insider threats nov
DESCRIPTION
managing insider computer threatsTRANSCRIPT
Managing Insider Threats 4 Risks You Need To Mitigate
Agenda
The state of cybercrime – what’s changed and why?
How likely is an attack?
The biggest threat & 4 serious internal risks
The cost of malware
Why Anti-Virus alone is not enough
What you can do to protect your networks
Short History of Cybercrime
Virus writers were hackers and nerds having fun making a
name for themselves
Then
Malware is now a tool of international organized crime
Now
The Cybercrime Economy
Credit Card Information: $0.85 - $30.00
The Cybercrime Economy
Bank Account Credentials: $15 - $850
The Cybercrime Economy
Full Identity: $0.70 – $20.00
Cybercrime Today
Agile, global, organized & outsourced
Cybercriminals want:
Money
Shares in the Business
Challenges
Non 9-5 Work Environment
Cybercrime Today
$114bn
Money
stolen/spent
on resolving
Cybercrime
Victims valued time
they lost to
Cybercrime
$274bn
Norton Cybercrime Report 2011
How Likely Is an Attack?
Threats are increasing exponentially
How Likely Is An Attack?
431 million adults
24 countries
141 US victims/minute
Norton Cybercrime Report 2011
How Likely Is An Attack?
Cybercriminals use malware to harvest personal data:
Viruses
Worms
Trojans
Data breaches are on the rise
91% reported at least 1 breach in the last year
59% reported 2 or more breaches
50% reported lost data
How Likely Is An Attack?
How Likely Is An Attack?
Size doesn’t matter
Small companies & big companies
Industry leaders are falling prey
How robust is your IT infrastructure?
The Most Serious Security Threat
Lives inside your organization: Human Nature
The Most Serious Security Threat
Shifting targets narrowed to individuals within organizations
Sophisticated criminals exploit the weakest link
Access to your network is easily gained by exploiting human nature
Insider Threats: 4 Serious Internal Risks
1. Spear Phishing Email Attacks
2. Social Media
3. The Infected USB Device
4. Unapproved Applications
Insider Threats: Spear Phishing The Evolution
Spam:
Unsolicited commercial email
Unsolicited bulk email
Phishing:
Sender appears to be a trustworthy entity
Bulk
Spear Phishing:
Customized
Insider Threats: Spear Phishing Proof
Insider Threats: Spear Phishing Advanced Persistent
Threats
Spear Phishing
Highly targeted to a person/organization
Objective is to get victim to click a link or download file
Malware infects the victim’s PC and opens back door for hackers to access company data
Insider Threats: Spear Phishing Google Breach
Insider Threats: Spear Phishing
100M
Insider Threats: Social Media
SOCIAL
MEDIA
Insider Threats: Social Media
Twitter now a source for links to poisoned websites
Insider Threats: Social Media
Facebook scams continue
Insider Threats: Social Media
Facebook scams continue
Insider Threats: Social Media
Social Media is now a legitimate business tool
Web-filters are barriers to productivity and burden IT
Cannot keep up with known malicious URLs
Insider Threats: The Infected USB Device
Opens the door to malware propagating in the network
Bypasses other layers of defense such as gateway firewall protection
25% of all new worms are designed to spread through portable storage devices
Insider Threats: The Infected USB Device
Device “read only” partition can host malware
In 2006, Secure Network Inc tested a credit union’s security
Distributed trojan infected USB drives
15 out of 20 were installed
Insider Threats: The Infected USB Device
2008 marks the biggest military breach to date
Caused by an infected USB flash drive
Over 100 foreign intelligence agencies are trying to capture US data
Insider Threats: Unauthorized Applications
Potentially unwanted applications
Instant messaging
Social networking sites
Peer to peer, games
Unacceptable security risk
System performance concern
License compliance issue
Insider Threats: Unauthorized Applications
Downloading unauthorized programs that can contain malware
In 2010 a credit union employee downloaded a coupon program
Laced with malware
License compliance issue
Internal Threats: Recap
Shifting Targets – exploiting human nature
Spear Phishing on the upswing
Social Media – business tool or security threat?
USB Keys pose bypass traditional security
Unauthorized applications are untrusted
73,000+ highly sophisticated new threats per DAY!
The Cost of Malware
$7.2 Million = the cost of a data breach (2010)
$214 = avg cost of compromised record (2010)
$318 = avg cost of
compromised record due to criminal attack (2010)
Source: Ponemon Institute's "2010 Annual Study: U.S. Cost of a Data Breach"
$7,969,330 scammed
44 days
1 email
The Cost of Malware
The Cost of Malware
Over 360,000 credit cards
Customer names
Customer email addresses
$2.7M stolen
Over 90,000 credit cards
Customer names
Customer email addresses
Phone #s, gender, DOB
The Cost of Malware
Threats continue to increase with hefty fines
The Cost of Malware
The Cost of Malware
"The first time anyone anywhere in the world noticed this new virus was on [March 15] and then it hit us on the 16th,”
"We've got multiple levels of protection and firewalls, but nothing recognizes this,"
"The cost of just one day without computer access is going to cost thousands,"
The Cost of Malware
What Does Successful Security Look Like?
Layers, layers and more layers
Desktop Security
System Restore – quick recovery but no protection against malware or data leakage
User Account Control – to be effective is too restrictive for many users. Frustrating to manage for IT
Anti-Virus – not entirely effective alone
Requires constant updating
Can be drain on system resources
Only protects against known threats
Why Anti-Virus Alone is Not Enough
1700+ confirmed malware files analyzed
13 top AV vendors
Average detection rate: 19%
Average time to catch up to new malware: 11.6 days
Source: Malware Detection Rates for Leading AV Solutions
A Cyveillance Analysis, August 2010
The Faronics Solution
Application Whitelisting
Concept:
Ignore the bad applications that you never want to run
Only identify the good applications you do want to run
Any unknown executables simply not allowed to run!
Benefits:
Not having to worry about updates
Not having to worry about unknown malware
Application Whitelisting
Benefits Beyond Security:
Protecting Resource Usage
Lower Help Desk Costs
Prevent Distractive Applications
Prevent Unlicensed or Illegal Applications
Application Whitelisting: With Anti-Virus
Anti-Virus
Heuristics still help identify and catch:
Malware that targets unpatched OS and applications
Malware that is carried as data and run as macros
Faronics AV runs suspected malware in a mini-VM
Application Whitelisting
Zero-Day attacks
Mutating Malware
Targeted Attacks
Potentially Unwanted Programs
Introducing Faronics Anti-Executable
Only approved applications can install or execute
Protects against attacks that bypass AV
Protects data from exposure to malware such as key loggers
Helps maintain system integrity by blocking installation of unauthorized applications
Enforces license compliance by specifying programs and versions that are allowed to be installed
Not dependent on signature updates
Why Anti-Executable?
Reduce IT costs associated with infections and troubleshooting time Avoid costly IT audits/legal risks Prevent loss and corruption of sensitive data Protect workstations from unknown, future system vulnerabilities Maximize system performance
Faronics Layered Security
Changing the way
the world thinks
about security.
Faronics Customers
About Faronics
Intelligent software solutions for ABSOLUTE control
In business since 1996
Over 8 million licenses deployed
Over 30,000 customers in over 150 countries
Offices in USA, Canada & UK
Affiliations
Awards
Next Steps
Try Faronics Anti-Executable at: www.faronics.com
Contact Faronics
Via email: [email protected]
Via phone:800-943-6422
Q&A