1 / 16

ECI: Anatomy of a Cyber Investigation

ECI: Anatomy of a Cyber Investigation. Who Are the Actors. Who is Doing it?. 70% of breaches involved External agents 48% of breaches involved Internal agents 11% of breaches involved Partner agents Any breach can involve multiple individuals

tilden
Download Presentation

ECI: Anatomy of a Cyber Investigation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ECI: Anatomy of a Cyber Investigation Who Are the Actors

  2. Who is Doing it? • 70% of breaches involved External agents • 48% of breaches involved Internal agents • 11% of breaches involved Partner agents • Any breach can involve multiple individuals • E.g. An employee of a subcontractors steals Credit Card numbers and delivers the Credit Card Numbers to an external 3rd party

  3. Who is Doing it? • External Agents (70% breaches, 98% of lost data) • 24% Organized Criminal Group • 21% Unaffiliated Person(s) • 3% External Systems or Sites • 5% Others (Former Employee, Partner, Competitor, Customer) • 45% Unknown

  4. Who is Doing it? Internal Agents (48% of Breaches, 3% of records) Demographics (90% Deliberate ) • 51% Regular Employees / end user • 12% Finance / Accounting • 12% System Admin • 7% Upper management • 8% Other ( Help desk, Software Dev, Auditor) • 9% Unknown

  5. Who is Doing it? • Partner Agent (11% of Breaches, 1% of records) • 3rd party “hijack” Partner, • Deliberate act of Partner “Organization that outsource their IT management and support also outsource a great deal of trust to these partners. … poor governance, lax security, and too much trust is often the rule “ Verizon Data Breach Investigation Report (p. 19)

  6. How Are They Doing it?

  7. How did insiders do it? • Inter-connected factors and events • 48% of breaches included Misuse of privilege • 40% of breaches were by Hackers • 38% of breaches used of Malware • 28% of breaches used Social Engineering • 15% of breaches were Physical attacks A single attack can may combine multiple vulnerabilities.

  8. How did Outsiders do it? • Hackers methods • Web Applications 54% • Remote Access 34% • Backdoors 23% • Network file sharing 4% • Others (physical access, Wireless Network, unk)

  9. Top 5 Methods of Attack • Webpage Access • Un / Improperly Secured Access • Trusted network connections • Trojans / Malware / Spyware • Employee Malfeasance

  10. Top 5 Methods of Attack • Web Pages • Unsecured web pages access • SQL Injection • Improperly designed website • Oops - errors

  11. Top 5 Methods of Attack • Un / Improperly Secured Access • Abandoned / Unguarded computers. • Computers with too many connections • Brute Force • Backdoors

  12. Top 5 Methods of Attack • Trusted network connections • Sub contractor / Sister company or agency

  13. Top 5 Methods of Attack • Trojans / Malware / Spyware • E-mail of a Trojan • Social Engineering • Telephone Contact • Email Contact • Internet contact (Chat, IM, etc) • Customized Malware (Largest attacks) • Back doors

  14. Top 5 Methods of Attack • Employee Malfeasance • Abuse of system access • Use of un-approved hardware / device • Rogue networks • Improperly handled data

  15. Timelines facts • How long To Compromise Data • Most took days to months • 31% took only Minutes • Time to Discovery • Most took weeks or months • 5% took minutes • Time to Containment • Most took days to weeks *some even months

  16. Some thoughts • 98% came from servers (duh) • 85% an not very difficult • 61% Discovered by a 3rd party • 86% had evidence in log files about attack

More Related