SlideShare a Scribd company logo

Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS

Download as PPTX, PDF
R
Randall Chase

The document discusses the rising cybersecurity threats targeting small and medium-sized businesses, highlighting that 43% of attacks target companies with fewer than 250 employees. It emphasizes the importance of having integrated security policies, proactive defenses, and being prepared for potential breaches and their financial repercussions, which can average around $36,000. It also notes that many SMBs are ill-prepared to manage cybersecurity risks due to limited resources and expertise.

Technology
Related topics:
Cyber-Security
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Cybersecurity: You Are Being Targeted https://cmitsolutions.com/security-quiz
People What role does your staff, contractors, consultants, freelancers, and business partners play? What about bad actors within your ecosystem? Understanding CybersecurityProtecting all aspects of your business Policies Procedures Technology Do you have security policies? Are these policies integrated with your business workflows and behaviors? Do you meet any regulatory requirements? Procedures are where the rubber meets the road. Policies have no impact without procedures to make the best intentions reality. At the core of every business is the technology infrastructure. Does your technology support and integrate with your people, policies, and procedures? Are your protections proactive, automatic, and responsive? https://cmitsolutions.com/security-quiz
3 Who is the Target? https://cmitsolutions.com/security-quiz
4 Small Business Targets ❯ “43% of targeted attacks hit companies with fewer than 250 employees.”- Symantec Internet Security Threat Report 2016 ❯ 99% of computer users are vulnerable to software vulnerabilities –Heimdal Security ❯ “30% of recipients now open phishing messages and 12% click on attachments” - Verizon 2016 Data Breach Investigations Report https://cmitsolutions.com/security-quiz
5 Can you afford a breach? ❯ 44% of small businesses reported being the victim of a cyber attack – average cost $36,000 - SBA 2016 Survey ❯ 60% of small businesses attacked go out of business in 6 months – U.S. Nat’l Cyber Security Alliance https://cmitsolutions.com/security-quiz
Râmnicu Vâlcea, Romania 6 Wired Magazine “How a remote town in Romania has become Cybercrime Central” #1 Industry: Hacking © 2017 CMIT Solutions Empower the Staff. Defend the Network. Protect the Data.
7 Steal Your Data https://cmitsolutions.com/security-quiz
THE THREAT LANDSCAPE 8 ❯ Phishing ❯ Ransomware / Malware © 2017 CMIT Solutions Empower the Staff. Defend the Network. Protect the Data.
Phishing
Targeted Attacks Start with Email 74%
Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M (KrebsonSecurity, July 18,2018) LifeLock Bug Exposed Millions of Customer Email Addresses (KrebsonSecurity, July 18, 2018)
Phishing • A skillfully crafted email • Designed to give up information • From a seemingly credible source • An urgent call to action Email arrives provoking you to update account information You click on the link and enter credit card info on the scam page Hacker collects your info Hacker sells or uses your info maliciously
Spear Phishing
Spear phishing Clara Thornhill Clara Thornhill Accounts Payable, Universal Imports 1d
Spear phishing • Highly targeted phishing • Research targets over time • Time is on their side • Social Engineering – attacking the soft tissues that make up your cyber and life profile Email arrives provoking you to update account information You click on the link and enter credit card info on the scam page Hacker collects your info Hacker sells or uses your info maliciously Research high-value target
Ransomware / Malware
17 Hijack Your Data https://cmitsolutions.com/security-quiz
18 Buy Your Data Back for $200 According to the survey’s other findings (representing more than 1,000 IT service providers), the average ransom demanded ranges between $500 and $2,000 Datto (2016) https://cmitsolutions.com/security-quiz
Malicious Software: Ransomware Ransomware Freezes Police Evidence The police department in Cockrell Hill, which is about eight miles from downtown Dallas, didn't pay the $4,000 ransom, which was requested in the virtual currency bitcoin. Los Angeles college pays ransom demand Los Angeles Valley College in Valley Glen said it paid $28,000 in bitcoins to the hackers, who had used malicious software to commandeer a variety of systems, including key computers and emails. 19 © 2017 CMIT Solutions Empower the Staff. Defend the Network. Protect the Data.
Appendix
Are SMBs Prepared to Mitigate Cybersecurity Risks? Today, many small- and medium-sized businesses (SMBs) are ill-prepared when it comes to cybersecurity, due to the growing sophistication of cyber threats and lack of in-house expertise. The chart below shows the rated effectiveness of the surveyed organizations' ability to mitigate risks, vulnerabilities and attacks against their businesses. November 10, 2017
Are Outdated Browsers Leaving Businesses Vulnerable? Running unpatched browsers leaves your network vulnerable to exploits and other malicious schemes that could expose or compromise company data. The chart below breaks down commonly-used browsers by the percentage of users running outdated versions of each. November 4, 2016
Is the IT Security Gap a Threat to SMBs? With lean IT staffs, many small- and medium-sized businesses (SMBs) lack the resources and expertise to manage complex security infrastructures. While threats to security are proliferating, these organizations aren’t taking the proper precautions to protect themselves and their networks. The data below shows the gap between the level of concern and the level of protection for given IT security issues. November 10, 2017
Which Vertical Has the Highest Cost of Security?Not all data is created equal. While cyber criminals will go after any sensitive information they can get, some industries come at a higher price tag. Below are the average costs of a data breach per stolen record in 2017, compared to the four-year average for the respective vertical.
What Is the Cost of IT Downtime? Downtime is an expected yet expensive risk of doing business today. Without the ability to maintain or restore business operations, it could result in direct losses in productivity and revenue. Below is what businesses claim to be the cost of an IT downtime incident.
The Financial Consequence of a Cyber Attack is Worsening The global average cost of cyber crime has seen a steady increase over the past five years, with a significant increase in the last two years. This trend will likely continue, but businesses can look to invest in managed security services to mitigate the risks of cyber attack and avoid the increasing financial consequences. February 9, 2018
The Steep Cost of Poor IT Security Without the proper security tools in place, businesses are at severe risk of falling victim to cyber attack. In fact, the average total cost of a successful attack is $5,010,600. Below shows the breakdown of all the costs that factor into this high number. $1,252,650 $1,503,180 $1,152,438$501,060 $400,848 $200,424 System Downtime IT and End User Productivity Loss Theft of Information Assets Damage to Infrastructure Reputational Damage Lawsuits, Fines and Regulatory Actions $5,010,600 Source: Ponemon Institute, The 2017 State of Endpoint Security Risk Report
How Dwell Time Can Impact Profitability Without threat monitoring and detection capabilities, businesses are subject to dwell time that could result in a successful and costly cyber attack. Below shows the relationship between mean time to identify (MTTI), mean time to contain (MTTC), and the total average cost of a security incident measured in US$ (millions).

