the impact of cyber security · of cyber security jennifer arbelaez sr. service line manager...
TRANSCRIPT
| Intelligent Edge Security |© 2019 Akamai1
The Impact of Cyber Security
Jennifer ArbelaezSr. Service Line Manager ‐ Americas
| Intelligent Edge Security |© 2019 Akamai2
AgendaWhat to expect…
• Introduction• Why is Cybersecurity so Hard?• The Latest Trends & Why it Matters?• What that Means for You?• Akamai Edge Security • Q&A
| Intelligent Edge Security |© 2019 Akamai3
WHY IS SECURITY SO HARD?Can you tell me…
What happened in JUNE 29, 2007?
| Intelligent Edge Security |© 2019 Akamai4
The digital economy is transforming faster than ever, creating a world where everything is connected…
DELIGHTING END‐USERS WITH A SECURE AND EXCEPTIONAL DIGITAL EXPERIENCE
SECURITY CALLS FOR A COMPLETE RETHINK
| Intelligent Edge Security |© 2019 Akamai5
Process ToolsPeople
YOU
| Intelligent Edge Security |© 2018 Akamai5
WHY IS SECURITY SO HARD?Everything is changing faster than you can respond
Changing threat landscape
Web attacks
Bot attacks
Malware
Web fraud
Network intrusion
DDoS attacks
Credential stuffing
Social / phishing
Shifting attack surface
More apps, changing faster
New technologies
3rd‐party / open source code
Migration to APIs
Cloud computing
Dissolving perimeter
Changing workforce
Corporate M&A Industry mega‐trends
Digital transformation
Mobile adoption
Cloud adoption
Regulatory compliance
Internet of Things
| Intelligent Edge Security |© 2019 Akamai6
THE LATEST TRENDSWeb and DDoS attacks are on the rise
16%increase in total DDoS attacks
34%increase in application layer attacks
4%increase in reflection attacks
16%increase in layer 3&4 attacks
SOTI DDoS Attack update Summer 2017 vs. Summer 2018
• Flooding networks• Overloading Infrastructure• Distributed deployments
| Intelligent Edge Security |© 2019 Akamai7
THE LATEST TRENDSDDoS are double in size
Peak in Gbps
185
321 309
623
120
1,252
| 2013 | 2014 | 2015 | 2016 | 2017 | 2018
| Intelligent Edge Security |© 2019 Akamai8
THE LATEST TRENDSApplication layer attacks on the rise
38%
SOTI Summer 2018
• Growing in scale• Growing in sophistication• Moving across countries
Increase in total web application attacks since summer 2017
| Intelligent Edge Security |© 2019 Akamai9
WHY PROTECTION MATTERSThe impact of breaches on organizations
64% Damage to brand / reputation
61% Reduced customer trust
53% Loss of revenue
45% Customer attrition
41% Costs incurred for remediation
41% Greater difficulty attracting new customers
Source: A commissioned study conducted by Forrester Consulting on behalf of Akamai October 2017
| Intelligent Edge Security |© 2019 Akamai10
WHAT THAT MEANS FOR YOUChallenges to your security posture
INCREASED RISKThe probability and business impact of cyber attack is higher, while confidence in your ability to respond is lower than ever before
Can’t keep up with the evolving threat landscape
Can’t get to everything so assets going unprotected!
Potential impact of attacks on apps and IT assets going up$
HIGH COMPLEXITYRapid and constant change in the assets that you are responsible for protecting is reducing your ability to do so
Expanding but poorly understood attack surface
Apps in multiple places with inconsistent security posture
Not enough visibility into everything that’s happening
LESS AGILITYAbility of security organizations to respond to the needs of business partners is declining
Not moving as fast as the business you support
Constantly responding to fires; not being strategic
| Intelligent Edge Security |© 2019 Akamai11
SECURITY SKILLS GAPWhy we cannot keep up with those challenges
25%of security leaders listed lack of trained personnel as their top hinderance.
SOURCE: Cisco 2017 Annual Security Report
40%of security leaders spend most of their time
focused on critical threatsSource: Dark Reading” Cybersecurity Staffing Shortage Tied to Cyberattacks, Data Breaches”
1.5 millionFrost & Sullivan estimated security
workforce shortage by 2020SOURCE: Frost and Sullivan study
Biggest Skills Gaps
Ability to understand the business
52%
Technical Skills
25%
Communications Skills
17%
46%
FEWER THAN HALFof leaders are confident
In their teams’ ability to handle anything beyond simple cyber incidents
Source: Data science central
| Intelligent Edge Security |© 2019 Akamai12
WHAT THAT MEANS FOR YOUCreating a security focused culture in your organization
Security Awareness: it belongs to everyone! (not only tools + processes).
