SlideShare a Scribd company logo

Data breach represents potential existential risk to any organization

Download as DOC, PDF
R
Robert Anderson

Recent experience shows the danger of yielding to ransomware threats

Technology
1 of 3
DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK TO ANY ORGANIZATION: RECENT EXPERIENCE SHOWS THE DANGER OF YIELDING TO RANSOMWARE THREATS Where is the new risk to organizations everywhere? In their data! All data – enterprise data in operational networks, communications systems, supervisory control and data acquisition systems (SCADA), industrial control systems (ICS) and financial systems – are increasingly assaulted by cyber attacks in many forms. “Data as Organizational Risk” is the new normal. Security environments are under threats of illegal breaches and data exfiltration attacks that are planned and executed by an array of cyber criminals – lone hackers, hacktivists, criminal organizations and nation states. Even worse, these criminals meticulously strategize, research and plan their attacks, They frequently attach themselves unnoticed inside company firewalls, often sitting “silently” for weeks or months. As they wait, they are slowly mapping networks and acquiring higher access credentials that will enable them to move quickly, quietly and laterally inside systems to launch their attacks. In many instances, cyber criminals use the “silent” periods of compromise to achieve full awareness of an organization’s defenses, controls and weaknesses before launching their attacks. In many cases, by the time the company has discovered a breach, or law enforcement has notified them that they are being breached, it’s too late. Unfortunately, the modern threat environment specifically related to cyber crime has no borders, no check points and no guards standing at their posts protecting against such threats. In the end, cyber criminals can spot targets, evaluate the risk of attacking them and eventually sell the information they have stolen. A RECENT BREACH DEMONSTRATES THE NEED FOR EFFECTIVE RANSOMWARE RESPONSE A recent ransomware attack illustrates both the cunning and treachery of today’s cyber attackers, as well as the importance of being prepared to respond to an attack proactively. Although Navigant teams were ultimately brought in to remediate the attack, the victim’s initial response demonstrated the dangers of underestimating the risk that attackers pose. In this infiltration, the attackers’ method was to exploit a faulty system patch and outdated infrastructure. This exploitation led to the criminals’ discovery of further system vulnerabilities that allowed them to perform a ransomware attack. The attack penetrated the target organization’s entire system, seizing and encrypting more than 600 hard drives and related infrastructure – resulting in the loss of more than two terabytes of data. The victim organization initially began paying ransoms for decryption keys to release hard drives back into ”live” state, instead of calling upon private companies or law enforcement agencies for help. This early response by the organization resulted in only two servers being released by the attackers, before the ransoms were increased on the remaining data. This technique – in which ransom payments merely lead to escalated demands – is a trend we are seeing with increasing frequency with clients we assist across the United States, and also within our U.K. offices. Statistics gathered from international software security
groups confirm this alarming ransomware trend: Source: Kaspersky Security Bulletin 2015 When the ransom payments ended up only exacerbating the problem, the organization enlisted Navigant’s Information Security team to help. Within eight hours of arriving on site, our team of forensics, incident response, and cyber professionals was able to ascertain the location from which the data had been exfiltrated, and identified the type of ransomware that had been deployed against the client’s infrastructure. After containing and remediating the attack, Navigant developed a comprehensive solution with actionable recommendations and strategies for upgrading the organization’s hardware and software system infrastructure to reduce the risks of future attacks. ADDRESSING RISKS AND TAKING ACTION: KNOWING THE RISK AND GETTING AHEAD OF IT With cyber criminals now mastering many sophisticated and ever-evolving techniques, business leaders are discovering that hopeful attitudes and denial about the potential severity of data breaches are especially dangerous. Leading organizations are paying increased attention to threats of cyber attacks, and they are recognizing that now is the time to proactively address their information security systems and cyber attack protocols. Current cyber risks require companies to proactively monitor risks while holistically mapping that intelligence to the specific infrastructure and risk profiles unique to their organization. Navigant’s experienced teams of cyber professionals not only remediate the attacks – they put preventive measures in place to spare companies catastrophic financial and enterprise data loss.
Cyber Marketing Blast – Other Comments FOR MARKETING TEAM USE TO ALTER VISUAL AND PROVIDE CITATION: Number of users attacked by Trojan-Ransom encryptor malware (2012 – 2015) 2012 36232 2013 15363 2014 120840 2015 179209 Kaspersky Security Bulletin 2015 https://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015- overall-statistics-for-2015/ Page 1

Recommended

Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetInnovation Network Technologies: InNet
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacksTexas Medical Liability Trust
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For CybersecurityNathan Anderson
 
A Secure Network Bridging the Gap
A Secure Network Bridging the GapA Secure Network Bridging the Gap
A Secure Network Bridging the GapColloqueRISQ
 