More Related Content

PDF
Reasons to be secure
Meg Weber
 
PDF
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
PDF
Scalar security study2017_slideshare_rev[1]
Tracey Ong
 
PDF
The Cyber Security Readiness of Canadian Organizations
Brian Rushton-Phillips
 
PPTX
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Jay Kesan
 
PDF
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
Diaspark
 
PDF
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
Sania Baker
 
PPT
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
Reasons to be secure
Meg Weber
 
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
Scalar security study2017_slideshare_rev[1]
Tracey Ong
 
The Cyber Security Readiness of Canadian Organizations
Brian Rushton-Phillips
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Jay Kesan
 
INFOGRAPHIC: IS YOUR PATIENT DATA PROTECTED?
Diaspark
 
4 Reasons Why Your Business Needs A Cyber Security Consultant.pdf
Sania Baker
 
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 

What's hot (20)

PDF
Cyber Defense For SMB's
Guise Bule
 
PDF
idg_secops-solutions
Jonny Nässlander
 
PDF
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
PDF
Target data breach case study
Abhilash vijayan
 
PPTX
Data breach presentation
Bradford Bach
 
PPTX
Target data breach presentation
Sreejith Nair
 
PDF
Cyber Risks & Liabilities - Cyber Security for Small Businesses
ntoscano50
 
PPTX
Cybersecurity: What does Cyber Insurance Cover?
Next Dimension Inc.
 
