Download to read offline
More Related Content
Similar to David Tweedale - The Evolving Threat Landscape #midscybersecurity18
David Tweedale - The Evolving Threat Landscape #midscybersecurity18
- 1. © 2017 Mimecast.comAll rights reserved.1 The Threat Landscape Cyber Security is no longer enough DAVID TWEEDALE
- 2. © 2017 Mimecast.comAll rights reserved.2
- 3. © 2017 Mimecast.comAll rights reserved.3 91% attacks started with a phishing email 55% increase in spear-phishing attacks 400% increase in ransomware attacks 1300% increase impersonation attack losses EMAIL REMAINS THE #1 Attack Vector 1 Source: 2017 Verizon Data Breach Investigation Report
- 4. © 2017 Mimecast.comAll rights reserved.4 State Sponsored
- 5. © 2017 Mimecast.comAll rights reserved.5 Politically Motivated
- 6. © 2017 Mimecast.comAll rights reserved.6 Organised Crime
- 7. © 2017 Mimecast.comAll rights reserved.7 Maybe you already know them
- 8. © 2017 Mimecast.comAll rights reserved.8
- 9. © 2017 Mimecast.comAll rights reserved.9 Anonymous Hosting
- 10. © 2017 Mimecast.comAll rights reserved.10
- 11. Everything as aService IaaS DaaS PaaS SaaS DRaaS SaaS RaaS YOU DON’T EVEN NEED TO KNOW HOW TO CODE…
- 12. © 2017 Mimecast.comAll rights reserved.12 IFYOU DO BUT YOU DON’T KNOW HOWTO BYPASS SANDBOXES…
- 13. © 2017 Mimecast.comAll rights reserved.13 Multilingual Call Centre to Support the Campaigns
- 14. © 2017 Mimecast.comAll rights reserved.14 SOCIAL ENGINEERING… MALWARE-LESS DANGER
- 15. © 2017 Mimecast.comAll rights reserved.15 STEP 1 – DOYOU HAVEAN “ABOUT US” SECTION...?
- 16. © 2017 Mimecast.comAll rights reserved.16 STEP 2 – DO YOU WANT TO CONNECT…?
- 17. © 2017 Mimecast.comAll rights reserved.17 STEP 3 – ENTICE ACTION FROMTHE END USER
- 18. © 2017 Mimecast.comAll rights reserved.18
- 19. © 2017 Mimecast.comAll rights reserved.19 What you think your security looks like Confidential |
- 20. © 2017 Mimecast.comAll rights reserved.20 What your security actually looks like Confidential |
- 21. © 2017 Mimecast.comAll rights reserved.21 Layer 1: The technology Confidential |
- 22. © 2017 Mimecast.comAll rights reserved.22 Layer 2: The human firewall Confidential |
- 23. © 2017 Mimecast.comAll rights reserved.23 Maximizing systems, data and personnel Ensuring business continues when incidents arise Recovering from a failure / outage Defending against known an unknown attacks with the best technology The Landscape: Convergence of Risk for Email Defense Arms Race Skills / Deficiencies Business Disruption Data Hostage
- 24. © 2017 Mimecast.comAll rights reserved.24 “Cyber Resilience is an evolving perspective that is rapidly gaining recognition. The concept brings the areas of information security, business continuity and data resilience together.”
- 25. © 2017 Mimecast.comAll rights reserved.25 • Prevent incidents • Recover and mitigate • Improve and analyze USERS I DATA I PRODUCTIVITY Human error PROTECT Malicious intent Technological failure
- 26. Prepare DetectPrevent Cyber Resilienceforemail by Mimecast Respond • Training & Enablement • Threat Intelligence • Encryption • Secure Messaging • Recovery Plan • Maintain Compliance • DMARC / DKIM • Anti-malware • Anti-spam • Phishing • Ransomware • Malicious URLs • Impersonation Attacks • Weaponised Attachments • SIEM Integration • Systematic Alerting • End-User Escalation • Reporting • Incident triage & response • Instant remediation • Immediate recovery • Targeted education campaigns
- 27. © 2017 Mimecast.comAll rights reserved.27 ADVANCED SECURITY BUSINESS CONTINUITY ADVANCED SECURITY BUSINESS CONTINUITY MULTI PURPOSE ARCHIVE Cyber Resilience for Email
Editor's Notes
- #2 Like to take a few minutes to tell you more about Mimecast. Outline the issues we help customers tackle. Explain why our approach is different from others. Share some detail on our services.
- #3 I’m not going to start today with a presentation about features and benefits, products and add-ons. Instead, for the next 10 or 15mins I’m going to be talking about the threat landscape. My aim is to try and highlight some of the risks to your customers, and some of the misconceptions they might have about the way they’ve protected themselves, their users and their data. You may notice on the screen we have a timer counting down – it started at 1min 22. No, that’s not how long it takes me to tie my tie or do up my shoe laces, or how long it will take you to close your first deal after this session (although let’s hope for that). In the time its taken me to complete this introduction and let the clock run down – your business has been compromised by a phishing attack.
- #4 Number one is the fact that email remains the number one attack vector for hackers. This is backed by key stats from the 2017 Verizon Data Breach Investigation Report which indicates: 91% of attacks started with a phishing email. There was a 55% increase in spear-phishing attacks 1300% increase in impersonation attack losses and 400% increase in ransomware attacks.
- #5 So who’s doing the dirty work here and sending malicious emails? Sometimes it can be just for fun – the guys that hacked TalkTalk said they did it just to see if they could. But often it is a lot more sinister. There are a number of examples of attacks thought to be state sponsored…North Korea for example are said to have sponsored the attack on Sony Pictures in 2014 in response to the movie The Interview!
