Presentation TitleSubtitle if applicable

Presenter Name, Presenter TitlePresenter Name, Presenter TitlePresenter Name, Presenter Title

Session Number 000

SMB Security & CyberthreatsAre you at risk?

Michael SimmonsPrinciple/Managing Director ROI-IT, LLC

https://threatmap.checkpoint.com/ThreatPortal/livemap.html

https://www.sophos.com/en-us/threat-center/threat-monitoring/threatdashboard.aspx

https://youtu.be/J9ToNuwmyF0

Ransomware Anatomy of an Attackhttps://www.youtube.com/watch?v=OuWpLnnN8mM

https://threatmap.checkpoint.com/ThreatPortal/livemap.htmlhttps://www.sophos.com/en-us/threat-center/threat-monitoring/threatdashboard.aspxhttps://youtu.be/J9ToNuwmyF0https://www.youtube.com/watch?v=OuWpLnnN8mM

SMB is an organization

with 500 users or less

81% 86%

do not have a dedicated IT

person

do not have a dedicated security person

©2017 Check Point Software Technologies Ltd.

source: National Small Business Association, 2016

$32,000Average hacking cost on a small business

SMBs Face the Same Threats as Large Enterprises

YouTube

Consumes x4 Bandwidth than any other app

Phishing

most common attack vector

Kelihos & Zeus

Most common prevented malware

IT Security Trends and Challenges

MegatrendsCloud, Mobile and IaaS driving CASB, EMM, and data protection

Paradox of EncryptionPervasive SSL inhibits network decryption, requiring collaboration with endpoints for content visibility

Public/Private Sector Encryption TensionsApple/FBI, GDPR mandates, #nobackdoors

Ransomware and CryptowareA $325M “business”, demands NGEP solutions

IoT Expands Attack SurfacesDevices need protections at the network level

Common-Mode FailuresThe internet is built on common components, vulnerabilities must be mitigated before patching can occur

Lack of Defender CoordinationAnalytics showing promise as it matures from novelty to utility

Cybersecurity Skills GapEnterprises increasingly cite a shortage of security professionals, driving the need for simplicity

C-level Spear Phishing (“Whaling”)Increasing attack professionalism requires better training and detection tools

Risk-Based Approach to SecurityEnterprises are learning to quantify risk, and are beginning to match controls to attack surface

Expanding Attack Surface

Increasing Number of Potential Areas of Attack

Increasing Number of Mobile Devices… …and Size of Internet of Things Solutions Market…($bn)

…With a Number of Operating Systems… …Driving Rapid Growth in Internet (IP) Usage

(‘000 exabytes per month)

Source: GartnerSource: IDC, Worldwide and Regional Internet of Things 2014–2020 Forecast Update by Technology Split, #252330, Nov 2014

Source: Cisco

Phones and Ultramobiles($bn)

13-18 CAGR: 4.7%

13-20 CAGR: 13%

13-18 CAGR: 20.8%

Chart1

2013

2020

Series 1

1300

3040

Sheet1

Series 1

20131,300

20203,040

133.8%

Chart1

2013

2014

2015

2016

2017

2018

Phones and ultramobiles (bn)

4.9911950056

5.3005200948

5.5659850591

5.8285103309

6.0755066655

6.2906916728

Sheet1

Column1Phones and ultramobiles (bn)

20135.0

20145.3

20155.6

20165.8

20176.1

20186.3

4.7%20124.6

20135.0

20145.3

To resize chart data range, drag lower right corner of range.20155.6

20165.8

20176.1

20186.3

20196.5

Chart1

2013

2014

2015

2016

2017

2018

Series 1

51.168

62.476

75.739

91.26

109.705

131.553

Sheet1

Series 1

201351.2

201462.5

201575.7

201691.3

2017109.7

2018131.6

20.8%20.8%

Vanished PerimeterIncreasing Number of Employees Participating in BYOD Programs

Increasing Mobile Population

% of employees using a BYOD smartphone

(Exabytes)

Deployment of new carrier-grade public Wi-Fi hotspots by MNOs and MSOs (m)

