a tipping point in the battle against cyber attacks

8/12/2019 A tipping point in the battle against Cyber attacks

1/51


2/51

Webcast Logistics


3/51

Todays Presenters

Dr. Larry PonemonChairman & Founder, Ponemon Institute

Avi CheslaChief Technology Officer, Radware


4/51

Cyber Security on the OffenseA Study of IT Security Experts

Co-authored Research with RadwarePresentation by Dr. Larry Ponemon

November 14, 2012


5/51

About Ponemon Institute

Ponemon Institute conducts independent research on cyber security, data protectionand privacy issues.

Since our founding 11+ years ago our mission has remained constant, which is toenable organizations in both the private and public sectors to have a clearerunderstanding of the practices, enabling technologies and potential threats that willaffect the security, reliability and integrity of information assets and IT systems.

Ponemon Institute research informs organizations on how to improve upon their dataprotection initiatives and enhance their brand and reputation as a trusted enterprise.

In addition to research, Ponemon Institute offers independent assessment andstrategic advisory services on privacy and data protection issues. The Institute alsoconducts workshops and training programs.

The Institute is frequently engaged by leading companies to assess their privacy anddata protection activities in accordance with generally accepted standards andpractices on a global basis.

The Institute also performs customized benchmark studies to help organizationsidentify inherent risk areas and gaps that might otherwise trigger regulatory action.

11/13/2012 Ponemon Institute: Private & Confidential Information 5


6/51

Spotlight on key findings

Availability is now the top priority DoS & DDoS are two of the top three threats

Sixty-five percent of organizations experienced 3 more more DoSattacks over the past 12 months

DoS & DDoS attacks cost organizations $3M on average Counterattack techniques are viewed as viable improvements to

normal defense posture


A sampling frame of 22,501 IT and IT security practitioners located in allregions of the United States were selected as participants to this survey.The final sample was 705 surveys (or a 3.1 percent response rate).


7/51

Distribution of respondents according toprimary industry classification


19%

13%

11%

8%7%

6%

6%

5%

5%

5%

4%

4%2% 2%

2% 1% Financial services

Public sector

Health & pharmaceuticals

Retail (conventional)

E-commerce

IndustrialServices

Energy & utilities

Hospitality

Technology & software

Consumer products

TransportationCommunications

Education & research

Entertainment & media

Agriculture & food services

Sample size = 705


8/51

What organizational level best describesyour current position?


2% 1%

17%

23%

19%

33%

4% 1%

Senior executive

Vice president

Director

Manager

Supervisor

Technician

Staff

Consultant

Sample size = 705


9/51

The primary person you or the IT securityleader reports to within the organization


61%21%

5%

3%2%

2%2%4%

Chief Information Officer

Chief Information Security OfficerChief Risk Officer

General Counsel

Chief Financial Officer

Compliance Officer

Chief Security Officer

Other

Sample size = 705


10/51

The person most responsible formanaging the cyber security posture


41%

21%

12%

11%

4%

3%3% 2%

2%1%

Chief information officer

Chief information security officer

No one person has overall responsibility

Business unit management

Outside managed service provider

Chief risk officer

Corporate compliance or legal department

Chief technology officerData center management

Chief security officer

Sample size = 705


11/51

Global headcount


7%

9%

19%

34%

21%

6%4%

< 100

100 to 500

501 to 1,000

1,001 to 5,000

5,001 to 25,000

25,001 to 75,000

> 75,000

Sample size = 705


12/51

Results


13/51

Current perceptions and response tocyber attacks Strongly agree and agree response combined


29%

44%

44%

48%

64%

0% 10% 20% 30% 40% 50% 60% 70%

My organization has in-house expertise to launchcounter measures against cyber criminals

Security budget is sufficient for mitigating most cyberattacks

Launching a strong offensive against cyber criminals isvery important

My organization is vigilant in monitoring cyber attacks

The severity of cyber attacks is on the rise


14/51

Effectiveness in combating cyber attacks


29%

35%

36%

0% 5% 10% 15% 20% 25% 30% 35% 40%

More effective in combating attacks and intrusions

Less effective in combating attacks and intrusions

The same in terms of its effectiveness in combatingattacks and intrusions

Over the past 12 months, my organizations cyber defense has been . . .