- #6 Anyone who watches the news is likely to have heard of Russian “meddling” in the US election – with CNBC reporting that 39 states were targeted by Russian hackers during the election campaign. https://www.cnbc.com/2017/06/13/russias-cyber-attack-on-39-states-could-jeopardize-future-us-elections.html Bet Clinton wishes she was a bit more careful!
- #7 And email and cyber attacks are now often part of the important groundwork for organised criminals – often opening the door and breaking down defences that allow traditional physical crimes to occur. Think disabling a security system to rob a bank – might sound quite Oceans 11 but a perfectly reasonable and realistic way to cripple an organisation…especially if you only need to send a few emails to do it!
- #8 Finally, it might be Joe, or Fred, or Sarah…or any of the people sitting in your offices or in this room. A compromised or malicious insider is in a unique and powerful position to cause damage to an organisation. Many traditional security solutions are only interested about what comes in from the outside – but mayhem could just as easily be caused by the chap sitting next to you. Liam, what kinds of techniques are these nasty people using?
- #9 And what methods are these people using? Tor, the Onion Router, the dark web – whichever name you want to give it – allows you to browse and communicate anonymously, making illegal cyber activity easy and difficult to trace.
- #10 Bulletproof hosting sites – good destinations for phishing links And its easy to find Bulletproof hosting sites – services that give compute, storage, bandwidth, management and say “we don’t care what you host, that’s your business!”
- #11 And then we have bitcoins…the ultimate anonymous currency – each time it changes hands the encryption becomes more sophisticated as the exchange lengthens the key.
- #12 Attackers don’t have to know how to code, they don’t even have to be smart. Ransomware as a Service has almost become an industry, with tools like TOX which allow attackers to track how many folks have been infected and track the ransom paid
- #13 If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help that too! FUD- fully undetectable decrypting services use obfuscation, encryption and code manipulation.
- #14 Many of your targets wont have the technical knowledge to setup, purchase, transfer crypto-currency or use the decryption keys – for a fee you can have a multi-lingual call centre ensure that your victims are able to pay you and get their data back.
- #15 But the biggest problem for any organisation is this – Social Engineering – the easiest way to penetrate an organisations defences…exploiting their users! There is loads of literature available on Social Engineering if you’d like to become an expert (not that we’d endorse that kind of behaviour) But for now, let’s go through a step by step guide for co-ordinating a simple but devastating email attack.
- #16 It is very easy to identify the key stakeholders in a business, who’s important, who’s not, and who reports into who. A simple “about us” page often hands hackers an exec list on a plate… What better way to entice a user to open an email than having it look like it’s from the CEO, the CFO or some other senior leader?
- #17 When we know the key stakeholders LinkedIn can help us do some more digging and build a strategy… Very quickly I can identify who reports into who, who’s responsible for what, and tailor my attack to their position in the organisation …and all through your homepage and a fake LinkedIn account – simples!
- #18 Once we’ve got this far, its simple – send some targeted emails to the people we’ve researched with a call to action. For example, send a CV embedded with ransomware to the HR Manager we spoke to on LinkedIn Or send somebody in the warehouse an email confirming their delivery…with a malicious URL to “track their parcel” Even better…pretend to be the CEO and ask the new guy in accounts to action an urgent wire transfer
- #19 Simples! So what do we need to do to stop this?
- #20 Our MEME IS THIS You think your security looks like this.
- #21 But it actually looks like this. IMAGE FROM DOOMSDAY PREPPERS. The issue here is the risk profile is all wrong. Snipers rifle. Magazine’s clipped in. Can’t climb the stairs without getting out of breath. WE’RE SPENDING TOO MUCH MONEY ON THE WRONG THINGS
- #22 So what do we need to do differently? We need to build layers. The first layer is of course the technology – a combination of traditional and advanced, targeted threat protection to mitigate the risks in todays threat landscape.
- #23 But the second layer is just as important – the human firewall. Its the on-going education of the weakest links in our business – the users – to minimise their risk to us. That might mean pentesting, dynamic user awareness technologies, even just regular emails. Both layers are just as important as each other – its prevent and improve now, not just prevent.
- #25 And that brings us nicely to the concept I mentioned in the title. Cyber resilience definition from Wikipedia. It demonstrates that protecting our customers today involves more than just cyber security.
- #26 PROTECT It is more than just protection before an attack….what about during and after an attack. If you cannot answer three questions….then you are not using a cyber resilience strategy. Users (security) Data (multi-purpose archiving / backup) Productivity (operations continuity) FROM Malicious intent (internal and external) Human error Technological failure BY Preventing incidents (before) Recovering and mitigating (during) Improving and analyzing (after)
- #27 If you want to build a proper cyber resilience plan that protects your organisation and its end users, we can help you to address these four key points. Prepare – enable your users to look out for these kinds of emails, and have solutions in place that protect you, your data, and to be compliant Prevent an attack, with a layered approach to security – with traditional filtering services overlapped with targeted threat protection for phishing, whaling and ransomware Detect – reporting is more important than ever, so deploy SIEM, systematic alerting and regular reporting to give you visibility of what’s happening in your network And finally, Respond to an incident with immediate recovery, instant remediation, and on-going targeted education to prevent a future incident…and you’ll notice we’ve looped back around.
- #28 So as you sit in the sessions today on security, continuity and archiving – think about how you can knit these themes together and start having a conversation with your customer about cyber resiliency.