a tipping point in the battle against cyber attacks
TRANSCRIPT
-
8/12/2019 A tipping point in the battle against Cyber attacks
1/51
-
8/12/2019 A tipping point in the battle against Cyber attacks
2/51
Webcast Logistics
-
8/12/2019 A tipping point in the battle against Cyber attacks
3/51
Todays Presenters
Dr. Larry PonemonChairman & Founder, Ponemon Institute
Avi CheslaChief Technology Officer, Radware
-
8/12/2019 A tipping point in the battle against Cyber attacks
4/51
Cyber Security on the OffenseA Study of IT Security Experts
Co-authored Research with RadwarePresentation by Dr. Larry Ponemon
November 14, 2012
-
8/12/2019 A tipping point in the battle against Cyber attacks
5/51
About Ponemon Institute
Ponemon Institute conducts independent research on cyber security, data protectionand privacy issues.
Since our founding 11+ years ago our mission has remained constant, which is toenable organizations in both the private and public sectors to have a clearerunderstanding of the practices, enabling technologies and potential threats that willaffect the security, reliability and integrity of information assets and IT systems.
Ponemon Institute research informs organizations on how to improve upon their dataprotection initiatives and enhance their brand and reputation as a trusted enterprise.
In addition to research, Ponemon Institute offers independent assessment andstrategic advisory services on privacy and data protection issues. The Institute alsoconducts workshops and training programs.
The Institute is frequently engaged by leading companies to assess their privacy anddata protection activities in accordance with generally accepted standards andpractices on a global basis.
The Institute also performs customized benchmark studies to help organizationsidentify inherent risk areas and gaps that might otherwise trigger regulatory action.
11/13/2012 Ponemon Institute: Private & Confidential Information 5
-
8/12/2019 A tipping point in the battle against Cyber attacks
6/51
Spotlight on key findings
Availability is now the top priority DoS & DDoS are two of the top three threats
Sixty-five percent of organizations experienced 3 more more DoSattacks over the past 12 months
DoS & DDoS attacks cost organizations $3M on average Counterattack techniques are viewed as viable improvements to
normal defense posture
11/13/2012 Ponemon Institute: Private & Confidential Information 6
A sampling frame of 22,501 IT and IT security practitioners located in allregions of the United States were selected as participants to this survey.The final sample was 705 surveys (or a 3.1 percent response rate).
-
8/12/2019 A tipping point in the battle against Cyber attacks
7/51
Distribution of respondents according toprimary industry classification
11/13/2012 Ponemon Institute: Private & Confidential Information 7
19%
13%
11%
8%7%
6%
6%
5%
5%
5%
4%
4%2% 2%
2% 1% Financial services
Public sector
Health & pharmaceuticals
Retail (conventional)
E-commerce
IndustrialServices
Energy & utilities
Hospitality
Technology & software
Consumer products
TransportationCommunications
Education & research
Entertainment & media
Agriculture & food services
Sample size = 705
-
8/12/2019 A tipping point in the battle against Cyber attacks
8/51
What organizational level best describesyour current position?
