Financial Institutions Need to Take Cybersecurity Seriously
Tweet the fact that shocks you the most
43% of cyber attacks target small community businesses
Tweet
smallbiztrends.com
4x
Financial institutions are 4 times more likely to be attacked than other industries
Tweet
Websense Security Labs Report (now Forcepoint)
47% of the time, companies are unaware that they've been breached until a 3rd party tells them
Tweet
Mandiant M-Trend Report
Cyber Attacks Are Expensive
For every $1 taken by fraud, financial institutions pay an additional $2.67 in chargebacks, fees, interest, and labor
Tweet
LexisNexis Study
$336
The average cost per stolen record is $336 in financial services
Tweet
IBM Security and the Ponemon Institute Report
81% of breaches at community financial institutions were at institutions with less than $35 million in annual revenue
Tweet
Beazley Breach Response
The Threats You’re Up Against
91% of cyberattacks start with a phishing email
Tweet
PhishMe (now Cofense)
76% of organizations reported being a victim of a phishing attack in 2016
Tweet
Wombat Security State of the Phish
Fake invoice messages are the #1 type of phishing lure
Tweet
Symantec Report
Failure to patch a 2 month old bug led to the massive Equifax breach
Tweet
Ars Technica
Over 80% of breaches are the result of poor patch management
Tweet
Voke, Inc.
What is an APT?
An Advanced Persistent Threat (APT) is an attack where various sophisticated techniques are employed to gain access to a network Attacks are performed by well organized and funded groups Once access is gained, attackers take sophisticated measures to avoid detection, perform reconnaissance of the environment, and then execute the primary objective Many times, the primary objective is to gather sensitive data, and then to extract that data
Beginning March 2016, Russian government cyber actors (known as Dragonfly) attacked US energy and other critical infrastructure sectors
Tweet
Symantec, US-CERT
On June 4, 2015, US Government officials announced a breach of data at the Office of Personnel Management (OPM) by Chinese threat actors known as Deep Panda
Tweet
SANS Institute
39% of people write their passwords on a piece of paper
Tweet
Digital Guardian
61% of people re-use passwords across multiple websites
Tweet
Digital Guardian
47% of people use passwords that are over 5 years old
Tweet
TeleSign Consumer Account Security Report
What is Privilege Escalation?
Privilege escalation is when an malicious program or user gains elevated access a protected area by either exploiting a bug, design flaw, or configuration oversight within an operating system or pieces of software
Forrester estimates that 80% of security breaches involve privileged credentials
Tweet
Forrester Wave: Privilege Identity Management
38% of attackers bypass defenses through social engineering
Tweet
SANS Survey
48% of attacks occur through user error
Tweet
SANS 2016 Threat Landscape Survey
88% of IT professionals consider security awareness training to be the most effective protection against ransomware
Tweet
KnowBe4 Survey
There are about 27 different techniques that hackers can use to exploit any vulnerability in any product
Tweet
ISMG interview of Dan Schiappa
What is a Drive-by Download?
Drive-by downloads are viruses or malware that a user unintentionally downloads while browsing online
The top 3 browsers (IE, Chrome and Firefox) had 1,004 vulnerabilities in 2015 and 2016
Tweet
CVEdetails.com
Cybersecurity in the News