Managing Insider Threats

4 Risks You Need To Mitigate

Agenda
The state of cybercrime whats changed and
why?
How likely is an attack?

The biggest threat & 4 serious internal risks

The cost of malware

Why Anti-Virus alone is not enough

What you can do to protect your networks

Short History of Cybercrime

Then
Virus writers were hackers and
nerds having fun making a
name for themselves

Now
Malware is now a tool of
international organized crime

The Cybercrime Economy

Credit Card Information: $0.85 - $30.00

The Cybercrime Economy

Bank Account Credentials: $15 - $850

The Cybercrime Economy

Full Identity: $0.70 $20.00

Cybercrime Today
Agile, global, organized & outsourced
Cybercriminals want:

Money
Shares in the Business
Challenges
Non 9-5 Work
Environment

Cybercrime Today

$114bn

Money
stolen/spent
on resolving
Cybercrime

$274bn
Victims valued time
they lost to
Cybercrime

Norton Cybercrime Report 2011

How Likely Is an Attack?

Threats are increasing exponentially

How Likely Is An Attack?

431 million adults

24 countries
141 US victims/minute

Norton Cybercrime Report 2011

How Likely Is An Attack?

Cybercriminals use malware to harvest personal
data:
Viruses
Worms
Trojans

How Likely Is An Attack?

Data breaches are on the rise
91% reported at least 1 breach
in the last year

59% reported 2 or more

breaches
50% reported lost data

How Likely Is An Attack?

Size doesnt matter
Small companies & big
companies

Industry leaders are falling prey

How robust is your IT
infrastructure?

The Most Serious Security Threat

Lives inside your organization: Human Nature

The Most Serious Security Threat

Shifting targets narrowed to individuals within organizations
Sophisticated criminals exploit the weakest link
Access to your network is easily gained by exploiting human
nature

Insider Threats: 4 Serious Internal Risks

1. Spear Phishing Email Attacks
2. Social Media
3. The Infected USB Device
4. Unapproved Applications

Insider Threats: Spear Phishing

The Evolution
Spam:
Unsolicited commercial email
Unsolicited bulk email
Phishing:
Sender appears to be a trustworthy entity
Bulk
Spear Phishing:
Customized

Insider Threats: Spear Phishing

Proof

Insider Threats: Spear Phishing

Advanced Persistent
Threats
Spear Phishing
Highly targeted to a
person/organization
Objective is to get victim to
click a link or download file
Malware infects the victims
PC and opens back door for
hackers to access company
data

Insider Threats: Spear Phishing

Google Breach

Insider Threats: Spear Phishing

100M

Insider Threats: Social Media

SOCIAL

MEDIA

Insider Threats: Social Media

Twitter now a source for links to poisoned websites

Insider Threats: Social Media

Facebook scams continue

Insider Threats: Social Media

Facebook scams continue

Insider Threats: Social Media

Social Media is now a legitimate business tool
Web-filters are barriers to productivity and burden IT

Cannot keep up with known malicious URLs

Insider Threats: The Infected USB Device

Opens the door to malware
propagating in the network
Bypasses other layers of
defense such as gateway
firewall protection

25% of all new worms are

designed to spread through
portable storage devices

Insider Threats: The Infected USB Device

Device read only partition
can host malware
In 2006, Secure Network
Inc tested a credit unions
security
Distributed trojan infected
USB drives
15 out of 20 were installed

Insider Threats: The Infected USB Device

2008 marks the biggest
military breach to date
Caused by an infected USB
flash drive
Over 100 foreign
intelligence agencies are
trying to capture US data

Insider Threats: Unauthorized Applications

Potentially unwanted
applications
Instant messaging
Social networking sites
Peer to peer, games

Unacceptable security risk

System performance
concern
License compliance issue

Insider Threats: Unauthorized Applications

Downloading unauthorized
programs that can contain
malware
In 2010 a credit union
employee downloaded a
coupon program
Laced with malware
License compliance issue

Internal Threats: Recap

Shifting Targets exploiting human nature
Spear Phishing on the upswing
Social Media business tool or security threat?
USB Keys pose bypass traditional security
Unauthorized applications are untrusted
73,000+ highly sophisticated new threats per DAY!

