Advance Persistent Threat

Advanced Persistent Threat (APT)

Lethal Combination of Social Engineering and Technology

June 6th, 2011

Agenda

Headlines Data Loss Perspectives • • • • • • • The Bottom Line of Data Loss What is at Risk Data at Risk Conduits Threats Those Most Affected Professional Hacking

Case Studies APT Case Studies • Google • RSA APT Explained • • APT Definitions How APT works

What can we do? Key take a ways

2

© 2011 Protiviti Inc.

From the Headlines

3

© 2011 Protiviti Inc.

The Bottom Line of Data Loss

9.5 million consumers were victims of identity theft in 20101. The total fraud loss amount was $500 Million2. The average loss to organizations in 2010 was nearly $400,0003. The average consumer victim spent 21 hours and $373 to resolve the crime4. More than 84.3% of e-mail is Spam 52% of data theft occurred over the Web5 Industry standards, such as PCI compliance, will help reduce the risk.

2The

ITRC Breach Report 2010 Verizon Business Data Breach Investigations Report 32010 Cybercrime Security Survey 4Javelin Strategy and Research, 2009 5 Web Sense 2010 Threat Report

12011

4

© 2011 Protiviti Inc.

What Are The Risks?

The risks are more than just immediate monetary impact:

Litigation Reputation Loss Loss of System Availability Lost Productivity Loss of Intellectual Property Regulatory Fines

5

© 2011 Protiviti Inc.

Types of Data at Risk and Detection of Breach

• In a trend consistent with pre-2009 levels, the food and beverage and retail industries shouldered the brunt of data breaches accounting for 75% of all investigations. • As with prior years, the majority of incident response caseload consisted of payment card data breaches. • The targeting of payment card data is expected, as payment card fraud is an established business, and this data can be easily sold or laundered through established black market networks to realize financial gain.

© Trustwave Global Security Report 2011

6

© 2011 Protiviti Inc....