More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017...
Transcript of More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017...
![Page 1: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/1.jpg)
More Than CheckboxesTackling the Overlooked Aspects of GDPR
Oleg GorobetsSenior Global Product Marketing Manager, Kaspersky Lab
![Page 2: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/2.jpg)
THE EVOLUTION OF CYBERTHREATS
Damage from
attacks
2003 2007 2009 2013 2017
VirusesWorms
SpywarePhishingBotnets
APTsZero‐daysWipers
Nuisances
Cyber‐crime
Professional Cyber‐espionage ?
![Page 3: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/3.jpg)
We understand global IT & Business trends and the threats they bring!
3
Consumerization & mobility
Increasingonline commerce
Critical infrastructure at risk
Machine Learning
Personal Data Cloud & virtualization
Privacy & data protection challenge
Fragmentation of the Internet
Cars become smarterConnected Cities
Mobile threatsCriminal Currency
Massive data leaks
Decreasing cost of APTs
Commercialization of APTs
Supply chain attacks
Cyber-mercenaries
“Wipers” & cyber-sabotage
Targeted attacks
Financial phishing attacksRansomware
Malware for ATMs
Attacks on PoS terminals
Merger of cybercrime and APTs
Targetinghotel networks
Internet of Things
HacktivismVulnerable connected cars
Ransomware in Targeted Attacks
Data asThreats
to Smart Cities
Attacks on Smart Cities IoT botnets
Compliance
Risk Analysis
![Page 4: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/4.jpg)
THE ‘NEXT GEN THREATS’ MARKET PHENOMENON
Both IT and commercial advances provide
new opportunities for attackers.
The result is the booming
Threat landscape affecting so many
businesses.
![Page 5: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/5.jpg)
THE AVERAGE FINANCIAL IMPACT OF A DATA BREACH
SMB
Enterprise
Average Total Impact:$87.8k
Average Total Impact:$992k
IT Security Risks Report 2017 Kaspersky Lab
$134K$130K
$111K$107K$104K$99K
$132K$97K
$78K
Compensation
Damage to Credit Rating/Insurance…
Lost Business
Improving Software & Infrastructure
New Staff
$13K$12K$11K
$10K$8K$8K
$10K$8K
$7K
Lost Business
Additional Internal Staff Wages
Compensation
Improving Software & Infrastructure
New Staff
Base: 1,229 SMBs/ 919 EnterprisesSuffering At Least One Data Breach
![Page 6: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/6.jpg)
PERSONAL DATA: NO PERIMETERS, NO BORDERS
PERSONAL DATA IS EVERYWHERE
PERSONAL DATA HAS BECOME A COMMODITY FOR CYBERCRIMINALS TO STEAL AND TRADE
ITS COMPROMISE CAN GRAVELY AFFECT PEOPLES’ LIVES
THE ACUTE NEED FOR DATA PROTECTION DRIVES NEW LEGISLATIONS
THE NEED FOR COMPLIANCE DRIVES SECURITY NEEDS
![Page 7: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/7.jpg)
GDPR is a LAW
GDPR starts in Europe 25 May, 2018GDPR is how to deal with personal data as part of a human rightsAffects all businesses over the globe dealing with the EU citizens
Get consent from data subject on data processing Locate and classify your sensitive dataCreate accountability process and establish data storage Prevent data breachesReport about data breachesControl data flow
PenaltiesUnder GDPR, in case of an incident, organizations can be fined up to 4% of annual global turnover or €20 Million (whichever is greater)
Breach NotificationUnder the GDPR, breach notification will becomemandatory in all member states where a data breach islikely to “result in a risk for the rights and freedoms ofindividuals”. This must be done within 72 hours of firsthaving become aware of the breach.
What an organization needs to do:
![Page 8: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/8.jpg)
THE NUMBERS TALKTALK FOR THEMSELVES
Breach:
• 157,000 customers’ data stolen; multiple security issues
• The ICO has issued a £400 000 fine under the 1998’s Data Protection Act
• Under GDPR, it could become £59mln
• Sold customers’ data, fined £130 000
• Under GDPR, it would become £4mln
Source: The Register, ‘Last year's ICO fines would be 79 times higher under GDPR’
![Page 9: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/9.jpg)
TOP IT CONCERNS
Most Concerning IT Security Related Business Issues
69%
43%
42%
39%
38%
35%
33%
Data protection
Security issues of cloudinfrastructure adoption andbusiness process outsourcing
Business continuity
Cost of securing increasinglycomplex technology
environmentsEnsuring compliance of staffwith security policies andregulatory requirements
Relationships withpartners/customers
Security issues of mobiledevices and BYOD trends
Top 3 Security Challenges Related To Each Business Issue
Base: 5,274 All Respondents
Data loss/exposure due to targeted attacks 39%
Electronic leakage of data from internal systems 32%
Physical loss of devices or media containing data 28%
Incidents affecting suppliers that we share data with 17%
Incidents affecting third party cloud services we use 17%
Incidents affecting IT infrastructure hosted by a third party 18%
Viruses & malware 19%
Loss of access to internal services 16%
Loss of access to customer-facing services 15%
Identifying / remedying vulnerabilities in IT systems we use 19%
Managing security across different computing platforms 16%
Incidents involving non-computing, connected devices 13%
Inappropriate IT resource use by employees 20%
Time and cost of enforcing security compliance among employees 18%
Fines for not maintaining compliance with security regulations 11%
N/A N/A
Managing security of users' own devices in the workplace 16%
Inappropriate sharing of data via mobile devices 16%
Physical loss of mobile devices exposing the organization to risk 15%
IT Security Risks Report 2017 Kaspersky Lab
![Page 10: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/10.jpg)
GDPR: PERCEPTION & REALITY
10
![Page 11: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/11.jpg)
AM I SUBJECT TO GDPR LEGISLATION?
