Understanding and Dealing with Modern Threats Trent Greenwood, Manager Security Practioners TOLA

Understanding and Dealing with Modern ThreatsTrent Greenwood, Manager Security Practioners TOLA

2© Copyright 2015 EMC Corporation. All rights reserved.

The State of the Problem

EMC CONFIDENTIAL – FOR INTERNAL USE ONLY


Agenda



Why is everyone picking on me?


What would anyone want from me?


Do you know how much it can cost?

• 2,644 Breaches*

• 267 Million Records*

• $5.5M cost per Breach*

• $194 cost per Record*

• 99% records lost due to external hacking*

• 97% of data breach incidents were avoidable*

• Target cost $162 million – AFTER INSURANCE

– * numbers from the Online Trust Alliance Guide to Data Protection and Breach Readiness (2013)


The Adversary – who is after you

CRIMINALS Unsophisticated, but noisy

Organized, sophisticated supply chains (PII, PCI, financial services, retail)

Organized crimePetty criminals

NON-STATE ACTORS Various reasons,

including collaboration with the enemy

Political targets of opportunity, mass disruption, mercenary

Cyber-terrorists / Hacktivists

Insiders

NATION STATE

ACTORSGovernment, defense contractors, IP rich organizations, waterholes

Nation states


• Type of Attack Classification– Proxy Interception– SQL Attack Tools– Web Scanner/Services Attack Tools– Username Harvesting

• Tools are cheap – – Spear Phishing toolkits $2 - $10– Malware Kits – Carbanak over $1 b– Skimming Devices– RAM Scraping on PoS terminals– Hackers for Hire websites

The Adversary – Tools they use


“Everyone has a plan until you get punched in the face.”

A wise man once said:


What is your plan?


Can you Execute?People, Process and Technology

EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

Documents

Understanding and Dealing with Modern Threats Trent Greenwood, Manager Security Practioners TOLA