35

Jason Samide - State of Security & 2016 Predictions

Embed Size (px)

Citation preview

Motivation Behind Cyber Attacks

Distribution of Targets

Attack Techniques

Cause of Data Loss

1. We don’t have the budget to include cyber

security.

2. We are small and don’t have enough people.

3. We don’t know where to start.

4. Why would anyone want to hack me?

5. Cyber security is not at the top of our list.

6. We don’t have time for training.

7. We’ve never been hacked, so….

8. Our IT guy told us “we’re good.”

9. We are looking at doing something maybe next

year.

10.We renewed our antivirus software.

The Dark Web

It’s not a matter of “if” but “when” your company will be attacked.

Loss of intellectual property and trade secrets is ranked the biggest consequence.

Financial institutions can lose millions of dollars very easily.

Current solutions aren’t tailored; small to medium enterprises are being left behind.

The cyber security market is reactive, focusing too much on defense and a reactionary

response.

Many security companies are recycling the same data to the market, creating an

obsolete picture of the cyber threat.

Due to the reactive nature of current tools, hackers and online scammers are likely to be

one step ahead – testing out a new method while the cyber security industry is still

perfecting a solution for the last.

Hacking is easy, the criminals are organized, and preparation is low. People don’t

understand until it’s too late.

The industry is behind the curve in proactive analysis and zero day threats.

There is too much re-activity and not enough pro-activity in thwarting today’s cyber

attacks.

A new, deeper and reliable capability was needed to surface trends. So we built it.

“ZDL” is where research, intelligence, and cyber security backgrounds synthesize into a

never before seen tool.

A unique and powerful platform that delivers high value and real time insights on critical

cyber threats.

ZDL presents the critical threat intelligence, breaking news, zero day vulnerabilities and

crucial information you need, all in a platform that is engaging, easy to use, and secure.

Threat Intelligence is ahead of the game comparatively to the FBI in

integrating behavioral science into the cyber threat landscape.”

"Predicting cyber attacks before they happen through Zero Day Live will

be a game changer in cyber security. ”

The industry needed some serious, new radical thinking in defeating the

hackers and their attacks. Other companies are losing the war and their

strategies are clearly not working.

Zero Day Live would help prevent cyber

T

T

T

http://tinyurl.com/gkqxr4g

Louis Pasteur thought that disease was spread by germs. He made the discovery after three of his five

children died from infectious diseases. His theory was stated in the 1850’s he was met with violent resistance

from the medical community. Today, in large part due to his work, we know that certain bacteria are

responsible for sickness, and minimizing germs is a key to promoting healthy immune function.

Ignaz Semmelweis could not explain why hand-washing was effective – he didn’t know about germs – he just

saw that it worked and that patients no longer caught fevers and other diseases. He was lured in to an

Asylum where he died and hospitals went back to ‘doing it the way we always done it’ and mortality increased

6 times and nobody cared.

The seven men sitting before Capitol Hill’s most powerful lawmakers weren’t graduate students or junior

analysts from some think tank. No, Space Rogue, Kingpin, Mudge and the others were hackers who had

come from the underground of cyberspace to deliver a terrifying warning to the world. Your computers, they

told the panel of senators in May 1998, are not safe — not the software, not the hardware, not the networks

that link them together. The companies that build these things don’t care, the hackers continued, and they

have no reason to care because failure costs them nothing. And the federal government has neither the skill

nor the will to do anything about it.

The 414s were a group of friends and computer hackers who broke into dozens of high-profile computer

systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security

Pacific Bank, in the early 1980s. They used inexpensive personal computers and simple hacking techniques,

such as using common or default passwords and exploiting well-known, but unpatched, security holes.

1. Increase in Doxing

2. RATs (Remote Access Trojans) and Exploit Kits

3. Ghostware

4. Increase in iOS hacks

5. Onion attacks

6. Mobile bot networks

7. Encryption wars (Apple v FBI)

8. War on Anonymity on the Internet (Privacy wars)

9. The Dark Net will be the new battle frontier

Countries to watch:

1. Russia

2. China

3. Iran

4. India

5. Pakistan

6. North Korea

7. Ukraine

8. Brazil

9. Argentina

10. Kenya

Encryption War or Privacy War?

VS

The Internet of Things will increasingly be exploited by hackers. With

more and more products including cars, refrigerators, coffee makers,

televisions, smartwatches, webcams, copy machines, toys and even

medical devices being connected to the Internet, the Internet of Things

will become a prime target for hackers to exploit in many ways.

http://www.usatoday.com/story/money/columnist/2015/12/27/weisman-cybersecurity-

predictions/77832588/?utm_content=buffer7e84b&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

For Example: Self Driving Cars

Ultimately won’t work

Driving is one of the most cognitive activity you can do.

What will happen if everyone stops using their brain?

For Example: Self Driving Cars

Ultimately won’t work

Cities and Municipalities rely on Speeding tickets.

Self driving cars will not go over the speed limit, what will

cities do to offset this issue?

WILDCARD: Another disruptive whistle blower (of Snowden proportions)

in the US Government

<hugs>

More OVERT show of force on cyber

Capabilities from countries

end</hugs>

<awkward hugs>

Companies will start to realize that their most valuable

and vulnerable areas that need protecting is the internal

networks with the attacker not using domain admin but regular

users access</ awkward hugs>

1. You can be Proactive!

2. Look for a new job!

3. Become a Case Study!