Making Cyber Security Part of Your Business Cybercrime The rapid - - PowerPoint PPT Presentation

Making Cyber Security Part of Your Business

• The rapid digitization of consumers’ lives and enterprise records

will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.

• Nearly 60% of anticipated data breaches worldwide in 2015 will
• ccur in North America, but this proportion will decrease over

time as other countries become both richer and more digitized.

• The average cost of a data breach in 2020 will exceed $150 million

by 2020, as more business infrastructure gets connected.

Cybercrime

Source: Juniper Research, May 2015

Cybercrime

• The likely annual cost to the global economy

from cybercrime is more than $400 billion.

• A conservative estimate would be $375

billion in losses, while the maximum could be as much as $575 billion.

Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014

Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014

More data Cybercrime

Source: Symantec, 2013

More data Cybercrime

Source: 41st Parameter

Cybercrime

Menu for Full Service Hacking

Source: Trend Micro Monthly Onetime Malware Checking $30 $50 Botnet Framework $40 $125 Bulletproof Hosting $52 $0 Exploit Kit $38 $120 DDoS Attack for 24 hours $70 $205 Dropper File and Crypt $8 $80 Total $238 $600

OAS Cybersecurity Report

An online quantitative survey was conducted in January 2015 among the heads of Security of CIOs of the major critical infrastructure in all countries in the Americas A total of 575 respondents completed the survey

Internet Use in Brazil

Source: CETIC, TIC Domicílios e Empresas 2013, 2014. McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014.

• According to 2013 data, 85.9 million Brazilians were users of

the Internet, which accounts for 51% of the population.

• Latin America had nearly 255 million users in 2012, 32% of

them Brazilians. Another important factor is the increase in the percentage and number of Internet users in Latin America—18 million people in 2000 to almost 255 million in 2012, which represent 1300%.

• A survey of Brazilian companies found that a third had been victims of
• cybercrime. In February of 2012, a group calling itself “Anonymous Brasil”

launched a denial-of-service attack, which took down a number of Brazilian financial websites, including that of Citigroup.

• In another attack, Brazilian hackers compromised 4.5 million home DSL routers.

Using the hacked routers and careful social engineering, the criminals encouraged users to provide sensitive personal information or to install malware.

• Many experts agree that Brazil’s weak laws for cybercrime and intellectual

property protection means that domestic hackers, who have become increasingly professionalized, face little risk of arrest or prosecution. These factors make Brazilian cybercriminals successful locally, but there is little to prevent them from turning to a global crime. Brazil also faces external cyberthreats, and information on the Brazilian economy from key crops—from soybeans to oil production—are targets.

Cybercrime in Brazil

Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014

• Today, cybercrime is one of the top four economic crimes in the world.

In Brazil, cybercrime is in second place.

• According to data from FEBRABAN (Brazilian Federation of Banks), Brazil

had losses of R $1.4 billion in 2012 (US $591 million),down 6.7% over the previous year. It is also important to note that although the absolute number is impressive, it represents only 0.06% of bank transactions.

• According to the “Global Economic Crime Survey 2011—Brazil,” 40% of

Brazilian respondents said they had never received any training in cybersecurity, 57% of Brazilian companies said they do not have the resources to fight cybercrime or know if they are capable of cybercrime investigations, and 50% of Brazilians said they didn’t know that their companies could detect and prevent cybercrime.

• .

Cybercrime in Brazil

Source: McAfee, Net Losses – Estimating the Global Cost of Cybercrime, June 2014

1. Employ defense-in-depth strategies 2. Monitor for network incursion attempts, vulnerabilities and brand use 3. Antivirus on endpoints is not enough 4. Secure your websites against Man In the Middle attacks and malware infection 5. Protect your private keys 6. Use encryption to protect sensitive data 7. Ensure all devices allowed on company networks have adequate security protections 8. Implement a removable media policy 9. Be aggressive in your updating and patching

• 10. Enforce an effective password

policy

• 11. Ensure regular backups are

available

• 12. Restrict emails attachments
• 13. Ensure that you have infection

and incident response procedures in place

• 14. Educate users on basic security

protocols

What can we do…

Source: OAS and Symantec, Latin America + Caribbean Cybersecurity Trends, 2014

5 Simple Steps What can we do…

Source: GovLoop and Symantec

Trust and Stakeholder Participation

• There is a need for trust-building:

– Wikileaks and the “Snowden Effect” – NSA and mining Metada – Retail attacks and reporting

• How to build trust?

– Multi-sectorial inclusion in policymaking – Engagement with civil society – Public-Private Partnerships

OAS 7-Point Action Plan

OAS Model is based on

COLLABORATION

Thank you