Study Results Advanced Persistent Threat Awareness.

Slides:

Advertisements

Similar presentations

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.

Advertisements

By Hiranmayi Pai Neeraj Jain

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

PEOPLE’S REPUBLIC OF HACKING By: Lani N, Ashley R, Michael R, Gregory R.

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

NUS Entrepreneurship Centre IT Usage for Direct Exports by SMEs: Comments International Seminar Information Technology for Development of SMEs in East.

Third Annual Shopping on the Job: ISACA’s Online Holiday Shopping and Workplace Internet Safety Survey Commissioned by ISACA ( November 2010.

Joel Maloff Phone.com February, 2012.

Norman Endpoint Protection Advanced security made easy.

Introduction to Network Defense

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

To Protect What Matters!! Protection Against Computer Virus Unit portfolio presentation by Saira Imtiaz.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Information Security Issues at Casinos and eGaming

IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Cybersecurity nexus (CSX)

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

Copyright Security-Assessment.com 2004 Vulnerability Management Explained By Peter Benson.

In the Crossfire International Cooperation and Computer Crime Stewart Baker.

Chapter 5: Implementing Intrusion Prevention

Chapter 2: Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the need to protect the nation’s cyber.

Internet Security Breach & Its Impact on Business Operations Kim Nguyen Manish Shirke Wa Mo Saravanan Velrajan.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

Consistency in Reporting Data Breaches

Hurdles in implementation of cyber security in India.

Financial Sector Cyber Attacks Malware Types & Remediation Best Practices

The First Step in Cybersecurity. Past Threats and Incident of Cybersecurity 76 % of organizations polled by CompTIA said they experienced them [a cybersecurity.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Computer Security By Duncan Hall.

Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

Risk Identification and Risk Assessment

Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.

MIS323 – Business Telecommunications Chapter 10 Security.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

1 Current Trends in Enterprise IT Network Security Key Takeaways Based on 100 Survey Responses © 2016 Lumeta Corporation.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

ISACA Many thanks to the ISACA Belgium Chapter, who created the original slide deck.

Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

TruSTAR Sensitive & Proprietary Cloud CISC: Cyber incident exchange and collaboration February, 2016 “We cannot solve problems with the same thinking we.

Page 1 IRU CONFERENCE THE ROAD TO SUCCESS: EURO-ASIAN FREIGHT MARKET Challenges and Opportunities Warsaw, June 2007 Security in Euro-Asian Road Transport:

SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.

Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Jan 2017 Single User PDF: US$

Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Feb 2017 Single User PDF: US$

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Advanced Persistent Threats.

November 14, 2016 bit.ly/nercomp_defendingyourdata16

Security Operations Update

[Internal Use] for Check Point employees

A Thread Relevant to all Levels of the EA Cube

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Endpoint Security Market to grow at 7% CAGR from 2017 to 2024: Global Market.

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Industrial Control Systems Security Market to reach $7bn by 2024: Global.

Skybox Cyber Security Best Practices

Cybersecurity compliance for attorneys

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.

ISACA IN 2019 Robin Lyons WHAT’S NEXT, NOW Technical Research Manager

CyberSecurity Strategy For Defendable ROI

Presentation transcript:

Study Results Advanced Persistent Threat Awareness

The 2010 Google Aurora attack forever changed the way we look at Internet security. This large-scale, sophisticated attack showed us that all sectors, from private to public, are vulnerable to a new class of security breach: The Advanced Persistent Threat © 2013 ISACA. All rights reserved

3 in its adaptability, APTs were once thought to be limited to attacks on government networks. APTs exploit zero-day threats – unknown weakness. APTs also often take the form of well-designed spear fishing attacks. © 2013 ISACA. All rights reserved ADVANCED, STEALTHY AND CHAMELEON-LIKE

4 The 2011 RSA SecurID attack was attributed to an APT. So was the Internet worm “Flame.” Following the Google attacks* similar targeted intrusions quickly followed, garnering media scrutiny – and growing concern that the APT was more damaging than it seemed. *Google attacks affected nearly three dozen well-known tech, finance and defense enterprises © 2013 ISACA. All rights reserved