Ransomware 2020 Report
Ransomware 2020 ReportRansomware 2020 Report
Ransomware 2020 ReportFortis
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons Learned
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons LearnedRansomware in Healthcare: 5 Attacks on Hospitals & Lessons Learned
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons LearnedBarkly
 

Recommended

Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetInnovation Network Technologies: InNet
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacksTexas Medical Liability Trust
 
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity2016 ISACA NACACS - Audit As An Impact Player For Cybersecurity
2016 ISACA NACACS - Audit As An Impact Player For CybersecurityNathan Anderson
 
A Secure Network Bridging the Gap
A Secure Network Bridging the GapA Secure Network Bridging the Gap
A Secure Network Bridging the GapColloqueRISQ
 
Ransomware 2020 Report
Ransomware 2020 ReportRansomware 2020 Report
Ransomware 2020 ReportFortis
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons Learned
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons LearnedRansomware in Healthcare: 5 Attacks on Hospitals & Lessons Learned
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons LearnedBarkly
 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportJames Gachie
 
Cisco Annual Security Report
Cisco Annual Security ReportCisco Annual Security Report
Cisco Annual Security ReportThe Internet of Things
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016The Internet of Things
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetijctet
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseEMC
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Laporan Resmi HTTP
Laporan Resmi HTTPLaporan Resmi HTTP
Laporan Resmi HTTPMuhammad Sulistiyo
 
The Art & Science of Building a Great Community - Jen Sable Lopez
The Art & Science of Building a Great Community - Jen Sable LopezThe Art & Science of Building a Great Community - Jen Sable Lopez
The Art & Science of Building a Great Community - Jen Sable LopezMnSearch, The Minnesota Search Engine Marketing Association
 
Tarix 6 agdash 7_bayramova leyla behman
Tarix 6 agdash 7_bayramova leyla behmanTarix 6 agdash 7_bayramova leyla behman
Tarix 6 agdash 7_bayramova leyla behmanmimio_azerbaijan
 
Իմ փոքրիկ ջերմոցը
Իմ փոքրիկ ջերմոցըԻմ փոքրիկ ջերմոցը
Իմ փոքրիկ ջերմոցըНаира Папоян
 

More Related Content

What's hot

Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughMartin Opsahl
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportJames Gachie
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSKenny Huang Ph.D.
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data BreachKunal Sharma
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetijctet
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacTicTac Data Recovery
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseEMC
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM AlienVault
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 

What's hot (18)

Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security Report
 
Cisco Annual Security Report
Cisco Annual Security ReportCisco Annual Security Report
Cisco Annual Security Report
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Case Study of RSA Data Breach
Case Study of RSA Data BreachCase Study of RSA Data Breach
Case Study of RSA Data Breach
 
Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
Enhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 datasetEnhanced method for intrusion detection over kdd cup 99 dataset
Enhanced method for intrusion detection over kdd cup 99 dataset
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by TictacRecover your files from Ransomware - Ransomware Incident Response by Tictac
Recover your files from Ransomware - Ransomware Incident Response by Tictac
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and Response
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM How to Detect SQL Injections & XSS Attacks with AlienVault USM
How to Detect SQL Injections & XSS Attacks with AlienVault USM
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 

Viewers also liked

Tarix 6 agdash 7_bayramova leyla behman
Tarix 6 agdash 7_bayramova leyla behmanTarix 6 agdash 7_bayramova leyla behman
Tarix 6 agdash 7_bayramova leyla behmanmimio_azerbaijan
 
Η Ελπίδα ψάχνει μια νέα πατρίδα
Η Ελπίδα ψάχνει μια νέα πατρίδαΗ Ελπίδα ψάχνει μια νέα πατρίδα
Η Ελπίδα ψάχνει μια νέα πατρίδαDimitra Provel
 
Peer power!!! the comics issue 1
Peer power!!! the comics issue 1Peer power!!! the comics issue 1
Peer power!!! the comics issue 1Dimitra Provel
 
Laporan Pendahuluan dan Resmi FTP dan HTTP
Laporan Pendahuluan dan Resmi FTP dan HTTPLaporan Pendahuluan dan Resmi FTP dan HTTP
Laporan Pendahuluan dan Resmi FTP dan HTTPMuhammad Sulistiyo
 
How web applications work
How web applications workHow web applications work
How web applications workLambda Tree
 
Word 2 tha mutha.movie.pt.1.html.doc
Word 2 tha mutha.movie.pt.1.html.docWord 2 tha mutha.movie.pt.1.html.doc
Word 2 tha mutha.movie.pt.1.html.docAztanian
 

Viewers also liked (19)

