24 july 2019 tracked, jacked & extorted · title: tracked, jacked & extorted: today &...
TRANSCRIPT
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
24 JULY 2019
TRACKED, JACKED & EXTORTEDTODAY & TOMORROW’S THREAT LANDSCAPE
TIMOTHY OLSON
VICE PRESIDENT
CYBER RISK / BREACH RESPONSE
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
High Tech + Human Touch
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.3
Hi-Tech + Human Touch
+ = $15M
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
“Hey, America, Vladimir Putin wants to steal your face.”
The New York Times July 22, 2019
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
A digital freakout about popular FaceApp app: A Russian plot for
nefarious purposes?
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.6
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.7
Should you give Russia your face?
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.8
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.9
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.10
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.11
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.12
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.13
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Wireless Labs, creator of FaceApp, is located in St. Petersburg, Russia
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Chuck Schumer, Democratic Senate minority leader asked the F.B.I. and the FTC to investigate
FaceApp
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
You are what you post and what you post could most certainly be
used for all kinds of misuse across the globe.
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Risky Permissions
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.18
Risky Permission
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.19
It’s In The Details
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.20
It’s In The Details
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
iOS vs Android
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Smartphones Are Arguably the Greatest Spying Devices Ever Created
22
Types of personally identifiable information (PII) shared with apps
address
Phone
number
Username
Address
9%
12%
48%
33%
4%
44%
30%
5%
Analysis of top 100 free apps for iOS and Android
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Tracklocation
Accesscamera
Recordaudio
Read phone
Call log
Read SMSmessages
23
Smartphones Are Arguably the Greatest Spying Devices Ever Created
45%
25%
46%
25%
25%
9%
10%
15%
Not available on iOS
Not available on iOS
89%
39%
Risky permissions broken down by type and OS
ISTR | INTERNET SECURITY THREAT REPORT | Volume 24 | February 2019
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
What’s at Risk?
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
1.2 Billion Consumers* Have Ever Been the Victim of a Cyber Crime; More Than 867.2 Million in the Last Year Alone
25
15.8 9.5
million
49.441.1
million
9.25.6
million
2.01.1
million
89.070.4
million
12.08.8
million
24.118.2
million
26.217.6
million
26.716.8
million32.619.0
million
5.83.3
million
3.82.4
million
3.52.6
million
729.5525.8
million
35.119.6
million
151.9105.4
million
*In 16 countries
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.26
On Average, Past Year Cyber Crime Victims Spent Six Hours Resolving Issues and Nearly 2 in 5 Were Impacted Financially*
Globally, those who experienced cyber crime in the past year spent an average of
Less than one day 1 to 6 days 1 week or more/not resolved
No resolution required
36% 27% 30% 7%
*Includes money lost or stolen, money that was stolen and returned, and
money used to resolve the issue or repair/replace impacted device(s)
6 hoursresolving it
*
Report losses or theft
due to cyber crime38% *
1 needed a week or
more to resolve the
issue
Almost
3in
*Average has been trimmed to remove
outliers
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
27
Over 117 Million Consumers* Were the Victim of Identity Theft Last Year
1.5 million
6.1 million
884.2 thousand
164.9 thousand
10.1 million
1.4 million
2.0 million
1.3 million
2.4 million
2.4 million
267.4thousand
265.0thousand
376.3thousand
72.8 million 2.4
million
13.3°million
*In 16 countries
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
The Future of Cyber Risk 10 Predictions
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.29
1. By 2025, it is estimated that
there will be more than 21
billion IoT devices
worldwide
- 2016: 4.7 billion devices
- 2021: 11.6 billion devices
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.30
2. Cybercriminals will
exploit the new landscape
of both 5G & IoT
- “We don’t know what we don’t
know.” a senior executive with
major US wireless telco
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.31
3. Now and next
- Supply chain attacks
- Ransomware
- Crypto jacking
- Form jacking
- Tax fraud
- Phishing scams
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.33
4. Humans: a critical
lynchpin of a successful
attack
- Despite our best efforts,
humans will continue to
behave like – humans
- 33 percent of successful hacks
leverage human error
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.34
5. Let’s skip the gateway
security!
- Relying solely on home
gateways / routers for security
won’t be enough
- Devices can be connected
directly to the internet
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.35
6. 5G speeds with risks and
rewards
- 5G provides extremely high
speeds / bandwidth
- Tracked, Jacked or Extorted –
all before you know it
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.36
7. Cyber liability insurance
in a more competitive
environment
- Insurers focused on added value
- Pre-breach features expanded,
i.e., DWM, Fraud Assistance, ID
Protection
- Personal and SMB lines -- the
next frontier
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.37
8. Breach fatigue
- Data breach notification laws / GDPR
result of ‘breach fatigue’
- Volume of notifications overwhelming
- Consumers that don’t take action are
even more at risk
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.38
9. IoT- based attacks
will take on more
dangerous forms
- Dependence upon
gateway / router security
- Both security and privacy
at risk
- Threats: Much more
personal
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.39
10. Big little lies -- the real why
- Consumer Protection
- Doing the Right Thing
- Brand Reputation
- Litigation Risk Mitigation
- Regulatory Pressures
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.40
The National Archives: Declaration of Independence & The US Constitution
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.41
National Archives: Home of the former US Presidents’ Laptops
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.42
The Culprit
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Hi-Tech vs. Low-Tech
Which is the greater risk?
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
Nation-state Sponsors
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
The FaceApp controversy may seem minor, but in the geopolitical landscape
it’s clear, it’s about a lot more than a pretty face
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE
ONLY - not for use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
“Only your imagination is the limitation.”
Walt Disney
Copyright © 2019 Symantec Corporation. All rights reserved. SYMANTEC CONFIDENTIAL – FOR PARTNER OR BROKER INTERNAL USE ONLY - not for
use with consumers - all consumer facing materials concerning Symantec offerings require Symantec prior review and approval.
QUESTIONS
24 July 2019
Timothy Olson | Vice President
Cyber Risk | Breach Response