Loading...

Tech Talk Live Blog

Protecting Against Cyber Threats

Mark Villinsky


After a compelling video of various security facts, Mark Villinsky had some amazing facts to share.  Of approximately 1200 companies surveyed, 91% had at least one security intrusion last year. Sixty one percent had a virus issue.

For a sense of scale of the escalating problem over time:

  • In 1994, the average new virus sample rate was 1/hour.
  • In 2006, the average new virus sample rate was 1/minute.
  • In 2011, it was 1/second.

And, in 2013, Mark Villinsky says they are on track to discover 200,000 unique malware samples per day. (The audience looked pretty stunned at this fact.)

“Cybercrime – the greatest transfer of wealth in history.”  Issues of device proliferation, data storage capacity, loss of confidential data, and untrusted networks.

“Big data = big security challenges.” – Forrester.

APT – Advanced Persistent Threats, a bigger challenge than just email malware. Organizations are targeted to get in and get info to using against that organization or others.
Step 1) Phishing
Step 2) Get in through the back door
Step 3) Lateral movement throughout the system
Step 4) Data gathering takes place
Step 5) Info is exfiltrated

A high percentage of the sites online are compromised in some way.

Access through a Porous Network

With 4.3 billion email clients in service today, seven to eight out of ten emails generated are spam.  And, out of 11 million samples taken in 2012, there were 806 separate types of vulnerabilities witnessed, with over 100,000 instances of malicious activity. Adobe Flash/Shockwave and iTunes seem to be big (carriers? What?)

1.6 billion web attacks took place in 2012 from 6.5 million web domains in 202 countries around the world, the top ones being China, Korea, the US, and Italy, among others. Social networks, in particular, have high rates of phishing.

In mobile, the problem has not been as encompassing, but it is definitely on the rise. There has been a 480% rise in mobile malware in the last year. Android app store is vulnerable, due to lack of security for uploading.

BYOD also puts VPN credentials at risk. Remote lock/wipe and data encryption are the two top requests to increase security.

One in five Facebook users has active malware or viruses on their computers. In a test of friend requests sent from fake accounts, a very high percentage of the friend requests were accepted, despite not knowing who this (fake) account was.

Mark showed actual screenshots from a site selling data acquired illegally. Sobering information. He also referenced the Office of Information Technology website, which has good examples of information breaches that have taken place in the past.

Mark finished with Five Ways That IT Is Enabling Cybercrime.
1) Migration Myopia – the belief that company data does not find its way to home systems.
2) Social Media Mania – Adopting social media without protection.
3) Attention Misdirection – Focusing on protection vs detection and response. Need to have a balance of not only a way to protect, but to find a problem and fix it.
4) Attention Deficit – Failure to foster a culture of awareness. (Don’t click that virus test button!)
5) Reliance on Compliance – Compliance is just one step north of negligence.

Mark offered his excellent slides to anyone who offered a card. Highly recommended as they were nicely detailed and went by quickly.

Tech Talk Live Blog Comment Guidelines:

One of our main goals at Tech Talk Live is to build a community. It is our hope that this blog can be a forum for discussion around our content. We see commenting as an integral part of this community. It allows everyone to participate, contribute, connect, and share relevant personal experience that adds value to the conversation. Respect counts. We believe you can disagree without being disagreeable. Please refrain from personal attacks, name calling, libel/defamation, hate speech, discriminatory or obscene/profane language, etc. Comments should keep to the topic at hand, and not be promotional or commercial in nature. Please do not link to personal blog posts, websites, or social media accounts that are irrelevant to the conversation. This is considered self-promotion. We welcome links that help further the conversation and reserve the right to delete those we deem unnecessary. The appearance of external links on this site does not constitute official endorsement on behalf of Tech Talk Live or Lancaster-Lebanon Intermediate Unit 13. You are solely responsible for the content that you post – please use your best judgment. We reserve the right to remove posts that do not follow these guidelines.

Leave a Reply

Your email address will not be published. Required fields are marked *

CONTACT

Tech Talk Live is the only conference of its kind in the region specifically designed for IT pros in education.


techtalklive@iu13.org

1020 New Holland Avenue
Lancaster, PA 17601

(717) 606-1770