the impact of cyber security · of cyber security jennifer arbelaez sr. service line manager...

| Intelligent Edge Security |© 2019 Akamai1

The Impact of Cyber Security

Jennifer ArbelaezSr. Service Line Manager ‐ Americas


AgendaWhat to expect…

• Introduction• Why is Cybersecurity so Hard?• The Latest Trends & Why it Matters?• What that Means for You?• Akamai Edge Security • Q&A


WHY IS SECURITY SO HARD?Can you tell me…

What happened in JUNE 29, 2007?


The digital economy is transforming faster than ever, creating a world where everything is connected…

DELIGHTING END‐USERS WITH A SECURE AND EXCEPTIONAL DIGITAL EXPERIENCE

SECURITY CALLS FOR A COMPLETE RETHINK


Process ToolsPeople

YOU


WHY IS SECURITY SO HARD?Everything is changing faster than you can respond

Changing threat landscape

Web attacks

Bot attacks

Malware

Web fraud

Network intrusion

DDoS attacks

Credential stuffing

Social / phishing

Shifting attack surface

More apps, changing faster

New technologies

3rd‐party / open source code

Migration to APIs

Cloud computing

Dissolving perimeter

Changing workforce

Corporate M&A Industry mega‐trends

Digital transformation

Mobile adoption

Cloud adoption

Regulatory compliance

Internet of Things


THE LATEST TRENDSWeb and DDoS attacks are on the rise

16%increase in total DDoS attacks

34%increase in application layer attacks

4%increase in reflection attacks

16%increase in layer 3&4 attacks

SOTI DDoS Attack update Summer 2017 vs. Summer 2018

• Flooding networks• Overloading Infrastructure• Distributed deployments


THE LATEST TRENDSDDoS are double in size

Peak in Gbps

185

321 309

623

120

1,252

| 2013 | 2014 | 2015 | 2016 | 2017 | 2018


THE LATEST TRENDSApplication layer attacks on the rise

38%

SOTI Summer 2018

• Growing in scale• Growing in sophistication• Moving across countries

Increase in total web application attacks since summer 2017


WHY PROTECTION MATTERSThe impact of breaches on organizations

64% Damage to brand / reputation

61% Reduced customer trust

53% Loss of revenue

45% Customer attrition

41% Costs incurred for remediation

41% Greater difficulty attracting new customers

Source: A commissioned study conducted by Forrester Consulting on behalf of Akamai October 2017


WHAT THAT MEANS FOR YOUChallenges to your security posture

INCREASED RISKThe probability and business impact of cyber attack is higher, while confidence in your ability to respond is lower than ever before

Can’t keep up with the evolving threat landscape

Can’t get to everything so assets going unprotected!

Potential impact of attacks on apps and IT assets going up$

HIGH COMPLEXITYRapid and constant change in the assets that you are responsible for protecting is reducing your ability to do so

Expanding but poorly understood attack surface

Apps in multiple places with inconsistent security posture

Not enough visibility into everything that’s happening

LESS AGILITYAbility of security organizations to respond to the needs of business partners is declining

Not moving as fast as the business you support

Constantly responding to fires; not being strategic


SECURITY SKILLS GAPWhy we cannot keep up with those challenges

25%of security leaders listed lack of trained personnel as their top hinderance.

SOURCE: Cisco 2017 Annual Security Report

40%of security leaders spend most of their time

focused on critical threatsSource: Dark Reading” Cybersecurity Staffing Shortage Tied to Cyberattacks, Data Breaches”

1.5 millionFrost & Sullivan estimated security

workforce shortage by 2020SOURCE: Frost and Sullivan study

Biggest Skills Gaps

Ability to understand the business

52%

Technical Skills

25%

Communications Skills

17%

46%

FEWER THAN HALFof leaders are confident

In their teams’ ability to handle anything beyond simple cyber incidents

Source: Data science central


WHAT THAT MEANS FOR YOUCreating a security focused culture in your organization

Security Awareness: it belongs to everyone! (not only tools + processes).

Security Plan + Policy: strategy! Prepare to address risk + speed up process to uncover and mitigate threats

Compliance & Regulations: stay up to date with industry standards, provide value add to your customers

Incident Response Plan: preparation is they key

Application Security: building secure products + services (AppSec)

Password Security: strong (8 characters, U/L Case, Special character, #s), enforcement, change!

Access Control: 40% of breaches originate with authorized users! 90% of malware uses DNS to move within an enterprise (Zero Trust)

Malware + Phishing Protection: ransomware awareness! Do not click questionable e‐mail executables!

~95% of Security Incidents

due to Human Error!


AKAMAI: TWO DECADES IN SECURITYBut security remains a persistent challenge

20172016201520142013201220101999 2003 20081998

Akamai founded

NOMINUM founded

Authoritative DNSlaunched

Prolexic founded

Origin obfuscationlaunched

Cloud SecurityIntelligence developed

XEROCOLE founded

Integrated WAF + DDoS launched

Curated WAF ruleset developed

SOHA Systems founded

Managed WAFservice introduced

Bot managementintroduced

Client Reputation launched

Credential abuse mitigation Introduced

Secure applicationaccess introduced

Malware & Phishing Protection Introduced

Akamai introducesfirst cloud WAF


20172016201520142013201220101999 2003 2008

NOMINUM founded

Origin obfuscationlaunched

Cloud SecurityIntelligence developed

Curated WAF ruleset developed

Managed WAFservice introduced

Client Reputation launched

Secure applicationaccess introduced

Authoritative DNSlaunched

Prolexic founded

XEROCOLE founded

Integrated WAF + DDoS launched

SOHA Systems founded

Bot managementintroduced

Credential abuse mitigation Introduced

Malware & Phishing Protection Introduced

Akamai introducesfirst cloud WAF


5M SQLi attacks / day

First SQLi attack

Akamai founded

AKAMAI: TWO DECADES IN SECURITYBut security remains a persistent challenge

1998 2018


AKAMAI INTELLIGENT EDGE SECURITYThe market leader in edge‐based security

PROTECT APPS & APIs

MOVE TO ZERO TRUST

STOP CREDENTIAL ABUSE

Akamai has had the strongest and broadest edge security offering for quite some time… ‐ IDC

DDoS & WAF

LEADERBot Management

LEADERZero Trust eXtended EcosystemSTRONG PERFORMER


APPS & APISProtect Internet‐facing apps and APIs deployed anywhere—in your data centers or in the public cloud

CREDENTIAL ABUSEProtect customer accounts from bot attacks and reduce fraud‐related financial losses

AKAMAI EDGE SECURITYProtecting your business from the edge

DDoS protection

Web application firewall

ZERO TRUST

Control corporate application access and protect users from targeted threats

Identity management

Secure app access

DNS

Malware prevention

Bot management

Credential stuffing Web application firewall

API governance

Client reputation


Q&ATime for Questions!

In 1997, Bruce Schneier in “Why Cryptography is Harder than it looks” wrote:

“History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to

do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.”


Sources…

IDC InfoBrief, Sponsored by Akamai, Remote Access and Security, September 2017 Frost and Sullivan study Dark Reading” Cybersecurity Staffing Shortage Tied to Cyberattacks, Data Breaches Cisco 2016 Annual Security Report Symantec Q2 2017 Mobile Threat Intelligence Report Kaspersky Lab's Mobile Malware Evolution 2016 Report Blogs.Akamai.com

Akamai State of the Internet Reports (SOTI) – New version Coming Out Next Week! Download: https://www.akamai.com/us/en/resources/our-thinking/state-of-the-internet-report/

the impact of cyber security · of cyber security jennifer arbelaez sr. service line manager...

Documents