The Top 7 (Latest) Ways Employees

Cause Cybercrime Infections

Cynthia JamesDirector Business

Development, CISSP

Alex BrandtVP Americas

Meet Our Speakers

Jason DettbarnSenior Technology

Analyst

• Founded in 1997; largest private anti-malware company – 100% focused on anti-malware

• Over $700M annual revenues • Presence in 19 countries• #1 vendor in Germany, France, Spain, Eastern

Europe• Protecting over 300 million end points • America’s distribution: 12,000 outlets; top two

vendors (revenue & units shipping) • Top supplier to OEMs/ISVs of anti-malware

worldwide

About Our Experts: Kaspersky

Cybercrime Threatscape: Malware Growth Current Malware: Comprehension Gap The Top (Latest) 7 Ways Employees Cause Cyber

Crime Infections Security Solution Overview 3 Tips for CyberSafety at Home Giveaway Questions & Answers

Today’s Agenda

200k unique malware samples PER YEAR were identified in 2006; 2M in 2007…now it’s up to 200K malware samples

PER DAY.

The quality of malware improves every year.

Cybercrime Threatscape: Malware Growth

• Recent years have seen exponential growth in malware.

• Anyone can enter the cybercrime game.

• Cybercriminals earn over $100B a year. Over 200K Per

DAY

Current Malware: Comprehension Gap

Cybercrime will never stop.

Where we really are today (2013)

Where most employees/end users think we still are

#1. Poor Password Management

present

The Top 7 (Latest) Ways Employees Cause Cybercrime Infections

• Same password, all sites and servers (personal and business)

• Easy to guess from Facebook

#1. Poor Password Management

• Users ignore warnings

• Users ignore usage policies

• Users don’t inform IT of known security issues

#2. “Don’t Bore Me With Safety”

• On average we have 4.5 personal internet connected devices

• How many walk into work each day? • How many WIFIs have

we frequented in between?

• How secure are they?• To get infected only

takes ONE malicious participant from one network OR

• ONE device which the owner doesn’t realize is infected

#3. Promiscuous Use of WIFI

• To be always on, always connected

• To all social media

• To get the latest features

…regardless of the security issues

#4. Users DEMAND

• Cybercriminals target social media for clues

• The (new) defacto “morals clause” in employment agreements (don’t hurt the brand)

• Behavior broadcasts over social media

• Don’t upset hacktivists!

#5. They Are Easy APT Targets

• 1 incident of insider fraud per week per year

• 75% caused financial loss

• It’s very easy to sell data these days

#6. Companies Under-Estimate The Insider Threat

• When employees change jobs, do rights to data change?

• Are passwords reset when employees leave?

• Are admin passwords or backdoors documented and closed?

#7. Privileges Accumulate… And Are Abused

Kaspersky CyberSecurity Digest- Free Security Bulletin

Free Kaseya Security Bundle Trial

Interested? Just respond to the Poll located on the right bottom corner of your Webex

platform!

Special Giveaway!

Next: The Latest in Mobile Threats

Top infection vector – infected apps “Crackers” are widely available: open app, insert

malware, repost it Infected via ads

Infection via SMS or email Malware is downloaded for Windows or Android

Profit model: 1.) SMS premium messaging; 2.) theft of assets (APTs); 3.) stealing authentication codes

Advertisers receive the same information we provide the app (geolocation apps for example)

Biggest problem: Android updates take 6 months to get

The Latest in Mobile Threats

– Purchase apps from legitimate storefronts (“Verify Apps”)

– Use AV on smartphones to defend against APTs

– Help employees with their devices: • Turn Bluetooth to undiscoverable• Warn them about malicious apps • Require them to register every mobile device

which uses the corporate wifi • Push data about “cybersafety at home”

Remediation Recommendations

• Go long – longer passphrases are much more secure

• No online banking except over secured wifi

• Safety/privacy - tell kids & teens: – How geolocators in photos work – Privacy doesn’t exist - don’t

share family details online

3 Tips for Cyber Safety at Home

Poor Password Management

“Don’t Bore Me With Safety”

Promiscuous Use of WIFI

Users DEMANDThey are Easy APT Targets

Companies Under-Estimate

the Insider Threat

Privileges Accumulate…

And Are Abused

The Top Seven

The Power of Layered Security

Kaseya Security Stack

Endpoint Monitoring

& HardeningAntivirus

Kaseya Antivirus

AntiMalware

Kaseya AntiMalware

Remediation

Agent Procedures

Monitoring

Service Desk & PSA

Scheduling & Management

Monitoring

PasswordsUSB

Block Processes

Layered Security:Let’s Take a Look

www.kaseya.com

About Our Experts: Kaseya

“Providing Enterprise-Class IT Systems Management for Everybody”

www.kaseya.com

Discover the State of IT

• Systems• Assets• Mobile Devices• Network Devices

Manage the State of IT

• Scheduling• Procedures• API/Messaging

Automate the State of IT

• Reporting• Dashboards• Interactive Data Views

IT Configuration Management

Asset Management

Security

Business Continuity

Service Delivery

Systems Monitoring

• Remote Management• Software Deployment• Power Management

• Image Deployment

• Desktop Migration• Mobile Device Management

• Network Discover & AD• Hardware/Software• Asset Management

• Virtual Machine Management

• AntiVirus• AntiMalware• Patch Management

• Software Updates

• Image Backup• Image Virtualization• File & Folder Backup

• Service Desk/Ticketing• Policy Management• Service Billing• Policy Compliance

• Time Tracking

• Systems Checks & Alerts• Agent Monitoring• Enterprise Monitoring• Agent-less Monitoring

• Log Monitoring

UNIFIED MANAGEMENT

www.kaseya.com

www.kaseya.com

Discover:http://www.kaseya.com/resources/webinars/en/kaseya-solution-overview

Contact us:1 (877) 926-0001sales@kaseya.com

Try Kaseya:http://www.kaseya.com/lps/global/lp/product-preview.aspx Use Promo Code: security072013

Visit us:www.kaseya.com

Q&A / Resources