After a compelling video of various security facts, Mark Villinsky had some amazing facts to share. Of approximately 1200 companies surveyed, 91% had at least one security intrusion last year. Sixty one percent had a virus issue.
For a sense of scale of the escalating problem over time:
And, in 2013, Mark Villinsky says they are on track to discover 200,000 unique malware samples per day. (The audience looked pretty stunned at this fact.)
“Cybercrime – the greatest transfer of wealth in history.” Issues of device proliferation, data storage capacity, loss of confidential data, and untrusted networks.
“Big data = big security challenges.” – Forrester.
APT – Advanced Persistent Threats, a bigger challenge than just email malware. Organizations are targeted to get in and get info to using against that organization or others.
Step 1) Phishing
Step 2) Get in through the back door
Step 3) Lateral movement throughout the system
Step 4) Data gathering takes place
Step 5) Info is exfiltrated
A high percentage of the sites online are compromised in some way.
Access through a Porous Network
With 4.3 billion email clients in service today, seven to eight out of ten emails generated are spam. And, out of 11 million samples taken in 2012, there were 806 separate types of vulnerabilities witnessed, with over 100,000 instances of malicious activity. Adobe Flash/Shockwave and iTunes seem to be big (carriers? What?)
1.6 billion web attacks took place in 2012 from 6.5 million web domains in 202 countries around the world, the top ones being China, Korea, the US, and Italy, among others. Social networks, in particular, have high rates of phishing.
In mobile, the problem has not been as encompassing, but it is definitely on the rise. There has been a 480% rise in mobile malware in the last year. Android app store is vulnerable, due to lack of security for uploading.
BYOD also puts VPN credentials at risk. Remote lock/wipe and data encryption are the two top requests to increase security.
One in five Facebook users has active malware or viruses on their computers. In a test of friend requests sent from fake accounts, a very high percentage of the friend requests were accepted, despite not knowing who this (fake) account was.
Mark showed actual screenshots from a site selling data acquired illegally. Sobering information. He also referenced the Office of Information Technology website, which has good examples of information breaches that have taken place in the past.
Mark finished with Five Ways That IT Is Enabling Cybercrime.
1) Migration Myopia – the belief that company data does not find its way to home systems.
2) Social Media Mania – Adopting social media without protection.
3) Attention Misdirection – Focusing on protection vs detection and response. Need to have a balance of not only a way to protect, but to find a problem and fix it.
4) Attention Deficit – Failure to foster a culture of awareness. (Don’t click that virus test button!)
5) Reliance on Compliance – Compliance is just one step north of negligence.
Mark offered his excellent slides to anyone who offered a card. Highly recommended as they were nicely detailed and went by quickly.
Tech Talk Live is the only conference of its kind in the region specifically designed for IT pros in education.
1020 New Holland Avenue
Lancaster, PA 17601