tripwire university boot camp – the shifting landscape: know your battlefield
TRANSCRIPT
THE SHIFTING LANDSCAPEKNOW YOUR BATTLEFIELD
David Miklasevich | Product Marketing ManagerJune 8, 2016
2
AgendaShifting Landscape
1. External Battlefield
2. Internal Battlefield
3
battlefield (noun)Pronunciation: (/ˈbadlˌfēld)
1.The piece of ground on which a battle is or was fought2.A place or situation of strife of conflict
External Battlefield
What Battlefield are you fighting on? Circa 1863
6
Digital Battlefield – Circa 2016 Accelerating Change and Complexity
7
Global Reach and Scope
8
China Unable To Recruit Hackers Fast EnoughTo Keep Up With Vulnerabilities In U.S. Security Systems
9
United States
SOURCE: Graph based on data from Kaspersky Lab
10
Acceleration of Attacks
SOURCE: Graph based on data from Kaspersky Lab
11
Cyber Security Battlefield
0
10
20
30
40
Bill
ions
of d
evic
es
19921M
20030.5B
2009IoT
Inception
20128.7B
201311.2B
201414.2B
201518.2B
201622.9B
201728.4B
201834.8B
201942.1B
20202020
50.1B
1988 1992 1996 2000 2004 2008 2012 2016 2020SOURCE: Cisco
12
Target rich environment
13
Who are the bad guys?
2014
OUTSIDERS: 45%
INSIDERS: 55% Malicious Insiders – 31.50% Inadvertent Actors – 23.50%
2015
OUTSIDERS: 40%
INSIDERS: 60% Malicious Insiders – 44.50% Inadvertent Actors – 15.50%
14
Security incident categories
2014 Categories 201537% Unauthorized access 45%20% Malicious code 29%20% Sustained probe/scan 16%11% Suspicious Activity 6%8% Access or credential
abuse3%
15
Industries with highest security incidents
2014 Ranking 2015Financial Services 1 Healthcare
Information and communication 2 ManufacturingManufacturing 3 Financial Services
Retail and wholesale 4 GovernmentEnergy Utilities 5 Transportation
Internal Battlefield
17
Board of DirectorsIncreasingly involved
The more things change, the more they stay the same...
Alphonse Karr, 1849
19
“The Times are a Changin’” (**)
** Bob Dylan, 1964
20 SOURCE: https://hacked.com/swift-breached-again-second-bank-sees-cyber-heist/
Changing Threat Landscape
As attacks become increasingly sophisticated, security breaches have a growing financial impact on victims.
$7.7 million 2% from 2014
THE AVERAGE ANNUAL COST OF A CYBER CRIME INCIDENT IN 2015
THE ESTIMATED COST OF CYBER CRIME TO THE GLOBAL ECONOMY
$400 billion
Sources: Ponemon Institute. “2015 Cost of Cyber Crime Study: Global.”McAfee/CSIS, “Net Losses: Estimating The Global Cost Of Cyber Crime”
Changing Threat LandscapeThe TimeThe escalating sophistication of attacks increases not just the cost of cyber crime but also the time to resolve an attack.
27 days
THE AVERAGE TIME IT TOOK TO CONTAIN A CYBER ATTACK WAS:
31 days
THE AVERAGE TIME IT TOOK TO CONTAIN A CYBER ATTACK WAS:
15%INCREASE
2013 2014
23
Recommendations
Know your enemy Know yourself (Try to understand what you have that is valuable and what motivates those who want to take it)
Get informed Tripwire, The State of Security
Tripwire, SCM for Dummies
Tripwire, Security eBooks
Verizon DBIR reports
Cisco Security Reports
Krebs on security
IBM Xforce Quarterlies
tripwire.com | @TripwireInc