Download presentation
Presentation is loading. Please wait.
1
Dissecting the Cyber Security Threat Landscape
Chris Novak, Co-Founder & Global Director Verizon Threat Research Advisory Center, Verizon Communications INTRODUCE GENERAL ALEXANDER
2
State of the Union: Understanding Today's Hyper Evolving Threat Landscape
Christopher Novak Director VTRAC | Investigative Response @ChrisJNovak
3
PLAY VIDEO HERE… @ChrisJNovak
4
Data Breach Investigations Report (DBIR)
Lift the lid on cybercrime. 65 contributors 1,935 breaches 42,068 incidents 10th edition @ChrisJNovak
5
Over a Decade of Security Thought Leadership
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Coming soon Read the DBIR 2017: VerizonEnterprise.com/DBIR2017 Read the DBD 2017: VerizonEnterprise.com/databreachdigest 2016 2017 2018 Coming soon @ChrisJNovak
6
Data Breach Investigations Report (DBIR)
Lift the lid on cybercrime. 1,935 breaches 42,068 incidents 10th edition 65 contributors VERIS Framework @ChrisJNovak
7
Our 65 DBIR Contributing Partners
8
Incident classification patterns
Miscellaneous Errors Privilege Misuse Physical Theft and Loss Denial of Service Crimeware Web Application Attacks 98% of incidents and 88% of breaches fall into one of the incident classification patterns. Point of Sale Intrusions Cyber-Espionage Payment Card Skimming @ChrisJNovak
9
DBIR - Key Highlights @ChrisJNovak
10
DBIR - Key Highlights @ChrisJNovak
11
Industry analysis & breakdown by incidents
@ChrisJNovak
12
Threat Actor Motivation
Financial Motivation Largely opportunistic attacks Organized Crime Gains/Losses in the $M’s Espionage Motivation Targeted Attacks State sponsored Gains/Losses in the $B’s FIG = Fun, Ideology, and/or Grudge Motivation @ChrisJNovak
13
The crooks aren’t just after the big guys.
Nearly two-thirds of the data breach victims in this year’s report are businesses and government agencies with under 1,000 employees. Further emphasizing that nobody is immune to data breaches… 61% @ChrisJNovak
14
The basics still aren’t covered.
1 in 14 users fell for phishing. A quarter of those were duped more than once. Stolen or easily guessable passwords featured in over 50% of breaches. @ChrisJNovak
15
Timespan of breach events over time
@ChrisJNovak
16
For any data you could want to buy, there is a “Darknet” site that sells it…
17
Focusing your defenses
Single-factor authentication is compromised often, and reused as a tool for the attacker. Shift from weak authentication methods to multi-factor solutions. Malware is not going anywhere. We assume you have client- based anti-virus running, which is a start. Enrich AV with network malware detection, sandboxing technologies and application whitelisting. Most breaches are starting with a compromised user device. Limit the sensitive data stored on workstations and build a properly segmented network with strong authentication between security zones. @ChrisJNovak
18
Focusing your defenses
Patch web browser software (and associated plugins) promptly. Know what assets you have from which to determine patching. Limit what attachments make it past your gateway. Strip all executables and macro- enabled Office documents, at a minimum. Encrypt all mobile devices! Keep audit logs of authorized user activity and monitor them to hunt down employee misuse or account takeovers. @ChrisJNovak
19
What does the future hold?
Breaches beyond loss / theft of sensitive data… Internet of Things (IoT) - Estimated ~50B devices by 2020 Industrial Control Systems (Phys. disruption & destruction) Medical Devices …??? @ChrisJNovak
20
Q&A Questions? ... Email me at chris.novak@verizon.com DBIR Download:
Data Breach Digest Download: @ChrisJNovak
21
Thank you. Chris Novak chris.novak@verizon.com @ChrisJNovak
22
INTRODUCE GENERAL ALEXANDER
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.