Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
2017 Data Breach Investigations Report Are you gambling with your future?
Nicolas Villatte
EMEA Labs Manager
VTRAC Labs | Verizon Threat Research Advisory Center
PTE16945
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
Proprietary statement
This document and any attached materials are the sole property of Verizon and
are not to be used by you other than to evaluate Verizon's service.
This document and any attached materials are not to be disseminated,
distributed or otherwise conveyed throughout your organization to employees
without a need for this information or to any third parties without the express
written permission of Verizon.
© 2017 Verizon. All rights reserved. The Verizon name and logo and all other
names, logos and slogans identifying Verizon's products and services are
trademarks and service marks or registered trademarks and service marks of
Verizon Trademark Services LLC or its affiliates in the United States and/or other
countries.
All other trademarks and service marks are the property of their respective
owners.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement. 2
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
3
2017 Data Breach Investigations Report (DBIR)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
Lift the lid on cybercrime.
1,935 breaches
42,068 incidents
65 contributors
10th edition
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
4
65 Contributors
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
5
Geographical coverage
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
6
Data-driven decision making
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
7
The VERIS framework
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
Actor – Who did it?
Action – How’d they do it?
Asset – What was affected?
Attribute – How was it affected?
Documentation, classification examples, enumerations: http://veriscommunity.net/
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
8
A chain of events
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
9
Attack patterns.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
88% of breaches fall into the
nine attack patterns we first
identified in 2014.
Understanding these helps
you predict what the bad
guys will do next.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
10 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
What’s the Biggest Threat you Face? Understanding the who, what, why and how helps you know
where to spend your budget.
11
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
12
The crooks aren’t just after the big guys.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
Nearly two-thirds of the data
breach victims in this year’s
report are businesses with
under 1,000 employees. 61%
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
13
Cybercrime is rarely precision targeting.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
Cybercriminals are mostly
opportunistic; trawling for weak
points to use as a foothold.
Don’t be fooled by the
Hollywood caricatures
of cybercriminals.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
14
The basics still aren’t covered.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
1 in 14 users fell for
phishing. A quarter of those
were duped more
than once.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
15
Key findings (1/2)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
16
Key findings (2/2)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
17
Threat actors motivation
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
6
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
18
Technology gap
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
19
Breach discovery method over time
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
6
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
20 Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
21
Financial Services
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this
material is not permitted to any unauthorized persons or third parties except by written agreement.
Denial of
Service
Web
Application
Attacks
Payment Card
Skimming
94% External 71% Credentials 96% Financial 88% of incidents
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
22
Retail
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this
material is not permitted to any unauthorized persons or third parties except by written agreement.
Denial of
Service
Payment Card
Skimmers
Web
Application
Attacks
92% External 57% Payment 96% Financial 81% of incidents
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
23
Manufacturing
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this
material is not permitted to any unauthorized persons or third parties except by written agreement.
Cyber-
Espionage
Privilege
Misuse
Everything
Else
93% External 91% Secrets 94% Espionage 96% of breaches
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
Build your Defenses Wisely. While attackers are using new tactics and tricks, their overall
strategies remain relatively unchanged.
26
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
27
Crimeware
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
All instances involving
malware that did not fit
into a more specific
pattern.
Ransomware is big
business
• Now the most common form
of malware.
• Ransomware is fast, low risk
and easily monetizable for
the attacker.
• Bitcoin makes collecting
anonymous payments easy.
What you can do
• Watch out for macro-enabled
MS Office documents
• Stress the importance of
software updates.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
28
Cyber-Espionage
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
What you can do
• Throw your weight behind
security awareness training.
• Encourage your teams to
report phishy emails.
Welcome to the long game
• A malicious email is the
favored way in.
• Typically followed by tactics
aimed at blending in.
• Attackers need time to gather
the data they’re interested in.
Attacks linked to state-
affiliated actors, and/or
with the motive of
espionage.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
29
Web Application Attacks
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
Any incident in which a
web application was used
as the means of attack.
Don’t become a stepping
stone
• Non-e-commerce websites
are a growing target.
• Names, addresses and more
are stored, but usually with
weaker protection.
• Personal data and
credentials are stolen and
used elsewhere.
What you can do
• Encourage customers to vary
their passwords and use two-
factor authentication.
• Limit the amount of sensitive
information stored in web-
facing applications.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
Quick takeaways
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement. 30
Be vigilant
Make people your first line
of defense.
Only keep data on a
“need to know” basis.
Patch promptly.
Encrypt sensitive data.
Use two-factor authentication.
Don’t forget physical security.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
31
Find out more…
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement.
2017 DBIR
An in-depth analysis of
cybersecurity.
DBIR executive summary
All the key findings from the
2017 DBIR, with insight and
guidance tailored to
executives.
Data Breach Digest
Real cases from the frontline
of cybersecurity that reveal
what really happens when an
organization is breached.
NOTE: These gray boxes are 12 grids guide
• Use these boxes as a guideline to place your content
• They won’t show on the slide show mode
Thank you.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only.
Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by writ ten agreement. 32
http://www.verizonenterprise.com/DBIR2017