1 ©2015 InnovatioNews

2 ©2015 InnovatioNews

Twenty-fourteen has been called “the

year of the cyber breach,” and for good reason.

With unnerving frequency, reports surfaced during 2014 of cyber attacks on high-profile companies that included Anthem, Target, Home Depot, Staples, eBay, JPMorgan Chase and Sony.

3 ©2015 InnovatioNews

The incidence of cyber crime – breaching a business’ protective shell to steal company secrets, customer names and identifications or just raise hell – has been steadily rising over the last several years and shows no sign of slackening in 2015.

4 ©2015 InnovatioNews

Aside from the worry and personal privacy loss, cyber crime is costing companies and individuals billions asrogue states, cyber criminals, terrorists and hacktivists (those who hack to make a political statement) keep finding ways to circumvent the data protection solutions offered by a host of protection providers.

5 ©2015 InnovatioNews

Solutions currently offered on the market include cloud storage, constant recording of data activity and data encryption, among others.

Solutions currently offered on the market include cloud storage, constant recording of data activity and data encryption, among others.

6 ©2015 InnovatioNews

Highlands Ranch-based Absio Corp. in March announced the release of Absio Dispatch, which automatically encrypts every email message and attachment individually and keeps them encrypted on users’ and recipients’ computers, tablets and phones with only designated contacts allowed access.

7 ©2015 InnovatioNews

Gus Hunt, former CIA chief technology officer, gave his endorsement of Absio Dispatch at a TiE Rockies’ March 17, 2015 cyber security workshop in Lone Tree, CO, saying Absio’s encryption technology is key to defeating cyber attacks.

“It’s all about taking control of your data,” Hunt told an audience of about 75 people. “You still need a hard perimeter, but you also need to harden your data.”

8 ©2015 InnovatioNews

Chris Petersen, co-founder and CTO of Boulder-based LogRhythm, says there are many motivations for cyber crime, but the biggest motivator so far has been the theft and sale of information tobusiness rivals and to those who can then

turn the information into cash by using stolen credit card numbers to buy just about anything—or use personal data like stolen Social Security numbers to run up health care bills.

9 ©2015 InnovatioNews

“Cyber crime is reportedly now more profitable than the drug trade,” Petersen says. “It can be done on a global scale from anywhere. There’s a whole economy that’s been built through criminal networks.”

And Petersen notes that cyber criminals now are much more sophisticated than those of just a few years ago.“Ten years ago there were very few people or organizations that could conduct the kind of attack against a Target or a Home Depot,” he said. “We’ve seen a stark change since then.”

10 ©2015 InnovatioNews

Cyber criminals hang out on a so-called “Dark Web” on the Internet where unlawful activity has been able to thrive. One example of a Dark Web company was “Silk Road,” which sold an estimated $213 million worth of drugs and other unlawful goods before it was shut down after two years in 2013.

11 ©2015 InnovatioNews

According to Ed Zotti, aka Cecil Adams who blogs “The Straight Dope,” the Dark Web is a collection of sites and technologies that don’t just hide data but also conceal attempts to access it. Accessing the Dark Web requires special software, special passwords or both.

12 ©2015 InnovatioNews

But if access can be made, Zotti said on the Dark Web one can “find the doings of the anarchist hacktivists of Anonymous and the folks behind Wikileaks; Islamic

jihadist message boards; stolen credit card numbers, for sale singly and by the thousands; drugs of every description; child pornography; prostitute directories; contact info for purported assassins; and mundane wares such as pirated music and movies.”

13 ©2015 InnovatioNews

Shutting down these operations has proven difficult, given the tricks that hackers keep coming up with to deflect law enforcement.

Petersen says a common misconception is that big companies like Target and Home Depot are most vulnerable to cyber hacking.

“Maybe three or four years ago, that was the case,” he says. “But today the barriers to cyber crime have dropped and any company with data of value is a target for hacking.”

14 ©2015 InnovatioNews

Gus Hunt agrees. “Everybody’s vulnerable. It used to be just the big guys, but small

companies are increasingly at risk.”

Hunt says smaller companies have become tempting targets because they are usually more vulnerable, are easier to enter and can be a gateway to a bigger firm through their internal contacts.