PPTX
Cyber Security Threats in the Financial Sector
Farook Al-Jibouri
 
PDF
Material de apoyo Un replanteamiento masivo de la seguridad.
Universidad Cenfotec
 
PDF
Verizon DBIR 2021
SOCRadar Inc
 
PPTX
Cybersecurity: Protection strategies from Cisco and Next Dimension
Next Dimension Inc.
 
PPTX
Cybersecurity & the Board of Directors
Abdul-Hakeem Ajijola
 
PDF
Digital Threat Landscape
Quick Heal Technologies Ltd.
 
PPTX
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
PDF
CBIZ Cyber Security - What Every Business Needs to Know
CBIZ, Inc.
 
PDF
140707_Cyber-Security
Tara Gravel
 
PPSX
November 2017: Part 6
seadeloitte
 
PPTX
The CPAs Guide to Buying Cyber Insurance
Joseph Brunsman
 
PPTX
State of cybersecurity
Helen Johnson
 
Cyber Defense For SMB's
Guise Bule
 
idg_secops-solutions
Jonny Nässlander
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
Target data breach case study
Abhilash vijayan
 
Data breach presentation
Bradford Bach
 
Target data breach presentation
Sreejith Nair
 
Cyber Risks & Liabilities - Cyber Security for Small Businesses
ntoscano50
 
Cybersecurity: What does Cyber Insurance Cover?
Next Dimension Inc.
 
Cyber Security Threats in the Financial Sector
Farook Al-Jibouri
 
Material de apoyo Un replanteamiento masivo de la seguridad.
Universidad Cenfotec
 
Verizon DBIR 2021
SOCRadar Inc
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
Next Dimension Inc.
 
Cybersecurity & the Board of Directors
Abdul-Hakeem Ajijola
 
Digital Threat Landscape
Quick Heal Technologies Ltd.
 
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
CBIZ Cyber Security - What Every Business Needs to Know
CBIZ, Inc.
 
140707_Cyber-Security
Tara Gravel
 
November 2017: Part 6
seadeloitte
 
The CPAs Guide to Buying Cyber Insurance
Joseph Brunsman
 
State of cybersecurity
Helen Johnson
 
Ad

Similar to Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS (20)

DOCX
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
prcircle
 
PDF
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
Invincea, Inc.
 
PDF
Cyber Security index
sukiennong.vn
 
PPTX
Ways To Protect Your Company From Cybercrime
thinkwithniche
 
PDF
2017 Scalar Security Study Summary
Scalar Decisions
 
DOCX
12Cyber Research ProposalCyb
ChantellPantoja184
 
DOCX
12Cyber Research ProposalCyb
AnastaciaShadelb
 
PDF
5 Top Cyber Threats That Will Ruin Your Business
IndusfacePvtLtd
 
PDF
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
PDF
2016 Scalar Security Study Executive Summary
patmisasi
 
PDF
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Ernst & Young
 
PDF
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
NishantSisodiya
 
PDF
The 10 Fastest Growing Cyber Security Companies of 2017
Insights success media and technology pvt ltd
 
PDF
Cybersecurity- What Retailers Need To Know
Shantam Goel
 
PDF
Why is cyber security a disruption in the digital economy
Mark Albala
 
PPTX
Best Security Practices for a Web Application
TriState Technology
 
PDF
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
Scalar Decisions
 
PDF
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
PDF
IBM Security Services
Rainer Mueller
 
PDF
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
Nearly 80 billion dollars were spent in 2016 to fight cybercrime
prcircle
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
Invincea, Inc.
 