One more set of regulationsto comply with…
I don’t have personal data, nothing to worry about!
I HAVE STRONG SECURITY!I SHOULD BE SAFE!
It’s so complex, I’ll have a hard time explaining the means & budgets to the Board..
![Page 12: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/12.jpg)
GDPR ASPECTS FOR A COMPANY
Know your roleUnderstand your data
Train your champions
Assign a DPO
Perform GAP analysis
Conduct DPIAs
Review consents
Develop and test breachResponse frameworks
![Page 13: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/13.jpg)
TWO KEY ASPECTS TO START WITH
Know your role Understand your data
![Page 14: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/14.jpg)
Roles, Rules and Rights
Data Subject
Controller Processor1
Processor2
Consent
Rights:• Reviewing• Portability• Rectification• Oblivion• Objection
Rules
Processor3
National Border
• Biz.Processes• Training• Rules for Processor
DPO
Obligations
Business ITP2P
C2P
• Data storing• Breach detection• Notifications
Authority
SCCP
(logging, audit)
![Page 15: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/15.jpg)
Data Ws: What? Where? When? Who?
File Server
Mobile Endpoint
ConnectedStorage
Endpoint
Smartphone/TabletCloud Infrastructure
PerimeterPortableStorage
User1 User2
Regulated Data Storage
![Page 16: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/16.jpg)
HOW IT SECURITY CAN HELPKASPERKY LAB’S VISION
![Page 17: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/17.jpg)
Knowing Your Data is Key
File Server
Mobile Endpoint
ConnectedStorage
Endpoint
Smartphone/TabletCloud Infrastructure
PerimeterPortableStorage
Mail Server
![Page 18: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/18.jpg)
DATA PROTECTION FRAMEWORK
SensitiveData
Protection
Mitigate risks & Reduce attack surface
Encryption Security Controls
THREAT PROTECTION
DATA DISCOVERY TOOLS
Ready‐to‐use compliancedictionaries Custom dictionaries
DEFINE & DISCOVERKnow what data you haveand where you have itCONTAIN & GOVERN Know where is resides
RESPOND & REPORT Report Breaches & Contain Incidents
DLP‐based functions CASB
PREVENT
BREACH DETECTION / PREVENTION
EDR
Access Rights & Security Policies
DATA STORAGE
People & Processes
![Page 19: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/19.jpg)
Inside Infrastructure:Endpoint Protection +
At the perimeter:Mail & Gateway
In the cloud:Cloud Security
GOVERNING THE DATA
Security Controls
File Encryption
Endpoint Detection & Response
Breach Detection &Prevention
Mailbox Data Discovery
Web Control
Mail/ChannelEncryption
Data Discovery
Mail & Gateway DLP
AccessRights
AccessRights
Encryption
CASB
Cloud DLP Breach
Detection
Data Discovery
Platform Existing New
![Page 20: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/20.jpg)
Security Controls: Make Breaches Less Likely to Occur
• Can block launch of unsolicited apps (including malware)
• Can be configured to let only whitelisted apps run
• Can block undesired sites(and categories)
• Can be configured to allowaccess only to whitelisted sites
• Can block the use of undesired devices (e.g. USB sticks or network adapters)
• Can be configured to allow trusted devices to be connected
![Page 21: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/21.jpg)
Threat protection is True for Avoiding BreachesHumanExpertise
Treat Intelligence / Big Data
MachineLearning
![Page 22: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/22.jpg)
![Page 23: More Than Checkboxes · THE EVOLUTION OF CYBERTHREATS Damage from attacks 2003 2007 2009 2013 2017 Viruses Worms Spyware Phishing Botnets APTs Zero‐days Wipers Nuisances Cyber‐crime](https://reader034.fdocuments.us/reader034/viewer/2022042909/5f3c4d98cbf3405aaa1f9843/html5/thumbnails/23.jpg)
LET'S TALK?