Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Presentation TitleSubtitle if applicable
Presenter Name, Presenter TitlePresenter Name, Presenter TitlePresenter Name, Presenter Title
Session Number 000
SMB Security & CyberthreatsAre you at risk?
Michael SimmonsPrinciple/Managing Director ROI-IT, LLC
https://threatmap.checkpoint.com/ThreatPortal/livemap.html
https://www.sophos.com/en-us/threat-center/threat-monitoring/threatdashboard.aspx
https://youtu.be/J9ToNuwmyF0
Ransomware Anatomy of an Attackhttps://www.youtube.com/watch?v=OuWpLnnN8mM
https://threatmap.checkpoint.com/ThreatPortal/livemap.htmlhttps://www.sophos.com/en-us/threat-center/threat-monitoring/threatdashboard.aspxhttps://youtu.be/J9ToNuwmyF0https://www.youtube.com/watch?v=OuWpLnnN8mM
SMB is an organization
with 500 users or less
81% 86%
do not have a dedicated IT
person
do not have a dedicated security person
©2017 Check Point Software Technologies Ltd.
source: National Small Business Association, 2016
$32,000Average hacking cost on a small business
SMBs Face the Same Threats as Large Enterprises
YouTube
Consumes x4 Bandwidth than any other app
Phishing
most common attack vector
Kelihos & Zeus
Most common prevented malware
IT Security Trends and Challenges
MegatrendsCloud, Mobile and IaaS driving CASB, EMM, and data protection
Paradox of EncryptionPervasive SSL inhibits network decryption, requiring collaboration with endpoints for content visibility
Public/Private Sector Encryption TensionsApple/FBI, GDPR mandates, #nobackdoors
Ransomware and CryptowareA $325M “business”, demands NGEP solutions
IoT Expands Attack SurfacesDevices need protections at the network level
Common-Mode FailuresThe internet is built on common components, vulnerabilities must be mitigated before patching can occur
Lack of Defender CoordinationAnalytics showing promise as it matures from novelty to utility
Cybersecurity Skills GapEnterprises increasingly cite a shortage of security professionals, driving the need for simplicity
C-level Spear Phishing (“Whaling”)Increasing attack professionalism requires better training and detection tools
Risk-Based Approach to SecurityEnterprises are learning to quantify risk, and are beginning to match controls to attack surface
Expanding Attack Surface
Increasing Number of Potential Areas of Attack
Increasing Number of Mobile Devices… …and Size of Internet of Things Solutions Market…($bn)
…With a Number of Operating Systems… …Driving Rapid Growth in Internet (IP) Usage
(‘000 exabytes per month)
Source: GartnerSource: IDC, Worldwide and Regional Internet of Things 2014–2020 Forecast Update by Technology Split, #252330, Nov 2014
Source: Cisco
Phones and Ultramobiles($bn)
13-18 CAGR: 4.7%
13-20 CAGR: 13%
13-18 CAGR: 20.8%
Chart1
2013
2020
Series 1
1300
3040
Sheet1
Series 1
20131,300
20203,040
133.8%
Chart1
2013
2014
2015
2016
2017
2018
Phones and ultramobiles (bn)
4.9911950056
5.3005200948
5.5659850591
5.8285103309
6.0755066655
6.2906916728
Sheet1
Column1Phones and ultramobiles (bn)
20135.0
20145.3
20155.6
20165.8
20176.1
20186.3
4.7%20124.6
20135.0
20145.3
To resize chart data range, drag lower right corner of range.20155.6
20165.8
20176.1
20186.3
20196.5
Chart1
2013
2014
2015
2016
2017
2018
Series 1
51.168
62.476
75.739
91.26
109.705
131.553
Sheet1
Series 1
201351.2
201462.5
201575.7
201691.3
2017109.7
2018131.6
20.8%20.8%
Vanished PerimeterIncreasing Number of Employees Participating in BYOD Programs
Increasing Mobile Population
% of employees using a BYOD smartphone
(Exabytes)
Deployment of new carrier-grade public Wi-Fi hotspots by MNOs and MSOs (m)
Source: Maravedis Rethink