Cyber Security index
sukiennong.vn
 
Ways To Protect Your Company From Cybercrime
thinkwithniche
 
2017 Scalar Security Study Summary
Scalar Decisions
 
12Cyber Research ProposalCyb
ChantellPantoja184
 
12Cyber Research ProposalCyb
AnastaciaShadelb
 
5 Top Cyber Threats That Will Ruin Your Business
IndusfacePvtLtd
 
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
2016 Scalar Security Study Executive Summary
patmisasi
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Ernst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
NishantSisodiya
 
The 10 Fastest Growing Cyber Security Companies of 2017
Insights success media and technology pvt ltd
 
Cybersecurity- What Retailers Need To Know
Shantam Goel
 
Why is cyber security a disruption in the digital economy
Mark Albala
 
Best Security Practices for a Web Application
TriState Technology
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
Scalar Decisions
 
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
IBM Security Services
Rainer Mueller
 
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
Ad

Recently uploaded (20)

PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
2021 HotChips TSMC Packaging Technologies for Chiplets and 3D_0819 publish_pu...
KeXue5
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Modernising the Digital Integration Hub
Daniel Toomey
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 

Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS

  • 1. Cybersecurity: You Are Being Targeted https://cmitsolutions.com/security-quiz
  • 2. People What role does your staff, contractors, consultants, freelancers, and business partners play? What about bad actors within your ecosystem? Understanding CybersecurityProtecting all aspects of your business Policies Procedures Technology Do you have security policies? Are these policies integrated with your business workflows and behaviors? Do you meet any regulatory requirements? Procedures are where the rubber meets the road. Policies have no impact without procedures to make the best intentions reality. At the core of every business is the technology infrastructure. Does your technology support and integrate with your people, policies, and procedures? Are your protections proactive, automatic, and responsive? https://cmitsolutions.com/security-quiz
  • 3. 3 Who is the Target? https://cmitsolutions.com/security-quiz
  • 4. 4 Small Business Targets ❯ “43% of targeted attacks hit companies with fewer than 250 employees.”- Symantec Internet Security Threat Report 2016 ❯ 99% of computer users are vulnerable to software vulnerabilities –Heimdal Security ❯ “30% of recipients now open phishing messages and 12% click on attachments” - Verizon 2016 Data Breach Investigations Report https://cmitsolutions.com/security-quiz
  • 5. 5 Can you afford a breach? ❯ 44% of small businesses reported being the victim of a cyber attack – average cost $36,000 - SBA 2016 Survey ❯ 60% of small businesses attacked go out of business in 6 months – U.S. Nat’l Cyber Security Alliance https://cmitsolutions.com/security-quiz
  • 6. Râmnicu Vâlcea, Romania 6 Wired Magazine “How a remote town in Romania has become Cybercrime Central” #1 Industry: Hacking © 2017 CMIT Solutions Empower the Staff. Defend the Network. Protect the Data.
  • 8. THE THREAT LANDSCAPE 8 ❯ Phishing ❯ Ransomware / Malware © 2017 CMIT Solutions Empower the Staff. Defend the Network. Protect the Data.
  • 10. Targeted Attacks Start with Email 74%
  • 11. Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M (KrebsonSecurity, July 18,2018) LifeLock Bug Exposed Millions of Customer Email Addresses (KrebsonSecurity, July 18, 2018)
  • 12. Phishing • A skillfully crafted email • Designed to give up information • From a seemingly credible source • An urgent call to action Email arrives provoking you to update account information You click on the link and enter credit card info on the scam page Hacker collects your info Hacker sells or uses your info maliciously
  • 14. Spear phishing Clara Thornhill Clara Thornhill Accounts Payable, Universal Imports 1d
