scary (but true) cybersecurity horror stories
TRANSCRIPT
4 CYBERSECURITY HORROR STORIESGUARANTEED TO KEEP CSOs UP AT NIGHT
HACKERS ARE MAKING THEMSELVES AT HOME IN ENTERPRISE NETWORKS MORE THAN EVER BEFORE.
On average, hackers go undetected for 46 DAYS – a 229% INCREASE* over
the past six years. *Ponemon Institute 2015 Cost of Cyber Crime Study
WANT TO GIVE YOUR CFO A FRIGHT, TOO?
Cyber attacks on U.S. enterprises cost an
average of $12.7 MILLION* in annual damages.
*Report: Cybercrime costs US $12.7M a year
SO, HOW ARE HACKERS AVOIDING DETECTION?
POINT-OF-SALE SYSTEMS BREACHES
Non-privileged employees can pick up viruses that ride VPN connections and make connections with PoS systems. In one instance, we found a virus that made connections with 1,700 PoS systems.
HORROR STORY #1
POINT-OF-SALE SYSTEMS BREACHES
By monitoring for anomalous behavior by user, it was clear that the access was unwarranted. Russian hackers alone profited more than $2.5 billion from PoS-related cybercrime in 2014.*
HORROR STORY #1
* https://www.sans.org/reading-room/whitepapers/bestprac/point-sale-pos-systems-security-35357
FRIGHTENINGLY EASY EMAIL FRAUD
When a hacker gains an executive’s credentials, the hacker can easily order a money wire transfer while the executive is on vacation or away from email. This can result in thousands of dollars missing from a company in a matter of hours.
HORROR STORY #2
FRIGHTENINGLY EASY EMAIL FRAUD
As of January 2015, companies in the United States had wired an estimated $179,755,367 to hackers. Victims in other countries have wired $35,217,136.22.* Without behavior monitoring, there is no way to differentiate the executive from the hacker posing as an executive.
HORROR STORY #2
* http://consumerist.com/2015/03/10/scammers-are-taking-more-money-with-fake-boss-wire-transfer-schemes/
EERIE IDENTITY SWITCHING
A solar company believed Chinese hackers had breached two machines and was in the process of securing them. The security team later found that the hackers had switched identities and compromised 57 machines across the company network.
HORROR STORY #3
EERIE IDENTITY SWITCHING
Security teams must monitor every step of the attack chain to catch the hackers as they switched identities. Without a full picture of the attack chain, there is no way to know where hackers have created back doors to stay within a network.
HORROR STORY #3
REACHING ACROSS INTERNATIONAL NETWORKS
In a breach of a large e-commercecompany, hackers accessed systems in Mumbai and China using stolen credentials from a California-based employee. Most security systems don’t monitor the location of employee log-ins.
HORROR STORY #4
REACHING ACROSS INTERNATIONAL NETWORKS
Without monitoring for anomalous behaviors of each user, hackers posing as employees often go undetected. User behavior analytics follows the locations and behaviorial patterns of each user.
HORROR STORY #4
Are you ready to get serious about the threats
haunting your network?
LET’S TALK