Source: Maravedis Rethink

Source: IDC, Worldwide Enterprise Storage for Public and Private Cloud 2013–2017 Forecast, #244924, December 2013

Source: Gartner

Mobile workforce (m)

51.6%

Mobile workforce (as % of total workforce)

67.8%

Source: IDC, Western Europe Mobile Workforce Forecast Update, 2013-2018, April 2014

Increasing Worldwide Cloud Deployments Capacity

Increasing Number of Wi-Fi Hotspots

13-17 CAGR: 10.2%

13-17 CAGR: 44.1%

Chart1

2014

2017

2020

Series 1

0.31

0.46

0.61

Sheet1

Series 1

201431%

201746%

202061%

Chart1

2013

2017

Series 1

32.7

140.9

Sheet1

Series 1

201332.7

2017140.9

44.1%

Chart1

2013

2014

2015

2016

2017

Phones and ultramobiles (bn)

6.5

7.1

7.9

8.3

9.6

Sheet1

Column1Phones and ultramobiles (bn)

20136.5

20147.1

20157.9

20168.3

20179.6

10.2%20124.6

20135.0

10.2%20145.3

To resize chart data range, drag lower right corner of range.20155.6

20165.8

20176.1

20186.3

20196.5

Chart1

2013

2017

Series 1

90.5

126

Sheet1

Series 1

201390.5

2017126.0

201315.5175.48.8%

201417.0175.99.7%

201518.9178.710.6%

201621.4181.911.8%

201724.6185.813.2%

201828.7190.115.1%

Increasing Attacker SophisticationZero-day Vulnerabilities

Adobe Reader5-30

Source: Forbes

Price of Zero-day attacks in various applications or operating systems($ ‘000) Mac OSX

20-50Android

30-60

Flash/Java40-100

MSFT Word50-100

Windows60-120

Firefox / Safari60-150

Chrome / IE80-200

IOS100-250

Increasing Volume of Zero-day Vulnerabilities

Zero-day vulnerabilities discovered per year

Source: Symantec

Chart1

2011

2012

2013

2014

Series 1

8

14

23

24

Sheet1

Series 1

20118

201214

201323

201424

Sony Pictures • Hackers gained access to *all* company data, from unreleased movies to sensitive emails.

…Impact SMB EquallyHigh-Profile Enterprise Breaches…

Target • 110 million records stolen.

Adobe • 150,000,000 passwords stolen.

Home Depot • 56 million credit cards and 53 million email addresses stolen.

UPS Store • Malware on PoS systems in 24 U.S. states left customers at risk of identity theft and credit card fraud. LaCie • Online store infiltrated, exposing

customer credit card numbers and contact information.

Swansea Police Dept. • CryptoLockerpolice to pay cybercriminals to decrypt department files.

Racing Post • SQL injection attack led to leaking 677,335 user accounts for this sports betting website.

Signature Systems • Criminals installed malware and then stole the card data of the restaurants’ customers.

Park N Fly • Website compromise exposed customer card number, name, billing address, card expiration, CVV code.

At least 51% of data breaches

affect organizations with

fewer than

10,000 employees

Unknown

More than100,000

10,001-100,000

1-100

101-1,000

22%31%

7%

20% 11%9%

Data Breaches by Company Size (#employees)

Source: Verizon data breach investigations report, 2013

SMB Faces Same Threats as Large Enterprise

http://en.wikipedia.org/wiki/File:Sony_Pictures_logo.svgChart1

1-100

101-1,000

1,001-10,000

10,001-100,000

More than 100,000

Unknown

Data Breaches by Company Size (# employees)

31

9

11

20

7

22

Sheet1

Data Breaches by Company Size (# employees)

1-10031

101-1,0009

1,001-10,00011

10,001-100,00020

More than 100,0007

Unknown22

To update the chart, enter data into this table. The data is automatically saved in the chart.

SMB IT Challenges

Maintaining security and compliance

Lack of people/resources to do everything needed

Finding budget to refresh hardware/end point devices

Application/OS patching and updates

Supporting a wide range of devices

Managing users across remote locations

% of respondents who answered 1 or 2

What are the biggest IT challenges your organization faces in managing end users?

