290 likes | 298 Vues
Discover the shocking realities of cybercrime and its impact on businesses. Learn about prevalent cybersecurity issues, emerging trends, and effective measures to protect your organization. It's time to take action!
E N D
Common Cyber Security Myths An Update on Cyber Security
Inconvenienttruths… 230,000 new malware samples collected daily 43 percent of all attacks target small businesses Since 2013, 2,645 digital records stolen every minute of every day 3 of 4 healthcare providers infected with malware in past 12 months $100,000,000,000 stolen since 2012 Cybercrime is the greatest threat to every company in the world it.troy.edu/security
Prevalence of Cybersecurity Issues • 2017 – Almost 160,000 documented incidents and 2,200+ confirmed data breaches – double the documented incidents in 2018 • Ten vulnerabilities accounted for 97% of all documented exploits • The remaining 3% consist of over 7,000,000 different vulnerabilities, some dating to 1999 • Average cost per stolen record: $148.00; almost half of 2018; yet cost of data breach is up 6.4% • 134,000 security incidents were related to Ransomware • Average breach time is less than two minutes • 13% response to Phishing attempts – 10% less than 2018; however volume increased by 400% it.troy.edu/security
Cybersecurity Trends • Specificity of targets have increased since 2005 • Casting a wider net, with a directed approach • Users continue to be a major source of problems • 73% of successful attacks are attributed to user problems • 42% of successful attacks result from misconfigured systems • 31% of successful attacks result from end-user error • Poor security awareness and IT product management • 99.9% of the exploited vulnerabilities in 2017 had associated patches that were over 1 year old • Awareness campaigns are often poorly designed and lack “teeth” • 96% of mobile malware targets Android devices it.troy.edu/security
“Are you sure?” it.troy.edu/security
Users, users everywhere it.troy.edu/security
Cloud, you say? it.troy.edu/security
The bad actors find success… it.troy.edu/security
Data classification matters it.troy.edu/security
Measures that affect breach costs it.troy.edu/security
It’s Time to Act. Now! it.troy.edu/security
Myth #1 – It Won’t Happen to Me! • Common misconception • Small doesn't mean overlooked • We don’t store anything significant • All of my stuff is stored in “the cloud” • I can recover with backups… • Small businesses suffer the majority of attacks – • Healthcare and Retail are most popular it.troy.edu/security
They are already in… it.troy.edu/security
Cybersecurity Trends – Small Businesses it.troy.edu/security
Myth #2 – Hackers are geniuses from over there… it.troy.edu/security
Myth #2 – Hackers are geniuses from over there… Honestly, who cares? it.troy.edu/security
Myth #3 – “I’d never click on that” Email provides direct access to the most vulnerable part of the of the network: Users it.troy.edu/security
“Are you sure?” 92.4% of all malware is delivered via email Fake invoices are the #1 disguise for distributing malware BEC scams cost businesses $676 million in 2017 it.troy.edu/security
“Are you sure?” Common file type attachments for delivery of malware it.troy.edu/security
“Are you sure?” Common phishing lures vs successful click rates it.troy.edu/security
“Are you sure?” Common phishing lures vs successful click rates it.troy.edu/security
What’s Hot? • Social Engineering – Phishing, Spear-Phishing • Wifi Hijacking and Impersonation • Cloud attacks • Ransomware • Poor patching practices • Close loop on poor HR processes – know who’s in, and who shouldn’t • Regulatory – FERPA, PCI, GLBA, HIPAA, EUGDPR, NIST 800 it.troy.edu/security
How? • Patch Management – Secunia, SCCM, WSUS • Whitelisting, Remove local admin • Better A/V – Cylance, next gen enduser protection • Mandatory Encryption • Security Response Team • External Audits • Close the HR loop • NAC with onboarding • Multi-factor authentication • Lateral Movement – exfiltration – watch the logs - CnC • Recursive DNS – create blackhole routing paths • Mandatory password expiration – Does it work? • Network Segmentation, no, Segregation – VPN internally • Mandatory Security Training – Secure the Human – SANS • Phishing – phish yourselves, Phish.Me, Metasploit it.troy.edu/security
Ransomware 1. Are you training users on the dangers of phishing? 2. Do you back up your business data regularly? 3. Do you have anti-phishing email security? 4. Have you deployed endpoint security with specific ransomware protection?5. Are your mobile devices secure?6. Do you have a patch management policy? it.troy.edu/security
Time to panic it.troy.edu/security
Time to panic it.troy.edu/security
Quick tips it.troy.edu/security
I’m just curious… it.troy.edu/security
W. Greg Price, PhD wgprice@troy.edu