15/51

Negative consequences of a cyber attack 8 = most severe to 1 = least severe


2.2

3.2

3.5

6.1

6.2

6.4

6.8

7.5

0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0

Regulatory actions or lawsuits

Cost of outside consultants and experts

Stolen or damaged equipment

Customer turnover

Lost revenue

Reputation damage

Productivity decline

Lost intellectual property/trade secrets


16/51

Greatest areas of potential cyber security risk Three responses permitted


6%

6%

7%

8%

13%

15%

20%

22%

24%

25%

28%

29%

31%

32%

34%

0% 5% 10% 15% 20% 25% 30% 35% 40%

Data centers

The server environment

Within operating systems

Virtual computing environments

Removable media and/or media (CDs, DVDs)

Network infrastructure environment

Desktop or laptop computers

Malicious insiders

Mobile devices such as smart phonesOrganizational misalignment and complexity

Cloud computing infrastructure and providers

Across 3rd party applications

Negligent insiders

Mobile/remote employees

Lack of system connectivity/visibility


17/51

Downtime after one DDoS attack


10%

13%

16%

22%

11%

9%

5%4%

10%

0%

5%

10%

15%

20%

25%

Less than 1minute

1 to 10minutes

11 to 20minutes

21 to 30minutes

31 to 60minutes

1 to 2 hours 3 to 5 hours More than 5hours

Cannotdetermine

An extrapolated average of 53.5 minutes for the sample


18/51

Cost per minute of downtime


1%

8%

12%

15% 15%

21%

11%

7%

5% 5%

0%

5%

10%

15%

20%

25%

$1 to $10 $10 to$100

$101 to$1,000

$1,001 to$5,000

$5,001 to$10,000

$10,001 to$25,000

$25,001 to$50,000

$50,001 to$100,000

More than$100,000

Cannotdetermine

An extrapolated average of $21,699 per minute of downtime


19/51

Cyber defenses most important Very important and important response combined


50%

50%

51%

51%

52%

56%

59%

64%

71%

75%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Content aware firewalls

Web application firewalls

Security intelligence systems including SIEM

Endpoint security systems

Secure network gateways

Intrusion detection systems

Intrusion prevention systems

Identity and authentication systems

Anti-DoS/DDoS

Anti-virus/anti-malware


20/51

Cyber defenses not as important Very important and important response combined


26%

32%

36%

38%

39%

45%

47%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Mobile device management

Enterprise encryption for data at rest

ID credentialing including biometrics

Other crypto technologies including tokenization

Enterprise encryption for data in motion

Data loss prevention systems

Secure coding in the development of new applications


21/51

Cyber security threats according to risk mitigation priority 10 = highest priority to 1 = lowest priority


2.8

3.0

3.2

5.4

6.4

7.7

7.9

8.2

8.6

9.0

0.0 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0 9.0 10.0

Phishing and social engineering

Web scrapping

Cross-site scripting

Malicious insiders

Botnets

Malware

Viruses, worms and trojans

Distributed denial of service (DDoS)

Server side injection (SSI)

Denial of service (DoS)


22/51

Barriers to achieving a strong cyber security posture Two responses permitted


1%

8%

10%

19%

22%

27%

34%

35%

44%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Other

Lack of leadership

Complexity of compliance and regulatory requirements

Lack of skilled or expert personnel

Insufficient assessment of cyber security risks

Lack of oversight or governance

Lack of effective security technology solutions

Insufficient resources or budget

Insufficient visibility of people and business processes


23/51

Ranking of cyber security objectives interms of a business priority objective 5 = highest priority to 1 = lowest priority


4.7

4.4

3.5

2.8

1.9

0.0

0.5

1.0

1.5

2.0

2.5

3.0

3.5

4.0

4.5

5.0

Availability Compliance Integrity Confidentiality Interoperability


24/51

Counter technique capabilities most important Very important and important response combined


