Security: Emerging

Threats & Trends

Danielle Alvarez, CISO

Threat Reality

• Approximately 5 malware events are generated every second

• 60% of attacks compromise organizations within minutes

• 75% of compromises spread externally within 24 hours

• Over 40% of compromises spread externally in less than 1 hour

• Detection is most costly internal activity, followed by recovery

• Detection & Recovery - 53% combined!

Threat Landscape• The costs of cyber crime is rising ($11.5m in 2013, $12.7m in

2014), most costly:• Malicious insiders• Denial of service• Web-based attacks

• Perimeter defense budget allocation historically highest• Now adjusting to threat landscape

• Complex systems are harder to protect• Security intelligence growing

• People • Process • Technology

Top Threat Risks• Health & Safety

• Medical Records• Services Rendered• Breach

• Financial - FRAUD• ACH Transfers• Resource Consumption• Recovery Efforts

• Service Delivery• Health & Human Services• Criminal Justice• Government• Private• Critical Infrastructure

Fina nc ia l I nsura nce Uti liti es Educa ti on

350 575 772

2332

Malware / Week (AVG)

Emerging Threat Concerns• Data Fidelity

• Going Dark

• IoT

• Malvertising

• Security Professional Shortage

Emerging Trends• A strong security posture & governance practices

moderate cyber crime costs• Build it in, don’t bolt it on (SDLC)• Self-Securing Software

• Software App Firewalls• Purpose built code• Code obfuscation (<10% in use)• Be Intelligent• Use intelligence

• Silver thread visibility• Risk-based approach to mitigation• Adaptive & Context-Aware IA&M• People-centric Security• Redefine Endpoint

Questions?

Danielle Alvarez, CISA, MCP, MSA850-412-6050Danielle.Alvarez@ast.myflorida.comAST.MyFlorida.com/CISO.asp@AST_CISO