scary (but true) cybersecurity horror stories

4 CYBERSECURITY HORROR STORIESGUARANTEED TO KEEP CSOs UP AT NIGHT

HACKERS ARE MAKING THEMSELVES AT HOME IN ENTERPRISE NETWORKS MORE THAN EVER BEFORE.

On average, hackers go undetected for 46 DAYS – a 229% INCREASE* over

the past six years. *Ponemon Institute 2015 Cost of Cyber Crime Study

WANT TO GIVE YOUR CFO A FRIGHT, TOO?

Cyber attacks on U.S. enterprises cost an

average of $12.7 MILLION* in annual damages.

*Report: Cybercrime costs US $12.7M a year

SO, HOW ARE HACKERS AVOIDING DETECTION?

POINT-OF-SALE SYSTEMS BREACHES

Non-privileged employees can pick up viruses that ride VPN connections and make connections with PoS systems. In one instance, we found a virus that made connections with 1,700 PoS systems.

HORROR STORY #1

POINT-OF-SALE SYSTEMS BREACHES

By monitoring for anomalous behavior by user, it was clear that the access was unwarranted. Russian hackers alone profited more than $2.5 billion from PoS-related cybercrime in 2014.*

HORROR STORY #1

* https://www.sans.org/reading-room/whitepapers/bestprac/point-sale-pos-systems-security-35357

FRIGHTENINGLY EASY EMAIL FRAUD

When a hacker gains an executive’s credentials, the hacker can easily order a money wire transfer while the executive is on vacation or away from email. This can result in thousands of dollars missing from a company in a matter of hours.

HORROR STORY #2

FRIGHTENINGLY EASY EMAIL FRAUD

As of January 2015, companies in the United States had wired an estimated $179,755,367 to hackers. Victims in other countries have wired $35,217,136.22.* Without behavior monitoring, there is no way to differentiate the executive from the hacker posing as an executive.

HORROR STORY #2

* http://consumerist.com/2015/03/10/scammers-are-taking-more-money-with-fake-boss-wire-transfer-schemes/

EERIE IDENTITY SWITCHING

A solar company believed Chinese hackers had breached two machines and was in the process of securing them. The security team later found that the hackers had switched identities and compromised 57 machines across the company network.

HORROR STORY #3

EERIE IDENTITY SWITCHING

Security teams must monitor every step of the attack chain to catch the hackers as they switched identities. Without a full picture of the attack chain, there is no way to know where hackers have created back doors to stay within a network.

HORROR STORY #3

REACHING ACROSS INTERNATIONAL NETWORKS

In a breach of a large e-commercecompany, hackers accessed systems in Mumbai and China using stolen credentials from a California-based employee. Most security systems don’t monitor the location of employee log-ins.

HORROR STORY #4

REACHING ACROSS INTERNATIONAL NETWORKS

Without monitoring for anomalous behaviors of each user, hackers posing as employees often go undetected. User behavior analytics follows the locations and behaviorial patterns of each user.

HORROR STORY #4

Are you ready to get serious about the threats

haunting your network?

LET’S TALK