Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
2Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distr...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
6Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distr...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distri...
Upcoming SlideShare
Loading in …5
×

Webinar: 2014 Data Breach Investigations Report – A New Way of Looking at Threats w/ Eddie Schwartz & Wade Baker

1,917 views
1,832 views

Published on

This webinar features keynote speakers Eddie Schwartz, vice president, security solutions along with Wade Baker, managing principal research and analytics.

For years enterprises have turned to the Verizon Data Breach Investigations Report (DBIR) to learn about the ever-changing threats facing their organization. This year, we’ve pioneered a new way of looking at threat data, classifying more than 90 percent of recent incidents into just nine patterns. It makes the huge complexity of the cybersecurity space clearer to understand, so you can prioritize your response to the attackers and methods that pose a real risk to you.

This webinar is also available with keynote speakers Jay Jacobs, principal, research and analytics along with Bryan Sartin, director, RISK team at this link: http://www.slideshare.net/VerizonEnterpriseSolutions/webinar-2014-data-breach-investigations-report-a-new-way-of-looking-at-threats

Download the full report here: http://vz.to/DBIR2014

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,917
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • Default cover design.
  • Slide 3 – Agenda –Here is a brief overview of today’s agenda Bryan and Jay will discuss:2014 DBIR FindingsDBIR: A New ApproachQ&A SessionLearn MoreAt the end we will take your questions.  As we go through today’s presentation, feel free to submit your questions via the Q&A button at the top of your net conference screen.  We will do our best to get to as many questions as we can.Learn More – we will review available resources for you to learn more about our 2014 DBIR And now it is my pleasure to turn it over to Bryan Sartin from our Verizon RISK Team.
  • This is the VERIS record (stored as a JSON file) for a single security incident. There are ~85 fields and multiple variables per field (e.g., ‘malware.vector’ is a field that includes variables like ‘email’ and ‘web’). It doesn’t matter that the font is impossibly small; it’s not meant to be read. It merely demonstrates that security incidents are complex things and require numerous data points to adequately describe them. Analyzing one incident is nice, but what about thousands? What if we wanted to study the entire threat landscape?
  • What is it? When attackers compromise the computers and servers that run point of sale (POS) applications, with the intention of capturing payment data.Is my industry a target? Clearly, hospitality and retail companies are the top targets, given their large POS device estates. But other sectors, such as healthcare, process payments too, and are at risk.RecommendationsRestrict remote access. Limit remote access into POS systems by third-party companies. Enforce strong password policies. Our PCI Compliance Report found that over 25% of companies still use factory defaults. Reserve POS systems for POS activities. Do not allow staff to use them to browse the web, check email, play games, etc.Use two-factor authentication. Stronger passwords would reduce the problem, but two-factor would be even better.How we can help: PCI professional security services
  • What is it?When attackers use stolen credentials or exploit vulnerabilities in web applications — such as content management systems (CMS) or e-commerce platforms.Is my industry a target? Most sectors now have many of their applications web-facing, but top targets included information, utility, manufacturing and retail companies. RecommendationsUse two-factor authentication. Look at soft tokens and biometrics.Consider switching to a static CMS. Instead of executing code to generate the content for every request, pre-generate pages to reduce the opportunity for exploits.Enforce lockout policies. Locking accounts after repeated failed login attempts will help to thwart brute-force attacks.Monitor outbound connections. Unless your server has a good reason to send millions of packets to a foreign government’s systems, lock down your servers’ ability to do so.How we can help: Application Vulnerability Assessment
