Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybersecurity 2020 threat landscape and its implications (AMER)

306 views

Published on

Cybersecurity decisions have direct implications to individuals, enterprises and organizations but also have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, and those of our customers, significantly. This reliance and targeting have been magnified during COVID19, where the cybercriminals have sunk to new lows at the same time as that reliance on tech has increased.

This session will explore how these technologies are going to change the experiences of our lives for the better and for the worse. It will explore the most recent cybersecurity breaches, predict the key security issues for 2020 and discuss current security priorities.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cybersecurity 2020 threat landscape and its implications (AMER)

  1. 1. 1 Cybersecurity 2020 Threat Landscape and its Implications Featuring Guest Speaker from Forrester
  2. 2. 2 Today’s Speakers Guest Speaker, Sandy Carielli Principal Analyst Forrester Arun Singh Product Marketing Lead, Security Cloudflare
  3. 3. 3 Agenda 1 Security Threat Trends and Implications - 2 Recommendations and Solutions 3 Q&A
  4. 4. 4 Cloudflare Introduction
  5. 5. 5 Cloudflare is an intelligent, integrated global cloud network that delivers security, performance, and reliability for all your Internet infrastructure, people and connected devices. CLOUDFLARE’S MISSION: Help build a better Internet Confidential. Copyright © Cloudflare, Inc.
  6. 6. 6 27M+ Internet properties 37 Tbps Of network capacity 200 Cities and 95+ countries 45B Cyber threats blocked each day in Q1 ‘20 99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network Help Build A Better Internet 6 Note: Map Data as of Jan, 15, 2020
  7. 7. Cybersecurity 2020 Threat Landscape and its Implications Sandy Carielli Principal Analyst
  8. 8. 8© 2020 Forrester. Reproduction Prohibited. 33% of firms suffered a breach as a result of an external attack. This is how.
  9. 9. 9© 2020 Forrester. Reproduction Prohibited. Some Of The Top Threats In 2020 Are Web App Based Bots APIs Client Side Attacks Forrester Report: “Top Cybersecurity Threats In 2020”
  10. 10. 10© 2020 Forrester. Reproduction Prohibited. The New Normal
  11. 11. 11© 2020 Forrester. Reproduction Prohibited. Breaches Due To Improperly Secured APIs Common Causes Were Poor Access Control and Unauthenticated API Endpoints https://www.wired.com/story/i-scraped-millions-of-venmo-payments-your-data-is-at-risk/?verso=true https://www.csoonline.com/article/3268025/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html https://www.theinquirer.net/inquirer/news/3066805/usps-data-breach-api-flaw https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
  12. 12. 12© 2020 Forrester. Reproduction Prohibited. https://www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf
  13. 13. 13© 2020 Forrester. Reproduction Prohibited. Client Side Validation + Poor API Authorization = Data Leakage 13
  14. 14. 14© 2020 Forrester. Reproduction Prohibited. “Magecart Attacks Are A Supply Chain Problem” Forrester Report: “Top Cybersecurity Threats In 2020”
  15. 15. 15 Increases in global Internet utilization
  16. 16. 16
  17. 17. 17 ITALY ● National quarantine ordered on March 9th, 2020 ● 20% increase in utilization
  18. 18. 18 Global Trends ● Global increases in traffic in all regions ● Japan and India continue to see increases after a temporary decline in late March
  19. 19. 19 ● 250% increase in websites related to kids activities ● Over 100% increase in the top 5 categories Categorical increases
  20. 20. 20 Event related traffic declines ● Up to 50% decline in traffic at sporting event sites ● Travel sites experiencing similar declines
  21. 21. 21 Rising security concerns
  22. 22. 22
  23. 23. 23 Hospital websites Almost 2x increase in attacks in March and April
  24. 24. 24 Since the murder of George Floyd there’s also been a large increase in attacks on US government websites. Cyberattacks against the society The category with the biggest increase in cyberattacks was Advocacy Groups with a staggering increase of 1,120x.
  25. 25. 25 Q1 DDoS Trends ● In Q1 2020, 92% of the attacks were under 10 Gbps, compared to 84% in Q4 2019
  26. 26. 26 Q1 DDoS Trends ● Majority of the attacks peaked below 1 million packets per second (pps).
  27. 27. 27 Q1 DDoS Trends ● 79% of DDoS attacks in Q1 lasted between 30 to 60 minutes, compared to 60% in Q4, which represents a 19% increase.
  28. 28. 28 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
  29. 29. 29 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
  30. 30. 30 Application-level attacks ● United States accounted for the largest number of application-level attacks that Cloudflare blocked
  31. 31. 31 Top 4 application attack vectors ● Command Injection ● SQL injection ● File Inclusion ● Fake search engine crawler
  32. 32. “Bad bots comprise about 20% of all web traffic.” - “Top Cybersecurity Threats In 2020,” Forrester Report
  33. 33. 33© 2020 Forrester. Reproduction Prohibited. The Many Flavors Of Bad Bots Web scraping Credential Stuffing Checkout abuse Inventory hoarding Card fraud Web recon Ad fraud DDoS Business logic Influence fraud
  34. 34. 34© 2020 Forrester. Reproduction Prohibited. Bot Attacks Impact Wider Range Of Personas Security Marketing Fraud eCommerce Customer Experience
  35. 35. 35 Online Shoe Retailer Valuable inventory was hoarded, damaging brand and reducing revenue ● Premium limited release inventory was being purchased and “hoarded” by bots ● Approx. 75% of all traffic came from bots ● Resulted in high infrastructure costs ● Created bad will for customers ● Cloudflare solved with 0.1% false positive rate
  36. 36. 36© 2020 Forrester. Reproduction Prohibited. From Sneakers To Toilet Paper: What Is “Valuable?”
  37. 37. 37© 2020 Forrester. Reproduction Prohibited. The New Normal
  38. 38. Collaborate And Automate “Siloed teams perform even worse when everything is remote. The friction of work handoffs is further compounded by distance.” - “Agile, DevOps, And COVID-19,” Forrester Blog
  39. 39. 39© 2020 Forrester. Reproduction Prohibited. • Enumerate, manage and protect API assets … and don’t trust client-side data! • Protect client-side code • Use bot management tooling to change the economics of bot attacks • Consider how the “new normal” changes how attackers might target your products or services • Invest in automation – but make sure your automations are built on solid processes • Focus on CI/CD integrations and collaboration in remote work situations Recommendations
  40. 40. Thank You. © 2020 Forrester. Reproduction Prohibited.
  41. 41. 41 Thank you!
  42. 42. 42 Q&A

×