www.soltra.com threat context soltra | an fs-isac dtcc company cyber security panel tlp white
TRANSCRIPT
S O LT RA | A N F S - I S A C D TC C C O M PA N Y
www.soltra.com
Threat context
CY
BE
R S
EC
UR
I TY
PA
NE
L
TLP WHITE
EXTERNAL THREATS GROWING
117,339 incoming attacks every dayThe total number of security incidents detected by respondents climbed to 42.8 million this year, an increase of 48% over 2013.
Findings from The Global State of Information Security Survey 2015 Graphic Source: PwC
TLP WHITE
S O LT RA | A N F S - I S A C D TC C C O M PA N Y
Fun• Technicall
y curious individual
s
Fame• Technically adept
groups leaving their mark on
public websites
Fortune• Cyber criminals
and organized gangs stealing money, data
ransom schemes and competitive
information
Force• Nation states and non-
nation state groups launching targeted attacks for strategic
purposes
EVOLUTION OF CYBER ATTACKSCyber Threats on the Private Sector
2010
2001
2004
1988
Academic
“Script Kiddies”
Commodity Threats
Advanced Persistent Threats (APT) – Targeting government entities
APT– Targeting private sector
Nature of Threat
TLP WHITE
S O LT RA | A N F S - I S A C D TC C C O M PA N Y
WHO ARE THE ADVERSARIES?Attacker Motivation, Capability & Intent
Cri
min
als •Money
•Money•And more money
•Large number of groups
•Skills from basic to advanced
•Present in virtually every country
•Up to $$$
Hackti
vis
ts •Protest•Revenge
•Large number of groups
•Groups tend to have basic skills with a few 'standout' individuals with advanced technical and motivational skills"
•Up to $ -$$
Esp
ion
ag
e •Acquiring Secrets for national security or economic benefit
•Small but growing number of countries with capability
•Larger array of ‘supported’ or ‘tolerated’ groups
•Up to $$$$+
War •Motivation is to
destroy, degrade, or deny capabilities of an adversary
•Politics by other means
•Small but growing number of countries with capability
•Non-state actors may utilize ‘war’ like approaches
•Up to $$$$$ ?•…but, a lot less expensive than a nuclear weapon
$ - Under thousands$$ - Tens to hundreds of thousands$$$ - Millions$$$$ - Tens to hundreds of millions$$$$$ - Billions
August 2014
TLP WHITE
S O LT RA | A N F S - I S A C D TC C C O M PA N Y
THE NEED FOR SPEEDAttackers Act 150x Faster Than Victims Respond Minutes vs. Weeks/ Months
Initial Attack to Initial
Compromise(Shorter Time
Worse)
Initial Compromise to
Data Exfiltration(Shorter Time
Worse)
Initial Compromise to Discovery
(Longer Time Worse)
Seconds
Hours Days Weeks Months
10% 12% 2% 0% 1%
14% 25% 8% 8%
0% 0% 2%
Defenders take a long time to feel the impact of an
attack
Attackers have honed their skills to come at you
rapidly
13% 29% 54%
Minutes
75%
8% 38%
TLP WHITE
S O LT RA | A N F S - I S A C D TC C C O M PA N Y
CHANGING THE ECONOMICS
Cyber Warfare Symmetry
Cost to Defend
Cost to Attack
Policy Effectiveness
Advantage: DefendersAdvantage: Attackers
Cost
Min
Max
Future State of Cyber-Symmetry(Only Most Advanced Can Play)
Current State of Cyber-Symmetry(Unsophisticated Adversaries Can Play)
Cost to Firms The current cost to process a
single piece of intelligence is 7 hours. Equal to 2014 =$100m;
2015 = $1b; 2016 = $4b
Cost to Adversaries Adversaries must “re-tool” much
more often and their exploits cause less damage
Risks from Cyber Threats
Frequency and impact of threats decrease while higher adoption leads to exponential benefits