Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security for Today’s Threat Landscape Kat Pelak 1.

Published byKerry Chambers Modified over 9 years ago

Similar presentations

Presentation on theme: "Security for Today’s Threat Landscape Kat Pelak 1."— Presentation transcript:

1 Security for Today’s Threat Landscape Kat Pelak 1

2

3 Mega Breaches Healthcare, education and the public sectors accounted for 58% of all data breaches But the retail, computer software and financial sectors accounted for 77% of all the identities exposed in 2013. Healthcare, education and the public sectors accounted for 58% of all data breaches But the retail, computer software and financial sectors accounted for 77% of all the identities exposed in 2013. 3

4 Top Causes of Data Breaches 4 Sept. 2013 to Aug 2014 Source: Symantec Hackers Accidentally Made Public Theft or Loss Insider Theft 53% 21% 20% 6% 137 55 51 16 259 TOTAL Number of Incidents

5 Data Loss Increase 5 2012 2013 ? ? 552M Total identities exposed in 2013, A 493% Increase. 2014 93M 552M

6 Breaches

7 Data by the Numbers

8 Ransomware 500% in the last 6 months.

9 Dragonfly: Western Energy Companies Under Sabotage Threat Ongoing cyberespionage campaign Targeting the energy sector in Europe and US. Other sectors not immune Stealing information Capable of sabotage Attacker capabilities –persistent access to networks –Information stealing –Sabotage Ongoing cyberespionage campaign Targeting the energy sector in Europe and US. Other sectors not immune Stealing information Capable of sabotage Attacker capabilities –persistent access to networks –Information stealing –Sabotage

10 10 A Russian crime organization has reportedly stolen over 1.2 billion Internet credentials. Over 4,000 websites appear to have been compromised Why is Security so LAX?

11 Email-borne threats are common 11 1 in 392 Emails are a phishing attack 1 in 196 Emails are a malware attack 66% of all email is spam 25% Contain a hyperlink to malicious code

12 Mobile Users at Risk 50 % 38 % Source: 2013 Norton Report Don’t use basic precautions such as passwords, security software or back up files for their mobile device Of smartphone users have experienced mobile cybercrime in past 12 months

13 72 % 90 % 78 % 56 % 48 % 33 % DELETE SUSPICIOUS EMAILS FROM PEOPLE THEY DON’T KNOW HAVE AT LEAST A BASIC FREE ANTIVIRUS SOLUTION AVOID STORING SENSITIVE FILES ONLINE Mobile Security IQ Source: 2013 Norton Report

14 Social Media

15 Mobile Threats Android remains the platform of choice for malware authors Android Symbian Windows Number of Threats 57 1 1 Percent of Threats 94% 2% 1 Platform iOS Mobile Threats: Malicious Code by Platform, 2013 Source: Symantec

16 Targeted Attacks

17 Protection Against Targeted Attacks Reputational & BehavioralProtection (SEP) Detect and block new and unknown threats based on global reputation and behavior of files Host-based IntrusionDetection and Prevention (DCS) Locks down key systems that contain confidential information Prevents any unauthorized code to run — independent of AV signatures Removable Media Device Control(SEP) Restrict removable devices and functions to prevent malware infection Email & Web Gateway Security Scan & block email with potentially malicious URLs, attachments or content. Monitor inbound/outbound web traffic and block accordingly Encryption Discover data spills of confidential information that are targeted by attackers Detect and prevent exfiltration of confidential information that are targeted by attackers Endpoint & Network DataCorrelation (MSS-ATP) Create and enforce security policies so all confidential information is encrypted Network Threat and VulnerabilityMonitoring (MSS) Prioritize threat information detected at the network through security intelligence and information coming from endpoint security devices.

18 Zero-day Vulnerabilities

19 Avoiding Data Breaches 19 Data Classification (Insight) Determine what sensitive information exists in your organization Categorize it appropriately and protect it according to its classification level Data Loss Prevention (DLP) Detect and prevent exfiltration of sensitive information that is targeted by attackers Enforce rules prohibiting access of confidential data using applications Host-based IntrusionDetection and Prevention (DCS) Locks down key systems that contain confidential information Prevents any unauthorized code to run — independent of AV signatures Email & Web Gateway Security Scan & block email with potentially malicious URLs, attachments or content. Monitor inbound/outbound web traffic and block accordingly Encryption Create and enforce security policy so all confidential information is encrypted Strong Authentication (VIP) Use two-factor authentication to protect against credential theft

20 Mitigating Mobile Attacks 20 Application ManagementSymantec App Center Secure data in corporate applications regardless of device ownership Device ManagementSymantec Mobile Management Remotely wipe devices in case of theft or loss, control password policies Update devices with applications as needed without physical access Device SecuritySymantec App Center Guard mobile device against malware Prevent the device from becoming a vulnerability Identity & Access ControlSymantec VIP Provide strong authentication and authorization for access to enterprise applications and resources Ensure safe access to enterprise resources from right devices with right postures

21 Defense-in-Depth Security Information Management Secure Mail Gateway Client and Asset Management Encryption Endpoint Protection

22 3 things you should do when you leave this room.. Review your current security stack Presentation Identifier Goes Here 22 123 Consider your options to fill the gaps If you need help, contact Symantec

23 23 Download: symantec.com/threatreport Follow: @threatintel Stay Informed

24 Thank you! Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Kat Pelak Katheryne_Pelak@Symantec.com @KatherynePelak Katheryne_Pelak@Symantec.com @KatherynePelak

Download ppt "Security for Today’s Threat Landscape Kat Pelak 1."

Similar presentations

Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.

Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Symantec Security Intelligence Internet Security Threat Report Volume XVI June, 2011 Tiffany Jones Director – Programs and Strategy Symantec Public.

Symantec Security Intelligence Internet Security Threat Report Volume XVI June, 2011 Tiffany Jones Director – Programs and Strategy Symantec Public.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.

10 Tips for keeping MCL safe 1. Set up your defenses. Do you have adequate firewalls and antivirus software to protect you from hackers who could steal.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Mobile Devices Carry Hidden Threats With Financial Consequences Hold StillInstalled.

Mobile Devices Carry Hidden Threats With Financial Consequences Hold StillInstalled.
2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,

2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.

Similar presentations

Ads by Google