THE SHIFTING LANDSCAPEKNOW YOUR BATTLEFIELD

David Miklasevich | Product Marketing ManagerJune 8, 2016

2

AgendaShifting Landscape

1. External Battlefield

2. Internal Battlefield

3

battlefield (noun)Pronunciation: (/ˈbadlˌfēld)

1.The piece of ground on which a battle is or was fought2.A place or situation of strife of conflict

External Battlefield

What Battlefield are you fighting on? Circa 1863

6

Digital Battlefield – Circa 2016 Accelerating Change and Complexity

7

Global Reach and Scope

8

China Unable To Recruit Hackers Fast EnoughTo Keep Up With Vulnerabilities In U.S. Security Systems

9

United States

SOURCE: Graph based on data from Kaspersky Lab

10

Acceleration of Attacks

SOURCE: Graph based on data from Kaspersky Lab

11

Cyber Security Battlefield

0

10

20

30

40

Bill

ions

of d

evic

es

19921M

20030.5B

2009IoT

Inception

20128.7B

201311.2B

201414.2B

201518.2B

201622.9B

201728.4B

201834.8B

201942.1B

20202020

50.1B

1988 1992 1996 2000 2004 2008 2012 2016 2020SOURCE: Cisco

12

Target rich environment

13

Who are the bad guys?

2014

OUTSIDERS: 45%

INSIDERS: 55% Malicious Insiders – 31.50% Inadvertent Actors – 23.50%

2015

OUTSIDERS: 40%

INSIDERS: 60% Malicious Insiders – 44.50% Inadvertent Actors – 15.50%

14

Security incident categories

2014 Categories 201537% Unauthorized access 45%20% Malicious code 29%20% Sustained probe/scan 16%11% Suspicious Activity 6%8% Access or credential

abuse3%

15

Industries with highest security incidents

2014 Ranking 2015Financial Services 1 Healthcare

Information and communication 2 ManufacturingManufacturing 3 Financial Services

Retail and wholesale 4 GovernmentEnergy Utilities 5 Transportation

Internal Battlefield

17

Board of DirectorsIncreasingly involved

The more things change, the more they stay the same...

Alphonse Karr, 1849

19

“The Times are a Changin’” (**)

** Bob Dylan, 1964

20 SOURCE: https://hacked.com/swift-breached-again-second-bank-sees-cyber-heist/

Changing Threat Landscape

As attacks become increasingly sophisticated, security breaches have a growing financial impact on victims.

$7.7 million 2% from 2014

THE AVERAGE ANNUAL COST OF A CYBER CRIME INCIDENT IN 2015

THE ESTIMATED COST OF CYBER CRIME TO THE GLOBAL ECONOMY

$400 billion

Sources: Ponemon Institute. “2015 Cost of Cyber Crime Study: Global.”McAfee/CSIS, “Net Losses: Estimating The Global Cost Of Cyber Crime”

Changing Threat LandscapeThe TimeThe escalating sophistication of attacks increases not just the cost of cyber crime but also the time to resolve an attack.

27 days

THE AVERAGE TIME IT TOOK TO CONTAIN A CYBER ATTACK WAS:

31 days

THE AVERAGE TIME IT TOOK TO CONTAIN A CYBER ATTACK WAS:

15%INCREASE

2013 2014

23

Recommendations

Know your enemy Know yourself (Try to understand what you have that is valuable and what motivates those who want to take it)

Get informed Tripwire, The State of Security

Tripwire, SCM for Dummies

Tripwire, Security eBooks

Verizon DBIR reports

Cisco Security Reports

Krebs on security

IBM Xforce Quarterlies

tripwire.com | @TripwireInc