CYBERSECURITY

JOSELYN S. ELNAR
BEBETTE CARMELA V. BISA
JENELYN R. DELEN
Organized Criminals
• Range from few lone actors to larger crime organizations, often
financed and headed by traditional criminal organizations.
• Making money through any means necessary. It is their livelihood.
Hacktivists
• Politically motivated criminals, using cyberattacts to make
statements, release information, damage business, government,
people
State-Sponsored hackers
• Government-funded and guided attackers, ordered to launch
operations from cyber espionage to intellectual property theft.
• Have the biggest bankroll, and thus can afford to hire the best talent
to create the most advance, nefarious and stealthy treats.

WHO ARE THEY AND WHAT

MOTIVATES THEM?
• $500 billion: Microsoft’s estimate for the total potential cost of
cybercrime
• $14 billion: The amount the U.S. government spent in 2017 on
cybersecurity.
• $2.1 trillion: The total global annual cost of all data breaches by
2019
• $3.8 million: The average cost of a data breach to a business
• $158 billion: The collective amount of money consumers lost
globally in 2015 due to cybercrime
• $16 billion: The Javelin Strategy & Research 2017 Fraud Report
• $50 million: The total cost of cybercrime across 237 major
companies in 6 countries
• $530 million: The cost of the January 2018 Coincheck hack

The Increasing Cost Of

Cybercrime
 Through seemingly
reputable emails,
E-mail Phishing criminals convince us to
click on links, download
attachments, or share
information.
Malware is then installed
on our computer, stealing
information and
spreading quickly.

How are we most vulnerable to malware?

Human error and lack of Recpients open
preparedness is the #1 phishing
16% messages
vulnerability 23%
Open e-mails and
11% click on phishing
links wiothin the
1st hour
clik on
attachments
50%

other means

Source: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report_2015_en_xg.pdf

We Take Part in Our Demise

 E-mail Phishing The simple act of web browsing poses
a big treat.
Web Browsing Knowing we spend a lot of time web
and browsing, criminals spend a great deal
Malvertising of time placing traps all over the
internet
For example:
• Embedding malicious code within
websites to download malware
upon visiting
62% • Creating fake advertising on
of websites serving up reputable websites linking to attack
malware are from sites
compromised legitimate • Cross site scripting attacks exploit
sites accdg to semantec browser table to steal credentials
and encryption keys

How are we most vulnerable to malware?

 E-mail Phishing Unpatched and unconfigured
systems allow hackers and
Web Browsing malware easy access to your
and personal computer and data.
Malvertising
Once they have access to your
Unpatched/
system they can spread easily.
Unconfigured
Software
Keeping applications up-to-date
with the latest patches helps
close system vulnerabilities.

How are we most vulnerable to malware?

 E-mail Phishing
“My employees are smart enough to stay
Web Browsing away from bad websites. Our risk of
and infection is therefore low”
Malvertising

Unpatched/ Trust is not strategy.

Unconfigured Human error is in fact the #1 cause of
Software malware. Cybercriminals know the
gateway to our systems is through
Human
mistakes made by end-users.
Error and
Ignorance They use every trick in the book to get us
to download attachments, click on links
or give away private information to make
our system vulnerable to cybercrime.

How are we most vulnerable to malware?

 A new reality makes protection more challenging

Worker mobility and Bring Cloud computing and Web Remote user access
Your Own Device(BYOD) Applications

Traditional Threat Management

Firewalls and antivirus stop many attacks
during several steps of the infection AV and firewalls
process, but the speed and volume of new alone stop only
30-50% of attacks
attacks enable some to go undetected for - OpenDNS
minutes or even months

Traditional risk management methods are not enough

 A new reality makes protection more challenging

Worker mobility and Bring Cloud computing and Web Remote user access
Your Own Device(BYOD) Applications

Traditional Threat Management

• Reactive/damage control tools
• Effectiveness is fully dependent on staying
up-to-date on malware definitions AV and firewalls
• Mobility and cloud computing can bypass alone stop only
network security 30-50% of attacks
• Undetected malware within the network is - OpenDNS
not always stopped from “calling home”.

Traditional risk management methods are not enough

• Web traffic security enforcement at the network perimeter and
end-points.
• Minimizing attack surfaces through patching and system
hardening
• Having full visibility of (and control over) software/web
services/websites used by everyone in the organization while at
work
• Centralized monitoring capabilities and real time alert system
• Employee education-remember humans are the weakest links.

Goals of an effective cyber-risk management strategy

• Focus on the whole infection process-preventing threats from
reaching the network, containing threats, and continuously for fast
clean-up
• Think of cyber as a set of layers of defense that will both help
prevent and contain malware.
Prevent Contain

Block
malicious Prevent Block Real-time
sites at the access to malware alert system
Keep systems
network level malvertising already on to monitor
up to date
i.e. prevent links and machines threats and
with timely
end-users block from “phoning fast
software
from malicious home” and containment
patching
accessing links in emails uploading and clean-up
infected and apps data
websites

How can I make threat management more effective?

 Web traffic protection
(DNS) & content
filtering Web traffic protection blocks
users from accessing attack
sites, and prevents malware
from calling home if an
infection entered the system
through other means.

Web content filtering tools

allows customizing which
websites can be accessed on
by end users to comply with
internal acceptable use
policies and regulatory
requirements.

How can I make threat management more effective?

 Web traffic protection
Keeping applications
(DNS) & content filtering
regularly patched is
Automated important for system
Patch performance and
Management particularly cybersecurity
protection.

This help closing system

vulnerabilities that are often
used by cyber threats to infect
systems and propagate to
other users.

Automatic patching tools for

centralized patch to all
systems, without
compromising productivity and
system performance.

How can I make threat management more effective?

 Web traffic protection
(DNS) & content filtering
Anti-virus and malware
Automated Patch protection programs are still
Management a key component of a threat
management strategy but
should be seen as detection
and clean up tools.
Anti-
AV/Malware scanners:
virus/malware
Provide reactive action to
scanners and
remove present infections
active protection
based on listings of known
software
malware.
AV- Active protection: Looks
for incoming programs, data,
processes to match against
again list of known malware
in real-time.

How can I make threat management more effective?

 Web traffic protection
(DNS) & content filtering

Automated Patch Containing threats needs

Management active monitoring

State-of-the art protection and

Anti-virus/malware the latest alert system is only
scanners and active effective strategy with active
protection software management and monitoring.

24/7 monitoring A dedicated resource (internal

or third party) ensures fast
detection and clean-up of any
threats and potential
breaches.

How can I make threat management more effective?

 Web traffic protection
(DNS) & content filtering
Employee training must at
Automated Patch the core
Management • Educate employees at all
levels on how they are the
primary gateway for
Anti-virus/malware malware
scanners and active • Can be an effective way of
protection software setting boundaries and
holding employees
24/7 monitoring accountable
• Key to meeting compliance
requirements, and
Employee training, enforcing acceptable
internet use and internet use and password
password policies policies.

How can I make threat management more effective?