Ranked in order with 1 being the biggest challenge

Source: Spiceworks Community Survey

Chart1

Category 1

Category 2

Category 3

Category 4

0.44

0.48

Series 1

0.2

0.23

0.32

0.37

Sheet1

Series 1Series 2Series 3

Category 10.22.42

Category 20.234.42

Category 30.321.83

Category 40.372.85

0.44

0.48

To resize chart data range, drag lower right corner of range.

The IT Practitioner Has Much to Juggle

Corporate Owned and

BYOD

Protect My Data

Go Wireless

Users Are Everywhere

What About Securing My

Servers?

Can’t Control

Users via Brute Force

Downtime Unacceptable

“Console Proliferation”

& “Agent Pollution”

Transition to the Cloud

Regulations & Compliance

Help Desk Queries

Complicated by Security Challenges

Corporate Owned and

BYOD

Protect My Data

Go Wireless

Users Are Everywhere

What About Securing

My Servers?

Can’t Control Users via

Brute Force

Downtime Unacceptable

“Console Proliferation”

& “Agent Pollution”

Transition to the CloudRegulations &

Compliance

Help Desk Queries

New Attack Surfaces (Android,

iOS)

250,000 New

Threats Will Appear Today

Polymorphic Threats Affect

Everyone

Macs Are No Longer

Immune

Not Just A “Big

Company” Problem

IT Systems Are The

Lifeblood for Any Size Org

Increasing Attacks, Increasing sophistication

Attack surface exponentially larger

Laptops/DesktopsPhones/Tablets

Virtual servers/desktopsCloud servers/storage

Attacks are more sophisticated than

defensesSyndicated crime tools

Zero day exploitsMemory resident

Polymorphic/metamorphicNetwork and endpoint

integrated

Evolving ThreatsSolve the Web Security Needs of Your Mobile Workforce

Customer dataIntellectual

propertyBank account info

Social media credentials

Website controlSystem availability

Result: Compromises are growing

Source: PWC, The Global State of Information Security Survey

Up 48%

in 2017

42.8 millionsecurity incidents detected by businesses worldwide in 2014

http://www.pwc.com/gx/en/consulting-services/information-security-survey/index.jhtml

The Age of Personalized Malware

75%

75% of the malicious files we

detect are found only

within a single

organization.

Source: SophosLabs

400,000

SophosLabs receives and analyzes 300,000

previously unseen files each day.

Cybercrime Co$t

Federal Government:• 2017 Budget: $89.9 BillionSMB:• Incur nearly four times the per capita cybercrime costs of larger firms• 60% go out of business within six months of an attack, yet 77% of SMB

principals believe their companies are safe from cybersecurity breaches• 50% of all cyberattacks worldwide in 2016 were against companies with less

than 250 employees• The global cost of cybercrime will reach $2 trillion by 2019, a threefold

increase from the 2015 estimate of $500 billion.

Source: CIO.com, SecurityIntelligence.com

https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion

© 2017 Unitrends 1

Change is Now

Change is Accelerating

33XHow much faster data

is growing than IT admins

60%The percentage of businesses

that have been attacked by ransomware

$700BHow much IT downtime costsNorth American businesses

SMB Cyber Combat• Sandboxing

– enterprise security tools for SMB

• Firewalls– monitor and control inbound/outbound network traffic

• Endpoint Protection– endpoint security ensures that devices follow a level

of compliance before accessing network

• Backup/DR– focuses on technology systems supporting critical business functions,

which involves keeping all essential aspects of a business functioning despite significant disruptive events.