Source: IDC, Worldwide Enterprise Storage for Public and Private Cloud 2013–2017 Forecast, #244924, December 2013
Source: Gartner
Mobile workforce (m)
51.6%
Mobile workforce (as % of total workforce)
67.8%
Source: IDC, Western Europe Mobile Workforce Forecast Update, 2013-2018, April 2014
Increasing Worldwide Cloud Deployments Capacity
Increasing Number of Wi-Fi Hotspots
13-17 CAGR: 10.2%
13-17 CAGR: 44.1%
Chart1
2014
2017
2020
Series 1
0.31
0.46
0.61
Sheet1
Series 1
201431%
201746%
202061%
Chart1
2013
2017
Series 1
32.7
140.9
Sheet1
Series 1
201332.7
2017140.9
44.1%
Chart1
2013
2014
2015
2016
2017
Phones and ultramobiles (bn)
6.5
7.1
7.9
8.3
9.6
Sheet1
Column1Phones and ultramobiles (bn)
20136.5
20147.1
20157.9
20168.3
20179.6
10.2%20124.6
20135.0
10.2%20145.3
To resize chart data range, drag lower right corner of range.20155.6
20165.8
20176.1
20186.3
20196.5
Chart1
2013
2017
Series 1
90.5
126
Sheet1
Series 1
201390.5
2017126.0
201315.5175.48.8%
201417.0175.99.7%
201518.9178.710.6%
201621.4181.911.8%
201724.6185.813.2%
201828.7190.115.1%
Increasing Attacker SophisticationZero-day Vulnerabilities
Adobe Reader5-30
Source: Forbes
Price of Zero-day attacks in various applications or operating systems($ ‘000) Mac OSX
20-50Android
30-60
Flash/Java40-100
MSFT Word50-100
Windows60-120
Firefox / Safari60-150
Chrome / IE80-200
IOS100-250
Increasing Volume of Zero-day Vulnerabilities
Zero-day vulnerabilities discovered per year
Source: Symantec
Chart1
2011
2012
2013
2014
Series 1
8
14
23
24
Sheet1
Series 1
20118
201214
201323
201424
Sony Pictures • Hackers gained access to *all* company data, from unreleased movies to sensitive emails.
…Impact SMB EquallyHigh-Profile Enterprise Breaches…
Target • 110 million records stolen.
Adobe • 150,000,000 passwords stolen.
Home Depot • 56 million credit cards and 53 million email addresses stolen.
UPS Store • Malware on PoS systems in 24 U.S. states left customers at risk of identity theft and credit card fraud. LaCie • Online store infiltrated, exposing
customer credit card numbers and contact information.
Swansea Police Dept. • CryptoLockerpolice to pay cybercriminals to decrypt department files.
Racing Post • SQL injection attack led to leaking 677,335 user accounts for this sports betting website.
Signature Systems • Criminals installed malware and then stole the card data of the restaurants’ customers.
Park N Fly • Website compromise exposed customer card number, name, billing address, card expiration, CVV code.
At least 51% of data breaches
affect organizations with
fewer than
10,000 employees
Unknown
More than100,000
10,001-100,000
1-100
101-1,000
22%31%
7%
20% 11%9%
Data Breaches by Company Size (#employees)
Source: Verizon data breach investigations report, 2013
SMB Faces Same Threats as Large Enterprise
http://en.wikipedia.org/wiki/File:Sony_Pictures_logo.svgChart1
1-100
101-1,000
1,001-10,000
10,001-100,000
More than 100,000
Unknown
Data Breaches by Company Size (# employees)
31
9
11
20
7
22
Sheet1
Data Breaches by Company Size (# employees)
1-10031
101-1,0009
1,001-10,00011
10,001-100,00020
More than 100,0007
Unknown22
To update the chart, enter data into this table. The data is automatically saved in the chart.
SMB IT Challenges
Maintaining security and compliance
Lack of people/resources to do everything needed
Finding budget to refresh hardware/end point devices
Application/OS patching and updates
Supporting a wide range of devices
Managing users across remote locations
% of respondents who answered 1 or 2
What are the biggest IT challenges your organization faces in managing end users?
