Security for Today’s Threat Landscape Kat Pelak 1 Mega Breaches • Healthcare, education and the public sectors accounted for 58% of all data breaches • But the retail, computer software and financial sectors accounted for 77% of all the identities exposed in 2013. 3 Top Causes of Data Breaches Sept. 2013 to Aug 2014 Source: Symantec Number of Incidents 53% 21% 20% Hackers Accidentally Made Public Theft or Loss Insider Theft 6% 137 55 51 16 TOTAL 259 4 Data Loss Increase 552M 93M 2012 2013 ? ? 2014 552M Total identities exposed in 2013, A 493% Increase. 5 Breaches Data by the Numbers Ransomware 500% in the last 6 months. Dragonfly: Western Energy Companies Under Sabotage Threat • Ongoing cyberespionage campaign • Targeting the energy sector in Europe and US. Other sectors not immune • Stealing information • Capable of sabotage • Attacker capabilities – persistent access to networks – Information stealing – Sabotage Why is Security so LAX? • A Russian crime organization has reportedly stolen over 1.2 billion Internet credentials. • Over 4,000 websites appear to have been compromised 10 Email-borne threats are common 1 in 392 1 in 196 Emails are a phishing attack Emails are a malware attack 25% 66% Contain a hyperlink to malicious code of all email is spam 11 Mobile Users at Risk % 38 Of smartphone users have experienced mobile cybercrime in past 12 months % 50 Don’t use basic precautions such as passwords, security software or back up files for their mobile device Source: 2013 Norton Report Mobile Security IQ DELETE SUSPICIOUS EMAILS FROM PEOPLE THEY DON’T KNOW HAVE AT LEAST A BASIC FREE ANTIVIRUS SOLUTION AVOID STORING SENSITIVE FILES ONLINE 90% 72% 78% 56% 33% 48% Source: 2013 Norton Report Social Media ISTR Sept 2013 – Aug 2014 60% 52% 50% 40% 37% 30% 20% 9% 10% 2% 1% Fake Apps Comment Jacking 0% Fake Offering Manual Sharing Likejacking Mobile Threats Mobile Threats: Malicious Code by Platform, 2013 Source: Symantec Platform Android Number of Threats 57 Percent of Threats 94% Symbian 1 2% Windows 1 2% iOS 1 2% Android remains the platform of choice for malware authors Targeted Attacks Protection Against Targeted Attacks Reputational & Behavioral Protection (SEP) • Detect and block new and unknown threats based on global reputation and behavior of files Host-based Intrusion Detection and Prevention (DCS) • Locks down key systems that contain confidential information • Prevents any unauthorized code to run — independent of AV signatures Removable Media Device Control (SEP) • Restrict removable devices and functions to prevent malware infection Email & Web Gateway Security • Scan & block email with potentially malicious URLs, attachments or content. • Monitor inbound/outbound web traffic and block accordingly Encryption • Discover data spills of confidential information that are targeted by attackers • Detect and prevent exfiltration of confidential information that are targeted by attackers Endpoint & Network Data Correlation (MSS-ATP) • Create and enforce security policies so all confidential information is encrypted Network Threat and Vulnerability Monitoring (MSS) • Prioritize threat information detected at the network through security intelligence and information coming from endpoint security devices. Zero-day Vulnerabilities Avoiding Data Breaches Data Classification (Insight) • Determine what sensitive information exists in your organization • Categorize it appropriately and protect it according to its classification level Data Loss Prevention (DLP) • Detect and prevent exfiltration of sensitive information that is targeted by attackers • Enforce rules prohibiting access of confidential data using applications Host-based Intrusion Detection and Prevention (DCS) • Locks down key systems that contain confidential information • Prevents any unauthorized code to run — independent of AV signatures Email & Web Gateway Security • Scan & block email with potentially malicious URLs, attachments or content. • Monitor inbound/outbound web traffic and block accordingly Encryption • Create and enforce security policy so all confidential information is encrypted Strong Authentication (VIP) • Use two-factor authentication to protect against credential theft 19 Mitigating Mobile Attacks Application Management Symantec App Center • Secure data in corporate applications regardless of device ownership Device Management Symantec Mobile Management • Remotely wipe devices in case of theft or loss, control password policies • Update devices with applications as needed without physical access Device Security Symantec App Center • Guard mobile device against malware • Prevent the device from becoming a vulnerability Identity & Access Control Symantec VIP • Provide strong authentication and authorization for access to enterprise applications and resources • Ensure safe access to enterprise resources from right devices with right postures 20 Defense-in-Depth Security Information Management Secure Mail Gateway Client and Asset Management Encryption Endpoint Protection 3 things you should do when you leave this room.. 1 Review your current security stack 2 Consider your options to fill the gaps 3 If you need help, contact Symantec Presentation Identifier Goes Here 22 Stay Informed Download: Follow: symantec.com/threatreport @threatintel 23 Thank you! Kat Pelak [email protected] @KatherynePelak Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.