How secure are you?

329 views
200 views

Published on

Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
329
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Does anyone know what this video represents?

    I’ll give you a hint – April 16, 2013. Still no ideas? If you watch the video closely, you will see streaks of light, those streaks of light represent sniper rounds impacting metal surfaces. Still no ideas?

    This is early morning video surveillance footage of a Pacific Gas and Electric electrical transmission substation in Metcalf California being attacked by snipers.

    12:58 – 1:07 AM: attackers slip into an underground AT&T vault and expertly severed six AT&T fiber optic telecommunication lines in a way that would make repair difficult. The lid over this vault was so heavy that it would take at least two people to lift it. 

    1:31 AM: snipers began firing at the power station, destroying 17 giant transformers and six circuit breakers.

    1:41 AM: first call to LE from plant operator

    1:45 AM: transformers all over the substation start crashing

    1:50 AM: gunmen cease fire and depart

    1:51 AM: LE arrive, but can’t enter substation & leave, as everything appears “normal”

    3:15 AM when utility electrician arrives the full scope of the damage is appreciated

    The Metcalf power station was down for 27 days and the cost of the damage was estimated to be $15.4 million. Members of the Joint Warfare Analysis Center found fingerprint-free shell casings, & small piles of rocks, probably left by an advance scout to tell the attackers where to get the best shots.

    This was a low tech attack, but it wasn’t just a bunch of guys drinking brewskies.
  • Picture of an actual attack on the financial infrastructure of the United States sometime in 2013

    Blue dots are victims, suffering from a denial of service attack

    Yellow dots were underpinning infrastructure

    Red dots represent where attacks were being launched – but in fact they were most likely orchestrated from Iran (according to the Washington Post), this group hijacked the infrastructure of global telecommunications companies to disrupt the financial infrastructure of the United States.

    This attack was 3X what most global telecommunications companies could bear.

    What is scary about this attack is that the aggressor stopped and pulled back. Why? We don’t know.

    Tens of millions were spent trying to shed these attacks
  • This is a bit of an eye chart. The picture I am painting here is that the threat is persistent and growing. While you’re reading this slide, be sure to check your phone and ensure its not a Tianxing N9500. Today’s WSJ reports that this device comes to you preloaded with malware – in the firmware!
  • Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you
  • Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.
  • What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Culprits cover every level of business, from the frontline assistants to the boardroom.

    Is my industry a target? Wherever a business trusts people, you’ll find this risk.
  • What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes.

    Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor.
  • What is it?
    Simply, any mistake that compromises security: which may mean posting private data to a public site accidentally, sending information to the wrong recipients, or failing to dispose of documents or assets securely.

    Is my industry a target?
    People make mistakes, no matter what industry they work in. But industries that deal in the communication of information — such as public sector, administration, education and healthcare — suffer most.
  • What is it? Crimeware is a broad category, covering any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing.
    Is my industry a target? We found public sector, information, utilities and manufacturing were most at risk.


  • What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay.

    Is my industry a target? Banks and retailers are the primary targets.
  • What is it? These are attacks, not attempted breaches. Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt.

    Is my industry a target? Attacks focused on mission-critical transactional systems in finance, retail and similar sectors.
  • What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property.

    Is my industry a target? Espionage is not just a problem for government and military organizations. Professional, transportation, manufacturing, mining and public sector are all popular targets. If a developing economy, without respect of rule of law or intellectual property rights can jump start their R&D process they will – the industries most often target here are those with large investments in R&D
  • How secure are you?