• Zero-Day Threats Turn into Zero Threats

– Sandboxing tests suspicious code or URLs in a separate, secure environment to ensure they are safe

– A combination of advanced detection, automated mitigation and actionable insight

– Exploits are caught before malware has an opportunity to deploy, evade detection and harm host machine, operating system or network resources

SandboxingToday’s threats are increasingly sophisticated and often bypass traditional

malware security by masking their maliciousness

• Features

– Identity awareness– Integrated security management– Intrusion prevention– Application control– Synchronized security links your endpoints for advanced

protection– Unified policies– Control center and on-box reporting provide unprecedented

visibility

TODAY’S FIREWALLIDENTIFIES AND CONTROLS APPLICATIONS BY USER AND SCANS CONTENT TO STOP THREATS

• Features

– Software policies

– Centrally managed/monitored

– On premise or the cloud

– Removable media

– Advanced threat prevention

– Remote remediation

– Forensics

ENDPOINT PROTECTIONMETHODOLOGY OF PROTECTING THE CORPORATE NETWORK WHEN ACCESSED VIA DEVICES

Is Data Protection or Backup/DRReally Important???

Backing Up Your Data Is Important, Your Recovery Is MORE…

Many organizations recognize the need for a disaster recovery (DR) plan; however the majority don’thave one in place. Those that have a DR plan often don’t test it.

• 80% of U.S. companies lack a DR plan

• 50% of small and midsized businesses (SMBs) worldwide have no DR plan• 72% of SMBs worldwide that have a DR plan have never tested it

• 25% of reported DR tests fail

So why aren’t DR plans being tested or being tested more often?• 40% of SMBs fear that DR testing will impact their business operations and their

customers• 27% of SMBs fear disruption to their sales and revenue• 48% of SMBs claim that they lack the resources to test their DR plans on a regular basis

Key Questions For Your EnvironmentRecovery point objectives

• How much lost data can you afford?• Data size/change rate (i.e., what is feasible?)

Recovery time objectives• How long can you afford to be down?• When was your last outage? what was the time it took to get back up?• How much did that outage cost you?

SLA’s Determine Which Cloud Provider• Depending on the recovery time, 4 different ways to choose:

• 3rd Party Cloud - Amazon, Microsoft Azure, Google

• Replication - Data Center or Another Location• DRaaS – Hosted Infrastructure – Guaranteed SLA’s• Manufacturers Cloud – DR Companies to where you can send your data• Hybrid – On-premise and Cloud

• On May 13, 2015, Nevada Governor Brian Sandoval (R-NV) signed into law A.B. 179 (the “Bill”), which expands the definition of “personal information” in the state’s data security law. The law took effect on July 1, 2015. Under the bill, personal information now includes:

– a “user name, unique identifier or electronic mail address in combination with a password, access code, or security question and answer that would permit access to an online account;”

– a medical identification or health insurance identification number; and

– user names, unique identifiers, or email addresses in combination with passwords, access codes, or security questions and answers permitting access to an online account.

– a driver authorization card number.

– in addition, although Nevada’s data security law previously excluded “publicly available information. . . lawfully made available to the general public” from the definition of personal information, the Bill narrows the scope of that exclusion, limiting it to information available “from federal, state or local governmental records.”

Nevada Cyber Security Law

https://www.huntonprivacyblog.com/wp-content/uploads/sites/18/2015/06/AB179_EN.pdf

THANK YOU FOR YOUR TIME

Michael Simmonsmas@roi-it.netwww.roi-it.net

702.425.8414 x 1402

mailto:mas@roi-it.nethttp://www.roi-it.net/

Slide Number 1Slide Number 2https://threatmap.checkpoint.com/ThreatPortal/livemap.html��https://www.sophos.com/en-us/threat-center/threat-monitoring/threatdashboard.aspx��https://youtu.be/J9ToNuwmyF0��Ransomware Anatomy of an Attack�https://www.youtube.com/watch?v=OuWpLnnN8mMSlide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Expanding Attack SurfaceVanished PerimeterIncreasing Attacker SophisticationSMB Faces Same Threats as Large Enterprise SMB IT ChallengesThe IT Practitioner Has Much to JuggleComplicated by Security ChallengesIncreasing Attacks, �Increasing sophisticationEvolving ThreatsResult: Compromises are growingThe Age of Personalized MalwareCybercrime Co$tSlide Number 22SMB Cyber CombatSandboxing�Today’s threats are increasingly sophisticated and often bypass traditional malware security by masking their maliciousness�Slide Number 25 Slide Number 27Slide Number 28Slide Number 29 Slide Number 31