Threat context TLP WHITE www.soltra.com Cyber security panel SOLTRA | an FS-ISAC DTCC Company

External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected by respondents climbed to 42.8 million this year, an increase of 48% over 2013. Findings from The Global State of Information Security Survey 2015 Graphic Source: PwC TLP WHITE

Evolution of Cyber Attacks Cyber Threats on the Private Sector Fun Technically curious individuals Fame Technically adept groups leaving their mark on public websites Fortune Cyber criminals and organized gangs stealing money, data ransom schemes and competitive information Force Nation states and non-nation state groups launching targeted attacks for strategic purposes 2001 2010 1988 2004 Academic “Script Kiddies” Commodity Threats Nature of Threat Advanced Persistent Threats (APT) – Targeting government entities APT– Targeting private sector TLP WHITE SOLTRA | An FS-ISAC DTCC Company

Who Are the Adversaries? August 2014 Attacker Motivation, Capability & Intent Criminals Money And more money Large number of groups Skills from basic to advanced Present in virtually every country Up to $$$ Hacktivists Protest Revenge Groups tend to have basic skills with a few 'standout' individuals with advanced technical and motivational skills" Up to $ -$$ Espionage Acquiring Secrets for national security or economic benefit Small but growing number of countries with capability Larger array of ‘supported’ or ‘tolerated’ groups Up to $$$$+ War Motivation is to destroy, degrade, or deny capabilities of an adversary Politics by other means Non-state actors may utilize ‘war’ like approaches Up to $$$$$ ? …but, a lot less expensive than a nuclear weapon $ - Under thousands $$ - Tens to hundreds of thousands $$$ - Millions $$$$ - Tens to hundreds of millions $$$$$ - Billions TLP WHITE SOLTRA | An FS-ISAC DTCC Company

The Need for Speed TLP WHITE Attackers have honed their skills to come at you rapidly Defenders take a long time to feel the impact of an attack Attackers Act 150x Faster Than Victims Respond Minutes vs. Weeks/ Months Seconds Minutes Hours Days Weeks Months Initial Attack to Initial Compromise (Shorter Time Worse) 10% 75% 12% 2% 0% 1% Initial Compromise to Data Exfiltration (Shorter Time Worse) 8% 38% 14% 25% 8% 8% Initial Compromise to Discovery (Longer Time Worse) 0% 0% 2% 13% 29% 54% TLP WHITE SOLTRA | An FS-ISAC DTCC Company

Changing the Economics Cost to Firms  The current cost to process a single piece of intelligence is 7 hours. Equal to 2014 =$100m; 2015 = $1b; 2016 = $4b Cost to Adversaries  Adversaries must “re-tool” much more often and their exploits cause less damage Risks from Cyber Threats  Frequency and impact of threats decrease while higher adoption leads to exponential benefits Advantage: Attackers Advantage: Defenders Cost to Defend Max Policy Effectiveness Current State of Cyber-Symmetry (Unsophisticated Adversaries Can Play) Future State of Cyber-Symmetry (Only Most Advanced Can Play) Cost Cost to Attack Min Cyber Warfare Symmetry SOLTRA | An FS-ISAC DTCC Company