top 7 ways employees cause cybercrime infections
DESCRIPTION
Deploying an army of cyber-security solutions doesn’t mean that your organization’s data is safe. Despite all the information and security solutions out there, North American companies are still not fully aware of the dangers that hackers, social media, and insider threats pose on the organization’s data and reputation. Truth is, the average user doesn’t really know how to protect themselves... which is ironic, because employees are the #1 cause of security threats today. As the one in charge of your organization’s IT security, it is on your shoulders to prevent and fix threats caused by the users you support. Join our panel of security experts on September 26th at 11am PDT and discover the top 7 ways employees cause cybercrime infections (plus learn best practices on how to fix them once and for all)!TRANSCRIPT
The Top 7 (Latest) Ways Employees
Cause Cybercrime Infections
Cynthia JamesDirector Business
Development, CISSP
Alex BrandtVP Americas
Meet Our Speakers
Jason DettbarnSenior Technology
Analyst
• Founded in 1997; largest private anti-malware company – 100% focused on anti-malware
• Over $700M annual revenues • Presence in 19 countries• #1 vendor in Germany, France, Spain, Eastern
Europe• Protecting over 300 million end points • America’s distribution: 12,000 outlets; top two
vendors (revenue & units shipping) • Top supplier to OEMs/ISVs of anti-malware
worldwide
About Our Experts: Kaspersky
Cybercrime Threatscape: Malware Growth Current Malware: Comprehension Gap The Top (Latest) 7 Ways Employees Cause Cyber
Crime Infections Security Solution Overview 3 Tips for CyberSafety at Home Giveaway Questions & Answers
Today’s Agenda
200k unique malware samples PER YEAR were identified in 2006; 2M in 2007…now it’s up to 200K malware samples
PER DAY.
The quality of malware improves every year.
Cybercrime Threatscape: Malware Growth
• Recent years have seen exponential growth in malware.
• Anyone can enter the cybercrime game.
• Cybercriminals earn over $100B a year. Over 200K Per
DAY
Current Malware: Comprehension Gap
Cybercrime will never stop.
Where we really are today (2013)
Where most employees/end users think we still are
#1. Poor Password Management
present
The Top 7 (Latest) Ways Employees Cause Cybercrime Infections
• Same password, all sites and servers (personal and business)
• Easy to guess from Facebook
#1. Poor Password Management
• Users ignore warnings
• Users ignore usage policies
• Users don’t inform IT of known security issues
#2. “Don’t Bore Me With Safety”
• On average we have 4.5 personal internet connected devices
• How many walk into work each day? • How many WIFIs have
we frequented in between?
• How secure are they?• To get infected only
takes ONE malicious participant from one network OR
• ONE device which the owner doesn’t realize is infected
#3. Promiscuous Use of WIFI
• To be always on, always connected
• To all social media
• To get the latest features
…regardless of the security issues
#4. Users DEMAND
• Cybercriminals target social media for clues
• The (new) defacto “morals clause” in employment agreements (don’t hurt the brand)
• Behavior broadcasts over social media
• Don’t upset hacktivists!
#5. They Are Easy APT Targets
• 1 incident of insider fraud per week per year
• 75% caused financial loss
• It’s very easy to sell data these days
#6. Companies Under-Estimate The Insider Threat
• When employees change jobs, do rights to data change?
• Are passwords reset when employees leave?
• Are admin passwords or backdoors documented and closed?
#7. Privileges Accumulate… And Are Abused
Kaspersky CyberSecurity Digest- Free Security Bulletin
Free Kaseya Security Bundle Trial
Interested? Just respond to the Poll located on the right bottom corner of your Webex
platform!
Special Giveaway!
Next: The Latest in Mobile Threats
Top infection vector – infected apps “Crackers” are widely available: open app, insert
malware, repost it Infected via ads
Infection via SMS or email Malware is downloaded for Windows or Android
Profit model: 1.) SMS premium messaging; 2.) theft of assets (APTs); 3.) stealing authentication codes
Advertisers receive the same information we provide the app (geolocation apps for example)
Biggest problem: Android updates take 6 months to get
The Latest in Mobile Threats
– Purchase apps from legitimate storefronts (“Verify Apps”)
– Use AV on smartphones to defend against APTs
– Help employees with their devices: • Turn Bluetooth to undiscoverable• Warn them about malicious apps • Require them to register every mobile device
which uses the corporate wifi • Push data about “cybersafety at home”
Remediation Recommendations
• Go long – longer passphrases are much more secure
• No online banking except over secured wifi
• Safety/privacy - tell kids & teens: – How geolocators in photos work – Privacy doesn’t exist - don’t
share family details online
3 Tips for Cyber Safety at Home
Poor Password Management
“Don’t Bore Me With Safety”
Promiscuous Use of WIFI
Users DEMANDThey are Easy APT Targets
Companies Under-Estimate
the Insider Threat
Privileges Accumulate…
And Are Abused
The Top Seven
The Power of Layered Security
Kaseya Security Stack
Endpoint Monitoring
& HardeningAntivirus
Kaseya Antivirus
AntiMalware
Kaseya AntiMalware
Remediation
Agent Procedures
Monitoring
Service Desk & PSA
Scheduling & Management
Monitoring
PasswordsUSB
Block Processes
Layered Security:Let’s Take a Look
www.kaseya.com
About Our Experts: Kaseya
“Providing Enterprise-Class IT Systems Management for Everybody”
www.kaseya.com
Discover the State of IT
• Systems• Assets• Mobile Devices• Network Devices
Manage the State of IT
• Scheduling• Procedures• API/Messaging
Automate the State of IT
• Reporting• Dashboards• Interactive Data Views
IT Configuration Management
Asset Management
Security
Business Continuity
Service Delivery
Systems Monitoring
• Remote Management• Software Deployment• Power Management
• Image Deployment
• Desktop Migration• Mobile Device Management
• Network Discover & AD• Hardware/Software• Asset Management
• Virtual Machine Management
• AntiVirus• AntiMalware• Patch Management
• Software Updates
• Image Backup• Image Virtualization• File & Folder Backup
• Service Desk/Ticketing• Policy Management• Service Billing• Policy Compliance
• Time Tracking
• Systems Checks & Alerts• Agent Monitoring• Enterprise Monitoring• Agent-less Monitoring
• Log Monitoring
UNIFIED MANAGEMENT
www.kaseya.com
www.kaseya.com
Discover:http://www.kaseya.com/resources/webinars/en/kaseya-solution-overview
Contact us:1 (877) [email protected]
Try Kaseya:http://www.kaseya.com/lps/global/lp/product-preview.aspx Use Promo Code: security072013
Visit us:www.kaseya.com
Q&A / Resources