Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

Published byShonda Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors."— Presentation transcript:

1 1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors

2 2 Title Who is Doing it?  70% of breaches involved External agents  48% of breaches involved Internalagents  11% of breaches involved Partner agents  Any breach can involve multiple individuals  E.g. An employee of a subcontractors steals Credit Card numbers and delivers the Credit Card Numbers to an external 3 rd party

3 3 Title Who is Doing it?  External Agents (70% breaches, 98% of lost data)  24%Organized Criminal Group  21%Unaffiliated Person(s)  3%External Systems or Sites  5%Others (Former Employee, Partner, Competitor, Customer)  45% Unknown

4 4 Title Who is Doing it? Internal Agents (48% of Breaches, 3% of records) Demographics (90% Deliberate )  51% Regular Employees / end user  12% Finance / Accounting  12% System Admin  7%Upper management  8%Other ( Help desk, Software Dev, Auditor)  9% Unknown

5 5 Title Who is Doing it?  Partner Agent (11% of Breaches, 1% of records)  3 rd party “hijack” Partner,  Deliberate act of Partner “Organization that outsource their IT management and support also outsource a great deal of trust to these partners. … poor governance, lax security, and too much trust is often the rule “ Verizon Data Breach Investigation Report (p. 19)

6 6 Title How Are They Doing it?

7 7 Title How did insiders do it?  Inter-connected factors and events  48% of breaches included Misuse of privilege  40% of breaches were by Hackers  38% of breaches used of Malware  28% of breaches used Social Engineering  15% of breaches were Physical attacks A single attack can may combine multiple vulnerabilities.

8 8 Title How did Outsiders do it?  Hackers methods  Web Applications 54%  Remote Access 34%  Backdoors 23%  Network file sharing 4%  Others (physical access, Wireless Network, unk)

9 9 Title Top 5 Methods of Attack  Webpage Access  Un / Improperly Secured Access  Trusted network connections  Trojans / Malware / Spyware  Employee Malfeasance

10 10 Title Top 5 Methods of Attack  Web Pages Unsecured web pages access SQL Injection Improperly designed website Oops - errors

11 11 Title Top 5 Methods of Attack  Un / Improperly Secured Access  Abandoned / Unguarded computers.  Computers with too many connections  Brute Force  Backdoors

12 12 Title Top 5 Methods of Attack  Trusted network connections  Sub contractor / Sister company or agency

13 13 Title Top 5 Methods of Attack  Trojans / Malware / Spyware  E-mail of a Trojan  Social Engineering Telephone Contact Email Contact Internet contact (Chat, IM, etc)  Customized Malware (Largest attacks)  Back doors

14 14 Title Top 5 Methods of Attack  Employee Malfeasance  Abuse of system access  Use of un-approved hardware / device Rogue networks  Improperly handled data

15 15 Title Timelines facts  How long To Compromise Data  Most took days to months  31% took only Minutes  Time to Discovery  Most took weeks or months  5% took minutes  Time to Containment  Most took days to weeks *some even months

16 16 Title Some thoughts  98% came from servers (duh)  85% an not very difficult  61% Discovered by a 3 rd party  86% had evidence in log files about attack

Download ppt "1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors."

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Internet, Intranet and Extranets

Internet, Intranet and Extranets
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Appendix B: Designing Policies for Managing Networks.

Appendix B: Designing Policies for Managing Networks.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Threats and vulnerabilities

Threats and vulnerabilities

Similar presentations

Ads by Google