powered by machine learning and CIO, City of Las Vegas mathematics • 3,000+ deployments worldwide “Darktrace’s technology is • 600% year-on-year growth unique” • Dual HQs in San Francisco, and Cambridge, UK, and over 24 offices CISO, Telstra worldwide
ICA Evolution
ICA The Evolution of Cyber Security Source: National Oil Company Conference 2014 - Evolving Cyber Security
ICA The Cyber Landscape – Evolving Attack Sophistication Source: National Oil Company Conference 2014 - Evolving Cyber Security
ICA Selected Large Hacking Incidents Worldwide (1-6) YAHOO TARGET JPMorgan SONY HOME DEPOT US Office 2014 2013-Aug 2013 - Dec 2014 2014 Personnel Mgmt Hackers Hackers 110M Hackers Hackers stole 2015 believed to be compromised customers’ hijacked a - email associated with A data breach of one billion of personal and JPMorgan North and credit card SSNs, names, Korea rampaged Yahoo’s user financial Chase server data for 50M addresses of through the accounts in information and stole data customers. The 21.5M persons servers of Sony August 2013. was exposed. of millions of breach cost the including an Pictures That makes this The CEO later the bank’s Entertainment in retail chain at undisclosed retaliation for a the biggest resigned as accounts. The least $179M in number of film comedy known hack of part of the data allegedly settlements persons who showing North user data of all fallout from the used in fraud with consumers Korean leader had background time. massive schemes Kim Jong-un’s and credit card checks but were face being breach. generating companies. not current or melted off. US$100M+. former government employees!
ICA Selected Large Hacking Incidents Worldwide (6-10) Chipotle LEGAL FIRMs SWIFT TESCO WANNA CRY 2017 2015 2016 2016 May 12 th , 2017 An Eastern Chinese North Korean Hackers drained a The WannaCry European gang hackers total of around hackers ransomware reportedly used accessed email reportedly $3.2M from more attack was a phishing to steal accounts at exploited than 9,000 global cyber the credit card firms Cravath weaknesses in accounts in Tesco attack affecting information of Swaine & the SWIFT Bank, the bank 200K+ devices millions of payment system run by the giant Moore and running in 150 Chipotle Weil Gotshal & to steal US$8M grocery chain. customers. The countries which breach was part Manges—and from the Tesco was forced targeted of a larger scam learned about Bangladesh to reimburse computers targeting upcoming Central Bank’s customers for the running the restaurants. account at the stolen money. corporate Windows OS by mergers. They New York Federal encrypting data allegedly made Reserve. and demanding over US$4M ransom payments trading on the in the Bitcoin. information.
ICA The World’s Ten Largest Cyber Security Hotspots in 2016 23.96% 25.00% 23.96% 1 USA 9.63% 2 China 20.00% 5.84% 3 BRA 15.00% 5.11% 4 IND 3.35% 5 GER 9.63% 10.00% 3.07% 6 Russia 5.84% 5.11% 2.61% 7 UK 5.00% 3.35% 3.07% 2.61% 2.35% 2.25% 2.16% 2.35% 8 FR 0.00% 2.25% 9 JPN USA China BRA IND GER Russia UK FR JPN Viet 1 2 3 4 5 6 7 8 9 10 2.16% 10 Viet Source Business Insider: May, 2017
ICA Key Hacking Incidents Japan (1-5) 2013 – April 2011 – Sept 2012 – May 2013 – Jan 2013 – Fall Japan Mitsubishi Japan Nuclear Ministry of Various Aerospace Heavy Agriculture, Energy Safety Japan Exploration Industries, Forestry & government Organization Agency (JAXA) Ltd. (MHI), (JNES) Fisheries agencies. Found and Japan’s unauthorized House of Information TPP Zero-day access to Represent- negotiations- leakage for attack servers from Atives (HR) related infected possibly outside. months information targeted Experienced stolen user’s web a virus browsers infection by targeted attacks Source: Sasakawa USA February, 2016
ICA Key Hacking Incidents Japan (6-10) 2014 – Jan 2015 – May 2016– May 2016 – Jan 2016 – Oct In just three Japan Japan Data on Hackers hours, Atomic Pension 7.93M JTB attacked the criminals Energy Service - An clients leaked University of managed to Agency email virus by Toyama's steal ¥1.4 (JAEA) infected unauthorized Hydrogen Billion Experienced desktops server access, Isotope ( ~US$12.7M ) data breach causing the including using about Research via virus loss of 1,400 7-11 client names, Center and BANK ATMs in infection 1.25M addresses, research on Japan confidential email Fukushima data records addresses and nuclear crisis - passport personal numbers. information Cause: an on nearly employee 1,500 Source: Sasakawa USA opened a researchers February, 2016 virus-infected was leaked. email file
ICA Key Global Cyber Security Trends Source: The Global State of Information Security Survey 2016 PwC
ICA An Increasingly Complex Digital World Source: The Global State of Information Security Survey 2016 PwC
ICA Increasing Damages from Cyber Incidents Enterprise + Mobility + Scada/ICS + IoT + SaaS/Cloud Larger Attack Surface -> More Threats A Larger Number of Attacks -> Greater Damages
ICA The Volume of Data Leakages is Increasing
ICA Network Breaches: Increasingly Caused by Email Spam/ Phishing Source: AntiPhishing Working Group Phishing Activity Trends Report - Q4 2016; IBM X-Force Threat Intelligence Index 2017
ICA Average Cost of Data Breach by Amount of Data Leaked
ICA Average Cost of a Data Breach
ICA Four Main Types of Cyber Adversaries
ICA Data Breach Perpetrators (2016) Source: Verizon 2017
ICA Tactics Used in Data Breaches (2016) Source: Verizon 2017
ICA Cyber Attacks: The Scene is Changing
ICA Business Impact Reputation Operations • Hac The Hacking of TARGET Cost Over US$300 Million + Financial
ICA Boardroom Conversations "Cyber security is a board level issue, and I am responsible for it.” Dido Harding, CEO, Talktalk
ICA Advanced External Threats Looking for what you expect an attacker to do isn’t enough • Technical knowledge is advanced • Barrier to entry is lower - download an exploit kit • Attack methods are constantly evolving
ICA Insider Threat Insiders move at consumer technology speeds, not enterprise tech speeds • Insiders are technically enabled • Wearable technology • Blocking or monitoring of cloud services • Learn normality for every piece of tech, across environments
Recommend
More recommend
