Turning the Tide: Fending off Cyber Threats

Transcription

1 SESSION ID: SPO1-W05A Turning the Tide: Fending off Cyber Threats Authenticate / Protect / Respond Roy Murdoch SE Manager NEMEA Proofpoint

2 Who s in the Actors Sights?

3 Attacks Increasingly Target Individuals, Not Infrastructure Threats use social engineering, not vulnerabilities Shift to cloud creates new threat vectors, data exposure fraud becomes board-level issue 99%+ Rely on user to run malicious code 90% Malicious links are credential phishing $5.3B Direct losses since January 2015, up 2,370% Source: FBI 50,000+ Organisations victimised worldwide

4 Organisations Underinvest in ; Attackers Don t IT Security Industry Attack Vectors Network 62% Endpoint 18% Web 12% 8% Other 90%+ of sophisticated attacks target people, largely via Source: Gartner (2017 forecast) Source: Verizon DBIR, Trend Micro, FEYE, etc.

5 Protecting Your People is the Key Trust Enterprises of all sizes face similarly sophisticated, targeted attacks Process Accounts Data Money 4.6% of all malicious URLs clicked on, 75% within the 1 st hour 45% from mobile devices Organisations without large security teams can t react quickly SaaS Apps World-class effectiveness against humantargeted attacks gives small teams a fighting chance

6 The Need to Authenticate

7 What DMARC Helps Prevent? FW: Vendor payment, URGENT! BL Bryan Littlefair Friday, 30 th June 2017 at 4.47 pm Thomas Stoddard Thomas, please see below I authorise this and we need it done by 5.30 today. Call Iain if you need details. Bryan Sent from my iphone please excuse brevity Accounting changes, action rq d PA Paul Auville <paul.auville@proofpoint.com> Monday, 19 th June 2017 at John Parry Hi John, We re making some banking changes ahead of the Hong Kong project completion.please update the account details for final payments: China Merchants Bank, H. O. Shenzhen (SWIFT CODE: CMBCCNBSXXX) Confirmation of itinerary, San Jose California 07/09/2017 LT Lufthansa Ticketing <ticketing@lufthansa.de> Monday, 19 th June 2017 at Bob Fisher It s my pleasure to confirm your ticket purchase for flights to San Jose, California, on the 7 th of September Please find attached full details including your credit card transaction record. Regards, The Lufthansa Team.

8 DMARC Survey Across EMEA DMARC Status Across EMEA Companies 1% 7% 1% 20,000 EMEA Companies Only 9% DMARC Enabled 91% No Silver Bullet Will NOT Prevent All Attacks Complements Protection Audit Mode Quarantine Mode Reject Mode Without DMARC

9 The Need to Protect

10 Protecting Against Advanced Attacks: Malware Customised attachment name and hash Compromised sender with good reputation Correct name, phone, and address for targeted company in fake legal claim Malware inside a Word document inside another doc

11 Protecting Against Advanced Attacks: Credential Phishing Claims to be secure Sent from lookalike domain Link to hijacked site with good reputation

12 Protecting Against Advanced Attacks: Fraud Not targeting senior executive ( whaling ) From: Partner <partnerexec@partner.com> Subject: Big new order please ship ASAP Date: Oct 9, :07 AM PDT To: order admin<oa@acme.com> Hi, Please ship our next order to: 5545 Elm St Springfield, US Thanks, Alice No malicious content to analyse Sender has good reputation Appears to come from trusted source

13 O365 & Cybersecurity: It s hard to keep up O365 is the Biggest Target O365 is a Soft Target Threats are a Moving Target 13

14 Prepared to Respond Quickly

15 Dealing with the Attack Security Time to remediate Messaging Maintaining during outage Blocking malware infections BEC Managing routing Lack of threat intelligence Visibility Response Message Tracing Managing Greymail Respond to threats to reduce exposure time Time to remove malicious

16 Infrastructure Considerations Visibility into the who, what, where and how targeted of an attack Visibility/Response Enhance real-time analysis of security alerts in your environment for detection and response Security Continuity Superior security Continuity delivered / accessed Quarantine URL Access Integration with enforcement points for faster response, saving clean-up costs Enforcement Points Automated verdict of infection cuts time to response/remediation Network Access SIEM User Access

17 Apply What You Have Learned Today Areas to review: Authenticate If you don t have Authentication enabled, ask why not o Protect How well are you protected, want to run a scan on your existing mail boxes for greater visibility? o Respond How quickly would you security and messaging teams be able to react if something gets through? 17

18 Thank you For More Information, come to Stand: 8 rmurdoch@proofpoint.com