Laporan Resmi HTTP
Laporan Resmi HTTPLaporan Resmi HTTP
Laporan Resmi HTTP
 
The Art & Science of Building a Great Community - Jen Sable Lopez
The Art & Science of Building a Great Community - Jen Sable LopezThe Art & Science of Building a Great Community - Jen Sable Lopez
The Art & Science of Building a Great Community - Jen Sable Lopez
 
Tarix 6 agdash 7_bayramova leyla behman
Tarix 6 agdash 7_bayramova leyla behmanTarix 6 agdash 7_bayramova leyla behman
Tarix 6 agdash 7_bayramova leyla behman
 
Իմ փոքրիկ ջերմոցը
Իմ փոքրիկ ջերմոցըԻմ փոքրիկ ջերմոցը
Իմ փոքրիկ ջերմոցը
 
жизнь
жизньжизнь
жизнь
 
Tugas komjar 4
Tugas komjar 4Tugas komjar 4
Tugas komjar 4
 
Η Ελπίδα ψάχνει μια νέα πατρίδα
Η Ελπίδα ψάχνει μια νέα πατρίδαΗ Ελπίδα ψάχνει μια νέα πατρίδα
Η Ελπίδα ψάχνει μια νέα πατρίδα
 
змея
змеязмея
змея
 
Peer power!!! the comics issue 1
Peer power!!! the comics issue 1Peer power!!! the comics issue 1
Peer power!!! the comics issue 1
 
Laporan Pendahuluan dan Resmi FTP dan HTTP
Laporan Pendahuluan dan Resmi FTP dan HTTPLaporan Pendahuluan dan Resmi FTP dan HTTP
Laporan Pendahuluan dan Resmi FTP dan HTTP
 
Князь Ігор
Князь ІгорКнязь Ігор
Князь Ігор
 
Корсунь-Шевченківська битва
Корсунь-Шевченківська битваКорсунь-Шевченківська битва
Корсунь-Шевченківська битва
 
Ікони як історичні пам`ятки
Ікони як історичні пам`яткиІкони як історичні пам`ятки
Ікони як історичні пам`ятки
 
MMG_030506
MMG_030506MMG_030506
MMG_030506
 
Parte 3 evidencias
Parte 3 evidenciasParte 3 evidencias
Parte 3 evidencias
 
Yaneska-Mujica
Yaneska-MujicaYaneska-Mujica
Yaneska-Mujica
 
Manual tecnico umasoft
Manual tecnico umasoftManual tecnico umasoft
Manual tecnico umasoft
 
How web applications work
How web applications workHow web applications work
How web applications work
 
Word 2 tha mutha.movie.pt.1.html.doc
Word 2 tha mutha.movie.pt.1.html.docWord 2 tha mutha.movie.pt.1.html.doc
Word 2 tha mutha.movie.pt.1.html.doc
 

Similar to Data breach represents potential existential risk to any organization

Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfforladies
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015Andreanne Clarke
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune SystemAustin Eppstein
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdfHiYeti1
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalShallu Behar-Sheehan FCIM
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptxCompanySeceon
 
Cybersecurity Solution for a Drug Manufacturing Company.pdf
Cybersecurity Solution for a Drug Manufacturing Company.pdfCybersecurity Solution for a Drug Manufacturing Company.pdf
Cybersecurity Solution for a Drug Manufacturing Company.pdfNuvento Systems Pvt Ltd
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdfJenna Murray
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...cyberprosocial
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept*****Dominic A Ienco
 
How to recover from your next data breach
How to recover from your next data breachHow to recover from your next data breach
How to recover from your next data breachSILO Compliance Systems
 

Similar to Data breach represents potential existential risk to any organization (20)

Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdf
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Enterprise Immune System
Enterprise Immune SystemEnterprise Immune System
Enterprise Immune System
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Ransomware (1).pdf
Ransomware (1).pdfRansomware (1).pdf
Ransomware (1).pdf
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
NetWitness
NetWitnessNetWitness
NetWitness
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
 
Self defending networks
Self defending networksSelf defending networks
Self defending networks
 
Escan advisory wannacry ransomware
Escan advisory wannacry ransomwareEscan advisory wannacry ransomware
Escan advisory wannacry ransomware
 
Threat Intelligen.pptx
Threat Intelligen.pptxThreat Intelligen.pptx
Threat Intelligen.pptx
 
Cybersecurity Solution for a Drug Manufacturing Company.pdf
Cybersecurity Solution for a Drug Manufacturing Company.pdfCybersecurity Solution for a Drug Manufacturing Company.pdf
Cybersecurity Solution for a Drug Manufacturing Company.pdf
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdf
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
 