11/13/2012 Ponemon Institute: Private & Confidential Information 8
2% 1%
17%
23%
19%
33%
4% 1%
Senior executive
Vice president
Director
Manager
Supervisor
Technician
Staff
Consultant
Sample size = 705
-
8/12/2019 A tipping point in the battle against Cyber attacks
9/51
The primary person you or the IT securityleader reports to within the organization
11/13/2012 Ponemon Institute: Private & Confidential Information 9
61%21%
5%
3%2%
2%2%4%
Chief Information Officer
Chief Information Security OfficerChief Risk Officer
General Counsel
Chief Financial Officer
Compliance Officer
Chief Security Officer
Other
Sample size = 705
-
8/12/2019 A tipping point in the battle against Cyber attacks
10/51
The person most responsible formanaging the cyber security posture
11/13/2012 Ponemon Institute: Private & Confidential Information 10
41%
21%
12%
11%
4%
3%3% 2%
2%1%
Chief information officer
Chief information security officer
No one person has overall responsibility
Business unit management
Outside managed service provider
Chief risk officer
Corporate compliance or legal department
Chief technology officerData center management
Chief security officer
Sample size = 705
-
8/12/2019 A tipping point in the battle against Cyber attacks
11/51
Global headcount
11/13/2012 Ponemon Institute: Private & Confidential Information 11
7%
9%
19%
34%
21%
6%4%
< 100
100 to 500
501 to 1,000
1,001 to 5,000
5,001 to 25,000
25,001 to 75,000
> 75,000
Sample size = 705
-
8/12/2019 A tipping point in the battle against Cyber attacks
12/51
Results
-
8/12/2019 A tipping point in the battle against Cyber attacks
13/51
Current perceptions and response tocyber attacks Strongly agree and agree response combined
11/13/2012 Ponemon Institute: Private & Confidential Information 13
29%
44%
44%
48%
64%
0% 10% 20% 30% 40% 50% 60% 70%
My organization has in-house expertise to launchcounter measures against cyber criminals
Security budget is sufficient for mitigating most cyberattacks
Launching a strong offensive against cyber criminals isvery important
My organization is vigilant in monitoring cyber attacks
The severity of cyber attacks is on the rise
-
8/12/2019 A tipping point in the battle against Cyber attacks
14/51
Effectiveness in combating cyber attacks
11/13/2012 Ponemon Institute: Private & Confidential Information 14
29%
35%
36%
0% 5% 10% 15% 20% 25% 30% 35% 40%
More effective in combating attacks and intrusions
Less effective in combating attacks and intrusions
The same in terms of its effectiveness in combatingattacks and intrusions
Over the past 12 months, my organizations cyber defense has been . . .
-
8/12/2019 A tipping point in the battle against Cyber attacks
15/51
Negative consequences of a cyber attack 8 = most severe to 1 = least severe
11/13/2012 Ponemon Institute: Private & Confidential Information 15
2.2
3.2
3.5
6.1
6.2
6.4
6.8
7.5
0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0
Regulatory actions or lawsuits
Cost of outside consultants and experts
Stolen or damaged equipment
Customer turnover
Lost revenue
Reputation damage
Productivity decline
Lost intellectual property/trade secrets
-
8/12/2019 A tipping point in the battle against Cyber attacks
16/51
Greatest areas of potential cyber security risk Three responses permitted
11/13/2012 Ponemon Institute: Private & Confidential Information 16
6%
6%
7%
8%
13%
15%
20%
22%
24%
25%
28%
29%
31%
32%
34%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Data centers
The server environment
Within operating systems
Virtual computing environments
Removable media and/or media (CDs, DVDs)
Network infrastructure environment
Desktop or laptop computers
Malicious insiders
Mobile devices such as smart phonesOrganizational misalignment and complexity
Cloud computing infrastructure and providers
Across 3rd party applications
Negligent insiders
Mobile/remote employees
Lack of system connectivity/visibility
-
8/12/2019 A tipping point in the battle against Cyber attacks
17/51
Downtime after one DDoS attack
11/13/2012 Ponemon Institute: Private & Confidential Information 17
10%
13%
16%
22%
11%
9%
5%4%
10%
0%
5%
10%
15%
20%
25%
Less than 1minute
1 to 10minutes
11 to 20minutes
21 to 30minutes
31 to 60minutes
1 to 2 hours 3 to 5 hours More than 5hours
Cannotdetermine
An extrapolated average of 53.5 minutes for the sample
-
8/12/2019 A tipping point in the battle against Cyber attacks
18/51
Cost per minute of downtime
11/13/2012 Ponemon Institute: Private & Confidential Information 18
1%
8%
12%
15% 15%
21%
11%
7%
5% 5%
0%
5%
10%
15%
20%
25%
$1 to $10 $10 to$100
$101 to$1,000
$1,001 to$5,000
$5,001 to$10,000
$10,001 to$25,000
$25,001 to$50,000
$50,001 to$100,000
