Presentation is loading. Please wait.

Presentation is loading. Please wait.

There Will be Attacks – Improve Your Defenses

Published byChristian Powell Modified over 6 years ago

Similar presentations

Presentation on theme: "There Will be Attacks – Improve Your Defenses"— Presentation transcript:

1 There Will be Attacks – Improve Your Email Defenses
Achmad Chadran Product Marketing Manager

2 a phish: median time-to-first-click
1 minute 40 seconds a phish: median time-to-first-click 1M 40 SECONDS THE MEDIAN TIME FOR SOMEONE TO CLICK on a phishing link That’s the Median, imagine what the lower outliers are. And.. 50% of those people who do click the link will do it within the first hour. Verizon 2016 Data Breach Investigations Report (DBIR)

3 How your customers see their security
Our MEME IS THIS You think your security looks like this.

4 What their security actually looks like
But it actually looks like this. IMAGE FROM DOOMSDAY PREPPERS. The issue here is the risk profile is all wrong. Snipers rifle. Magazine’s clipped in. Can’t climb the stairs without getting out of breath. WE’RE SPENDING TOO MUCH MONEY ON THE WRONG THINGS What their security actually looks like

5 What their attackers look like
So, who are the attackers and why do they attack? Cybercriminals take may forms Hacktivists -target organizations for political reasons and the bring media attention to specific issue The group Anonymous – combat censorship, promote freedom of speech and counter government control No dedicated leader, international, hard to measure their size, use forums and online chat rooms Responsible for bringing down mastercard and Paypal for not supporting wiki leaks State sponsored attacks which are becoming more common. Government and private organizations are attacked by groups directly controlled by or influenced by a government – Russia’s alleged influence over the recent US election is a good example. Spies and terrorists trying to get sensitive information about our government Businesses trying to get an upper hand on the competition The majority of attacks against organizations are for financial reward. These people are out for money. They sell personal information on the black market or they may hold data hostage and request ransom. But how do they get a user to click on a link or open an attachment?

6 70% of attacks lead to a secondary target
70% of attacks lead to a secondary target. Your customers could be stepping stones…. 70% of attacks lead to a secondary target. Hospitals, retailers, banks lots of businesses store information about their clients. Verizon 2015 Data Breach Investigations Report (DBIR)

7 Real life examples

8 Vector: Phishing attack Threat: Entering password Target: Random mass-mailing

9 Vector: Phishing with attachment Threat: Opening the document and activating malicious code Target: Targeted mailing

10 Vector: Spear phishing attack Threat: Impersonating senior staff Target: An employee with authority

11 Layer 1: The technology 23% open the phish & click
Layer one is of course the technology Layer 1: The technology 23% open the phish & click

12 You don’t even need to know how to code
Attackers don’t have to know how to code, they don’t even have to be smart. They can download TOX, a ransomware construction tool that provides an easy to use graphical interface that allows attackers to track how many folks have been infected and track the ransom paid

13 If you code but don’t know how to bypass sandboxes…
FUD (Fully Undetectable) Crypting Services to avoid AV detection If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help. FUD- fully undetectable crypting services uses obfuscation, encryption and code manipulation.

14 Ransomware is Moving to Critical Infrastructure
Last year’s Black Friday attack against the San Francisco Municipal Transport Agency. All data on over 2000 computers was encrypted which forced them to let everybody ride for free. “You Hacked, ALL Data Encrypted. They attackers demanded payment of 100 Bitcoin, the equivalent of $73,000 dollars. “You Hacked, ALL Data Encrypted”

15 Layer 2: The human firewall
the people. This layer Is made from Human awareness of the problem. The idea that you can build a human firewall in your business One that raises the security consciousness of your staff Layer 2: The human firewall 11% open the phish & run the attachment

16 3 Types of Internal Threats
The Compromised Insider The Careless Insider The Malicious Insider

17 “HEY STRANGERS - Please send me files”

18 “Click to View” Dupe

19 “New” Office Confusion

20 Q: Where to begin?

21 Mimecast Targeted Threat Protection
URL Protect with URL rewriting and dynamic user awareness Mimecast Targeted Threat Protection Attachment Protect with file transcription, on-demand and pre-emptive sandboxing Impersonation Protect with dedicated detection of whaling and malware-less phishing Comprehensive protection, simply achieved in the cloud Internal Protect Detection and remediation of internal security threats Plus inspection of outbound s

22 Protect You need the technology that provides the best possible multi-layered protection
Continue You need to continue to work while the issue is resolved Remediate You need to get back to the last known good state Cyber Resilience

23 Email Security Risk Assessment - Funnel
Data from: 23,700 users 150 days 26m s AFTER the incumbent security solutions

24 THANKS! Let’s book a meeting.

Download ppt "There Will be Attacks – Improve Your Defenses"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Consistency in Reporting Data Breaches

Consistency in Reporting Data Breaches
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.

Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.

January 07 th 2016 Intelligence Briefing NOT PROTECTIVELY MARKED.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.

Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Technical Implementation: Security Risks

Technical Implementation: Security Risks
Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.
Recent Cyber Security Events and Future Research Directions

Recent Cyber Security Events and Future Research Directions
Social Engineering Dr. X.

Social Engineering Dr. X.
Threat Scan (ETS) for Office 365

Threat Scan (ETS) for Office 365
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing email circulated last week that led to.

PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.

Similar presentations

Ads by Google