Security Plan + Policy: strategy! Prepare to address risk + speed up process to uncover and mitigate threats
Compliance & Regulations: stay up to date with industry standards, provide value add to your customers
Incident Response Plan: preparation is they key
Application Security: building secure products + services (AppSec)
Password Security: strong (8 characters, U/L Case, Special character, #s), enforcement, change!
Access Control: 40% of breaches originate with authorized users! 90% of malware uses DNS to move within an enterprise (Zero Trust)
Malware + Phishing Protection: ransomware awareness! Do not click questionable e‐mail executables!
~95% of Security Incidents
due to Human Error!
| Intelligent Edge Security |© 2019 Akamai13
AKAMAI: TWO DECADES IN SECURITYBut security remains a persistent challenge
20172016201520142013201220101999 2003 20081998
Akamai founded
NOMINUM founded
Authoritative DNSlaunched
Prolexic founded
Origin obfuscationlaunched
Cloud SecurityIntelligence developed
XEROCOLE founded
Integrated WAF + DDoS launched
Curated WAF ruleset developed
SOHA Systems founded
Managed WAFservice introduced
Bot managementintroduced
Client Reputation launched
Credential abuse mitigation Introduced
Secure applicationaccess introduced
Malware & Phishing Protection Introduced
Akamai introducesfirst cloud WAF
| Intelligent Edge Security |© 2019 Akamai14
20172016201520142013201220101999 2003 2008
NOMINUM founded
Origin obfuscationlaunched
Cloud SecurityIntelligence developed
Curated WAF ruleset developed
Managed WAFservice introduced
Client Reputation launched
Secure applicationaccess introduced
Authoritative DNSlaunched
Prolexic founded
XEROCOLE founded
Integrated WAF + DDoS launched
SOHA Systems founded
Bot managementintroduced
Credential abuse mitigation Introduced
Malware & Phishing Protection Introduced
Akamai introducesfirst cloud WAF
| Intelligent Edge Security |© 2018 Akamai14
5M SQLi attacks / day
First SQLi attack
Akamai founded
AKAMAI: TWO DECADES IN SECURITYBut security remains a persistent challenge
1998 2018
| Intelligent Edge Security |© 2019 Akamai15
AKAMAI INTELLIGENT EDGE SECURITYThe market leader in edge‐based security
PROTECT APPS & APIs
MOVE TO ZERO TRUST
STOP CREDENTIAL ABUSE
Akamai has had the strongest and broadest edge security offering for quite some time… ‐ IDC
DDoS & WAF
LEADERBot Management
LEADERZero Trust eXtended EcosystemSTRONG PERFORMER
| Intelligent Edge Security |© 2019 Akamai16
APPS & APISProtect Internet‐facing apps and APIs deployed anywhere—in your data centers or in the public cloud
CREDENTIAL ABUSEProtect customer accounts from bot attacks and reduce fraud‐related financial losses
AKAMAI EDGE SECURITYProtecting your business from the edge
DDoS protection
Web application firewall
ZERO TRUST
Control corporate application access and protect users from targeted threats
Identity management
Secure app access
DNS
Malware prevention
Bot management
Credential stuffing Web application firewall
API governance
Client reputation
| Intelligent Edge Security |© 2019 Akamai17
Q&ATime for Questions!
In 1997, Bruce Schneier in “Why Cryptography is Harder than it looks” wrote:
“History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to
do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did.”
| Intelligent Edge Security |© 2019 Akamai18
Sources…
IDC InfoBrief, Sponsored by Akamai, Remote Access and Security, September 2017 Frost and Sullivan study Dark Reading” Cybersecurity Staffing Shortage Tied to Cyberattacks, Data Breaches Cisco 2016 Annual Security Report Symantec Q2 2017 Mobile Threat Intelligence Report Kaspersky Lab's Mobile Malware Evolution 2016 Report Blogs.Akamai.com
Akamai State of the Internet Reports (SOTI) – New version Coming Out Next Week! Download: https://www.akamai.com/us/en/resources/our-thinking/state-of-the-internet-report/
| Intelligent Edge Security |© 2019 Akamai19