2014 Year of the Mega Breach

Security for Today’s Threat
Landscape
Kat Pelak
1
Mega Breaches
• Healthcare, education and the public sectors accounted for 58% of all
data breaches
• But the retail, computer software and financial sectors accounted for 77%
of all the identities exposed in 2013.
3
Top Causes of Data Breaches
Sept. 2013 to Aug 2014
Source: Symantec
Number
of Incidents
53%
21%
20%
Hackers
Accidentally
Made Public
Theft or Loss
Insider Theft
6%
137
55
51
16
TOTAL
259
4
Data Loss Increase
552M
93M
2012
2013
?
?
2014
552M Total identities exposed
in 2013, A 493% Increase.
5
Breaches
Data by the Numbers
Ransomware
500% in the
last 6
months.
Dragonfly: Western Energy Companies Under
Sabotage Threat
• Ongoing cyberespionage campaign
• Targeting the energy sector in Europe and US. Other
sectors not immune
• Stealing information
• Capable of sabotage
• Attacker capabilities
– persistent access to networks
– Information stealing
– Sabotage
Why is Security so LAX?
• A Russian crime
organization has
reportedly stolen
over 1.2 billion
Internet
credentials.
• Over 4,000
websites appear
to have been
compromised
10
Email-borne threats are common
1 in 392
1 in 196
Emails are a phishing attack
Emails are a malware attack
25%
66%
Contain a hyperlink to
malicious code
of all email is spam
11
Mobile Users at Risk
%
38
Of smartphone users have experienced
mobile cybercrime in past 12 months
%
50
Don’t use basic precautions such as
passwords, security software or back
up files for their mobile device
Source: 2013 Norton Report
Mobile Security IQ
DELETE SUSPICIOUS
EMAILS FROM PEOPLE
THEY DON’T KNOW
HAVE AT LEAST A BASIC
FREE ANTIVIRUS
SOLUTION
AVOID STORING
SENSITIVE FILES
ONLINE
90%
72%
78%
56%
33%
48%
Source: 2013 Norton Report
Social Media
ISTR
Sept 2013 – Aug 2014
60%
52%
50%
40%
37%
30%
20%
9%
10%
2%
1%
Fake Apps
Comment
Jacking
0%
Fake Offering Manual Sharing
Likejacking
Mobile Threats
Mobile Threats: Malicious Code by Platform, 2013
Source: Symantec
Platform
Android
Number
of Threats
57
Percent
of Threats
94%
Symbian
1
2%
Windows
1
2%
iOS
1
2%
Android remains the platform of choice for malware
authors
Targeted Attacks
Protection Against Targeted Attacks
Reputational & Behavioral
Protection (SEP)
• Detect and block new and unknown threats based on global reputation and
behavior of files
Host-based Intrusion
Detection and Prevention (DCS)
• Locks down key systems that contain confidential information
• Prevents any unauthorized code to run — independent of AV signatures
Removable Media Device Control
(SEP)
• Restrict removable devices and functions to prevent malware infection
Email & Web Gateway Security
• Scan & block email with potentially malicious URLs, attachments or content.
• Monitor inbound/outbound web traffic and block accordingly
Encryption
• Discover data spills of confidential information that are targeted by attackers
• Detect and prevent exfiltration of confidential information that are targeted
by attackers
Endpoint & Network Data
Correlation (MSS-ATP)
• Create and enforce security policies so all confidential information is
encrypted
Network Threat and Vulnerability
Monitoring (MSS)
• Prioritize threat information detected at the network through security
intelligence and information coming from endpoint security devices.
Zero-day Vulnerabilities
Avoiding Data Breaches
Data Classification (Insight)
• Determine what sensitive information exists in your organization
• Categorize it appropriately and protect it according to its classification level
Data Loss Prevention (DLP)
• Detect and prevent exfiltration of sensitive information that is targeted by
attackers
• Enforce rules prohibiting access of confidential data using applications
Host-based Intrusion
Detection and Prevention (DCS)
• Locks down key systems that contain confidential information
• Prevents any unauthorized code to run — independent of AV signatures
Email & Web Gateway Security
• Scan & block email with potentially malicious URLs, attachments or content.
• Monitor inbound/outbound web traffic and block accordingly
Encryption
• Create and enforce security policy so all confidential information is encrypted
Strong Authentication (VIP)
• Use two-factor authentication to protect against credential theft
19
Mitigating Mobile Attacks
Application Management
Symantec App Center
• Secure data in corporate applications regardless of device ownership
Device Management
Symantec Mobile Management
• Remotely wipe devices in case of theft or loss, control password policies
• Update devices with applications as needed without physical access
Device Security
Symantec App Center
• Guard mobile device against malware
• Prevent the device from becoming a vulnerability
Identity & Access Control
Symantec VIP
• Provide strong authentication and authorization for access to enterprise
applications and resources
• Ensure safe access to enterprise resources from right devices with right postures
20
Defense-in-Depth
Security Information Management
Secure Mail Gateway
Client and Asset Management
Encryption
Endpoint Protection
3 things you should do when you leave this
room..
1
Review your current security stack
2
Consider your options to fill the gaps
3
If you need help, contact Symantec
Presentation Identifier Goes Here
22
Stay Informed
Download:
Follow:
symantec.com/threatreport
@threatintel
23
Thank you!
Kat Pelak
Katheryne_Pelak@Symantec.com
@KatherynePelak
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and
other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to
the maximum extent allowed by law. The information in this document is subject to change without notice.