Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dissecting the Cyber Security Threat Landscape

Published byEustacia Lyons Modified over 5 years ago

Similar presentations

Presentation on theme: "Dissecting the Cyber Security Threat Landscape"— Presentation transcript:

1 Dissecting the Cyber Security Threat Landscape
Chris Novak, Co-Founder & Global Director Verizon Threat Research Advisory Center, Verizon Communications INTRODUCE GENERAL ALEXANDER

2 State of the Union: Understanding Today's Hyper Evolving Threat Landscape
Christopher Novak Director VTRAC | Investigative Response @ChrisJNovak

3 PLAY VIDEO HERE… @ChrisJNovak

4 Data Breach Investigations Report (DBIR)
Lift the lid on cybercrime. 65 contributors 1,935 breaches 42,068 incidents 10th edition @ChrisJNovak

5 Over a Decade of Security Thought Leadership
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Coming soon Read the DBIR 2017: VerizonEnterprise.com/DBIR2017 Read the DBD 2017: VerizonEnterprise.com/databreachdigest 2016 2017 2018 Coming soon @ChrisJNovak

6 Data Breach Investigations Report (DBIR)
Lift the lid on cybercrime. 1,935 breaches 42,068 incidents 10th edition 65 contributors VERIS Framework @ChrisJNovak

7 Our 65 DBIR Contributing Partners

8 Incident classification patterns
Miscellaneous Errors Privilege Misuse Physical Theft and Loss Denial of Service Crimeware Web Application Attacks 98% of incidents and 88% of breaches fall into one of the incident classification patterns. Point of Sale Intrusions Cyber-Espionage Payment Card Skimming @ChrisJNovak

9 DBIR - Key Highlights @ChrisJNovak

10 DBIR - Key Highlights @ChrisJNovak

11 Industry analysis & breakdown by incidents
@ChrisJNovak

12 Threat Actor Motivation
Financial Motivation Largely opportunistic attacks Organized Crime Gains/Losses in the $M’s Espionage Motivation Targeted Attacks State sponsored Gains/Losses in the $B’s FIG = Fun, Ideology, and/or Grudge Motivation @ChrisJNovak

13 The crooks aren’t just after the big guys.
Nearly two-thirds of the data breach victims in this year’s report are businesses and government agencies with under 1,000 employees. Further emphasizing that nobody is immune to data breaches… 61% @ChrisJNovak

14 The basics still aren’t covered.
1 in 14 users fell for phishing. A quarter of those were duped more than once. Stolen or easily guessable passwords featured in over 50% of breaches. @ChrisJNovak

15 Timespan of breach events over time
@ChrisJNovak

16 For any data you could want to buy, there is a “Darknet” site that sells it…

17 Focusing your defenses
Single-factor authentication is compromised often, and reused as a tool for the attacker. Shift from weak authentication methods to multi-factor solutions. Malware is not going anywhere. We assume you have client- based anti-virus running, which is a start. Enrich AV with network malware detection, sandboxing technologies and application whitelisting. Most breaches are starting with a compromised user device. Limit the sensitive data stored on workstations and build a properly segmented network with strong authentication between security zones. @ChrisJNovak

18 Focusing your defenses
Patch web browser software (and associated plugins) promptly. Know what assets you have from which to determine patching. Limit what attachments make it past your gateway. Strip all executables and macro- enabled Office documents, at a minimum. Encrypt all mobile devices! Keep audit logs of authorized user activity and monitor them to hunt down employee misuse or account takeovers. @ChrisJNovak

19 What does the future hold?
Breaches beyond loss / theft of sensitive data… Internet of Things (IoT) - Estimated ~50B devices by 2020 Industrial Control Systems (Phys. disruption & destruction) Medical Devices …??? @ChrisJNovak

20 Q&A Questions? ... Email me at chris.novak@verizon.com DBIR Download:
Data Breach Digest Download: @ChrisJNovak

21 Thank you. Chris Novak chris.novak@verizon.com @ChrisJNovak

22 INTRODUCE GENERAL ALEXANDER

Download ppt "Dissecting the Cyber Security Threat Landscape"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.

English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
OWASP Principles for GIS Data Security Keeping your GIS data secure.

OWASP Principles for GIS Data Security Keeping your GIS data secure.
Cyber-Warfare: The Future is Now!

Cyber-Warfare: The Future is Now!
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Agenda Do You Need to Be Concerned? Information Risk at Nationwide

Agenda Do You Need to Be Concerned? Information Risk at Nationwide
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
© 2010 Verizon. All Rights Reserved. PTE14626 07/10 2011 DBIR.

© 2010 Verizon. All Rights Reserved. PTE / DBIR.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.

MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via email.

CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Securing Information Systems

Securing Information Systems
Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Similar presentations

Ads by Google