15 ©2015 InnovatioNews

Chris Richter, senior VP of managed security services at Broomfield-based Level 3 Communications, says the World Wide Web has made it possible for some of “the best and the brightest” in poor nations — with few other opportunities — to hack into companies and make more money in a few days than they could have made in their entire lives.

16 ©2015 InnovatioNews

Obviously, the temptation to hack is strong for these people, but Richter notes it’s not just foreigners doing the hacking.

“A lot of it is coming from outside the U.S., but a great deal is coming from inside the U.S. — right in our own backyard,” he says.

17 ©2015 InnovatioNews

Richter cites four basic categories of cyber criminals:

Hacktivists like Lizard Squad just wanting to make a political statement

Rogue nation states including Russia, China and North Korea that do it primarily for military or industrial gain

Cyber criminals looking to sell hacked information

Company insiders with a grudge

18 ©2015 InnovatioNews

Terrorist groups like al Qaeda and ISIS can also be added to the list, looking to disrupt the economies of Western nations.

Story continues on slide 26

Taking down a site is akin to hacking that site—“Taking down a website or even a server does not take so much effort and certainly doesn’t demand infiltrating the host of the target. All you need is a simple disrupted denial of service, or DDoS.”

Everything you thought you knew about hacking…NOT!

Source: The Daily Dot“The 7 Biggest Lies You’ve Been Told About Hacking” February 2015

19 © 2015 InnovatioNews

A hijacked Twitter account means that

company has been hacked – “While that sounds scary, it’s actually far more common and far less frightening than a successful attack on CENTCOM or any defense agency.”

Source: The Daily Dot“The 7 Biggest Lies You’ve Been Told About Hacking” February 2015

20 © 2015 InnovatioNews

Hacking takes skill and high- tech software – “This is part of a too-often-overlooked part of hacking known as social engineering. Some of the most notorious hackers in history were best at manipulating people into revealing enough data about themselves or their systems.”

Source: The Daily Dot“The 7 Biggest Lies You’ve Been Told About Hacking” February 2015

21 © 2015 InnovatioNews

Anonymous is a well- organized group of genius hackers – “(Their) apparent organizational uncertainty and lack of ‘true’ hacking methods has made the group more of a band of merry pranksters than some digital warrior elite.”

Source: The Daily Dot“The 7 Biggest Lies You’ve Been Told About Hacking” February 2015

22 © 2015 InnovatioNews

China is the biggest source of hacks against the U.S. – “Real hacks – attempts to steal personal and financial data – actually most often come from low-key targets in Eastern Europe.”

Source: The Daily Dot“The 7 Biggest Lies You’ve Been Told About Hacking” February 2015

23 © 2015 InnovatioNews

Cyber attacks by countries are rare and equivalent to an act of war – Cyber attacks are becoming astonishingly common but are usually simply aimed at stealing such things as proprietary IT, medical patents and Microsoft applications source code.

Source: The Daily Dot“The 7 Biggest Lies You’ve Been Told About Hacking” February 2015

24 © 2015 InnovatioNews

Companies have to disclose if they’ve been breached – “(That) is probably the most important misconception to have about cyber security as it provides a dangerously false sense of protection. In actuality, most cyber attacks are not merely underreported by the press but never publicly disclosed in the first place.” Source: The Daily Dot“The

7 Biggest Lies You’ve Been Told About Hacking” February 2015

25 © 2015 InnovatioNews

26 ©2015 InnovatioNews

In January, terrorist hackers in France targeted about 19,000 French websites afterthe massive demonstrations against terrorism in the wake of the Charlie Hebdo newspaper attack. Richter says it’s estimated there were 78 million reported hacking events in the U.S. through October of 2014, but that’s only a slice of the problem.

27 ©2015 InnovatioNews

“It’s astounding how many data hacks go unreported,” Richter says. “It’s much bigger than most people imagine. What gets reported is only the tip of the iceberg. I wouldn’t be surprised if it was 100 million by the end of 2014,” he said.

28 ©2015 InnovatioNews

In fact, 2014 hit a record high number of data breaches with a 27.5 percent increase over 2013, according to the Identity Theft Resource Center (ITRC).And 2015 has started on a feverish pace, according to the ITRC, with 174 data breaches through March 20 and 99.7 million records exposed.

29 ©2015 InnovatioNews

Source: ITRC 2005 to 2015 Data Breach Stats

30 ©2015 InnovatioNews

Viable, effective solutions to data hacking remain elusive, although many companies tout their technologies as the key to at least minimizing the damage from cyber attacks.

31 ©2015 InnovatioNews

“It’s a lightweight sensor that records to a cloud platform,” says Scott Chasin, the company’s co-founder and CEO. “It’s like turning on a video recorder that’s always recording, and that’s what’s been missing.”

Denver-based ProtectWise is offering a unique solution that provides a “camera” to “see” what is happening to a business’ data.

32 ©2015 InnovatioNews

One of the most perplexing aspects of data hacking is that it can sometimes take months for a breach to even be detected. That allows cyber criminals to feast on data and get away before the breach is ever detected.

“Most of these breaches are detected months and months after the initial breach by the bad guy,” says Chasin. “Our system detects these breaches very quickly because it automatically records (them).”

Story continues on slide 36

Source: Go-Gulf.com report, “Cyber Crime Statistics and Trends”

33 © 2015 InnovatioNews

Source: Go-Gulf.com report, “Cyber Crime Statistics and Trends”

34 © 2015 InnovatioNews

Source: Go-Gulf.com report, “Cyber Crime Statistics and Trends”

35 © 2015 InnovatioNews

36 ©2015 InnovatioNews

Petersen says LogRhythm’s data protection technology also focuses on discovering and reacting to a breach as soon as possible.

“Our approach for our customers is to avoid being breached,” he said. “But every company is going to have some breaches.“We help detect it when it happens, and then our job is to eradicate it as quickly as possible. We are a Big Data analytics platform and we look at all security devices and analyze it constantly.”

37 ©2015 InnovatioNews

Many say government action is needed to help solve the problem, and the Obama

White House has stated and demonstrated its support for finding ways to combat

cyber terrorism.

38 ©2015 InnovatioNews

In February 2015, President Obama signed an executive order that encourages and promotes the sharing of cyber securitythreat information within the private sector

and between the private sector and the federal government.

39 ©2015 InnovatioNews

Cyber security experts say the ongoing chess game between those who would hack data and those who would protect it will likely never end.“It’s the fundamental supply-and-demand scenario,” says LogRhythm’s Petersen. “There’s always going to be people and entities trying to take advantage of weaknesses.”

40 ©2015 InnovatioNews

“For the foreseeable future – as long as we’re in the Information Age – people are going to use cyber crime to sell information or achieve ideological

objectives. And those motivations aren’t going to change for a long, long time.”

—Chris Petersen, LogRhythm CTO

41 ©2015 InnovatioNews

So what is the best way to protect your data day-to-day?

“I’d say putting it in the cloud, keeping it local and keeping it encrypted is probably best.”

—Chris Petersen, LogRhythm CTO  

42 ©2015 InnovatioNews

“This is a big problem and it’s not going to solve itself,” adds Chasin of ProtectWise. “There’s no silver bullet to protect you, so you have to speed up the response time.”

43 ©2015 InnovatioNews

“It’s an inexact science that everybody’s trying to get better at,” adds Level 3’s Richter. “I can’t see an end to it because demands of business demand exposure to a global marketplace at an ever-faster pace.

“The more information exposed, the broader the attack surface.”

Colorado’s Cyber Security Risk

Source: National Consumers League, “2014 Consumer Sentinel Data Book.”

4444 © 2015 InnovatioNews

Colorado’s Cyber Security Risk

Source: National Consumers League, “2014 Consumer Sentinel Data Book.”

4545 © 2015 InnovatioNews

46 ©2015 InnovatioNews

ResourcesColorado Secretary of State, protecting your businessColorado Attorney General, Identity Theft Resources

Identity Theft Victims Assistance NetworkColorado Legal Services.org

Top 100+ Cyber Security Blogs and Infosec ResourcesDepartment of Homeland Security

Improving Cyber Security for Medical DevicesHealthcare data breaches, Risk and Mitigation Tips

Cyber security for Small Business (FCC report)How to Protect Your Business from Cyber Security Attacks

(Rand Corp)International Cyber Security Protection Alliance

Cyber Attacks on the Rise, Are Private Companies doing enough to protect themselves?

(PWC)

47 ©2015 InnovatioNews

About this publication:

This ebook is published by InnovatioNews, an online news magazine covering Colorado innovation in a broad variety of industries. It was written by IN’s editor, Steve Porter. For more information, see InnovatioNews.com.