Collateral Effects of Cyberwar

Similar documents
The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Cybersecurity Awareness. Part 1

DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT SECURITY RISKS SPECIAL REPORT SERIES

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

NATIONAL CYBER SECURITY AWARENESS MONTH

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

EY Cyber Security Hacktics Center of Excellence

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

Internet threats: steps to security for your small business

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

OCIE Technology Controls Program

Cyber Security for audit committees

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

5.5. Penetration Tests. Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

CYBER SECURITY THREAT REPORT Q1

Perspectives on Cybersecurity in Healthcare June 2015

Defensible Strategy To. Cyber Incident Response

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

TLP WHITE. Denial of service attacks: what you need to know

2010 Data Breach Investigations Report

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Small businesses: What you need to know about cyber security

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

PREPARE YOUR INCIDENT RESPONSE TEAM

Global Corporate IT Security Risks: 2013

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE THREAT OF DDOS ATTACKS IT SECURITY RISKS SPECIAL REPORT SERIES

CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC. October Sponsored by:

Vulnerability Assessment & Compliance

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

10 Smart Ideas for. Keeping Data Safe. From Hackers

Information Security and Risk Management

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Better secure IT equipment and systems

Access is power. Access management may be an untapped element in a hospital s cybersecurity plan. January kpmg.com

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

I ve been breached! Now what?

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security An Exercise in Predicting the Future

The Attacker s Target: The Small Business

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

2012 Data Breach Investigations Report

How To Cover A Data Breach In The European Market

Cybersecurity: Protecting Your Business. March 11, 2015

Small businesses: What you need to know about cyber security

THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED

WRITTEN TESTIMONY OF

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

The Recover Report. It s business. But it s personal.

Cybersecurity Workshop

Overcoming Five Critical Cybersecurity Gaps

Global IT Security Risks

how human behavior and decision making expose users to phishing attacks BY INA WANCA AND ASHLEY CANNON

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

Application Security in the Software Development Lifecycle

How-To Guide: Cyber Security. Content Provided by

Topic 1 Lesson 1: Importance of network security

IBM Security re-defines enterprise endpoint protection against advanced malware

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Think STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber

Promoting a cyber security culture and demand compliance with minimum security standards;

Mitigating and managing cyber risk: ten issues to consider

PCI Compliance for Healthcare

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

Transcription:

Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015

Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global cybercrime was about $445 billion, a 33% percent Your texte growth here in. comparison to the previous year McAfee In 2015 companies experienced 99 successful attacks (intrusions) per year, a 46% increase in 4 years Ponemon Institute and Hewlett-Packard 81% of healthcare organizations have been compromised by cyberattacks in 2013-2014 KPMG 80 of 100 big law firms have been hacked since 2011 Bloomberg Cybercrime is rising significantly in Europe: a 41% jump in the number of incidents detected over 2014 in comparison to 2013 PwC Above 80% of data breaches in 2014 are caused by external threats Verizon Banks hide cyber crime losses: cyber thieves steal twice amount reported City ORIGINAL of London SWISS Police ETHICAL & University HACKING of Cambridge

Common Scenarios of Cyber Attacks Targeted Attacks: sophisticated attacks organized by professional cyber mercenaries Your texte here mainly. against large and medium companies aimed to steal intellectual property, financial data, trade secrets and unpublished financial reports, or to block some business-critical systems to cause serious harm or to extort money. These attacks are usually very complicated to detect and almost impossible to investigate. Large-Scale Attacks: simple attacks via phishing or related scam targeting as many potential victims at once as possible. These attacks usually do not target any specific victim or type of data, but rather aim stealing as much as possible of potentially valuable information to resell it on the Black Market later. These attacks also include various types of extortion: from simple ransomware to sexual extortion against celebrities or Politically Exposed Persons (PEP). Collateral Attacks (Attacks on Trusted Third-Parties): sophisticated attacks against small and medium businesses (IT companies, consultants, lawyers, partners, suppliers, etc) organized in parallel with targeted attacks. Collateral attacks target third-party companies that have a privileged access to the data of the main victim (e.g. large bank or government). Such attacks are usually never ever detected, as victims don t have enough technical resources and expertise.

Most Popular Vectors of Collateral Attacks Usually attackers start with victim s employees profiling using publicly available information Your texte such here as. corporate websites or social networks. The objective is to identify one or several best victims that would have enough privileges to access the data and would be easy to manipulate. Once identified, the employee will receive a link to a trusted website, such as their own website, their partner website or a well-known website that victim regularly visits. Once clicked on the link, the victim will probably see a legitimately-looking page with some information that won t make victim thinking that something went wrong. At the time of the click, a malware will quickly check victim s computer or mobile device for known vulnerabilities and try to exploit them, execute malicious code and install invisible backdoor. At our practice above 90% of SMBs in Central Europe can be easily compromised from remote with publicly-known vulnerabilities. This is confirmed by Verizon data breach report that says that 99.9% of exploited vulnerabilities in 2014 were publicly disclosed and known more than a year prior to the malicious exploitation.

How to Survive and Protect the Business? Top management shall be personally involved into corporate information security strategy Your texte and here governance.. Today, information security it s not something we can delegate or outsource and forget. It s a daily process of continuous control, audit, validation and improvement. Make sure you can efficiently measure your corporate IT and IT security by various indicators and KPI. Only measurable things can be properly controlled. Various standards and best-practices, such as ITIL or COBIT, can help. Within your corporate IT governance, make sure your company is properly conducting IT and IT-related risk assessment and management. All cybersecurity risks shall be properly identified and mitigated in appropriate and timely manner. Avoid mixing responsibilities of IT and IT security teams. Information security team shall closely work with IT team, however shall have separated budget and human resources. Regularly involve third-party experts to conduct independent and holistic risk assessment and IT security audits. The more external opinions you will have the ORIGINAL better it will SWISS be. ETHICAL HACKING

Combining Efficiency and Effectiveness Thousands Your texte of here IT security. companies and their resellers will convince you that only their product or solution will resolve all your problems at once and for ever. Many large and small companies fall into the trap of endless and growing spending on cybersecurity without really improving anything. Make sure that each dollar you spend on cybersecurity is spent with efficiency and effectiveness: efficiency is doing the thing right, while effectiveness is doing the right thing. Efficiency: make sure that you buy the best rated solution or product that will have best price/quality ratio on the market. Effectiveness: make sure that you really need this particular product or solution, that it s appropriate for your particular business needs and environment, and that it does solve your real business problem. Make sure that you address cybersecurity risks in right priority, otherwise you will waste time and money.

Questions and Answers Your texte here. Thank you for your attention! Questions: ilia.kolochenko@htbridge.com www.htbridge.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information