More than$100,000
Cannotdetermine
An extrapolated average of $21,699 per minute of downtime
-
8/12/2019 A tipping point in the battle against Cyber attacks
19/51
Cyber defenses most important Very important and important response combined
11/13/2012 Ponemon Institute: Private & Confidential Information 19
50%
50%
51%
51%
52%
56%
59%
64%
71%
75%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Content aware firewalls
Web application firewalls
Security intelligence systems including SIEM
Endpoint security systems
Secure network gateways
Intrusion detection systems
Intrusion prevention systems
Identity and authentication systems
Anti-DoS/DDoS
Anti-virus/anti-malware
-
8/12/2019 A tipping point in the battle against Cyber attacks
20/51
Cyber defenses not as important Very important and important response combined
11/13/2012 Ponemon Institute: Private & Confidential Information 20
26%
32%
36%
38%
39%
45%
47%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Mobile device management
Enterprise encryption for data at rest
ID credentialing including biometrics
Other crypto technologies including tokenization
Enterprise encryption for data in motion
Data loss prevention systems
Secure coding in the development of new applications
-
8/12/2019 A tipping point in the battle against Cyber attacks
21/51
Cyber security threats according to risk mitigation priority 10 = highest priority to 1 = lowest priority
11/13/2012 Ponemon Institute: Private & Confidential Information 21
2.8
3.0
3.2
5.4
6.4
7.7
7.9
8.2
8.6
9.0
0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0
Phishing and social engineering
Web scrapping
Cross-site scripting
Malicious insiders
Botnets
Malware
Viruses, worms and trojans
Distributed denial of service (DDoS)
Server side injection (SSI)
Denial of service (DoS)
-
8/12/2019 A tipping point in the battle against Cyber attacks
22/51
Barriers to achieving a strong cyber security posture Two responses permitted
11/13/2012 Ponemon Institute: Private & Confidential Information 22
1%
8%
10%
19%
22%
27%
34%
35%
44%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Other
Lack of leadership
Complexity of compliance and regulatory requirements
Lack of skilled or expert personnel
Insufficient assessment of cyber security risks
Lack of oversight or governance
Lack of effective security technology solutions
Insufficient resources or budget
Insufficient visibility of people and business processes
-
8/12/2019 A tipping point in the battle against Cyber attacks
23/51
Ranking of cyber security objectives interms of a business priority objective 5 = highest priority to 1 = lowest priority
11/13/2012 Ponemon Institute: Private & Confidential Information 23
4.7
4.4
3.5
2.8
1.9
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
4.5
5.0
Availability Compliance Integrity Confidentiality Interoperability
-
8/12/2019 A tipping point in the battle against Cyber attacks
24/51
Counter technique capabilities most important Very important and important response combined
11/13/2012 Ponemon Institute: Private & Confidential Information 24
67%
60%
58%
52%
54%
56%
58%
60%
62%
64%
66%
68%
Technology that neutralizes denial ofservice attacks before they happen
Technology that slows down or evenhalts the attackers computers
Technology that pinpoints theattackers weak spots
-
8/12/2019 A tipping point in the battle against Cyber attacks
25/51
Technologies most favored Two responses permitted
11/13/2012 Ponemon Institute: Private & Confidential Information 25
10%
15%
21%
31%
33%
33%
57%
0% 10% 20% 30% 40% 50% 60% 70%
Perimeter security technologies
Endpoint security technologies including mobile devices
Simplifying threat reporting technologies
Insider threat minimizing technologies
Intelligence about attackers motivation and weak spotstechnologies
Security of information assets technologies
Intelligence about networks and traffic technologies
-
8/12/2019 A tipping point in the battle against Cyber attacks
26/51
-
8/12/2019 A tipping point in the battle against Cyber attacks
27/51
Reasons for not being fully capable oflaunching a counter technique More than one response permitted
11/13/2012 Ponemon Institute: Private & Confidential Information 27
71% 69%
53% 53%
2%0%
10%
20%
30%
40%
50%
60%
70%
80%
Lack of enablingtechnologies
Lack of resources orbudget
Do not have ampleexpert personnel
Not considered asecurity-related
priority
Other
-
8/12/2019 A tipping point in the battle against Cyber attacks
28/51
Methods for performing counter techniques More than one response permitted
11/13/2012 Ponemon Institute: Private & Confidential Information 28
67%
61%
43%
2%0%
10%
20%
30%
40%
50%
60%
70%
80%
Manual surveillancemethods
