Cyber Security Xperience Group & Sophos€¦ · Sophos Snapshot •Founded 1985 in Oxford, UK...
Transcript of Cyber Security Xperience Group & Sophos€¦ · Sophos Snapshot •Founded 1985 in Oxford, UK...
Cyber SecurityXperience Group & Sophos
https://player.vimeo.com/video/135044595?width=800&height=450&iframe=true&portrait=0
Cybercrime Prevention Seminar
Law Society - Belfast
Dermot Hayden
12th Oct 2018
Sophos Snapshot
• Founded 1985 in Oxford, UK
• $768.6 million in FY18 billings
• 3,300 employees
• 300,000+ customers at end of FY18
• Mid Market Focus
• 100+ million users
• 39,000+ channel partners at H1 FY18
• SophosLabs threat research facility
• 100% channel-based go to market model
• Endpoint & Network Security split 50/50
Sophos Headquarters, Abingdon, UK
Free ToolsSophos gives out free tools that check for security risk, remove viruses, and protect home networks
Sophos Home Free, including a free 30-day trial of Sophos Home Premium
Free 30-day trial ofHitmanPro and HitmanPro.Alert
Mobile Security for iOS
Mobile Security for Android
UTM Home Edition
XG Firewall Home Edition
Antivirus for Linux
275,000+ average monthly visitors!
The IT Security Challenge
IT Security ChallengeEXPANDING ATTACK SURFACE• Multiple platforms (Windows, OS X, Linux)• Mobile devices (iOS, Android, phones, tablets, wearables)• Internet of Things (IoT)
VANISHED PERIMETER• Cloud-based storage (Dropbox, Box,
OneDrive)• Social media (Facebook, Twitter, LinkedIn)• Remote offices• Roaming workers• Public cloud (AWS, Rackspace)• BYOD• Free Wifi
INCREASED ATTACK SOPHISTICATION
• Crimeware-as-a-service (Vawtrak, Lizard Squad)
• Cross-pollination (APTs <--> crimeware)
• Crypto ransomware (CryptoLocker, CryptoWall)
GROWING RISK AWARENESS
• High profile corporate hacks (Sony, Target, Home Depot)• High profile personal hacks (UK News International phone hacking scandal,
iCloud celebrity nude photos)• Government surveillance allegations (Snowden leaks)• Regional compliance regulations (e.g. PCI compliance, data privacy)
Layers of Complexity & Cost
SMBs Don’t Have Adequate Resources to Respond
Growing number and sophistication of security threats
Increasing cost and exposure of "getting it wrong"
Traditional, complex point solutions increase cost and erode usability and manageability
Fragmented and constantly changing vendor landscape is difficult to navigate and understand
Limited in-house IT security personnel and expertise
Pressure on resources, budgets and time
Enterprise security issues without enterprise class budgets
“While bigger businesses can often dedicate greater resources towards cybersecurity, small and medium-sized businesses and entrepreneurs face the same cybersecurity challenges and threats with limited resources, capacity, and personnel.” (1)
Large Enterprises Mid-Market Enterprises
500 - 999Employees
100 - 499 Employees
1,000 - 4,999 Employees
20,000+Employees
5,000 - 19,999 Employees
Average Number of People Dedicated to IT Security
An Enterprise Approach Is Not Realistic Key Security Challenges Faced by Mid-Market
Note:1. Source: U.S. Department of Homeland Security, 2014
Operation ‘Honeybadger’• Sophos ‘Black Ops’ Project to determine threat to Irish businesses with online presence
• Two websites – C1 (Best Practice) & C2 (Typical SMB) each with firewall, web server and file server.
• Immediate sustained attacks on both sites – US, Germany, China with website and RDP services the primary focus of sustained brute force attacks
• WAF and IPS on C1 responsible for reduction in bandwidth usage
• Reduced password complexity on C2 led to hacker gaining access after 3 hours 8 minutes – more followed before systems were shut down!
Threat Landscape
Section Owner: Lucy/Marty
Cybercrime Dynamics
DIGITAL GRAFFITI (Melissa, CodeRed worm)
EARLY COMMERCIALIZATION (Loveletter, Pump & Dump email)
EFFICIENT ECOSYSTEMS (Mpack, Conficker)
AUTOMATION (Asprox botnet, Blackhole, Zeus)
INDUSTRIALIZATION (RIG Exploit Kit, Neutrino Exploit Kit)
INTEGRATED BUSINESS MODEL (WannaCry, Locky, CryptoLocker)
EVOLUTION OF CYBERCRIME OVER TIME >
TODAY
THREAT SOPHISTICATIONNUMBER OF THREATS
NUMBER & RANGE OF ACTORS
LEVEL / SOURCES OF FUNDING RANSOMWARE
PROLIFERATION / NATION STATENON-WINDOWS/ MOBILE
COMPOUNDING FACTORS
The Challenge Of Addressing New ThreatsSoftware Vulnerabilities Reported By Year
Source information NIST National Vulnerability Database as of 1 May 2018https://beta.nvd.nist.gov/vuln-metrics/visualizations/cvss-severity-distribution-over-time
46394150
5286 5186
7937
6487 6446
14647
5990
2010 2011 2012 2013 2014 2015 2016 2017 2018
Up to 1 May 2018
Top Threats Worldwide
• Active Adversaryo Privilege escalation, cred theft, lateral
movement, exploits, process injection
• Advanced Malwareo Zero-day attacks w/multiple stages
o Worms, Trojans, VB script, PDF, File-less attacks (cryptominers, powershell, etc…), bots, rats
• Cryptomining/Cryptojackingo Legitimate and malicious use of CPU
cycles to generate digital currency
38%21%
33%
5%
Advanced Malware
Active Adversary
Ransomware
Cryptojacking
3%
GenericMalware
The Threat Landscape Has Shifted
54% OF ORGS HIT BY RANSOMWARE
RANSOMWARE
*Source: State of Endpoint Protection Study 2018
38%21%
33%
5%
Advanced Malware
Active Adversary
Ransomware
Cryptojacking
3%
GenericMalware
Data ProtectionHow far do you want to go to manage the risk to your data and IT assets?