5 How well do security professionals understand APTs? How are they affecting different industries and organizations throughout the world? What is being done to prevent them? In Q4 of 2012, ISACA launched the APT Awareness Survey to find out. © 2013 ISACA. All rights reserved

6 So ISACA asked 1,500 people worldwide – from tech service consultants, to people in the banking industry – about APTs. 19 % Asia 32 % 8%8% 3%3% 38 % Europe / Africa North America Latin America Oceania © 2013 ISACA. All rights reserved

7 42.5% of respondents were familiar… 28.6%, somewhat familiar… And only 25.1% very familiar about APTs. Overall, 96.2% were somewhat familiar with APTs… But most importantly: AWARENESS of respondents understood APTs as a very credible, serious threat to national security and economic stability. 93.6% 25 % 42 % 29 % 4%4% Very Familiar Familiar Somewhat Familiar Not at All Familiar © 2013 ISACA. All rights reserved

8 Just 46.6% of respondents believed that APTs were a unique threat. And more than half (53.4%) believe this advanced set of threats is no different to what they’ve been dealing with in the past. WHAT DOES THIS MEAN? 53 % Similar 47 % Unique © 2013 ISACA. All rights reserved

There’s a huge disconnect in the IT industry about APTs … A lack of understanding and education. © 2013 ISACA. All rights reserved

10 Highest Risks on Enterprises from APTs Other key highlights 89.7% of respondents believe the use of social networking sites like Facebook or Twitter increases the likelihood of a successful APT attack. BELIEVE THAT 87.3% JAILBREAKS, ROOTING & BYOD GREATLY INCREASE THE CHANCES OF AN APT OCCURRING. © 2013 ISACA. All rights reserved

11 Although just 21.6% of respondents reported having been victims of an APT attack 63% – three times that amount – believe it’s only a matter of time before their business is targeted. Suffering with an APT 63% BELIEVE IT’S ONLY A MATTER OF TIME BEFORE THEIR BUSINESS IS TARGETED. © 2013 ISACA. All rights reserved

12 The majority of survey takers – up to 60% – believed that they have the ability to ID, respond to and stop a successful APT attack. 31.1% said they have incident management plans in place to fight an APT. 49.5% are prepared, but without a concrete solution. Detect APT Attacks Respond to APT Attacks Stop a Successful Attack 0%20%40%60% How able is your enterprise to deal with an APT attack? Very Able Able Not Able Not at All Able © 2013 ISACA. All rights reserved

How are people handling the threats? Most respondents are using technology in a risk based layered approach to prevent and combat APTs. 94.9% Anti-Virus / Anti-Malware 92.8% Network Tech (Firewalls, etc.) 71.2% IPS © 2013 ISACA. All rights reserved

14 There aren’t enough precautions being taken against the threat of an APT. Up to 81.8% of survey takers have not updated their agreements with vendors who provide protection against APT. And 67.3% reported that they haven’t held any APT awareness training programs for their employees. A Troubling Lack of Initiative Has your enterprise increased security training as a result of APTs? Very Likely Likely Not Very likely Not at All Likely 0%20%40%60%80% © 2013 ISACA. All rights reserved Yes No

APTs are serious threats. We need more consideration to their consequences. Enterprises must adopt more technology awareness training, vendor management, incident management and increased attention from executives. © 2013 ISACA. All rights reserved

16 Advanced Persistent Threats differ from the traditional, average virus, and need to be classified as such. Many enterprises and companies have made some positive inroads into fighting APTs, like better security management. But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. Market conditions have not sufficiently changed, and the technology to fight APTs isn’t fully evolved yet. Conclusion But there’s still a lack of cohesion and understanding to what APTs are and how to defend against them. © 2013 ISACA. All rights reserved

ISACA is here to serve its members against any security breach – especially the Advanced Persistent Threat. A series of educational products to address challenges in cyber security, and guard against APTs, is currently in development. Take Action Against APTs To learn more visit us at

QUESTIONS & COMMENTS © 2013 ISACA. All rights reserved