Ranked in order with 1 being the biggest challenge
Source: Spiceworks Community Survey
Chart1
Category 1
Category 2
Category 3
Category 4
0.44
0.48
Series 1
0.2
0.23
0.32
0.37
Sheet1
Series 1Series 2Series 3
Category 10.22.42
Category 20.234.42
Category 30.321.83
Category 40.372.85
0.44
0.48
To resize chart data range, drag lower right corner of range.
The IT Practitioner Has Much to Juggle
Corporate Owned and
BYOD
Protect My Data
Go Wireless
Users Are Everywhere
What About Securing My
Servers?
Can’t Control
Users via Brute Force
Downtime Unacceptable
“Console Proliferation”
& “Agent Pollution”
Transition to the Cloud
Regulations & Compliance
Help Desk Queries
Complicated by Security Challenges
Corporate Owned and
BYOD
Protect My Data
Go Wireless
Users Are Everywhere
What About Securing
My Servers?
Can’t Control Users via
Brute Force
Downtime Unacceptable
“Console Proliferation”
& “Agent Pollution”
Transition to the CloudRegulations &
Compliance
Help Desk Queries
New Attack Surfaces (Android,
iOS)
250,000 New
Threats Will Appear Today
Polymorphic Threats Affect
Everyone
Macs Are No Longer
Immune
Not Just A “Big
Company” Problem
IT Systems Are The
Lifeblood for Any Size Org
Increasing Attacks, Increasing sophistication
Attack surface exponentially larger
Laptops/DesktopsPhones/Tablets
Virtual servers/desktopsCloud servers/storage
Attacks are more sophisticated than
defensesSyndicated crime tools
Zero day exploitsMemory resident
Polymorphic/metamorphicNetwork and endpoint
integrated
Evolving ThreatsSolve the Web Security Needs of Your Mobile Workforce
Customer dataIntellectual
propertyBank account info
Social media credentials
Website controlSystem availability
Result: Compromises are growing
Source: PWC, The Global State of Information Security Survey
Up 48%
in 2017
42.8 millionsecurity incidents detected by businesses worldwide in 2014
http://www.pwc.com/gx/en/consulting-services/information-security-survey/index.jhtml
The Age of Personalized Malware
75%
75% of the malicious files we
detect are found only
within a single
organization.
Source: SophosLabs
400,000
SophosLabs receives and analyzes 300,000
previously unseen files each day.
Cybercrime Co$t
Federal Government:• 2017 Budget: $89.9 BillionSMB:• Incur nearly four times the per capita cybercrime costs of larger firms• 60% go out of business within six months of an attack, yet 77% of SMB
principals believe their companies are safe from cybersecurity breaches• 50% of all cyberattacks worldwide in 2016 were against companies with less
than 250 employees• The global cost of cybercrime will reach $2 trillion by 2019, a threefold
increase from the 2015 estimate of $500 billion.
Source: CIO.com, SecurityIntelligence.com
https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion
© 2017 Unitrends 1
Change is Now
Change is Accelerating
33XHow much faster data
is growing than IT admins
60%The percentage of businesses
that have been attacked by ransomware
$700BHow much IT downtime costsNorth American businesses
SMB Cyber Combat• Sandboxing
– enterprise security tools for SMB
• Firewalls– monitor and control inbound/outbound network traffic
• Endpoint Protection– endpoint security ensures that devices follow a level
of compliance before accessing network
• Backup/DR– focuses on technology systems supporting critical business functions,
which involves keeping all essential aspects of a business functioning despite significant disruptive events.
