scary (but true) cybersecurity horror stories

13
4 CYBERSECURITY HORROR STORIES GUARANTEED TO KEEP CSOs UP AT NIGHT

Upload: exabeam

Post on 09-Feb-2017

659 views

Category:

Technology


2 download

TRANSCRIPT

Page 1: Scary (but true) cybersecurity horror stories

4 CYBERSECURITY HORROR STORIESGUARANTEED TO KEEP CSOs UP AT NIGHT

Page 2: Scary (but true) cybersecurity horror stories

HACKERS ARE MAKING THEMSELVES AT HOME IN ENTERPRISE NETWORKS MORE THAN EVER BEFORE.

On average, hackers go undetected for 46 DAYS – a 229% INCREASE* over

the past six years. *Ponemon Institute 2015 Cost of Cyber Crime Study

Page 3: Scary (but true) cybersecurity horror stories

WANT TO GIVE YOUR CFO A FRIGHT, TOO?

Cyber attacks on U.S. enterprises cost an

average of $12.7 MILLION* in annual damages.

*Report: Cybercrime costs US $12.7M a year

Page 4: Scary (but true) cybersecurity horror stories

SO, HOW ARE HACKERS AVOIDING DETECTION?

Page 5: Scary (but true) cybersecurity horror stories

POINT-OF-SALE SYSTEMS BREACHES

Non-privileged employees can pick up viruses that ride VPN connections and make connections with PoS systems. In one instance, we found a virus that made connections with 1,700 PoS systems.

HORROR STORY #1

Page 6: Scary (but true) cybersecurity horror stories

POINT-OF-SALE SYSTEMS BREACHES

By monitoring for anomalous behavior by user, it was clear that the access was unwarranted. Russian hackers alone profited more than $2.5 billion from PoS-related cybercrime in 2014.*

HORROR STORY #1

* https://www.sans.org/reading-room/whitepapers/bestprac/point-sale-pos-systems-security-35357

Page 7: Scary (but true) cybersecurity horror stories

FRIGHTENINGLY EASY EMAIL FRAUD

When a hacker gains an executive’s credentials, the hacker can easily order a money wire transfer while the executive is on vacation or away from email. This can result in thousands of dollars missing from a company in a matter of hours.

HORROR STORY #2

Page 8: Scary (but true) cybersecurity horror stories

FRIGHTENINGLY EASY EMAIL FRAUD

As of January 2015, companies in the United States had wired an estimated $179,755,367 to hackers. Victims in other countries have wired $35,217,136.22.* Without behavior monitoring, there is no way to differentiate the executive from the hacker posing as an executive.

HORROR STORY #2

* http://consumerist.com/2015/03/10/scammers-are-taking-more-money-with-fake-boss-wire-transfer-schemes/

Page 9: Scary (but true) cybersecurity horror stories

EERIE IDENTITY SWITCHING

A solar company believed Chinese hackers had breached two machines and was in the process of securing them. The security team later found that the hackers had switched identities and compromised 57 machines across the company network.

HORROR STORY #3

Page 10: Scary (but true) cybersecurity horror stories

EERIE IDENTITY SWITCHING

Security teams must monitor every step of the attack chain to catch the hackers as they switched identities. Without a full picture of the attack chain, there is no way to know where hackers have created back doors to stay within a network.

HORROR STORY #3

Page 11: Scary (but true) cybersecurity horror stories

REACHING ACROSS INTERNATIONAL NETWORKS

In a breach of a large e-commercecompany, hackers accessed systems in Mumbai and China using stolen credentials from a California-based employee. Most security systems don’t monitor the location of employee log-ins.

HORROR STORY #4

Page 12: Scary (but true) cybersecurity horror stories

REACHING ACROSS INTERNATIONAL NETWORKS

Without monitoring for anomalous behaviors of each user, hackers posing as employees often go undetected. User behavior analytics follows the locations and behaviorial patterns of each user.

HORROR STORY #4

Page 13: Scary (but true) cybersecurity horror stories

Are you ready to get serious about the threats

haunting your network?

LET’S TALK