What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Similar documents
Modern attacks and malware

Secure solutions for advanced threats

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

HOSTED SECURITY SERVICES

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Service Provider View of Cyber Security. July 2017

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Cyber Security Trends A quick guide

10 FOCUS AREAS FOR BREACH PREVENTION

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

PRODUCT OVERVIEW. Extend your security intelligence from local network to global cyberspace

Building a Threat Intelligence Program

Table of Contents EXECUTIVE SUMMARY AND MAJOR FINDINGS...3 INTRODUCTION...8 THE EXPANSION OF THE ATTACK SURFACE...10 ATTACKER BEHAVIOR...

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

with Advanced Protection

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

RSA NetWitness Suite Respond in Minutes, Not Months

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

Detecting breach. There are only two types of organisations in the world... Terry Greer-King Director, Cyber security, UK & Africa May 2017

2017 RIMS CYBER SURVEY

Cyber Attack: Is Your Business at Risk?

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

2018 Cyber Security Predictions

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Panda Security. Corporate Presentation. Gianluca Busco Arré Country Manager

Cybersecurity 2016 Survey Summary Report of Survey Results

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Phishing Activity Trends Report August, 2006

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

CloudSOC and Security.cloud for Microsoft Office 365

Cyber Insurance: What is your bank doing to manage risk? presented by

Security in India: Enabling a New Connected Era

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

PEOPLE CENTRIC SECURITY THE NEW

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

PRODUCT OVERVIEW. On-demand threat investigation, root cause analysis and remediation advice without the need for extra internal resources

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

CYBERSECURITY PREPAREDNESS AND RESPONSE

Annual Cybersecurity Report

Multilayered technology, machine learning and human expertise working together to provide comprehensive security for all platforms.

THALES DATA THREAT REPORT

Top 10 Global Threat Rank by Source

Cybersecurity The Evolving Landscape

Ransomware A case study of the impact, recovery and remediation events

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Combating Cyber Risk in the Supply Chain

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Sophos. Allan Widell Channel Account Executive. 24. August 2017

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

What is a mobile protection product?

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

CyberEdge Group 2018 Cyberthreat Defense Report

Security Made Simple by Sophos

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

How do you decide what s best for you?

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Cybersecurity Survey Results

U.S. State of Cybercrime

Best Practices in Securing a Multicloud World

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cyber Defense Operations Center

SOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Protecting organisations from the ever evolving Cyber Threat

Gujarat Forensic Sciences University

Phishing Activity Trends Report August, 2005

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

2017 Annual Meeting of Members and Board of Directors Meeting

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

OA Cyber Security Plan FY 2018 (Abridged)

RSA INCIDENT RESPONSE SERVICES

Security & Phishing

Phishing Activity Trends

AKAMAI CLOUD SECURITY SOLUTIONS

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

GLOBAL ENCRYPTION TRENDS STUDY

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Rethink Enterprise Endpoint Security In The Cloud Computing Era

SECURING THE DIGITAL ECONOMY. Reinventing the Internet for Trust

Governance Ideas Exchange

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

Architecting a More Effective Enterprise Security Program

Business continuity management and cyber resiliency

PT Unified Application Security Enforcement. ptsecurity.com

CYBERSECURITY RISK LOWERING CHECKLIST

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

ForeScout Extended Module for Splunk

Kaspersky Security Network

Transcription:

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic to Triple by 2020 2.3 ZB Annual global IP traffic 66% of IP traffic will be from Wi-Fi and mobile devices 82% of all consumer Internet traffic will be video 2x Broadband speeds will double

Crack in the Bottom Line Over 25% of Revenue at Risk from a Security Breach 29% experienced a loss of revenue 38% of them experienced a significant loss (>20%)

Cisco Telemetry Global 2017 Security Capabilities Benchmark Study 16 billion web requests a day 600 billion emails a day In aggregate, block almost 20 billion threats per day More than 1.5 million unique malware samples daily 18.5 billion AMP queries CloudLock Telemetry 10 million users under management 15 billion user activities being tracked 222,000 apps discovered 1 billion files monitored daily Conducted over the summer of 2016 Study included 13 countries United States Brazil Germany Italy United Kingdom Australia China India Japan Mexico Russia France Canada Over 2900 respondents CSOs 49% SecOps 51% Large enterprise 12% Enterprise 38% Midmarket 50%

Perception High confidence in tools 69% Contain & Remediate Exploits 58% of professionals feel their security infrastructure is very up to date. 71% Detect Anomalies 69% Assess Risks 71% Enforce Policies 74% Block Threats More than two-thirds perceive their security tools to be very and extremely effective.

Out in the Open Half of Organizations Come Under Public Scrutiny Due to Security Breach 49% of organizations have faced public scrutiny of a security breach How did this most recent breach become known externally? 50% Voluntary Disclosure 31% Involuntary Disclosure 31% Reporting Requirements

The Top 4 Sources of Concern Which Security Professionals Found in Defending Against a Cyberattack Mobile Devices Data in Public Cloud Cloud Infrastructure User Behavior 58% 57% 57% 57% Percentage of respondents who find the category very and extremely challenging to defend

Hard to Defend Effort and Time Spent on Areas of Concern Where does the security team spend the majority of its efforts? 47% Servers 29% Customer Data 23% Endpoints 4 most time-consuming 20% Firewall 16% DDoS Defense 16% Data Loss Prevention https:// 15% Encryption/Privacy/ Data Protection 4 most effective 28% Firewall 14% DDoS Defense 14% Data Loss Prevention https:// 17% Encryption/Privacy/ Data Protection