  • 15. Spear phishing • Highly targeted phishing • Research targets over time • Time is on their side • Social Engineering – attacking the soft tissues that make up your cyber and life profile Email arrives provoking you to update account information You click on the link and enter credit card info on the scam page Hacker collects your info Hacker sells or uses your info maliciously Research high-value target
  • 18. 18 Buy Your Data Back for $200 According to the survey’s other findings (representing more than 1,000 IT service providers), the average ransom demanded ranges between $500 and $2,000 Datto (2016) https://cmitsolutions.com/security-quiz
  • 19. Malicious Software: Ransomware Ransomware Freezes Police Evidence The police department in Cockrell Hill, which is about eight miles from downtown Dallas, didn't pay the $4,000 ransom, which was requested in the virtual currency bitcoin. Los Angeles college pays ransom demand Los Angeles Valley College in Valley Glen said it paid $28,000 in bitcoins to the hackers, who had used malicious software to commandeer a variety of systems, including key computers and emails. 19 © 2017 CMIT Solutions Empower the Staff. Defend the Network. Protect the Data.
  • 21. Are SMBs Prepared to Mitigate Cybersecurity Risks? Today, many small- and medium-sized businesses (SMBs) are ill-prepared when it comes to cybersecurity, due to the growing sophistication of cyber threats and lack of in-house expertise. The chart below shows the rated effectiveness of the surveyed organizations' ability to mitigate risks, vulnerabilities and attacks against their businesses. November 10, 2017
  • 22. Are Outdated Browsers Leaving Businesses Vulnerable? Running unpatched browsers leaves your network vulnerable to exploits and other malicious schemes that could expose or compromise company data. The chart below breaks down commonly-used browsers by the percentage of users running outdated versions of each. November 4, 2016
  • 23. Is the IT Security Gap a Threat to SMBs? With lean IT staffs, many small- and medium-sized businesses (SMBs) lack the resources and expertise to manage complex security infrastructures. While threats to security are proliferating, these organizations aren’t taking the proper precautions to protect themselves and their networks. The data below shows the gap between the level of concern and the level of protection for given IT security issues. November 10, 2017
  • 24. Which Vertical Has the Highest Cost of Security?Not all data is created equal. While cyber criminals will go after any sensitive information they can get, some industries come at a higher price tag. Below are the average costs of a data breach per stolen record in 2017, compared to the four-year average for the respective vertical.
  • 25. What Is the Cost of IT Downtime? Downtime is an expected yet expensive risk of doing business today. Without the ability to maintain or restore business operations, it could result in direct losses in productivity and revenue. Below is what businesses claim to be the cost of an IT downtime incident.
  • 26. The Financial Consequence of a Cyber Attack is Worsening The global average cost of cyber crime has seen a steady increase over the past five years, with a significant increase in the last two years. This trend will likely continue, but businesses can look to invest in managed security services to mitigate the risks of cyber attack and avoid the increasing financial consequences. February 9, 2018
  • 27. The Steep Cost of Poor IT Security Without the proper security tools in place, businesses are at severe risk of falling victim to cyber attack. In fact, the average total cost of a successful attack is $5,010,600. Below shows the breakdown of all the costs that factor into this high number. $1,252,650 $1,503,180 $1,152,438$501,060 $400,848 $200,424 System Downtime IT and End User Productivity Loss Theft of Information Assets Damage to Infrastructure Reputational Damage Lawsuits, Fines and Regulatory Actions $5,010,600 Source: Ponemon Institute, The 2017 State of Endpoint Security Risk Report
  • 28. How Dwell Time Can Impact Profitability Without threat monitoring and detection capabilities, businesses are subject to dwell time that could result in a successful and costly cyber attack. Below shows the relationship between mean time to identify (MTTI), mean time to contain (MTTC), and the total average cost of a security incident measured in US$ (millions).