Malware Infections
Malware InfectionsMalware Infections
Malware Infections
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
targeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-septtargeted-data-breach-bulletin-sept
targeted-data-breach-bulletin-sept
 
How to recover from your next data breach
How to recover from your next data breachHow to recover from your next data breach
How to recover from your next data breach
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Data breach represents potential existential risk to any organization

  • 1. DATA BREACH REPRESENTS POTENTIAL EXISTENTIAL RISK TO ANY ORGANIZATION: RECENT EXPERIENCE SHOWS THE DANGER OF YIELDING TO RANSOMWARE THREATS Where is the new risk to organizations everywhere? In their data! All data – enterprise data in operational networks, communications systems, supervisory control and data acquisition systems (SCADA), industrial control systems (ICS) and financial systems – are increasingly assaulted by cyber attacks in many forms. “Data as Organizational Risk” is the new normal. Security environments are under threats of illegal breaches and data exfiltration attacks that are planned and executed by an array of cyber criminals – lone hackers, hacktivists, criminal organizations and nation states. Even worse, these criminals meticulously strategize, research and plan their attacks, They frequently attach themselves unnoticed inside company firewalls, often sitting “silently” for weeks or months. As they wait, they are slowly mapping networks and acquiring higher access credentials that will enable them to move quickly, quietly and laterally inside systems to launch their attacks. In many instances, cyber criminals use the “silent” periods of compromise to achieve full awareness of an organization’s defenses, controls and weaknesses before launching their attacks. In many cases, by the time the company has discovered a breach, or law enforcement has notified them that they are being breached, it’s too late. Unfortunately, the modern threat environment specifically related to cyber crime has no borders, no check points and no guards standing at their posts protecting against such threats. In the end, cyber criminals can spot targets, evaluate the risk of attacking them and eventually sell the information they have stolen. A RECENT BREACH DEMONSTRATES THE NEED FOR EFFECTIVE RANSOMWARE RESPONSE A recent ransomware attack illustrates both the cunning and treachery of today’s cyber attackers, as well as the importance of being prepared to respond to an attack proactively. Although Navigant teams were ultimately brought in to remediate the attack, the victim’s initial response demonstrated the dangers of underestimating the risk that attackers pose. In this infiltration, the attackers’ method was to exploit a faulty system patch and outdated infrastructure. This exploitation led to the criminals’ discovery of further system vulnerabilities that allowed them to perform a ransomware attack. The attack penetrated the target organization’s entire system, seizing and encrypting more than 600 hard drives and related infrastructure – resulting in the loss of more than two terabytes of data. The victim organization initially began paying ransoms for decryption keys to release hard drives back into ”live” state, instead of calling upon private companies or law enforcement agencies for help. This early response by the organization resulted in only two servers being released by the attackers, before the ransoms were increased on the remaining data. This technique – in which ransom payments merely lead to escalated demands – is a trend we are seeing with increasing frequency with clients we assist across the United States, and also within our U.K. offices. Statistics gathered from international software security
  • 2. groups confirm this alarming ransomware trend: Source: Kaspersky Security Bulletin 2015 When the ransom payments ended up only exacerbating the problem, the organization enlisted Navigant’s Information Security team to help. Within eight hours of arriving on site, our team of forensics, incident response, and cyber professionals was able to ascertain the location from which the data had been exfiltrated, and identified the type of ransomware that had been deployed against the client’s infrastructure. After containing and remediating the attack, Navigant developed a comprehensive solution with actionable recommendations and strategies for upgrading the organization’s hardware and software system infrastructure to reduce the risks of future attacks. ADDRESSING RISKS AND TAKING ACTION: KNOWING THE RISK AND GETTING AHEAD OF IT With cyber criminals now mastering many sophisticated and ever-evolving techniques, business leaders are discovering that hopeful attitudes and denial about the potential severity of data breaches are especially dangerous. Leading organizations are paying increased attention to threats of cyber attacks, and they are recognizing that now is the time to proactively address their information security systems and cyber attack protocols. Current cyber risks require companies to proactively monitor risks while holistically mapping that intelligence to the specific infrastructure and risk profiles unique to their organization. Navigant’s experienced teams of cyber professionals not only remediate the attacks – they put preventive measures in place to spare companies catastrophic financial and enterprise data loss.
  • 3. Cyber Marketing Blast – Other Comments FOR MARKETING TEAM USE TO ALTER VISUAL AND PROVIDE CITATION: Number of users attacked by Trojan-Ransom encryptor malware (2012 – 2015) 2012 36232 2013 15363 2014 120840 2015 179209 Kaspersky Security Bulletin 2015 https://securelist.com/analysis/kaspersky-security-bulletin/73038/kaspersky-security-bulletin-2015- overall-statistics-for-2015/ Page 1