2014 Trustwave Global Security Report avslöjar vilka cyberkriminella attackerar, vilken information de vill ha och hur de får tillgång till den. Detta är en sammanfattning som hölls på SpiderLabs day i Stockholm hösten 2014.För hela rapporten besök: http://go.inuit.se/2014-trustwave-global-security-report
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
Sammanfattning av 2014 Trustwave Global Security Report
1. 2014
TRUSTWAVE GLOBAL
SECURITY REPORT
John Yeo
VP at Trustwave
Stockholm - November 2014
2. 1Victim Demographics
2Data and Systems Targeted
3Intrusion Methods
4Indicators of Compromise
5Detection Statistics
6Understanding Widespread Malware
7Actions and Recommendations
2014 GSR: AGENDA
Welcome…
3. 1Victim Demographics
2Data and Systems Targeted
3Intrusion Methods
4Indicators of Compromise
5Detection Statistics
6Understanding Widespread Malware
7Actions and Recommendations
2014 GSR: AGENDA
4. 2014 GSR: SUMMARY OF FINDINGS
1.More victims, more breaches
2.Shift in data types
3.Similar targets and methods as past years
4.Self detection = early detection
5.Response is key
6. THE VOLUME OF DATA BREACH INVESTIGATIONS INCREASED 54% OVER 2012
7. ATTACK SOURCE
IP ADDRESSES
LOCATION OF VICTIMS
19% United States 4% Germany
18% China 4% United Kingdom
16% Nigeria 4% Japan
5% Russia 3% France
5% Korea 3% Taiwan
19% Other Countries
19% United States 1% Mauritus 14% United Kingdom 1% New Zealand 11% Australia 1% Ireland 2% Hong Kong 1% Belgium 2% India 1% Canada 7% Other Countries
8. 35%
18%
11%
RETAIL
FOOD & BEVERAGE
HOSPITALITY
35% RETAIL
18% FOOD & BEVERAGE
11% HOSPITALITY
9% FINANCE
8% PROFESSIONAL SERVICES
6% TECHNOLOGY
4% ENTERTAINMENT
3% TRANSPORTATION
2% HEALTH CARE
4% OTHER
21. Businesses often…
1.Don’t centralize logging
2.Log but don’t monitor
3.Log the wrong things
important because…
22. ANOMALOUS ACCOUNT ACTIVITY
UNEXPLAINED OR SUSPICIOUS OUTBOUND DATA
NEW AND/OR SUSPICIOUS FILES DROPPED
GEOGRAPHIC ANOMALIES IN LOGINS
UNEXPLAINED OR SUSPICIOUS CHANGES TO THE WINDOWS REGISTRY
EVIDENCE OF LOG TAMPERING
EVIDENCE OF TAMPERING WITH ANTI-VIRUS SERVICES
ANOMALOUS SERVICE ACTIVITY (SERVICES ADDED, STOPPED OR PAUSED)
INTERRUPTION IN THE PAYMENT PROCESS FLOW (E-COMMERCE)
UNEXPLAINED ACCESS TO ADMINSTRATION CONSOLES OR WEB ADMIN (E-COMMERCE)
38. TO DO LIST:
1.Educate employees on best security practices through security awareness training.
2.Invest in gateway security technologies to protect networks and users against zero-day exploits, targeted malware and blended threats.
39. TO DO LIST:
1.Implement and enforce strong password policies for employees.
2.Change default and “admin” passwords immediately.
3.Consider two-factor authentication solutions.
40. TO DO LIST:
1.Know your data - discover all types of sensitive data across your environment.
2.Combine ongoing scanning and testing across all assets - endpoint, network, application and database - so you can identify and fix flaws before an attacker finds them.
41. TO DO LIST:
1.Pit a security expert against your network hosts, applications and databases for a real-world threat perspective.
2.Test resilience of your systems with regular penetration testing.
42. TO DO LIST:
1.Develop, institute, and rehearse an incident response plan.
2.Ensure ongoing security training and education of your IT staff.
3.Consider a MSSP for expert help, including ongoing tuning of your technologies and continuous threat monitoring.
43. IN CLOSING, SECURITY IS:
1.A continuous process
2.Compliance != Security
3.Is bigger than the IT dept
4.Is an effective combination:
•of People
•pf Process
•of Technology; AND
•of expert partners