Dissecting the Cyber Security Threat Landscape Chris Novak, Co-Founder & Global Director Verizon Threat Research Advisory Center, Verizon Communications INTRODUCE GENERAL ALEXANDER

State of the Union: Understanding Today's Hyper Evolving Threat Landscape Christopher Novak Director VTRAC | Investigative Response @ChrisJNovak

PLAY VIDEO HERE… @ChrisJNovak

Data Breach Investigations Report (DBIR) Lift the lid on cybercrime. 65 contributors 1,935 breaches 42,068 incidents 10th edition @ChrisJNovak

Over a Decade of Security Thought Leadership 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Coming soon Read the DBIR 2017: VerizonEnterprise.com/DBIR2017 Read the DBD 2017: VerizonEnterprise.com/databreachdigest 2016 2017 2018 Coming soon @ChrisJNovak

Data Breach Investigations Report (DBIR) Lift the lid on cybercrime. 1,935 breaches 42,068 incidents 10th edition 65 contributors VERIS Framework www.veriscommunity.net @ChrisJNovak

Our 65 DBIR Contributing Partners

Incident classification patterns Miscellaneous Errors Privilege Misuse Physical Theft and Loss Denial of Service Crimeware Web Application Attacks 98% of incidents and 88% of breaches fall into one of the incident classification patterns. Point of Sale Intrusions Cyber-Espionage Payment Card Skimming @ChrisJNovak

DBIR - Key Highlights @ChrisJNovak

DBIR - Key Highlights @ChrisJNovak

Industry analysis & breakdown by incidents @ChrisJNovak

Threat Actor Motivation Financial Motivation Largely opportunistic attacks Organized Crime Gains/Losses in the $M’s Espionage Motivation Targeted Attacks State sponsored Gains/Losses in the $B’s FIG = Fun, Ideology, and/or Grudge Motivation @ChrisJNovak

The crooks aren’t just after the big guys. Nearly two-thirds of the data breach victims in this year’s report are businesses and government agencies with under 1,000 employees. Further emphasizing that nobody is immune to data breaches… 61% @ChrisJNovak

The basics still aren’t covered. 1 in 14 users fell for phishing. A quarter of those were duped more than once. Stolen or easily guessable passwords featured in over 50% of breaches. @ChrisJNovak

Timespan of breach events over time @ChrisJNovak

For any data you could want to buy, there is a “Darknet” site that sells it…

Focusing your defenses Single-factor authentication is compromised often, and reused as a tool for the attacker. Shift from weak authentication methods to multi-factor solutions. Malware is not going anywhere. We assume you have client- based anti-virus running, which is a start. Enrich AV with network malware detection, sandboxing technologies and application whitelisting. Most breaches are starting with a compromised user device. Limit the sensitive data stored on workstations and build a properly segmented network with strong authentication between security zones. @ChrisJNovak

Focusing your defenses Patch web browser software (and associated plugins) promptly. Know what assets you have from which to determine patching. Limit what attachments make it past your email gateway. Strip all executables and macro- enabled Office documents, at a minimum. Encrypt all mobile devices! Keep audit logs of authorized user activity and monitor them to hunt down employee misuse or account takeovers. @ChrisJNovak

What does the future hold? Breaches beyond loss / theft of sensitive data… Internet of Things (IoT) - Estimated ~50B devices by 2020 Industrial Control Systems (Phys. disruption & destruction) Medical Devices …??? @ChrisJNovak

Q&A Questions? ... Email me at chris.novak@verizon.com DBIR Download: www.VerizonEnterprise.com/DBIR Data Breach Digest Download: www.VerizonEnterprise.com/databreachdigest @ChrisJNovak

Thank you. Chris Novak chris.novak@verizon.com @ChrisJNovak

INTRODUCE GENERAL ALEXANDER