data security brian honan
TRANSCRIPT
“Total Global Impact of
CyberCrime US$ 3 Trillion, making
it more profitable than the global
trade in marijuana, cocaine and
heroin combined.”Europol Serious & Organised Threat
Assessment 2013
Cybercrime Marketplace
$1-$6 US Credit card number
$2-$12 UK Credit card number
$5-$50 Medical ID card
$6-$18 Basic identity information
$7 PayPal account with credentials
$50-$500 PayPal verified with balance
$20 DDoS attack from bot army (per hour)
$30 Passwords to consumer credit reports
$50 to $60 Health/medical record
$140 10 million email addresses
$200 Malicious Software Toolkit
$500 20 million SPAMs sent from bot army
$100-$2000 Malware as a Service (MaaS)
$1000-$5000 Online banking accounts with a balance
$10000 0-Day Exploit
SpyWare
Malicious Code That
Resides on PC
Monitors All Keystrokes
and Mouse Clicks
Periodically Take Screen
Shots
Detect SSL/HTTPS
Connections
Record Details
Send Details to Attacker
Phishing
Advanced form of Social
Engineering
Emails Crafted to
Appear to Come From
Trusted Source
Bank, Ebay, Paypal
Link to Duplicate
Website
Used to Harvest Login
Credentials
Install Malware
Spear Phishing
2014 - Incidents
Phishing Hosted19%
Phishing Victim0%
Malware43%
Hack Attack2%
Denial of Service10%
Botnet C&C Servers3%
DDOS Outbound23%
Root Cause of Incidents
Poor Passwords
Missing Patches
Vulnerabilities
Web Platforms
Out of Date Anti-Virus Software
Lack of Monitoring
Poor/Lack of Security Awareness
95% of Breaches Were Due to “Human Error”- IBM
90% of Malware Requires Human Interaction- Symantec
100% of Successful Attacks Compromised The Human
- Mandiant
64% of Orgs See Security Awareness As a Challenge
- E&Y 2010
3 times as many breaches are caused by accidental insider activity than malicious intent
- Open Security Foundation
The Human Element