Upload
ken-lam
View
117
Download
0
Embed Size (px)
Citation preview
Asia Risk & Resilience Conference 2016
ThreatMetrix Q2 Cybercrime Report 2016
Asia Risk & Resilience Conference 2016
AreCybercriminalswinningthefight?
ThreatMetrixsawan50%increaseinfraudattackssinceQ22015
In Q2 2016 More than 112 million attacks were detected
and stopped in real time;
More than 450 million bot attacks were identified and stopped during this last quarter, a 50% increase over previous quarter.
Asia Risk & Resilience Conference 2016
What we know: Nearly 4 Billion User Records Stolen Since 2013
Emailaddressesstolen40McustomerrecordsfromAshleyMadisonmadeavailabletopublic
HealthCareDataBreached80MpatientrecordsstoleninAnthembreach
Creditbureaudatastolenhundredsofmillionsofrecordsinvariouscountriesstolene.g 27MinKoreain2014
GoogleandYahooBreach272.3millionstolenaccountsdetailsfromarebeingtradedinRussia
Asia Risk & Resilience Conference 2016
Data Breaches Continue To Grow
UserNames/PasswordsRIP:Thereisnowlongeranysecurityvalueintheageofthedatabreach
With278million+consumerrecordscompromisedin2015alone,theconceptofdataprivacy(andreliability)isnowanillusion
Asia Risk & Resilience Conference 2016
Customer Life Time Value Destruction
Asia Risk & Resilience Conference 2016
Getting Worse Not Better
Asia Risk & Resilience Conference 2016
We Need to Rethink Identity
Asia Risk & Resilience Conference 2016
What Can We Do?FirstSteps
Asia Risk & Resilience Conference 2016
Businesses are increasingly experiencing the
downstream effects of data breaches
We Now Live in a Post Data Breach World
Asia Risk & Resilience Conference 2016
Increased Friction
Asia Risk & Resilience Conference 2016
Band-Aid Solutions
Asia Risk & Resilience Conference 2016
Are your customers/employees
/partnersTrusted User
or Cyber Threats?
Asia Risk & Resilience Conference 2016
Understand: Cyber Threat Attack vectors and the new target
13
TrustisCritical
DigitalDebris
RiseofMachines
MobileFirstWorld
GlobalOrganizedCybercrime
DigitalIdentitiesarethenewtargetandtheyarecompromisedatalarmingrates:
Tomanageyourriskyouneedtounderstand:
• Howyour[employees,contractors,customers,partners]interactwithyourOmni-channels
• Whotheyreallyare• Howtheyarebehavingin
realtime
Asia Risk & Resilience Conference 2016
Understand The Cyber Threat: Predictions and Strategic Imperatives
• Botnetattacks:willcontinuetoriseandevolvetobypassratecontrolsecurity
• Identity/credentialtheft:willcontinuetobeakeyissueforallindustries
• Mobiletransactions:willincreaseparticularlyinthemobilebankingsector
• Globaltransactioncontext
• SingleOrchestrationPlatform
• BestinClassAnalytics
Asia Risk & Resilience Conference 2016
8am 10pm
PersonalPersona
BusinessPersona
Enroll in Insurancefrom Laptop
CheckEmail from Mobile Phone
Book a Flight from Tablet
CheckEmail from Tablet
PayBills from Laptop
Buy aShirt from Laptop
SurfFacebookfrom Mobile Phone
Account Origination Fraud Phishing CNP
CNP Social EngineeringPhishing Account Takeover
Understand your Vulnerability: We all have Multiple Personas, Credentials, Devices, Locations, but One Global Digital Identity - Your Digital DNA
https://vimeo.com/156917755
Asia Risk & Resilience Conference 2016
Apply Best Practice Cyber Threat Management: Where to start?
16
• GlobalSharedIntelligence:who,how,why,behavior?
• Identity: realtimedata,discerningtechnology,understandvulnerabilities,training.
• SocialEngineering/Phishing:badguyknowtheorgchartsandrelyoncarelesson-linebehavior
• GivetoGetmodel
• Identity/virtualpersonaamalgam
• InternalBestPractices
Asia Risk & Resilience Conference 2016
ThreatMetrix Unites the Facets of Digital Identities
Devices
Identity
Analytics
Associations
Behavior
CardIssuance
DigitalPayments
VideoStreaming
Insurance
MobilePayments
SocialNetworks
Global|Shared|Intelligence
Asia Risk & Resilience Conference 2016
ThreatMetrix has mapped the Digital Identity Graph.
