Managing Insider Threats 4 Risks You Need To Mitigate

Agenda

The state of cybercrime – what’s changed and why?

How likely is an attack?

The biggest threat & 4 serious internal risks

The cost of malware

Why Anti-Virus alone is not enough

What you can do to protect your networks

Short History of Cybercrime

Virus writers were hackers and nerds having fun making a

name for themselves

Then

Malware is now a tool of international organized crime

Now

The Cybercrime Economy

Credit Card Information: $0.85 - $30.00

The Cybercrime Economy

Bank Account Credentials: $15 - $850

The Cybercrime Economy

Full Identity: $0.70 – $20.00

Cybercrime Today

Agile, global, organized & outsourced

Cybercriminals want:

Money

Shares in the Business

Challenges

Non 9-5 Work Environment

Cybercrime Today

$114bn

Money

stolen/spent

on resolving

Cybercrime

Victims valued time

they lost to

Cybercrime

$274bn

Norton Cybercrime Report 2011

How Likely Is an Attack?

Threats are increasing exponentially

How Likely Is An Attack?

431 million adults

24 countries

141 US victims/minute

Norton Cybercrime Report 2011

How Likely Is An Attack?

Cybercriminals use malware to harvest personal data:

Viruses

Worms

Trojans

Data breaches are on the rise

91% reported at least 1 breach in the last year

59% reported 2 or more breaches

50% reported lost data

How Likely Is An Attack?

How Likely Is An Attack?

Size doesn’t matter

Small companies & big companies

Industry leaders are falling prey

How robust is your IT infrastructure?

The Most Serious Security Threat

Lives inside your organization: Human Nature

The Most Serious Security Threat

Shifting targets narrowed to individuals within organizations

Sophisticated criminals exploit the weakest link

Access to your network is easily gained by exploiting human nature

Insider Threats: 4 Serious Internal Risks

1. Spear Phishing Email Attacks

2. Social Media

3. The Infected USB Device

4. Unapproved Applications

Insider Threats: Spear Phishing The Evolution

Spam:

Unsolicited commercial email

Unsolicited bulk email

Phishing:

Sender appears to be a trustworthy entity

Bulk

Spear Phishing:

Customized

Insider Threats: Spear Phishing Proof

Insider Threats: Spear Phishing Advanced Persistent

Threats

Spear Phishing

Highly targeted to a person/organization

Objective is to get victim to click a link or download file

Malware infects the victim’s PC and opens back door for hackers to access company data

Insider Threats: Spear Phishing Google Breach

Insider Threats: Spear Phishing

100M

Insider Threats: Social Media

SOCIAL

MEDIA

Insider Threats: Social Media

Twitter now a source for links to poisoned websites

Insider Threats: Social Media

Facebook scams continue

Insider Threats: Social Media

Facebook scams continue

Insider Threats: Social Media

Social Media is now a legitimate business tool

Web-filters are barriers to productivity and burden IT

Cannot keep up with known malicious URLs

Insider Threats: The Infected USB Device

Opens the door to malware propagating in the network

Bypasses other layers of defense such as gateway firewall protection

25% of all new worms are designed to spread through portable storage devices

Insider Threats: The Infected USB Device

Device “read only” partition can host malware

In 2006, Secure Network Inc tested a credit union’s security

Distributed trojan infected USB drives

15 out of 20 were installed

Insider Threats: The Infected USB Device

2008 marks the biggest military breach to date

Caused by an infected USB flash drive

Over 100 foreign intelligence agencies are trying to capture US data

Insider Threats: Unauthorized Applications

Potentially unwanted applications

Instant messaging

Social networking sites

Peer to peer, games

Unacceptable security risk

System performance concern

License compliance issue

Insider Threats: Unauthorized Applications

Downloading unauthorized programs that can contain malware

In 2010 a credit union employee downloaded a coupon program

Laced with malware

License compliance issue

Internal Threats: Recap

Shifting Targets – exploiting human nature

Spear Phishing on the upswing

Social Media – business tool or security threat?

USB Keys pose bypass traditional security

Unauthorized applications are untrusted

73,000+ highly sophisticated new threats per DAY!

The Cost of Malware

$7.2 Million = the cost of a data breach (2010)

$214 = avg cost of compromised record (2010)

$318 = avg cost of

compromised record due to criminal attack (2010)

Source: Ponemon Institute's "2010 Annual Study: U.S. Cost of a Data Breach"

$7,969,330 scammed

44 days

1 email

The Cost of Malware

The Cost of Malware

Over 360,000 credit cards

Customer names

Customer email addresses

$2.7M stolen

Over 90,000 credit cards

Customer names

Customer email addresses

Phone #s, gender, DOB

The Cost of Malware

Threats continue to increase with hefty fines

The Cost of Malware

The Cost of Malware

"The first time anyone anywhere in the world noticed this new virus was on [March 15] and then it hit us on the 16th,”

"We've got multiple levels of protection and firewalls, but nothing recognizes this,"

"The cost of just one day without computer access is going to cost thousands,"

The Cost of Malware

What Does Successful Security Look Like?

Layers, layers and more layers

Desktop Security

System Restore – quick recovery but no protection against malware or data leakage

User Account Control – to be effective is too restrictive for many users. Frustrating to manage for IT

Anti-Virus – not entirely effective alone

Requires constant updating

Can be drain on system resources

Only protects against known threats

Why Anti-Virus Alone is Not Enough

1700+ confirmed malware files analyzed

13 top AV vendors

Average detection rate: 19%

Average time to catch up to new malware: 11.6 days

Source: Malware Detection Rates for Leading AV Solutions

A Cyveillance Analysis, August 2010

The Faronics Solution

Application Whitelisting

Concept:

Ignore the bad applications that you never want to run

Only identify the good applications you do want to run

Any unknown executables simply not allowed to run!

Benefits:

Not having to worry about updates

Not having to worry about unknown malware

Application Whitelisting

Benefits Beyond Security:

Protecting Resource Usage

Lower Help Desk Costs

Prevent Distractive Applications

Prevent Unlicensed or Illegal Applications

Application Whitelisting: With Anti-Virus

Anti-Virus

Heuristics still help identify and catch:

Malware that targets unpatched OS and applications

Malware that is carried as data and run as macros

Faronics AV runs suspected malware in a mini-VM

Application Whitelisting

Zero-Day attacks

Mutating Malware

Targeted Attacks

Potentially Unwanted Programs

Introducing Faronics Anti-Executable

Only approved applications can install or execute

Protects against attacks that bypass AV

Protects data from exposure to malware such as key loggers

Helps maintain system integrity by blocking installation of unauthorized applications

Enforces license compliance by specifying programs and versions that are allowed to be installed

Not dependent on signature updates

Why Anti-Executable?

Reduce IT costs associated with infections and troubleshooting time Avoid costly IT audits/legal risks Prevent loss and corruption of sensitive data Protect workstations from unknown, future system vulnerabilities Maximize system performance

Faronics Layered Security

Changing the way

the world thinks

about security.

Faronics Customers

About Faronics

Intelligent software solutions for ABSOLUTE control

In business since 1996

Over 8 million licenses deployed

Over 30,000 customers in over 150 countries

Offices in USA, Canada & UK

Affiliations

Awards

Next Steps

Try Faronics Anti-Executable at: www.faronics.com

Contact Faronics

Via email: sales@faronics.com

Via phone:800-943-6422

Q&A

Thank You

Presenter:

Samantha Shah Product Marketing Manager

T: 800-943-6422 E: sshah@faronics.com