67%

60%

58%

52%

54%

56%

58%

60%

62%

64%

66%

68%

Technology that neutralizes denial ofservice attacks before they happen

Technology that slows down or evenhalts the attackers computers

Technology that pinpoints theattackers weak spots


25/51

Technologies most favored Two responses permitted


10%

15%

21%

31%

33%

33%

57%

0% 10% 20% 30% 40% 50% 60% 70%

Perimeter security technologies

Endpoint security technologies including mobile devices

Simplifying threat reporting technologies

Insider threat minimizing technologies

Intelligence about attackers motivation and weak spotstechnologies

Security of information assets technologies

Intelligence about networks and traffic technologies


26/51


27/51

Reasons for not being fully capable oflaunching a counter technique More than one response permitted


71% 69%

53% 53%

2%0%

10%

20%

30%

40%

50%

60%

70%

80%

Lack of enablingtechnologies

Lack of resources orbudget

Do not have ampleexpert personnel

Not considered asecurity-related

priority

Other


28/51

Methods for performing counter techniques More than one response permitted


67%

61%

43%

2%0%

10%

20%

30%

40%

50%

60%

70%

80%

Manual surveillancemethods

Close examination of logsand configuration settings

Use of security intelligencetools

Other


29/51

Comparison of three industries


30/51

Most severe consequences of a cyberattack for three industry sectors 8 = most severe to 1 = least severe


1.6

3.2

4.1

5.7

5.5

7.0

7.2

6.8

2.8

4.4

1.9

2.0

5.2

5.0

5.0

7.1

1.9

3.0

5.3

3.9

6.9

7.2

7.0

7.5

1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0

Cost of consultants and experts

Stolen or damaged equipment

Regulatory actions or lawsuits

Customer turnover

Lost intellectual property

Lost revenue

Reputation damage

Productivity decline

Health & pharmaceuticals Public sector Financial services


31/51

Frequency of DDoS attacks experiencedfor organizations in three industriesOver the past 12 months


3.0

4.1

2.4

-

0.5

1.0

1.5

2.0

2.5

3.0

3.5

4.0

4.5

Financial services Public sector Health & pharmaceuticals


32/51

Average downtime organizations in three industries Minutes of downtime


47.9

70.1

51.2

0

10

20

30

40

50

60

70

80



33/51

Estimated cost per minute of downtimefor organizations in three industries


$32,560

$15,447

$23,519

$-

$5,000

$10,000

$15,000

$20,000

$25,000

$30,000

$35,000



34/51


35/51

Questions?

Ponemon Institutewww.ponemon.orgTel: 231.938.9900

Toll Free: 800.887.3118Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA

[email protected]


36/51

Avi Chesla

CTO


37/51

1.9

2.8

3.5

4.44.7

0

0.5

1

1.5

2

2.5

3

3.5

4

4.5

5

Interoperability Confidentiality Integrity Compliance Availability

Ranking of cyber security objectives in terms of a business priority objective5 = Highest Priority to 1 = Lowest Priority

Slide 37

Availability is Top Priority


38/51

1.9

2.8

3.5

4.44.7

0

0.5

1

1.5

2

2.5

3

3.5

4

4.5

5

Interoperability Confidentiality Integrity Compliance Availability

Ranking of cyber security objectives in terms of a business priority objective5 = Highest Priority to 1 = Lowest Priority

Slide 38

Availability is Top Priority

In the past, confidentiality & integrity were top priorities

As more organizations suffer from DoS & DDoS attacks,availability is moving up as top priority

In todays online world, when availability is threatened ithas severe impact on the businesss performance and

operations


39/51

Availability Based Threats Are on the Rise

Slide 39

2.8

3.03.2

5.4

6.4

7.77.9

8.2

8.6

9.0

0.0 2.0 4.0 6.0 8.0 10.0


Web scrappingCross site scripting

Malicious insiders

Botnets

MalwareViruses, worms and trojans


Server side injection


Cyber security threats according to risk mitigation priority10 = Highest Priority to 1 = Lowest Priority


