BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST FRAUD

Transcription

1 BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST FRAUD Navindra Ramnauth CISSP Principal Sales Engineer Proofpoint, Inc.

2 Proofpoint at a Glance LEADING CUSTOMERS DEEP SECURITY DNA UNIQUE VISIBILITY ENTERPRISE CLASS ~60% of the Fortune threat ops and research team 20B+ messages processed daily 8 straight years of MQ leadership 6,000+ Enterprise Customers 38,000+ Essentials Customers 120+ Tier 1 ISPs ~25% revenue invested in R&D 330K+ daily unique malware samples from malware exchange 1T+ node threat graph 60M+ mobile apps scanned 90%+ renewal rate Proofpoint, Inc.

3 THE BILLION DOLLAR PROBLEM Proofpoint, Inc.

4 Security: Rapidly Evolving Landscape $ Invented Hello, WWW! Spam Malware Spear Phishing Social Eng Attacks Data Breaches Ransomware BEC $712 Per employee $3.7M Per company $1B+ For large breaches $5B In 2017 $5.3B worldwide Source: CSOonline.com, Cybersecurity ventures, Nucleus Research, FBI Proofpoint, Inc.

5 is vulnerable to identity deception Anyone can pretend to be anyone Think of the from field being entirely editable Even the SMTP protocol itself states that is inherently vulnerable to identity deception There is nothing to stop me sending an to anyone pretending to be Donald Trump at the White House dot gov Proofpoint, Inc.

6 Definitions fraud: Criminal use of identity deception and Social engineering tactics over to Dupe a target into giving up money, data, information or access fraud targets: Employees/Educators Supply Chain Public Business Compromise (aka CEO impersonation, whaling, etc.): B2B flavor of fraud Originally synonymous with wire transfer fraud Proofpoint, Inc.

7 Independent survey of 2,250 businesses 75 percent of organizations experienced at least one targeted fraud attack > 77 percent of businesses expect they will fall victim to fraud in next 12 months Proofpoint, Inc.

8 How Are Companies Protecting Themselves? Proofpoint, Inc.

9 Who Is Most At Risk? Proofpoint, Inc.

10 WHY THESE ATTACKS ARE SO SUCCESSFUL Proofpoint, Inc.

11 Fraud Characteristics Proofpoint, Inc.

12 Everyone is Targeted All Organizations - Large and Small Large and small organizations worldwide are getting targeted All Industries All industries are targeted Average BEC attacks per company targeted Average BEC Attacks Per Company Targeted Vertical 2017-Q2 Manufacturing VERTICAL 2017-Q2 Telecommunications Manufacturing 44 Technology Telecommunications 39 Energy/Utilities Technology 38 Energy/Utilities 31 Business Services Business Services 29 Automotive Automotive 26 Financial Services Financial Services 23 Retail Retail 22 Transportation Transportation 20 Healthcare Healthcare 19 Entertainment/Media Entertainment/Media 17 CFO HR FINANCE PAYROLL COO All Functions All functions within organizations are targeted CFO 47% HR Finance Payroll 25% 25% 13% 13% 8% 8% COO 5% 5% 47% Source: Proofpoint Threat Research Proofpoint, Inc.

13 4 Common Fraud Personalities The Authoritarian The Conversationalist The Fake Chain of s The False Approver Exploit leadership position Build dialogue Illusion of credibility Establish believability Create urgency Seek to earn trust Realistic experience Move from channel Avoid dialogue Follow-up Elicit emotional response Evade detection Proofpoint, Inc.

14 Budgeting/staff costs Budgeting/staff costs PS Paul Smith Monday, 19 th June 2017 at Sarah Foster Hi Sarah, I m finalizing the budget forecast for staff costs for next year - can you send over the W2 s for the office based staff? Any questions please call me (I m going to be in the car for the next couple of hours). Thanks and regards, Paul Paul Smith Chief Financial Officer Proofpoint, Inc.

15 Accounting changes, action rq d Accounting changes, action rq d SR Steve Roberts <jroberts@trustedpartner.com> Monday, 19 th June 2017 at John Parry Hi John, We re making some structural banking changes ahead of March Please update the payment details you use for out international business to the following: China Merchants Bank, H. O. Shenzhen (SWIFT CODE: CMBCCNBSXXX) Account Number: Account Holder: Partner International Holdings Any questions ring me on (408) Steve Steve Roberts Trusted Partner Proofpoint, Inc.

16 How Are Companies Protecting Themselves? Proofpoint, Inc.

17 92% OF COMPANIES WERE TARGETED BY AT LEAST 1 ATTACK IN Q DOMAIN SPOOFING yourcompany.com % of customers targeted by BEC tactic 63% LOOK-ALIKE DOMAIN y0urc0rnpany.com 15% DISPLAY NAME SPOOFING <John Smith> 92% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Proofpoint, Inc.

18 HOW TO STOP FRAUD Proofpoint, Inc.

19 Multi-Layered Security: Identity & Security Screening Proofpoint, Inc.

20 IDENTITY CONTROL Proofpoint, Inc.

21 Authentication Legitimate Company Legitimate Partner Inbox Suspicious Proofpoint, Inc.

22 Lookalike Domain Discovery acme.com company.com acme-us.com cornpany.com proofpoint.com proofp0int.com DETECT & ANALYZE FLAG SUSPICIOUS TAKE DOWN Proofpoint, Inc.

23 CONTENT ANALYSIS Proofpoint, Inc.

24 Classification Sender has a good reputation From: Partner <partnerexec@partner.com> Subject: Account Changes, Action Required Date: Oct 9, :07 AM PDT To: order admin<oa@acme.com> Potentially suspicious subject Appears to come from a trusted source Hi John, We re making some structural banking changes ahead of March Sender/receiver relationship Please update the payment details you use for out international business to the following: China Merchants Bank, H. O. Shenzhen (SWIFT CODE: CMBCCNBSXXX) Account Number: Account Holder: Partner International Holdings Thanks, Alice Potentially suspicious content to analyze Proofpoint, Inc.

25 Data Loss Prevention DOC JPG PDF PPT DETECT and BLOCK BEC-related content sent from the organization Proofpoint, Inc.

26 Proofpoint Fraud Proofpoint, Inc.

27 Point Solutions Only Solve Part of the Problem Tactic & Target Employees Customers Partners Domain spoofing Person Person Vendor 1 Person <person@company.com Cousin domains Person <badguy@gmail.com Person <badguy@gmail.com Person <badguy@gmail.com Display Name spoofing Vendor 2 Person <person@c0rnmpany.com Person <person@c0rnmpany.com Person <person@c0rnmpany.com Proofpoint, Inc.

28 Proofpoint s EFD 360 Tactic & Target Employees Customers Partners Domain spoofing Person <person@company.com Person <person@company.com Person <person@company.com Cousin domains Person <badguy@gmail.com Person <badguy@gmail.com Person <badguy@gmail.com Display Name spoofing 360 protection across ALL fraud tactics and targets Person <person@c0rnmpany.com Person <person@c0rnmpany.com Person <person@c0rnmpany.com Proofpoint, Inc.

29 Proofpoint s EFD 360 Tactic & Target Employees Customers Partners Domain spoofing Person <person@company.com Person <person@company.com Person <person@company.com Cousin domains Person <badguy@gmail.com Person <badguy@gmail.com Person <badguy@gmail.com Display Name spoofing 360 protection across ALL fraud tactics and targets Person <person@c0rnmpany.com Person <person@c0rnmpany.com Person <person@c0rnmpany.com Visibility and control from a SINGLE pane of glass Proofpoint, Inc.

30 Proofpoint, Inc.