Organisational Security

“Total Global Impact of

CyberCrime US$ 3 Trillion, making

it more profitable than the global

trade in marijuana, cocaine and

heroin combined.”Europol Serious & Organised Threat

Assessment 2013

Why Would Someone Want to Hack Me?

“Because that's

wherethe money is.”

Willie Sutton

Courtesy Dermot Casey

Cybercrime Marketplace

$1-$6 US Credit card number

$2-$12 UK Credit card number

$5-$50 Medical ID card

$6-$18 Basic identity information

$7 PayPal account with credentials

$50-$500 PayPal verified with balance

$20 DDoS attack from bot army (per hour)

$30 Passwords to consumer credit reports

$50 to $60 Health/medical record

$140 10 million email addresses

$200 Malicious Software Toolkit

$500 20 million SPAMs sent from bot army

$100-$2000 Malware as a Service (MaaS)

$1000-$5000 Online banking accounts with a balance

$10000 0-Day Exploit

SpyWare

Malicious Code That

Resides on PC

Monitors All Keystrokes

and Mouse Clicks

Periodically Take Screen

Shots

Detect SSL/HTTPS

Connections

Record Details

Send Details to Attacker

BotNet

Denial Of Service

Ransomware - Your Money or Your Bytes

Phishing

Advanced form of Social

Engineering

Emails Crafted to

Appear to Come From

Trusted Source

Bank, Ebay, Paypal

Link to Duplicate

Website

Used to Harvest Login

Credentials

Install Malware

Spear Phishing

€50,000

69%

22%

9%

Detected by 3rd Party

Detected by Org

Detected by Customer

Breach Detection

78%

22%

Not Difficult

Moderate to Difficult

Difficulty

2013 - Incidents

2014 - Incidents

2014 - Incidents

Phishing Hosted19%

Phishing Victim0%

Malware43%

Hack Attack2%

Denial of Service10%

Botnet C&C Servers3%

DDOS Outbound23%

2014 - Incidents

Org Crime, 75%

Other, 25%

Root Cause of Incidents

Poor Passwords

Missing Patches

Vulnerabilities

Web Platforms

Out of Date Anti-Virus Software

Lack of Monitoring

Poor/Lack of Security Awareness

95% of Breaches Were Due to “Human Error”- IBM

90% of Malware Requires Human Interaction- Symantec

100% of Successful Attacks Compromised The Human

- Mandiant

64% of Orgs See Security Awareness As a Challenge

- E&Y 2010

3 times as many breaches are caused by accidental insider activity than malicious intent

- Open Security Foundation

The Human Element

How To Protect

Identify & Value Key Assets

Establish Policies

Encrypt Data

Security

Awareness

Training

Keep Systems Patched

Anti-Virus Software

Monitor & Respond

@BrianHonan