Risk mitigation IT SECURITY SCALEBASIC LOWEST RISK
LOWER HIGHER
Hacking, malware, or malicious code (57%)
Portable devices and physical loss (17%)
Unintended disclosure (22%)
Other (4%)
Advanced malware
Ransomware and exploits
Unauthorized access and
credential theft
Lost or stolen laptops and
storage devices
Lost or stolen mobile devices,
tablets, and IoT devices
Human error, loss via email,
or loss via cloud storage
Malicious insider
Endpoint Protection Intercept X Server Security Device Encryption Sophos Mobile SafeGuard Encryption
Top causes fordata loss*
Common ways to lose data
Remediation
Effort
* Percentages based on number of incidents according to data from Privacy Rights Clearinghouse
93% of breaches include phishing
Verizon 2018 Data Breach Investigations Report 19
Education
Spotting the Phish
Any attempt to bait a user into:
• Opening a malicious email attachment
• Clicking a link
• Transferring funds or confidential information
21
2015 2016 2017
Global spam and phishing volumes
22
Users five times more susceptible to Phishing Emails
Phishing Attacks
13%
B2B Email CTR 3.5%B2C Email CTR
2.4%
Consumer marketing emails 5.4x / Business emails 3.7xSources: Sophos Phish Threat simulation data , Experian Email Benchmark Report Q4 2016 23
The threat landscape for phishing
3%
5%
15%
6%
5%
26%
32%
9%
I DON’T KNOW
NEVER
INFREQUENTLY
MONTHLY
FORTNIGHTLY
WEEKLY
DAILY
HOURLY
41% OF IT PROS REPORT AT LEAST DAILY
PHISHING ATTACKS
Phishing Temperature Check, Freeform Dynamics 2017 (for Sophos)Data from 330 global IT professionals
62% OF ORGANIZATIONS FAIL TO TEST
USER AWARENESS
62%
24
The threat landscape for phishing
3%
5%
15%
6%
5%
26%
32%
9%
I DON’T KNOW
NEVER
INFREQUENTLY
MONTHLY
FORTNIGHTLY
WEEKLY
DAILY
HOURLY
41% OF IT PROS REPORT AT LEAST DAILY
PHISHING ATTACKS
Phishing Temperature Check, Freeform Dynamics 2017 (for Sophos)Data from 330 global IT professionals
62% OF ORGANIZATIONS FAIL TO TEST
USER AWARENESS
62%
25
Solution: Phish like a bad guyEducate and test your users to spot attacks
USER BASELINE TESTING
REAL-WORLD ATTACK SIMULATION
EFFECTIVE TRAINING MODULES
COMPREHENSIVE REPORTING
26
Sophos Phish Threat
• Simulated phishing campaigns in 3 easy steps
• 100’s of customizable attack templates fed by latest threat intelligence
Choose an attack
1
• Over 30 interactive training courses covering security and compliance topics
Choosetraining
2
• Campaign reporting• Security posture by
organization, group, or individual
Monitor activity and measure
awareness
3
100’s of customizable attack simulation templates
• Realistic simulations powered by global threat intelligence
• Library of international templates from beginner to expert
Multiple scenarios and difficulties
• Australian Federal Police
• Amazon.co.uk
• DVLA
• Canada Post
• London Underground
• New Zealand Inland Revenue Department
• Parcelforce
• Royal Bank of Canada
Growing library of international content
28
Over 30 end user training modules
• Phishing• Credential harvesting• Vishing (phone phishing)• Social engineering• Ransomware• Secure social media use• Public Wi-Fi
• Malicious attachments• Passwords & passphrases• Two-factor
authentication• Principle of least privilege• Physical security and data
protection
• EU General Data Protection Regulation (GDPR)• Gramm-Leach-Bliley Act (GLBA)• Health Insurance Portability and Accountability Act (HIPAA)• Payment Card Industry Data Security Standard (PCI DSS)
Security Topics
Compliance Topics
29
Don’t be Phished Top Tips:
• Forceful/faked urgency to get you to respond before you think
• Offer a prize or reward to tempt you to click on a link
• Ask you to provide your password or other confidential data for security purposes
• Website addresses that are similar to, but not the same as the real thing, e.g. www.gØØgle.com vs www.google.com www.twiter.com vs www.twitter.com
Top tip — hovering over the link should display the actual address
• Emails that appear to come from a senior employee at your organization
• Poor spelling and/or unusual grammar
Synchronized Security
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |Malware Identities | URL Database | Machine Learning | Threat Intelligence | Genotypes | Reputation | Behavioral Rules | APT Rules | App Identities | Anti -Spam | DLP | SophosID | Sandboxing | API Everywhere
Sophos Central
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
In Cloud On Prem
Next-Gen Endpoint
Mobile
Server
Encryption
UTM/Next-Gen Firewall
Wireless
Web
IT Security Top Tips
1. Use unique passwords for every service you use
2. Keep your software up to date
3. Make backups of your files
4. Be mindful of what you share
5. Use protective software to fight the nasty stuff
• Put Appropriate Security in Place
• Educate Staff
• Check & Double Check
• If in doubt…. Call or Delete