CYBERTHREATSCAPE

William Francis "Willie" Sutton, Jr.

Prolific American bank

robber

During his forty-year

criminal career he stole

an estimated $2 million

”Because that's

where the money is”

2

1960

The Internet of Things (IoT)

Who would target you and why?

• Hacktivists use computer network exploitation to advance their political or social

causes.

• Individuals and sophisticated criminal enterprises steal personal information and

extort victims for financial gain.

• Trusted insiders steal proprietary information for personal, financial, and ideological

reasons.

• Nation-state actors conduct computer intrusions to steal sensitive state secrets and

proprietary information from private companies.

• Terrorist groups sabotage the computer systems that operate our critical infrastructure,

such as the electric grid.

• Nation-state actors sabotage military and critical infrastructure systems to gain an

advantage in the event of conflict.

TH

RE

AT

S

MOTIVATIONS

Cyber Threat Actors and Motives

Why Should We Care About Cybercrime?

6

• Consumer cost of cybercrime in 2015: $158 billion

• 429 million Personal Records were stolen• Over 1 million victims per day

• 12 victims per second

• 41% of online adults have fallen victim to attacks (malware, viruses, hacking, fraud, etc.)

• 2012: Cyber attack wiped 75% of Saudi Aramco’s workstations

• 2013: “DarkSeoul” attack wiped over 30,000 systems crippling the financial sector of South Korea

• 2014: Hackers wiped thousands of servers and computers across the network of Las Vegas Sands Corp.

• 2014: Sony Pictures Entertainment Breach

7

Why Should We Care About Cybercrime?

• 2015: OPM Data Breach: 21.5 million records stolen from the United States Office of Personnel Management.

• 2016: Bangladesh Bank Heist. 81 million dollars stolen. Target amount One billion dollars.

• 2017: WannaCry. A strain of ransomware spread around the world, attacking thousands of targets to include public utilities and large corporations.

• 2017: Equifax data breach. 143 Million records stolen.

8

Threat Landscape

Sources: 1. 2015 Internet Security Threat Report , Vol 20 published in Apr 2015 by Symantec

2. Morrison & Foerster Insights: Consumer Outlooks on Privacy, January 2016

MOBILE

DEVICES• Symantec found that 17% of all Android apps (nearly one

million total) were actually malware in disguise

SCAMS &

SOCIAL MEDIA

• 70% of social media scams were manually shared

PRIVACY

BREACHES

• Privacy concerns influence 35% of purchasing decisions

• 22% of college educated, higher income consumers stop buying

E-CRIME

& MALWARE

• 317 Million new pieces of Malware were created to bring the

overall total number of known Malware to 1.7 Billion

• Ransomware attacks grew 113%

• Average time to resolve a ransomware attack: 23 Days

TARGETED

ATTACKS• 60% of all targeted attacks struck small- and-medium-sized

Organizations

Far-reaching vulnerabilities, faster attacks, files held for ransom and more malicious code than ever

Sales/Marketing 35%

Finance 30%

Operations 27%

R & D 23%

IT 19%

Top 5 Risk Ration of Spear-

Phishing Attacks by Department

.doc 35%

.exe 30%

.scr 27%

.au3 23%

.jpg 19%

Spear-Phishing Email Types

Used in Targeted Attacks

Threat Landscape

Sources: 1. 2017 Cost of Cyber Crime Report (Ponemon Institute and Accenture)

Malware • Average total cost of a successful malware breach:

2.4 million dollars

Average

Annual Cost

of Cyber

Crime

Business E-mail

Compromise

• Average monthly global loss to Business E-mail Compromise:

200 million dollars

The Cost of Cyber Crime

Threat Landscape

• 2017: 11.7 million dollars (per company)

(up from 7.2 million dollars in 2013)

Average Bank Robbery Loss:

$3,816

Threat Landscape – Internet Crime Complaint Center

Information Protection

A risk management discipline that serves the objectives of

Confidentiality, Integrity, Availability, and Privacy of information by

applying a risk management framework and yielding confidence

that risks are adequately managed.

Data lost due to disasters is devastating, but losing it to

hackers, malicious insiders or from malware infections can

have far greater concerns

Associated Costs of a Privacy Breach

Direct Costs

Risk Vectors

Sources: 1. “2015 Cost of Data Breach Study: United States” by Ponemon Institute

2. “2015 Cyber Liability Market Analysis” Lockton Insurance Brokers, LLC

3. Cost evaluation of 4 leading credit monitoring services

$1m – $13m

Legal liability and sanctions

Charges of deceptive business practices

Liability from identity theft

Cyber Insurance deductible

$7m - $33mOutside counsel

Credit monitoring services

Indirect Costs

Variable

OEM marketing to acquire new customers

Damage to the reputation, brand, or business

relationships

Customer and / or employee distrust

Lost revenues

1

2, 3

Financial

• Direct + Indirect costs

• Cyber insurance costs

Reputational

• Brand damage

• Lost business opportunities

Regulatory

• Monitoring

• Fines

Operational

• Decreased productivity

1

2

3

4

Data Lost … Reportable Breach

Why Should We Care About Cybercrime?

13

• Global cost of cybercrime in 2015: $158 billion

• Global cost of cybercrime in 2016: $450 Billion

• Estimated global cost in 2020: $2 -$ 6 Trillion