Email is still the #1 threat vector (people are still the weakest link)

Cisco is a Market Leader for Secure Email Gateways for a Whole Decade This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Cisco. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner s Magic Quadrant for Secure Email Gateways Peter Firstbrook, Neil Wynne, June 29, 2015

Emails / Second Spam Comes Roaring Back Email is Back in Vogue 5K 4.5K 4K 3.5K 3K 2.5K 2K 1.5K 65% of email is spam 8% of spam is malicious 1K.5K 2010 2013 2016

Phishing leaves businesses on the line Phishing $500M Spoofing Ransomware 30% 94% malicious attachments 1 are opened 1 of phish mail has of phishing messages Loss incurred due to phishing attacks in a year by US companies 2 1 2016 Cisco Annual Security Report 2 2016 Verizon Data Breach Report, Kerbs on Security Messages contain attachments and URL s Socially engendered messages are well crafted and specific Credential hooks give criminals access to your systems

Spoofing rates are on the rise Phishing Spoofing 270 % increase 1 $2.3B Ransomware 2015 2016 In losses from spoofing 2013-2015 1 1 FBI Warns of Dramatic Increase in Business email scams, 2016 Forged addresses fool recipients Threat actors extensively research targets Money and sensitive information are targeted

Ransomware holding companies hostage Phishing Spoofing Ransomware 9,515 users are paying ransoms per month 2 Ransomware represents the biggest jump in occurrences of crimeware 1 $60M Cost to consumers and companies of a single campaign 2 1 2016 Verizon Data Breach Report, Kerbs on Security 2 2016 Cisco Annual Security Report Malware encrypts critical files Locking you out of your own system Extortion demands are made

Process of Attacks Research, identify and select targets Pair remote access malware with exploits Deliver cyberweapons by email, website and attachments Install payloads to gain persistent access

Obstacles to Advancing Security Business Constraints Complexity 35% Budget (-4%) 28% Compatibility Issues (-4%) 1-5 (45%) 6-10 (29%) Vendor 55% of organizations use 6 to >50 security vendors 11-20 (18%) 21-50 (7%) Over 50 (3%) 2016 (n=2,850) 25% Lack of Trained Personnel (+3%) 25% Certification Requirements (+/-0%) 1-5 (35%) 6-10 (29%) Products 65% of organizations use 6 to >50 security products (Change from 2015) 11-20 (21%) 21-50 (11%) Over 50 (6%) 2016 (n=2,860)

Over 4 Out of 10 Security Alerts are Never Investigated: Why? The Uninvestigated Alerts Create Huge Business Risk 7% experienced NO security alert 44% of alerts are NOT investigated 56% of alerts are investigated 93% experienced security alert 46% of legitimate alerts are remediated 54% of legitimate alerts are NOT remediated 28% of investigated alerts are legitimate 2016 (n=5000)

For Every 5000 Alerts, 616 Legitimate Were Never Investigated or Remediated 5000 Total Alerts 2200 Not Investigated 616 Legitimate

Security Breaches Paralyze Systems and Impact Key Business Operations Business Impact Operational Impact 36% Operations 30% Finance 26% Brand Reputation 26% Customer Retention 1-8 Hours time that systems were down for 65% of organizations Nearly 30% of systems were impacted for 61% of organizations

Losses After an Attack are Real for Organizations $ Opportunity Revenue 23% 29% 42% were losses >20% 38% were losses >20% Customers 22% 39% were losses >20% 2017 Security Capabilities Benchmark Study (n=2,912)

Breaches Driving Improvement 38% said a breach drove improvements in security threat defense policies, procedures or technologies to a great extent. Improvements Made to Protect Your Company from Security Breaches (Top 5 mentions) 38% 38% 37% 37% Separated the security team from the IT department Increased security awareness training among employees Increased focus on risk analysis and risk mitigation Not at all Increased investment in security defense technologies or solutions I B R (2016: n=1388) 37% Increased investment in the training of security staff (2016: n=1375 )

Drivers Minimizing Risk Make Security a Business Priority Leadership must own, evangelize, fund security. Measure Operational Discipline Review security practices, control access points, patch. Test Security Effectiveness Validate, improve security practices, network connection activity. Integrate Defense Approach Implement architectural approach to security, automate processes to reduce time to react to, stop attacks.. Attack Preparedness Plan

Drivers Minimizing Risk Executive Leadership Executive leadership must own and publicly evangelize security as a high priority. Policy Regularly review security practices, and control access points to networks systems, applications, functions, and data. Protocols Regularly, formally and strategically review and improve both security practices and connection activity on the network. Tools Put tools in place to enable users to review and provide feedback on security, and empower them to increase security controls on high-value assets. Detect To alert your organization to security weaknesses before they become full-blown incidents, implement a system for categorizing incident-related information. Prevent To minimize impact of breaches, encourage employees to report failures and problems, and clearly communicate security processes and procedures. Mitigate Implement and document exact procedures for incident response and tracking. Inform and educate all parties on precise, step-by-step crisis management response protocol. Minimized Risk

Industry Perspective

Mitigating Third-Party Risk Business Model Business Offering Value Chain

Encryption and Security Organizational Security Data Encryption Individual Privacy Government Mandates

Keys to Success Integration of technology reduces opex for success, reduces the burden on existing people, and delivers better outcomes. Automated Simple Open

Summary

Annual Cisco Cybersecurity Report Download the Cisco 2017 Annual Cybersecurity Report www.cisco.com/go/acr2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback