Robert Potter Vice President Americas Symantec 1
TODAY S ADVANCED ADVERSARY HACKING CYBER CRIME CYBER ESPIONAGE CYBER WARFARE
Notable Targeted Attack Groups Active in 2015 Black Vine CN based attacks on primarily aerospace and healthcare, including Anthem and OPM in search of intellectual property and identities Rocket Kitten Iran based state-sponsored espionage attacks on journalists, human rights activists, and scientists Duke State-sponsored attacks against Western state organizations Emissary Panda Attacks against aerospace, intelligence, telecommunications, energy, and nuclear engineering industries in search of intellectual property Turla RU-based espionage attacks against government institutions and embassies Butterfly Attacks against multi-billion dollar corporations in IT, pharmaceuticals, commodities and includes Facebook and Apple for insider trading 2016 Internet Security Threat Report Volume 21 3
In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582 That s 1 Million 179 Thousand A DAY! 4
AN ESCALATING THREAT LANDSCAPE RECORD HIGH NUMBERS DIGITAL EXTORTION ON THE RISE WEBSITES 429M total identities exposed 9 mega breaches, up 125% 191M identifies exposed in one breach 431M new malware created 35% increase in cryptoransom ware 992 devices held hostage each day 76% of websites had vulnerabilities ZERO-DAY THREATS MANY SECTORS UNDER ATTACK 54 all-time high Top 5 unpatched for 295 days Healthcare 120 security incidents Retail 33 security incidents Financial 30 security incidents Education 20 security incidents Government 17 security incidents
Top 10 Sectors Breached by Number of Incidents Sector Number of Incidents % of Incidents 1 Services 200 65.6% 2 Finance, Insurance, & Real Estate 33 10.8% 3 Retail Trade 30 9.8% 4 Public Administration 17 5.6% 5 Wholesale Trade 11 3.6% 6 Manufacturing 7 2.3% 7 Transportation & Public Utilities 6 2.0% 8 Construction 1 0.3% Top 10 Expanded Sectors Breached by Number of Incidents Sector Number of Incidents % of Incidents 1 Health Services 120 39.3% 2 Business Services 20 6.6% 3 Educational Services 20 6.6% 4 Insurance Carriers 17 5.6% 5 Hotels & Other Lodging Places 14 4.6% 6 Wholesale Trade - Durable Goods 10 3.3% 7 Eating & Drinking Places 9 3.0% 8 Executive, Legislative, & General 9 3.0% 9 Depository Institutions 8 2.6% 10 Social Services 6 2.0% 6
CHALLENGE IN BUILDING A SECURITY ARCHITECTURE Identity Symantec Access Manager Symantec VIP 2-Factor Provision & De-provisioning Symantec MPKI On Guard (Lenel) Picture Perfect (GE) SymPass SAFE Identity and Access Mgmt. Endpoint Devices Content & Collaboration Applications Data Infrastructure Symantec Data Loss Prevention Firewalls Cisco, Juniper Networ Red Seal k SecureW2 Wifi Security Symantec Endpoint Protection Symantec Endpoint Encryption Encryption in Transport Symantec Endpoint Encryption Assurance CM (SERT) Cenzic Application Scan Symantec Data Loss Prevention Data Enrichment Symantec Email Gateway SourceFire IDS QualysGuard Airmagnet Wifi Security Symantec Data Loss Prevention Symantec Device Mgmt. (ITMS) Email MS Exchange Protection Assurance NM (SIREN) Openfire Incident Response Chat Symantec Endpoint Encryption Symantec Endpoint Encryption File Analysis SafeNet Web Gateway Akami Layer 7 Filtering Mobile Device Mgmt. Secure Data Collaboration Instant Messaging Protection HP Fortify Symantec EV. Cloud & Enterprise Vault Secure / Sharing Un-structured Data Compute & Storage Symantec Certificates Symantec DLP QualysGuard Asset Mgmt/ServiceNow License Mgmt. ediscovery Clearwell Manager Enterprise Vault Data Retention Encase Product Suite Web Application Firewall Control Compliance Suite Critical Systems Security Monitoring & Analysis Syslog Splunk Symantec MSS Arcsight GSO Security Ops Center Co3 Systems OTRS SOC Ticketing User Behavior Analysis Services Symantec Incident Response DeepSight Managed Security Services Symantec Products Third Party Products Capability Gap Policy Required GSO Tool \ Service 7
The Boundaries Continue to Expand Creating Moving Targets Hackers Cloud Remote Offices/ Workers Authentication & Encryption Mobile Devices Virtualization Malicious & Well-meaning Users Cyber Threats Social Media Compliance Advanced Persistent Attacks 8
CRITICAL CRITERIA TO BUILDING YOUR SECURITY POSTURE FRAMEWORK & ARCHITECTURE INTELLIGENCE OF TELEMETRY & TECHNIQUE CAPABILITIES & INNOVATION ABILITY TO ENGAGE, RESPOND, AND REMEDIATE, TRUST 9
Organizations Defining/Following Frameworks 10
Organizations now reling on Defining Risk and Trust Models VULNERABILIITES THREATS & INTELLIGENCE CONSEQUENCES RISK 11
Leveraging and Building Intelligence and Knowledge Dangerous Threats Actors Telemetry - Techniques BIG DATA Massive Security Data Archive UNIQUE VISIBILITY Hundreds of millions of URLs, domains and IP addresses monitored 10 trillion logs/year collected GLOBAL INTELLIGENCE NETWORK THREAT INTELLIGENCE TEAMS ANALYST CONTEXT Analysts leverage Symantec s Managed Adversary Threat Intelligence about threat actors to provide tailored insights on what s happening in your environment. 500+ Threat Researchers Across 6 Global SOCs 12
Scale is critical in offering UNIQUE THREAT VISIBILITY 175M endpoints 57M attack sensors in 156 countries 30% of world s email traffic scanned/day 182M web attacks blocked last year 8 threat response centers, with 500+ security analysts 7.6T rows of telemetry 200K rows added/second
You Leverage A Framework, Invested in Intelligence, Invested in Innovative Capabilities Why do you still need to worry about Threats & Vulnerabilities? 14
Criminals Have Become Increasingly Active! There are those who have been caught and those who have not 15
Zero-Days 16
Zero-Day Vulnerabilities 23 24 54 16 14 12 13 15 12 14 14 10 8 6 9 8 4 2 0 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 17
Targeted Phishing Attacks 18
Spear-Phishing Attacks by Size of Targeted Organization Org Size 2015 Risk Ratio 2015 Risk Ratio as Percentage Attacks per Org Large Enterprises 2,500+ Employees Medium Business 251 2,500 Employees Small Business (SMB) 1 250 Employees 1 in 2.7 38% 3.6 1 in 6.8 15% 2.2 1 in 40.5 3% 2.1 19
Ransomware 20
Growing Dominance of Crypto-Ransomware MISLEADING APP FAKE AV LOCKER RANSOMWARE CRYPTO RANSOMWARE 21
35% Increase in Crypto-Ransomware Attacks 35% 22
Consequences 23
Total Identities Exposed Through Breaches 500 ESTIMATED +30% +23% 24
Professionalization of Cyber Crime & Consumer Scams 25
TeslaCrypt Ransomware Technical Support Available 26
Why Retr3at and the Educational Concepts of Montreat College s Cyber Ethics is critical?
www.symantec.com/threatreport Robert Potter Vice President Americas Symantec rob_potter@symantec.com Thank you! Copyright 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.