    1. 1. How Secure are You?
    2. 2. A bunch of guys drinking brewskies?
    3. 3. One day in 2013 . . . .
    4. 4. The past month . . . May 1 – DOJ indicts five PRC PLA Officers on 31 counts including theft of trade secrets, and economic espionage May 15 - Lockheed admits cyber-attacks into its systems have quadrupled since 2007 May 23 - eBay admits to massive cyber-attack affecting 145million users May 29 - Spotify tells eBay 'Me, too' as cyber attack compromises 40 million user accounts May 29 – FireEye reports that Cyberattacks spiked as Russia annexed Crimea May 30 - Brazilian government hit by cyber attack June 1 - Western intelligence agencies in consensus predict a "powerful computer attack"from two malware software programs known as GOZeuS and CryptoLocker. June 3 – Justice Department indicts Russian cyber-criminal mastermind on 14 counts related to the GOZeuS and CryptoLocker malware software programs June 13 -- P.F. Chang's China Bistro breached. The breach has resulted in the probable loss of sensitive debit and credit card information of its customers.
    5. 5. Security Incident Patterns
    6. 6. 92% of security incidents can be described by just nine patterns* * Based on analysis of over 100,000 incidents from between 2004 and 2013
    7. 7. POS Intrusions = 1% Crimeware = 19% Web App Attacks = 8% Card Skimmers = 1% Insider Misuse = 19% DoS Attacks = 2% Physical Theft/Loss = 16% Cyber-espionage = 1% Misc. Errors = 27% Everything Else = 8% Based on analysis of over 100,000 incidents from between 2004 and 2013 Share of Incidents, All Industries
    8. 8. OF MISUSE ATTACKS HAPPENED ACROSS THE CORPORATE LAN. 85% What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Is my industry a target? A wide range of industries were represented: real estate; public sector; mining; administrative and others. Insider Misuse
    9. 9. OF ALL THEFT/LOSS HAPPENED IN THE WORK AREA. 43% What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes. Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor. Physical Theft and Loss
    10. 10. What is it? Any mistake that compromises security, such as accidentally posting private data to a public site, or failing to dispose of documents or assets securely. Is my industry a target? Industries that communicate with the public — such as public sector, administration, education and healthcare — suffer most. Miscellaneous Errors OF ERRORS INVOLVED PRINTED DOCUMENTS. 49%
    11. 11. THE MAJORITY OF CRIMEWARE INCIDENTS START VIA WEB ACTIVITY, NOT LINKS OR ATTACHMENTS IN EMAIL. What is it? Any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing. Is my industry a target? We found public sector, information, utilities, and manufacturing were most at risk. Crimeware
    12. 12. 86% OF SKIMMING ATTACKS WERE ON ATMS. What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay. Is my industry a target? Banks and retailers are the primary targets, but anybody that processes card “cardholder present” transaction is vulnerable — like healthcare providers. Payment Card Skimmers
    13. 13. +115% MORE POWERFUL BOTNETS AND REFLECTION ATTACKS HAVE HELPED DRIVE THE SCALE OF DOS ATTACKS UP 115% SINCE 2011. What is it? Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt. Is my industry a target? Attacks are often on mission-critical transactional systems in finance, retail and similar sectors. Denial of Service
    14. 14. 3x THIS YEAR’S DATA SET SHOWS A THREEFOLD INCREASE IN ESPIONAGE ATTACKS YEAR ON YEAR. What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property. Is my industry a target? Not just a problem for government and military organizations, but professional, manufacturing, mining, transportation and public sector are all popular targets. Cyber-espionage
    15. 15. Take aways . . . • The physical component is important in both the physical and digital domain – exercise vigilance, be paranoid, expect the unexpected. • Ensure you are aware of your surroundings. • Where possible use a credit vs. debit card. • Vet your employees. • Limit access to critical systems and data. • Have a security audit performed routinely to ensure your enterprise is optimized for security – you can pay a little now or a lot later. You decide.
    16. 16. Links • Metcalf Incident: “Assault on California Power Station Raises Alarm on Potential for Terrorism” http://online.wsj.com/news/articles/SB100014240527023048511045793591419 41621778 • Milken Institute “High Stakes in Cyber Security” http://www.milkeninstitute.org/presentations/mediapage.taf?ID=4818 • Verizon Data Breach Investigation Report: http://www.verizonenterprise.com/DBIR/ • The New Threat Landscape: http://www.fireeye.com/info- center/videos/?video=new_threat_landscape

    ×