Editor's Notes

  • #3: A recent Tech Pro Research survey showed that 61 percent of SMBs allocate less than 10 percent of overall budget to IT security. 1 of 3 (32%) security professionals lack effective intelligence to detect and respond to cyber threats. NIST (National Institute of Security for Technology) Over 260 million records containing sensitive information have been compromised in the first four months of 2018 Worldwide cyber security spending will reach $96 billion by the end of 2018
  • #5: 23% of phishing emails are opened by recipients 11% that open the phishing email also click on the link or attachment in the message But the most troubling # is 43% and that's the percentage of spear phishing attacks targeting businesses with 250 or few employees. 14 Million small businesses were attacked over past 12 months 48% more SMBs experienced a breach due to employee neglect in 2017 vs. 2016
  • #6: 1 in 131 emails contains a malware. This is the highest rate in about five years, and it is further expected to increase as hackers attempt to use malware like ransomware to generate money from unsuspecting people
  • #7: This photo appeared in Wired Magazine in 2011 titled “How a remote town in Romania has become cybercrime central.”1 There is a supporting economy for cybercriminals. This is a city of 120,000 has a nickname: Hackerville (only a small percentage of them are actual hackers) Râmnicu Vâlcea is a town whose business is cybercrime, and business is booming. - More profitable than the global trade of all major illegal drugs combined Damage costs to hit $6 trillion annually by 2021*
  • #8: Social Security number: $1 Credit or debit card (credit cards are more popular): $5-$110 With CVV number: $5 With bank info: $15 Fullz info: $30 Note: Fullz info is a bundle of information that includes a “full” package for fraudsters: name, SSN, birth date, account numbers and other data that make them desirable since they can often do a lot of immediate damage. Online payment services login info (e.g. Paypal): $20-$200 Loyalty accounts: $20 Subscription services: $1-$10 Diplomas: $100-$400 Driver’s license: $20 Passports (US): $1000-$2000 Medical records: $1-$1000*
  • #11: It’s become a security industry cliché that email is the number one threat vector. Here’s a recent data point. In the 2017 Threat Landscape Survey: Users on the Front Line, conducted by the SANS Analyst Program, for the Top Threat Vectors - 74% of the threats entered as an email attachment or link. https://www.sans.org/reading-room/whitepapers/threats/2017-threat-landscape-survey-users-front-line-37910 Other studies and estimates have put this percentage as high as 90% or more. Clearly email is a huge source of risk for modern organizations. Let’s take a look at some recent examples to unpack the reasons why
  • #12: These threats are a constant worry for small, medium and large organizations across all industries.
  • #13: How Effective is it? Very! Its been around for tens of years and still going strong! How: An email that can come from a seemingly credible institution such as a bank, ebay, facebook, paypal etc. It typically has an urgent call to action that will have you clicking on a link, attachment or embedded file. Spoofing / masking of email addresses and links play a big role so beware! Links to apparent institutional websites can be very convincing – so watch what you click. Attachments may seem to do nothing, but may have key-loggers or crawlers running in the background… or worse!
  • #15: The soft tissues of your cyber self How Effective is it? Very! If only because it is a highly targeted campaign. Typically again through email but will be a lot more polished and convincing. The Social engineering element leverages the human instinct to ‘trust’ others, avoid confrontation and not question authority etc. Here attackers spend a lot more time studying their subjects – it’s worth it – the rewards can be huge! Attacks can either happen fast, or once in, attackers can ‘sleep’ in your network. Once in, they will take time to learn more about you, your company, your processes etc… whatever they need to launch a highly effective strike against you. Becuase they are so customized, tradition firewalls, web filters and the like are often rendered useless.
  • #16: The soft tissues of your cyber self How Effective is it? Very! If only because it is a highly targeted campaign. Typically again through email but will be a lot more polished and convincing. The Social engineering element leverages the human instinct to ‘trust’ others, avoid confrontation and not question authority etc. Here attackers spend a lot more time studying their subjects – it’s worth it – the rewards can be huge! Attacks can either happen fast, or once in, attackers can ‘sleep’ in your network. Once in, they will take time to learn more about you, your company, your processes etc… whatever they need to launch a highly effective strike against you. Pecuase they are so customized, tradition firewalls, web filters and the like are often rendered useless.
  • #18: 1 in 131 emails contains a malware. This is the highest rate in about five years, and it is further expected to increase as hackers attempt to use malware like ransomware to generate money from unsuspecting people. 54 percent of organizations experienced one or more ransomware incident in 2017
  • #19: 70 percent of businesses paid to get their data back in 2016. (Source: IBM) According to Dimension Data, ransomware attacks worldwide rose 350 percent in 2017 over the previous year. In 2017, the average ransom payment grew to $3,675 per ransom.