Collateral Effects of Cyberwar

Transcription

1 Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015

2 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global cybercrime was about $445 billion, a 33% percent Your texte growth here in. comparison to the previous year McAfee In 2015 companies experienced 99 successful attacks (intrusions) per year, a 46% increase in 4 years Ponemon Institute and Hewlett-Packard 81% of healthcare organizations have been compromised by cyberattacks in KPMG 80 of 100 big law firms have been hacked since 2011 Bloomberg Cybercrime is rising significantly in Europe: a 41% jump in the number of incidents detected over 2014 in comparison to 2013 PwC Above 80% of data breaches in 2014 are caused by external threats Verizon Banks hide cyber crime losses: cyber thieves steal twice amount reported City ORIGINAL of London SWISS Police ETHICAL & University HACKING of Cambridge

3 Common Scenarios of Cyber Attacks Targeted Attacks: sophisticated attacks organized by professional cyber mercenaries Your texte here mainly. against large and medium companies aimed to steal intellectual property, financial data, trade secrets and unpublished financial reports, or to block some business-critical systems to cause serious harm or to extort money. These attacks are usually very complicated to detect and almost impossible to investigate. Large-Scale Attacks: simple attacks via phishing or related scam targeting as many potential victims at once as possible. These attacks usually do not target any specific victim or type of data, but rather aim stealing as much as possible of potentially valuable information to resell it on the Black Market later. These attacks also include various types of extortion: from simple ransomware to sexual extortion against celebrities or Politically Exposed Persons (PEP). Collateral Attacks (Attacks on Trusted Third-Parties): sophisticated attacks against small and medium businesses (IT companies, consultants, lawyers, partners, suppliers, etc) organized in parallel with targeted attacks. Collateral attacks target third-party companies that have a privileged access to the data of the main victim (e.g. large bank or government). Such attacks are usually never ever detected, as victims don t have enough technical resources and expertise.

4 Most Popular Vectors of Collateral Attacks Usually attackers start with victim s employees profiling using publicly available information Your texte such here as. corporate websites or social networks. The objective is to identify one or several best victims that would have enough privileges to access the data and would be easy to manipulate. Once identified, the employee will receive a link to a trusted website, such as their own website, their partner website or a well-known website that victim regularly visits. Once clicked on the link, the victim will probably see a legitimately-looking page with some information that won t make victim thinking that something went wrong. At the time of the click, a malware will quickly check victim s computer or mobile device for known vulnerabilities and try to exploit them, execute malicious code and install invisible backdoor. At our practice above 90% of SMBs in Central Europe can be easily compromised from remote with publicly-known vulnerabilities. This is confirmed by Verizon data breach report that says that 99.9% of exploited vulnerabilities in 2014 were publicly disclosed and known more than a year prior to the malicious exploitation.

5 How to Survive and Protect the Business? Top management shall be personally involved into corporate information security strategy Your texte and here governance.. Today, information security it s not something we can delegate or outsource and forget. It s a daily process of continuous control, audit, validation and improvement. Make sure you can efficiently measure your corporate IT and IT security by various indicators and KPI. Only measurable things can be properly controlled. Various standards and best-practices, such as ITIL or COBIT, can help. Within your corporate IT governance, make sure your company is properly conducting IT and IT-related risk assessment and management. All cybersecurity risks shall be properly identified and mitigated in appropriate and timely manner. Avoid mixing responsibilities of IT and IT security teams. Information security team shall closely work with IT team, however shall have separated budget and human resources. Regularly involve third-party experts to conduct independent and holistic risk assessment and IT security audits. The more external opinions you will have the ORIGINAL better it will SWISS be. ETHICAL HACKING

6 Combining Efficiency and Effectiveness Thousands Your texte of here IT security. companies and their resellers will convince you that only their product or solution will resolve all your problems at once and for ever. Many large and small companies fall into the trap of endless and growing spending on cybersecurity without really improving anything. Make sure that each dollar you spend on cybersecurity is spent with efficiency and effectiveness: efficiency is doing the thing right, while effectiveness is doing the right thing. Efficiency: make sure that you buy the best rated solution or product that will have best price/quality ratio on the market. Effectiveness: make sure that you really need this particular product or solution, that it s appropriate for your particular business needs and environment, and that it does solve your real business problem. Make sure that you address cybersecurity risks in right priority, otherwise you will waste time and money.

7 Questions and Answers Your texte here. Thank you for your attention! Questions: