Deploying an army of cyber-security solutions doesn’t mean that your organization’s data is safe. Despite all the information and security solutions out there, North American companies are still not fully aware of the dangers that hackers, social media, and insider threats pose on the organization’s data and reputation.
Truth is, the average user doesn’t really know how to protect themselves... which is ironic, because employees are the #1 cause of security threats today.
As the one in charge of your organization’s IT security, it is on your shoulders to prevent and fix threats caused by the users you support. Join our panel of security experts on September 26th at 11am PDT and discover the top 7 ways employees cause cybercrime infections (plus learn best practices on how to fix them once and for all)!
1. The Top 7 (Latest) Ways Employees
Cause Cybercrime Infections
2. Meet Our Speakers
Jason Dettbarn
Senior Technology
Analyst
Cynthia James
Director Business
Development, CISSP
Alex Brandt
VP Americas
3. About Our Experts: Kaspersky
• Founded in 1997; largest private anti-malware company –
100% focused on anti-malware
• Over $700M annual revenues
• Presence in 19 countries
• #1 vendor in Germany, France, Spain, Eastern Europe
• Protecting over 300 million end points
• America’s distribution: 12,000 outlets; top two vendors
(revenue & units shipping)
• Top supplier to OEMs/ISVs of anti-malware worldwide
4. Today’s Agenda
Cybercrime Threatscape: Malware Growth
Current Malware: Comprehension Gap
The Top (Latest) 7 Ways Employees Cause Cyber
Crime Infections
Security Solution Overview
3 Tips for CyberSafety at Home
Giveaway
Questions & Answers
5. Cybercrime Threatscape:
Malware Growth
200k unique malware samples PER YEAR were identified in 2006; 2M
in 2007…now it’s up to 200K malware samples PER DAY.
The quality of malware improves every year.
6. Current Malware:
Comprehension Gap
• Recent years have seen exponential growth in malware.
• Anyone can enter the cybercrime game.
• Cybercriminals earn over $100B a year.
Over 200K Per DAY
Where most employees/end users
think we still are
Where we really
are today (2013)
Cybercrime will never stop.
7. #1. Poor Password Management
present
The Top 7 (Latest) Ways
Employees Cause
Cybercrime Infections
8. #1. Poor Password Management
•
Same password, all
sites and servers
(personal and
business)
•
Easy to guess from
Facebook
9. #2. “Don’t Bore Me With Safety”
•
Users ignore
warnings
•
Users ignore usage
policies
•
Users don’t inform IT
of known security
issues
10. #3. Promiscuous Use of WIFI
•
•
On average we have 4.5
personal internet connected
devices
How many walk into work each
day?
•
How many WIFIs have we
frequented in between?
•
How secure are they?
•
To get infected only takes
ONE malicious participant
from one network OR
•
ONE device which the
owner doesn’t realize is
infected
11. #4. Users DEMAND
•
To be always
on, always
connected
•
To all social media
•
To get the latest
features
…regardless of the
security issues
12. #5. They Are Easy APT Targets
Cybercriminals target
social media for clues
• The (new) defacto
“morals clause” in
employment
agreements (don’t hurt
the brand)
• Behavior broadcasts
over social media
• Don’t upset
hacktivists!
•
13. #6. Companies Under-Estimate
The Insider Threat
•
•
•
1 incident of
insider fraud
per week per
year
75% caused
financial loss
It’s very easy to
sell data these
days
14. #7. Privileges Accumulate…
And Are Abused
•
•
•
When employees
change jobs, do rights
to data change?
Are passwords reset
when employees
leave?
Are admin passwords
or backdoors
documented and
closed?
15. Special Giveaway!
Kaspersky CyberSecurity Digest
- Free Security Bulletin
Free Kaseya Security Bundle Trial
Interested? Just respond to the Poll located on the
right bottom corner of your Webex platform!
Next: The Latest in Mobile Threats
16. The Latest in Mobile Threats
Top infection vector – infected apps
“Crackers” are widely available: open app, insert
malware, repost it
Infected via ads
Malware is downloaded for Windows or Android
Infection via SMS or email
Profit model: 1.) SMS premium messaging; 2.) theft
of assets (APTs); 3.) stealing authentication codes
Advertisers receive the same information we
provide the app (geolocation apps for example)
Biggest problem: Android updates take 6 months to
get
17. Remediation Recommendations
–
–
–
Purchase apps from legitimate storefronts (“Verify
Apps”)
Use AV on smartphones to defend against APTs
Help employees with their devices:
•
•
•
•
Turn Bluetooth to undiscoverable
Warn them about malicious apps
Require them to register every mobile device which
uses the corporate wifi
Push data about “cybersafety at home”
18. 3 Tips for Cyber Safety at Home
•
•
•
Go long – longer passphrases are
much more secure
No online banking except over
secured wifi
Safety/privacy - tell kids & teens:
–
–
How geolocators in photos work
Privacy doesn’t exist - don’t share
family details online