Understandingmulti-variate relationships between a person and associated devices, credentials and threat behaviors…
Mapping Global Digital Identity Activity
Asia Risk & Resilience Conference 2016
…and more complex relationships between multiple personas now and over time = > vulnerability
Asia Risk & Resilience Conference 2016
Threat: Most Legacy Customer Authentication Methods are Insufficient and failing in the Mobile-First, Global Digital Age
ThreatMetrix Confidential Information – Do Not Copy or 20
Trusted forms of ID are mostly useless in a post-data breach world
✓ Credit Scores✓ AVS Checks✓ State Issued IDs✓ Step-up and OOB
Authentication✓ Cross-Border Credit Cards✓ Government Cyber Identity
ProgramsGlobal business is cross-border, 24/7
Asia Risk & Resilience Conference 2016
Threat: Our Behavior And Soft Targets Leave Us Vulnerable
Fraud Enablers The Players Soft Targets
• Unjustified Trust• Lack of Global
Intelligence • Social Network Impact• Common Passwords• Too Quick to Click
• Unwitting Insider • Colluding Insider• External Antagonists
• The Enterprise• Customers• Low Prep Enterprises
Asia Risk & Resilience Conference 2016
Real World Threat Scenarios: Our Behavior & Social Engineering
Emails or phone calls your employees will probably open/take with little to no pause…
• Email: Hi Ted, here is your 2016 compensation plan
• Email: Hi Ted, its Greg. I’m doing a deal in Australia and need you to wire 100K today
• Phone call: Hi Ted, it’s Joe at Dell checking on our outstanding AR…................can you give me a payment status? Thanks that was very helpful...
• Calls back 15 minutes later: Hi Ted, Joe again, I forgot to give you our new ACH paymemt instructions....... can you update these in your ERP?
• On payment...the ACH goes out to the wrong vendor...
• A week or two later: Hi Ted, its AR team at Dell, you are normally a quick payer, is there any reason you have not paid the outstanding invoice due last month?
• Email: Hi Ted, its Mark from the board…would you have a look at this presentation from one of my protfolio companies?
Asia Risk & Resilience Conference 2016
Impact: Today’s Cross-Border, Digital Business RealityComplicates Fraud, Threat, and Authentication Decisions
Source:ThreatMetrixQ4,2015CybercrimeReport
Asia Risk & Resilience Conference 2016
Impact: Attacks are Growing in Size, Frequency and Complexity
DailyRejectedTransactions
IdentityAbuseIndex
AnIdentityAbuseIndexlevelofHigh(showninred)representsanattackrateoftwostandarddeviationsfromthemediumtermtrend.Aggregatedoverallglobaltransactions,itclearlyshowsthattheexploitation
ofdatabreachesandstolenidentitiesisautomated,globalandcoordinated
Asia Risk & Resilience Conference 2016
Integrated Database
Integration Hub
Impact: Identity Spoofing Continues to Rise Globally
Asia Risk & Resilience Conference 2016
Impact: Bot attacks are more constant and increasing
Asia Risk & Resilience Conference 2016
ThreatMetrix Global Intelligence Network
Asia Risk & Resilience Conference 2016
Recognition is key
Persona(device,identity,behaviour)recognitioniskeytoensuringthatbusinessesareabletoeffectivelydifferentiatebetweentrustedusersandpotentialthreats
Asia Risk & Resilience Conference 2016
Integration: Integrating Digital Intelligence For True Digital Identity Assessment is the Key to Prevention
Asia Risk & Resilience Conference 2016
The Reality: Global Markets RequireFrictionless, Secure Digital Experiences
Fraud Prevention Authentication Threat Detection
“I want to pinpoint fraudsters using a stolen or synthetic identity the moment they apply.”
“I want to Accurately distinguish returning users from fraudsters.”
“Help me stop costly Botnet attacks from happening as customers are accessing my systems.”
Asia Risk & Resilience Conference 2016
DigitalIdentityNetwork
>2 billiontransactionsanalyzedpermonth 15billionin2015
Coveragein240countries
Upto98%recognitionrate
Over 4,000brands
Protecting30,000websites&apps
3ofthetop4creditcardnetworks
400milliondeployedmobileSDKs
+25Mpermonth
Leverage Global Shared Intelligence
>500,000 dailytransactionsanalysedforFrance
Asia Risk & Resilience Conference 2016
Global Real-Time Decisioning
Global Digital Identity
Global Shared Intelligence
70% reduction in false-positive rates; 90% reduction in fraud
• Buildaglobalsharedintelligencenetworktobeataglobalfraudnetwork
• KeepSecurityinvisiblefromyourCustomers(andCybercriminals)
• ProvidetheBest-in-ClassOnline&MobileExperience• Combine:
Asia Risk & Resilience Conference 2016
Digital Intelligence
Integration & Orchestration
Real-TimeAnalytics
DecisionManagement
Machine Learning
BehaviorAnalytics
Business Rules
Case Management
Reporting
Search & Link Analysis
Implement
Asia Risk & Resilience Conference 2016
Improve security together with the customer experience?
95%oftransactionsarefromgenuineusers
Asia Risk & Resilience Conference 2016
Summary1. Data Breaches and Bots driving cybercrime surge2. User Names / Passwords are no longer any security value in the age
of the data breach3. Mobile transactions are surging ahead of other online methods4. We see an emergence of mobile bot attacks targeting mobile apps5. Legacy Customer Authentication Methods are Insufficient and failing
in the Mobile-First, Global Digital Age6. Cybercriminals are targeting our Behavior & Social Engineering7. We need to build a global shared intelligence network to beat a global
fraud network 8. Keep Security invisible while anonymising, securing and encrypting
data9. Provide the Best-in-Class Online & Mobile Experience 10. Integrating Digital Intelligence For True Digital Identity Assessment is
the Key to Prevention
Asia Risk & Resilience Conference 2016
Stop Fraud, not Customers
Asia Risk & Resilience Conference 2016
Questions
Ted Egan ([email protected])Vice President Asia PacificThreatMetrix Inc.The Digital Identity Company