There Will be Attacks – Improve Your Email Defenses Achmad Chadran Product Marketing Manager

a phish: median time-to-first-click 1 minute 40 seconds a phish: median time-to-first-click 1M 40 SECONDS THE MEDIAN TIME FOR SOMEONE TO CLICK on a phishing link That’s the Median, imagine what the lower outliers are. And.. 50% of those people who do click the link will do it within the first hour. Verizon 2016 Data Breach Investigations Report (DBIR)

How your customers see their security Our MEME IS THIS You think your security looks like this.

What their security actually looks like But it actually looks like this. IMAGE FROM DOOMSDAY PREPPERS. The issue here is the risk profile is all wrong. Snipers rifle. Magazine’s clipped in. Can’t climb the stairs without getting out of breath. WE’RE SPENDING TOO MUCH MONEY ON THE WRONG THINGS What their security actually looks like

What their attackers look like So, who are the attackers and why do they attack? Cybercriminals take may forms Hacktivists -target organizations for political reasons and the bring media attention to specific issue The group Anonymous – combat censorship, promote freedom of speech and counter government control No dedicated leader, international, hard to measure their size, use forums and online chat rooms Responsible for bringing down mastercard and Paypal for not supporting wiki leaks State sponsored attacks which are becoming more common. Government and private organizations are attacked by groups directly controlled by or influenced by a government – Russia’s alleged influence over the recent US election is a good example. Spies and terrorists trying to get sensitive information about our government Businesses trying to get an upper hand on the competition The majority of attacks against organizations are for financial reward. These people are out for money. They sell personal information on the black market or they may hold data hostage and request ransom. But how do they get a user to click on a link or open an attachment?

70% of attacks lead to a secondary target 70% of attacks lead to a secondary target. Your customers could be stepping stones…. 70% of attacks lead to a secondary target. Hospitals, retailers, banks lots of businesses store information about their clients. Verizon 2015 Data Breach Investigations Report (DBIR)

Real life examples

Vector: Phishing attack Threat: Entering password Target: Random mass-mailing

Vector: Phishing email with attachment Threat: Opening the document and activating malicious code Target: Targeted mailing

Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority

Layer 1: The technology 23% open the phish & click Layer one is of course the technology Layer 1: The technology 23% open the phish & click

You don’t even need to know how to code Attackers don’t have to know how to code, they don’t even have to be smart. They can download TOX, a ransomware construction tool that provides an easy to use graphical interface that allows attackers to track how many folks have been infected and track the ransom paid

If you code but don’t know how to bypass sandboxes… FUD (Fully Undetectable) Crypting Services to avoid AV detection   If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help. FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.

Ransomware is Moving to Critical Infrastructure Last year’s Black Friday attack against the San Francisco Municipal Transport Agency. All data on over 2000 computers was encrypted which forced them to let everybody ride for free. “You Hacked, ALL Data Encrypted. They attackers demanded payment of 100 Bitcoin, the equivalent of $73,000 dollars. “You Hacked, ALL Data Encrypted”

Layer 2: The human firewall the people. This layer Is made from Human awareness of the problem. The idea that you can build a human firewall in your business One that raises the security consciousness of your staff Layer 2: The human firewall 11% open the phish & run the attachment

3 Types of Internal Threats The Compromised Insider The Careless Insider The Malicious Insider

“HEY STRANGERS - Please send me files”

“Click to View” Dupe

“New” Office Confusion

Q: Where to begin?

Mimecast Targeted Threat Protection URL Protect with URL rewriting and dynamic user awareness Mimecast Targeted Threat Protection Attachment Protect with file transcription, on-demand and pre-emptive sandboxing Impersonation Protect with dedicated detection of whaling and malware-less phishing Comprehensive protection, simply achieved in the cloud Internal Email Protect Detection and remediation of internal security threats Plus inspection of outbound emails

Protect You need the technology that provides the best possible multi-layered protection Continue You need to continue to work while the issue is resolved Remediate You need to get back to the last known good state Cyber Resilience

Email Security Risk Assessment - Funnel Data from: 23,700 users 150 days 26m emails AFTER the incumbent security solutions

THANKS! Let’s book a meeting.