The Onslaught of Cyber Security Threats and What that Means to You - - PowerPoint PPT Presentation

The Onslaught of Cyber Security Threats and What that Means to You

200M 432M 11.6M

No End in Sight for Cyber Crime Growth

Number of accounts hacked

CNN Money

Number of malware samples collected

Intel Security

Number of mobile devices affected

IBM

43% 54% 68%

Cyber Crime is Hurting Us All

Americans who have experienced a malicious attack

Norton By Symantic

Employees steal proprietary corporate data when they quit or fired

Heimdal Security

Enterprises in U.S. that suffered a security breach

USA Today

Agenda

– Breach landscape – Evolution – Regulators Response – Summary – Q&A

Staying Ahead of The Trends

Threats are more sophisticated and evolving

VIRUSES AND WORMS ADWARE AND SPYWARE DDOS APTS RANSOMWARE HACTIVISM STATE SPONSORED CYBERWEAPONS INDUSTRIAL ESPIONAGE NEXT GEN APTS MOBILE MALWARE CLOUD & WEB SERVICES ATTACKS

2014 2010 2007 2004 1997

1,300

known viruses

50,000

known viruses

100,000+

malware variants daily

An Ever-Changing Threat Landscape

Managed Endpoints Malware Business Partners External Threats Social Engineering Mobile Device Loss/theft

Evolution of Vulnerability's

Insider Threats

Explosion of Connected Devices

Results

• Data Compromised – Seemingly everything stored in the network.
• Entrance Method – Stolen system administrator credentials
• Time Undetected – Unknown
• Discovery Method – On Nov. 22 employee computers received

messages threatening public distribution

• Estimated Damages - Could exceed $100 million.

• Data Compromised – 80 million
• Entrance Method – Attackers used credentials of at least

five different employees.

• Time Undetected – A month and a half .
• Discovery Method – The admin himself noticed his

credentials being used to query their data warehouse.

• Estimated Damages - $100 million

• Data Compromised – 40 million credit and debit cards, 70

million phone numbers

• Entrance Method – HVAC company
• Time Undetected – About two weeks
• Discovery Method– The Department of Justice
• Estimated Damages - $148 million

• Data Compromised – Estimated 7 million
• Entrance Method – Compromised computer with special

privileges.

• Time Undetected – Three months
• Discovery Method – Internal investigation
• Estimated Damages - $200 million

• Data Compromised – 56 million credit
• Entrance Method – Third-party vendor’s credentials
• Time Undetected – Six months
• Discovery Method – 3rd party notification
• Estimated Damages - $62 million

Number of People Affected

• Sony – 6,000
• Anthem Inc. – 80,000,000
• Target – 70,000,000
• JP Morgan – 76,000,000
• Home Depot – 56,000,000

Regulators Response

PCI-DSS: Security Penalties

The Payment Card Industry has established fines of up to $500,000 per incident for security breaches when merchants are not PCI compliant. Potential cost of a security breach

• Fines of $500,000 per incident for being PCI non-compliant
• Increased audit requirements
• Potential for campus wide shut down of credit card activity

by their merchant bank

• Cost of printing and postage for customer notification

mailing

• Cost of staff time (payroll) during security recovery
• Cost of lost business during register or store closures and

processing time

• Decreased sales due to marred public image and loss of

customer confidence

HIPAA Penalties

1) Covered entity or individual did not know (and by exercising reasonable diligence would not have known) the act was a HIPAA violation. $100 - $50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year. 2) The HIPAA violation had a reasonable cause and was not due to willful neglect. $1,000 - $50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year. 3) The HIPAA violation was due to willful neglect but violation is corrected within the required time period. $10,000 - $50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year. 4) The HIPAA violation is due to willful neglect and is not corrected. $50,000 for each violation, up to a maximum of $1.5 million for identical provisions during a calendar year.

GLBA Penalties

Violation of GLBA: Gramm-Leach-Bliley Act and Financial Privacy

• The financial institution shall be subject to a civil

penalty of not more than $100,000 for each violation; and

• The officers and directors of the financial institution

shall be subject to, and personally liable for, a civil penalty of not more than $10,000 for each violation

• Also, fines in accordance with Title 18 of the US Code,

imprisonment for not more than five years, or both

$5,403,644 $4,823,583 $4,104,932 $3,763,299 $3,143,048 $2,282,095 $2,275,404 $1,321,903 $1,115,804

Average Cost of a Data Breach

US DE AU FR UK JP IT BZ IN

$1,000,000 $3,000,000 $2,000,000 $6,000,000 $5,000,000 $4,000,000

Security Approaches

Siloed Security Approach

Single Vendor Approach

Interconnected Approach

Our Approach

Detect & Protect Secure Access Advanced Threat Protection Data Protection Compliance

¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡

236 46% 49% 167% 1,000,000 18,000,000 200,000,000+

Increase in malicious signed binaries in Q1 2014 New threats every minute, or almost 4 every second Increase in new threats attacking the master boot record in Q1 2014 Increase in the amount of mobile malware samples in the past year Number of new ransomware samples in 2013 New malicious URLs in Q1 2014 – a 19% increase over the previous quarter Known Malware samples as of Q1 2014

Threat Landscape