Close examination of logsand configuration settings
Use of security intelligencetools
Other
-
8/12/2019 A tipping point in the battle against Cyber attacks
29/51
Comparison of three industries
-
8/12/2019 A tipping point in the battle against Cyber attacks
30/51
Most severe consequences of a cyberattack for three industry sectors 8 = most severe to 1 = least severe
11/13/2012 Ponemon Institute: Private & Confidential Information 30
1.6
3.2
4.1
5.7
5.5
7.0
7.2
6.8
2.8
4.4
1.9
2.0
5.2
5.0
5.0
7.1
1.9
3.0
5.3
3.9
6.9
7.2
7.0
7.5
1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0
Cost of consultants and experts
Stolen or damaged equipment
Regulatory actions or lawsuits
Customer turnover
Lost intellectual property
Lost revenue
Reputation damage
Productivity decline
Health & pharmaceuticals Public sector Financial services
-
8/12/2019 A tipping point in the battle against Cyber attacks
31/51
Frequency of DDoS attacks experiencedfor organizations in three industriesOver the past 12 months
11/13/2012 Ponemon Institute: Private & Confidential Information 31
3.0
4.1
2.4
-
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
4.5
Financial services Public sector Health & pharmaceuticals
-
8/12/2019 A tipping point in the battle against Cyber attacks
32/51
Average downtime organizations in three industries Minutes of downtime
11/13/2012 Ponemon Institute: Private & Confidential Information 32
47.9
70.1
51.2
0
10
20
30
40
50
60
70
80
Financial services Public sector Health & pharmaceuticals
-
8/12/2019 A tipping point in the battle against Cyber attacks
33/51
Estimated cost per minute of downtimefor organizations in three industries
11/13/2012 Ponemon Institute: Private & Confidential Information 33
$32,560
$15,447
$23,519
$-
$5,000
$10,000
$15,000
$20,000
$25,000
$30,000
$35,000
Financial services Public sector Health & pharmaceuticals
-
8/12/2019 A tipping point in the battle against Cyber attacks
34/51
-
8/12/2019 A tipping point in the battle against Cyber attacks
35/51
Questions?
Ponemon Institutewww.ponemon.orgTel: 231.938.9900
Toll Free: 800.887.3118Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA
-
8/12/2019 A tipping point in the battle against Cyber attacks
36/51
Avi Chesla
CTO
-
8/12/2019 A tipping point in the battle against Cyber attacks
37/51
1.9
2.8
3.5
4.44.7
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
Interoperability Confidentiality Integrity Compliance Availability
Ranking of cyber security objectives in terms of a business priority objective5 = Highest Priority to 1 = Lowest Priority
Slide 37
Availability is Top Priority
-
8/12/2019 A tipping point in the battle against Cyber attacks
38/51
1.9
2.8
3.5
4.44.7
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
Interoperability Confidentiality Integrity Compliance Availability
Ranking of cyber security objectives in terms of a business priority objective5 = Highest Priority to 1 = Lowest Priority
Slide 38
Availability is Top Priority
In the past, confidentiality & integrity were top priorities
As more organizations suffer from DoS & DDoS attacks,availability is moving up as top priority
In todays online world, when availability is threatened ithas severe impact on the businesss performance and
operations
-
8/12/2019 A tipping point in the battle against Cyber attacks
39/51
Availability Based Threats Are on the Rise
Slide 39
2.8
3.03.2
5.4
6.4
7.77.9
8.2
8.6
9.0
0.0 2.0 4.0 6.0 8.0 10.0
Phishing and social engineering
Web scrappingCross site scripting
Malicious insiders
Botnets
MalwareViruses, worms and trojans
Distributed denial of service (DDoS)
Server side injection
Denial of service (DoS)
Cyber security threats according to risk mitigation priority10 = Highest Priority to 1 = Lowest Priority
-
8/12/2019 A tipping point in the battle against Cyber attacks
40/51
Availability Base Threats Are on the Rise
Slide 40
2.8
3.03.2
5.4
6.4
7.77.9
8.2
8.6
9.0
0.0 2.0 4.0 6.0 8.0 10.0
Phishing and social engineering
Web scrappingCross site scripting
Malicious insiders
Botnets
MalwareViruses, worms and trojans
Distributed denial of service (DDoS)
Server side injection
Denial of service (DoS)
Cyber security threats according to risk mitigation priority10 = Highest Priority to 1 = Lowest Priority
DDoS attacks are not rare occasions on few organizations - organizationsshould expect to be under attack
Significant change in the threat landscape as DoS & DDoS are becomingthe top risks
On average, DDoS attacks cost companies approximately $3.5 millionannually this is a pain that must be addressed
-
8/12/2019 A tipping point in the battle against Cyber attacks
41/51
Average Down Time What Does it Mean ?