  • What is it?When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Culprits cover every level of business, from the frontline assistants to the boardroom.Is my industry a target? A wide range of industries were represented: real estate; public sector; mining; administrative and others. Wherever a business trusts people, you’ll find this risk. RecommendationsKnow your data. The first step in protecting your data is in knowing where it is, and who has access to it. Review user accounts. Having identified who has access to sensitive data, implement a process for revoking access when employees leave or change role. Watch the exits. Set up controls to watch for data transfer out of the organization. Publish anonymized results of audits. Seeing that policies are being enforced and policed can be a powerful deterrent.How we can help: Identity and Access Management
  • What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes.Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor.RecommendationsEncrypt devices. While encryption won’t affect the chances of an asset going missing, it will protect the data it stores.Back it up. Regular backups can prevent the loss of valuable data, reduce downtime, and help with forensics should you be breached. Lock it down. Secure IT equipment to immovable fixtures, and store highly sensitive or valuable assets — particularly paper documents — in separate, secure area.How we can help: DLP and DDISC
  • What is it?Simply, any mistake that compromises security: which may mean posting private data to a public site accidentally, sending information to the wrong recipients, or failing to dispose of documents or assets securely. Is my industry a target? People make mistakes, no matter what industry they work in. But industries that deal in the communication of information — such as public sector, administration, education and healthcare — suffer most.
  • What is it?Crimeware is a broad category, covering any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing.Is my industry a target? We found public sector, information, utilities and manufacturing were most at risk. RecommendationsPatch anti-virus and browsers. This could block many attacks.Disable Java in the browser. Given the history of vulnerabilities, avoid using Java browser plugins whenever possible.Use two-factor authentication. It won’t prevent the theft of credentials, but it will limit what damage can be done.Implement configuration change monitoring. Many methods can be easily detected by watching key indicators.How we can help: Monitoring and Analytics
  • What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay.Is my industry a target? Banks and retailers are the primary targets.RecommendationsUse tamper-resistant terminals. Some terminals are more susceptible to skimming than others.Watch for tampering. Train employees to spot skimmers and recognize suspicious behavior.Use tamper-evident controls. This may be as simple as a seal over the door of a gas pump, or something more sophisticated like automated visual anomaly monitoring. How we can help: PCI professional security services
  • What is it?These are attacks, not attempted breaches. Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt.Is my industry a target? Attacks are often on mission-critical transactional systems in finance, retail and similar sectors.RecommendationsEnsure that servers are patched promptly. And only give access to people that need it.Segregate key IP/servers. Buy a small backup circuit and announce IP space. That way if it’s attacked, primary systems won’t be affected.Test your anti-DDoS service. This isn’t an install-and-forget kind of service.Have a plan. Key operations teams need to know how to react if there is an attack.Have a backup plan. Who will you call if your primary anti-DDoS service doesn’t work? How we can help: DOS Defense
  • What is it?When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property.Is my industry a target? Espionage is not just a problem for government and military organizations. Professional, transportation, manufacturing, mining and public sector are all popular targets. RecommendationsPatch promptly. Exploiting software vulnerabilities is a common first step. Use anti-virus, and keep it up to date. It won’t protect you from zero-day attacks, but many still fall prey to well-known dangers. Train users. Give them the knowledge they need to recognize and report danger signs.Keep good logs. Log system, network, and application activity. This is a good foundation for incident response, and will support many proactive countermeasures.How we can help: Monitoring and Analytics
  • Webinar: 2014 Data Breach Investigations Report – A New Way of Looking at Threats w/ Eddie Schwartz & Wade Baker