The Cost of Malware

$7.2 Million = the cost of a data breach (2010)

$214 = avg cost of compromised record (2010)

$318 = avg cost of

compromised record due

to criminal attack (2010)

Source: Ponemon Institute's "2010 Annual Study: U.S. Cost of a Data Breach"

The Cost of Malware

1 email

$7,969,330 scammed
44 days

The Cost of Malware

Over 360,000 credit cards

Over 90,000 credit cards

Customer names

Customer names

Customer email addresses

Customer email addresses

$2.7M stolen

Phone #s, gender, DOB

The Cost of Malware

Threats continue to increase with hefty fines

The Cost of Malware

The Cost of Malware

The Cost of Malware

"The first time anyone anywhere
in the world noticed this new
virus was on [March 15] and then
it hit us on the 16th,
"We've got multiple levels of
protection and firewalls, but
nothing recognizes this,"
"The cost of just one day without
computer access is going to cost
thousands,"

What Does Successful Security Look Like?

Layers, layers and more layers

Desktop Security
System Restore quick
recovery but no protection
against malware or data leakage
User Account Control to be
effective is too restrictive for
many users. Frustrating to
manage for IT
Anti-Virus not entirely
effective alone
Requires constant updating
Can be drain on system resources
Only protects against known
threats

Why Anti-Virus Alone is Not Enough

1700+ confirmed
malware files analyzed
13 top AV vendors
Average detection rate:
19%
Average time to catch up
to new malware: 11.6
days

Source: Malware Detection Rates for Leading AV Solutions

A Cyveillance Analysis, August 2010

The Faronics Solution

Application Whitelisting
Concept:
Ignore the bad applications that
you never want to run
Only identify the good applications
you do want to run
Any unknown executables simply
not allowed to run!

Benefits:
Not having to worry about updates

Not having to worry about

unknown malware

Application Whitelisting
Benefits Beyond Security:
Protecting Resource Usage
Lower Help Desk Costs
Prevent Distractive Applications
Prevent Unlicensed or Illegal Applications

Application Whitelisting: With Anti-Virus

Anti-Virus
Heuristics still help identify and
catch:
Malware that targets unpatched OS
and applications
Malware that is carried as data and
run as macros

Faronics AV runs suspected malware

in a mini-VM

Application Whitelisting
Zero-Day attacks
Mutating Malware

Targeted Attacks
Potentially Unwanted Programs

Introducing Faronics Anti-Executable

Only approved applications can install
or execute
Protects against attacks that bypass
AV
Protects data from exposure to
malware such as key loggers

Helps maintain system integrity by

blocking installation of unauthorized
applications
Enforces license compliance by
specifying programs and versions that
are allowed to be installed
Not dependent on signature updates

Why Anti-Executable?
Reduce IT costs associated with infections and troubleshooting time
Avoid costly IT audits/legal risks

Prevent loss and corruption of sensitive data

Protect workstations from unknown, future system vulnerabilities
Maximize system performance

Faronics Layered Security

Changing the way

the world thinks
about security.

Faronics Customers

About Faronics

Affiliations

Intelligent software solutions for

ABSOLUTE control
In business since 1996
Over 8 million licenses deployed
Over 30,000 customers in over 150
countries
Offices in USA, Canada & UK

Awards

Next Steps
Try Faronics Anti-Executable
at: www.faronics.com
Contact Faronics
Via email: sales@faronics.com
Via phone:800-943-6422

Q&A

Thank You

Presenter:
Samantha Shah
Product Marketing Manager
T: 800-943-6422
E: sshah@faronics.com