• Zero-Day Threats Turn into Zero Threats
– Sandboxing tests suspicious code or URLs in a separate, secure environment to ensure they are safe
– A combination of advanced detection, automated mitigation and actionable insight
– Exploits are caught before malware has an opportunity to deploy, evade detection and harm host machine, operating system or network resources
SandboxingToday’s threats are increasingly sophisticated and often bypass traditional
malware security by masking their maliciousness
• Features
– Identity awareness– Integrated security management– Intrusion prevention– Application control– Synchronized security links your endpoints for advanced
protection– Unified policies– Control center and on-box reporting provide unprecedented
visibility
TODAY’S FIREWALLIDENTIFIES AND CONTROLS APPLICATIONS BY USER AND SCANS CONTENT TO STOP THREATS
• Features
– Software policies
– Centrally managed/monitored
– On premise or the cloud
– Removable media
– Advanced threat prevention
– Remote remediation
– Forensics
ENDPOINT PROTECTIONMETHODOLOGY OF PROTECTING THE CORPORATE NETWORK WHEN ACCESSED VIA DEVICES
Is Data Protection or Backup/DRReally Important???
Backing Up Your Data Is Important, Your Recovery Is MORE…
Many organizations recognize the need for a disaster recovery (DR) plan; however the majority don’thave one in place. Those that have a DR plan often don’t test it.
• 80% of U.S. companies lack a DR plan
• 50% of small and midsized businesses (SMBs) worldwide have no DR plan• 72% of SMBs worldwide that have a DR plan have never tested it
• 25% of reported DR tests fail
So why aren’t DR plans being tested or being tested more often?• 40% of SMBs fear that DR testing will impact their business operations and their
customers• 27% of SMBs fear disruption to their sales and revenue• 48% of SMBs claim that they lack the resources to test their DR plans on a regular basis
Key Questions For Your EnvironmentRecovery point objectives
• How much lost data can you afford?• Data size/change rate (i.e., what is feasible?)
Recovery time objectives• How long can you afford to be down?• When was your last outage? what was the time it took to get back up?• How much did that outage cost you?
SLA’s Determine Which Cloud Provider• Depending on the recovery time, 4 different ways to choose:
• 3rd Party Cloud - Amazon, Microsoft Azure, Google
• Replication - Data Center or Another Location• DRaaS – Hosted Infrastructure – Guaranteed SLA’s• Manufacturers Cloud – DR Companies to where you can send your data• Hybrid – On-premise and Cloud
• On May 13, 2015, Nevada Governor Brian Sandoval (R-NV) signed into law A.B. 179 (the “Bill”), which expands the definition of “personal information” in the state’s data security law. The law took effect on July 1, 2015. Under the bill, personal information now includes:
– a “user name, unique identifier or electronic mail address in combination with a password, access code, or security question and answer that would permit access to an online account;”
– a medical identification or health insurance identification number; and
– user names, unique identifiers, or email addresses in combination with passwords, access codes, or security questions and answers permitting access to an online account.
– a driver authorization card number.
– in addition, although Nevada’s data security law previously excluded “publicly available information. . . lawfully made available to the general public” from the definition of personal information, the Bill narrows the scope of that exclusion, limiting it to information available “from federal, state or local governmental records.”
Nevada Cyber Security Law
https://www.huntonprivacyblog.com/wp-content/uploads/sites/18/2015/06/AB179_EN.pdf
THANK YOU FOR YOUR TIME
Michael [email protected]
702.425.8414 x 1402
mailto:[email protected]://www.roi-it.net/
Slide Number 1Slide Number 2https://threatmap.checkpoint.com/ThreatPortal/livemap.html��https://www.sophos.com/en-us/threat-center/threat-monitoring/threatdashboard.aspx��https://youtu.be/J9ToNuwmyF0��Ransomware Anatomy of an Attack�https://www.youtube.com/watch?v=OuWpLnnN8mMSlide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Expanding Attack SurfaceVanished PerimeterIncreasing Attacker SophisticationSMB Faces Same Threats as Large Enterprise SMB IT ChallengesThe IT Practitioner Has Much to JuggleComplicated by Security ChallengesIncreasing Attacks, �Increasing sophisticationEvolving ThreatsResult: Compromises are growingThe Age of Personalized MalwareCybercrime Co$tSlide Number 22SMB Cyber CombatSandboxing�Today’s threats are increasingly sophisticated and often bypass traditional malware security by masking their maliciousness�Slide Number 25 Slide Number 27Slide Number 28Slide Number 29 Slide Number 31