Data breaches affect millions of people in the U.S. …...* Data for 2015 to March 4, 2015....
Transcript of Data breaches affect millions of people in the U.S. …...* Data for 2015 to March 4, 2015....
#MIGlobal
Data breaches affect millions of people in the U.S. each year
0
100
200
300
400
500
600
700
800
0
50
100
150
200
250
300
350
400
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015*
Records breached, millions
Records breached (left)
Number of breaches (right)
Number of breaches
Source: Privacy Rights Clearinghouse.
* Data for 2015 to March 4, 2015.
#MIGlobal
Hacking or malware breaches account for significantly more
disclosed records per attack in the U.S.
0 100,000 200,000 300,000 400,000 500,000 600,000
Unknown or other
Unintended disclosure
Stationary device
Insider
Payment card fraud
Portable device
Hacking or malware
Average number of records disclosed per breach
Average (2005-2014)
Source: Privacy Rights Clearinghouse.
#MIGlobal
The United States and China were the top sources of
malicious Internet security threats in 2013
Country/Region 2013 rank 2013 average (percent) United States 1 20.3
China 2 9.4
India 3 5.1
Netherlands 4 3.5
Germany 5 3.3
Russia 6 2.6
United Kingdom 7 2.6
Brazil 8 2.5
Taiwan 9 2.5
Italy 10 2.3
Source: Symantec.
#MIGlobal
Reported cybersecurity incidents at federal agencies
increased by 782 percent between 2006 and 2012 Incidents reported to the U.S. Computer Emergency Readiness Team
5,503
11,911
16,843
29,999
41,776 42,854
48,562
0
10,000
20,000
30,000
40,000
50,000
60,000
2006 2007 2008 2009 2010 2011 2012
Number of incidents
Source: Government Accountability Office.
#MIGlobal
Organizational errors, insider abuse and mismanagement add
to European data breaches by external hackers
42
22 13 11
10 2
87
0 6 2 5
0 0
10
20
30
40
50
60
70
80
90
100
Stolen byhackers
Exposed online Missing orstolen hardware
Insider abuse ortheft
Administrativeerror
Unspecified
Percent
Share of records breached
Share of incidents
Source: Center for Media, Data and Society.
#MIGlobal
Commercial organizations were targets in half of European
breaches but lost 84 percent of compromised records
Percent of incidents by target
Other 25%
Commercial 51% Government
24%
Percent of records lost by target
Other 7%
Commercial 84%
Government 9%
Source: Center for Media, Data and Society.
#MIGlobal
Cyber attacks tax the national economy EVERY DAY
Commerce suffering now (infrastructure not so much) Almost 3% of GDP, or $455 billion of damage (2013)
Current cyberattacks are broad based, targeting identity, credentials, and financial info for financial gain
Small businesses are exposed, too
– Data breaches at major banks and retail chains provide ammunition
– Small businesses are heavily dependent on Internet
– Inadequate expertise and resources to defend and respond
In 2014 enterprises spent $71 billion on cybersecurity, growing 7.9% over 2013 (Gartner)
Networks are strategic to business operations Interconnected and interdependent
Network evolution is similar to electric grid evolution in the last century
– Islands of networks becoming interconnected, resulting in interdependence
– Weak link failures trigger a domino effect
Evolution of modern digital networks similar (Target, Home Depot, JPMorgan, Sony)
– RedSeal survey corroborates
#MIGlobal
Seventy-four percent of executives believe cyber attacks can
cause serious damage
Serious damage 74%
Moderate damage 21%
Very little damage 3%
No damage 1%
“I believe cyber attacks on the U.S. can cause …”
100% = 350 respondents
Source: RedSeal 2015 Cybersecurity Domino Effect Study
#MIGlobal
Profitability, Growth and Brand Equity Most at Risk
41
43
45
51
80
0 10 20 30 40 50 60 70 80 90
Internal/organizational disruption or chaos
Business downtime
A big hit on employee productivity
Serious brand damage
Serious impacts to business profitability and growth
% of respondents
I believe cyber attacks on U.S. networks can cause . . .
Source: RedSeal 2015 Cybersecurity Domino Effect Study
100% = 350 respondents
#MIGlobal
Cyberattacks on one network will have significant ripple effect
– majority finding
32
40
41
47
56
59
64
0 10 20 30 40 50 60 70
Negative effects or chaos on a global level
Negative effects or chaos on a national level
Negative effects or chaos on a state level
Negative effects or chaos on a local level
National vulnerabilities
Security domino effect with other areas affected
Further business-related security vulnerabililties
What other areas do you think may be affected by the resulting ripple effects of cyberattacks on one network?
Source: RedSeal 2015 Cybersecurity Domino Effect Study
100% = 350 respondents % of respondents
#MIGlobal
The challenge
Network complexity and attack sophistication exceeds understanding
Source:: RedSeal.
#MIGlobal
Identify attack paths including lateral movement
Source:: RedSeal.
#MIGlobal
Executive Network Security Index
• You cannot manage what you do not
measure.
• Answers the question – Is my network
getting safer over time?
• Based on a sophisticated,
complete and rigorous analysis
of the whole network, its
components and its policies
• FICA style risk index, or Percentage
• Trend data over time
• iPhone and Android
Source:: RedSeal.