40/51

Availability Base Threats Are on the Rise

Slide 40

2.8

3.03.2

5.4

6.4

7.77.9

8.2

8.6

9.0

0.0 2.0 4.0 6.0 8.0 10.0


Web scrappingCross site scripting

Malicious insiders

Botnets

MalwareViruses, worms and trojans


Server side injection


Cyber security threats according to risk mitigation priority10 = Highest Priority to 1 = Lowest Priority

DDoS attacks are not rare occasions on few organizations - organizationsshould expect to be under attack

Significant change in the threat landscape as DoS & DDoS are becomingthe top risks

On average, DDoS attacks cost companies approximately $3.5 millionannually this is a pain that must be addressed


41/51

Average Down Time What Does it Mean ?

Slide 41

10%13%

16%

22%

11%9%

5%4%

10%

0%

5%

10%

15%

20%

25%

Less than1 minute

1 to 10minutes

11 to 20minutes

21 to 30minutes

31 to 60minutes

1 to 2hours

3 to 5hours

More than5 hours

Cannotdetermine

Average downtime during one DDoS attack


42/51

Sophistication(APT measure)

Time

Slide 42

Attack Campaigns APT Measure

Duration: 20 days More than 7 attack vectors Inner cycle involvement attack

target: Government in Europe

Duration: 3 days 5 Attack vectors Only inner cycle involvement Attack target: HKEX

Duration: 3 days 4 attack vectors Attack target: Visa, MasterCard Duration: 6 Days

5 attack vectors Inner cycle involvement

Attack target: Israeli sites

Duration: 30 days 5 attack vectors Inner cycle involvement attack

target: India (operation India)

The characteristics of cyber attack campaigns have fundamentally changed


43/51

Organizations Are Not Ready


44/51

Organizations Are Not Ready for Attacks

Less than half reported being vigilant in

monitoring for attacks

Much less putting into practice proactive

and preventative measures

The majority of organizations cannot launch

or implement a counter technique

Slide 44

b


45/51

Emergency Response Teams & Cyber War Rooms

Slide 45

Attack Time Emergency Response

Team that fights

Get Ready Audits Policies Technologies

Forensics Analyze what happened Adjust policies Adapt new technologies

Existing Level of skills

Lack of Expertise

Required expertise during attack ca mpaign Complex risk assessment

Tracking and modifying protections against dynamically evolved attacks Real time intelligence Real time collaboration with other parties Counter attack methods and plans Preparation with cyber war games

f


46/51

The Best Defense Is A

Slide 46


47/51

Get Ready

M i S i P i T l


48/51

Mapping Security Protection Tools

Slide 48

DoS ProtectionBehavioral Analysis

IP Rep.IPS

WAF

Large volume network flood attacks

Web attacks: XSS, Brute force

SYN flood attack

Application vulnerability, malware

Web attacks: SQL Injection

Port scan

Low & Slow DoS attacks ( e.g.Sockstress)

Network scan

Intrusion

High and slow Application DoS attacks

Organizations should deploy an attack mitigation system that:

1. Mitigate all availability based threats

2. Performs on premise detection and mitigation for applications based attacks

3. Does not have blind spots and provides a holistic approach


49/51

Thank Youwww.radware.com


50/51

Q&A Session

Dr. Larry PonemonChairman & Founder, Ponemon Institute

Avi CheslaChief Technology Officer, Radware

Resources


51/51

Resources

To View This or Other Events On-Demand Please Visit:http://informationweek.com/events/past

Download the entire Cyber Security on the Offense Report: http://security.radware.com/uploadedFiles/Resources_and_Content/Att

ack_Tools/CyberSecurityontheOffense.pdf

For up-to-date information on the latest IT threats and reports pleasevisit:

www.ddoswarriors.com

http://www.radware.com/
http://informationweek.com/events/pasthttp://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://www.ddoswarriors.com/http://www.radware.com/http://www.radware.com/http://www.radware.com/http://www.radware.com/http://www.ddoswarriors.com/http://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://security.radware.com/uploadedFiles/Resources_and_Content/Attack_Tools/CyberSecurityontheOffense.pdfhttp://informationweek.com/events/past

a tipping point in the battle against cyber attacks

Documents