    1. 1. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2014 DATA BREACH INVESTIGATIONS REPORT CUSTOMER WEBINAR Tuesday, May 6, 2014
    2. 2. 2Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Please advance to the next slide where you can watch the video. The total slide deck is available for your reference after the video. Thank you.
    3. 3. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4 Your Presenters Eddie Schwartz Vice President Security Solutions Verizon Enterprise Solutions Wade Baker Managing Principal Research & Analytics Verizon Enterprise Solutions
    4. 4. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5 Agenda • 2014 DBIR • A Decade of Data breaches • Incident Patterns • Q&A Session
    5. 5. 6Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Main report 2014 DATA BREACH INVESTIGATIONS REPORT 92THE UNIVERSE OF THREATS MAY SEEM LIMITLESS, BUT 92% OF THE 100,000 INCIDENTS WE’VE ANALYZED FROM THE LAST 10 YEARS CAN BE DESCRIBED BY JUST NINE BASIC PATERNS. Conducted by Verizon with contributions from 50 organizations from around the world. POINT-OF-SALE INTRUSIONS WEB-APP ATTACKS PAYMENT CARD SKIMMERS CRIMEWARE DOS ATTACKS INSIDER MISUSEPHYSICAL THEFT AND LOSS CYBER-ESPIONAGE % MISCELLANEOUS ERRORS
    6. 6. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7 2014 DBIR by the numbers
    7. 7. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8 50 contributors from around the world
    8. 8. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9 Global coverage
    9. 9. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10 1. Lacks info on breach impact or cost 2. Findings skewed by ―stuff I don’t care about‖ – e.g., ―I don’t have POS/ATMs‖ or ―I’m a manufacturer.‖ 3. Not enough ―root cause‖ analysis and recommendations not specific enough 4. Self-criticism: No Star Wars or Princess Bride refs Criticisms of past DBIRs
    10. 10. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11 A decade of data breaches
    11. 11. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12 A decade of data breaches
    12. 12. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13 A decade of data breaches
    13. 13. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14 A decade of data breaches
    14. 14. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 15 A decade of data breaches
    15. 15. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 16 A decade of data breaches
    16. 16. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 17 A decade of data breaches
    17. 17. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 18 Incident patterns
    18. 18. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19 Incident patterns malware.vector asset.variety
    19. 19. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Cyber-espionage POS intrusions Insider misuse Misc errors Card skimmers Crimeware DoS attacks Web app attacks Theft/Loss
    20. 20. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 21 Incident patterns
    21. 21. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 22 Incident patterns
    22. 22. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 23 Incident patterns
    23. 23. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 24 Executive summary: figure 2
    24. 24. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 25 Incident patterns
    25. 25. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 26 Incident patterns
    26. 26. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 27 85% OF POS INTRUSIONS TOOK WEEKS TO BE DISCOVERED. What is it? When attackers compromise the computers and servers that run point of sale (POS) applications, with the intention of capturing payment data. Is my industry a target? Hospitality and retail companies are the top targets, but other sectors, such as healthcare, are also at risk. POS Intrusions
    27. 27. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 28 WEB APP ATTACKS OFTEN TARGETED CMS LIKE DRUPAL AND WORDPRESS. What is it? When attackers use stolen credentials or exploit vulnerabilities in web applications — such as content management systems (CMS) or e-commerce platforms. Is my industry a target? Most sectors now have many of their applications web- facing, but top targets included information, utility, manufacturing and retail companies. Web App Attacks
    28. 28. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 29 OF MISUSE ATTACKS HAPPENED ACROSS THE CORPORATE LAN. 85% What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Is my industry a target? A wide range of industries were represented: real estate; public sector; mining; administrative and others. Insider Misuse
    29. 29. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 30 OF ALL THEFT/LOSS HAPPENED IN THE WORK AREA. 43% What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor. Physical Theft and Loss
    30. 30. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 31 Miscellaneous Errors OF ERRORS INVOLVED PRINTED DOCUMENTS. 49% What is it? Any mistake that compromises security, such as accidentally posting private data to a public site, or failing to dispose of documents or assets securely. Is my industry a target? Industries that communicate with the public — such as public sector, administration, education and healthcare — suffer most.
    31. 31. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 32 THE MAJORITY OF CRIMEWARE INCIDENTS STARTED VIA WEB ACTIVITY, NOT LINKS OR ATTACHMENTS IN EMAIL. What is it? Any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities, and manufacturing were most at risk. Crimeware
    32. 32. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 33 Payment Card Skimmers 86% OF SKIMMING ATTACKS WERE ON ATMS. What is it? The physical installation of a ―skimmer‖ on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets, but anybody that processes card ―cardholder present‖ transaction is vulnerable — like healthcare providers.
    33. 33. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 34 +115% MORE POWERFUL BOTNETS AND REFLECTION ATTACKS HAVE HELPED DRIVE THE SCALE OF DOS ATTACKS UP 115% SINCE 2011. What is it? Attackers use ―botnets‖ of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks are often on mission-critical transactional systems in finance, retail and similar sectors. Denial of Service
    34. 34. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 35 Cyber-espionage 3x THIS YEAR’S DATA SET SHOWS A THREEFOLD INCREASE IN ESPIONAGE ATTACKS YEAR ON YEAR. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Not just a problem for government and military organizations, but professional, manufacturing, mining, transportation and public sector are all popular targets.
    35. 35. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 36 Conclusion
    36. 36. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 37 Conclusion
    37. 37. Confidentialand proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosureor distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 38 Thank You | Questions

    ×