Slide 41
10%13%
16%
22%
11%9%
5%4%
10%
0%
5%
10%
15%
20%
25%
Less than1 minute
1 to 10minutes
11 to 20minutes
21 to 30minutes
31 to 60minutes
1 to 2hours
3 to 5hours
More than5 hours
Cannotdetermine
Average downtime during one DDoS attack
-
8/12/2019 A tipping point in the battle against Cyber attacks
42/51
Sophistication(APT measure)
Time
Slide 42
Attack Campaigns APT Measure
Duration: 20 days More than 7 attack vectors Inner cycle involvement attack
target: Government in Europe
Duration: 3 days 5 Attack vectors Only inner cycle involvement Attack target: HKEX
Duration: 3 days 4 attack vectors Attack target: Visa, MasterCard Duration: 6 Days
5 attack vectors Inner cycle involvement
Attack target: Israeli sites
Duration: 30 days 5 attack vectors Inner cycle involvement attack
target: India (operation India)
The characteristics of cyber attack campaigns have fundamentally changed
-
8/12/2019 A tipping point in the battle against Cyber attacks
43/51
Organizations Are Not Ready
-
8/12/2019 A tipping point in the battle against Cyber attacks
44/51
Organizations Are Not Ready for Attacks
Less than half reported being vigilant in
monitoring for attacks
Much less putting into practice proactive
and preventative measures
The majority of organizations cannot launch
or implement a counter technique
Slide 44
b
-
8/12/2019 A tipping point in the battle against Cyber attacks
45/51
Emergency Response Teams & Cyber War Rooms
Slide 45
Attack Time Emergency Response
Team that fights
Get Ready Audits Policies Technologies
Forensics Analyze what happened Adjust policies Adapt new technologies
Existing Level of skills
Lack of Expertise
Required expertise during attack ca mpaign Complex risk assessment
Tracking and modifying protections against dynamically evolved attacks Real time intelligence Real time collaboration with other parties Counter attack methods and plans Preparation with cyber war games
f
-
8/12/2019 A tipping point in the battle against Cyber attacks
46/51
The Best Defense Is A
Slide 46
-
8/12/2019 A tipping point in the battle against Cyber attacks
47/51
Get Ready
M i S i P i T l
-
8/12/2019 A tipping point in the battle against Cyber attacks
48/51
Mapping Security Protection Tools
Slide 48
DoS ProtectionBehavioral Analysis
IP Rep.IPS
WAF
Large volume network flood attacks
Web attacks: XSS, Brute force
SYN flood attack
Application vulnerability, malware
Web attacks: SQL Injection
Port scan
Low & Slow DoS attacks ( e.g.Sockstress)
Network scan
Intrusion
High and slow Application DoS attacks
Organizations should deploy an attack mitigation system that:
1. Mitigate all availability based threats
2. Performs on premise detection and mitigation for applications based attacks
3. Does not have blind spots and provides a holistic approach
-
8/12/2019 A tipping point in the battle against Cyber attacks
49/51
Thank Youwww.radware.com
-
8/12/2019 A tipping point in the battle against Cyber attacks
50/51
Q&A Session
Dr. Larry PonemonChairman & Founder, Ponemon Institute
Avi CheslaChief Technology Officer, Radware
Resources
-
8/12/2019 A tipping point in the battle against Cyber attacks
51/51
Resources
To View This or Other Events On-Demand Please Visit:http://informationweek.com/events/past
Download the entire Cyber Security on the Offense Report: http://security.radware.com/uploadedFiles/Resources_and_Content/Att
ack_Tools/CyberSecurityontheOffense.pdf
For up-to-date information on the latest IT threats and reports pleasevisit:
www.ddoswarriors.com
http://www.radware.com/
http://informationweek.com/events/pasthttp://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://www.ddoswarriors.com/http://www.radware.com/http://www.radware.com/http://www.radware.com/http://www.radware.com/http://www.ddoswarriors.com/http://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://informationweek.com/events/past