Cyber Threats and Trends for 2020 - ProfitStars...Trends for 2020 • Sophos 2020 Threat Report •...
Transcript of Cyber Threats and Trends for 2020 - ProfitStars...Trends for 2020 • Sophos 2020 Threat Report •...
© 2020 Jack Henry & Associates, Inc.®1 © 2020 Jack Henry & Associates, Inc.®
Cyber Threats and Trends for 2020
S. Allen Eaves, Jr. CISSP, CISM, CRISC, SSCP, CFE
Director of Gladiator IT Security and Compliance Services
© 2020 Jack Henry & Associates, Inc.®2
ProfitStars Multi-part Webinar Series
Proactive Cybersecurity: Staying Ahead of Threats
1. Assessing Your Biggest Security Risks Before It Is Too Late – October 29th
2. Machine Learning and the Latest Protection Methods – December 12th
3. Cyber Threats and Trends for 2020 – January 14th
4. Ransomware is Alive and Well: Are You? – February 12th
5. Gone Phishing – Tips, Tricks, and Lessons Learned in the Battle of Social
Engineering – March 18th
6. Unleashing the true value of GRC – April (TBD)
© 2020 Jack Henry & Associates, Inc.®3
• Accenture: The Cost of Cybercrime
• The Hacker News: Top 5
Cybersecurity and Cybercrime
Predictions for 2020
• Verizon, 2019 Data Breach
Investigations Report
• Kaspersky®, Advanced Persistent
Threats in 2020
• McAfee Labs 2020 Threats
Predictions
• Forbes: 6, 141 and 42 More
Cybersecurity Predictions –
Published Dec. 2019
• Krebs on Security
• The RSAC 2020 Trend Report
• The New Norms: Trend Micro Security
Predictions for 2020
• Forrester: Predictions 2020: This
Time, Cyberattacks Get Personal
• Gartner: Top 7 Security and Risk
Trends for 2020
• Sophos 2020 Threat Report
• Gladiator and JHA InfoSec teams
• CRN: 5 Emerging Cybersecurity
Trends To Watch In 2020
• IBM X-Force Labs
• Digital Shadows: 2020 Cybersecurity
Forecasts
© 2020 Jack Henry & Associates, Inc.®4
Verizon 2019 Data Breach Investigations Report
Overall 71% of breaches were financially motivated and 25% were motivated by espionage.
Of those breaches in the FI industry 88% were financially motivated.
© 2020 Jack Henry & Associates, Inc.®5
IBM reported the
average time to identify
a breach in 2019 was
206 days
Verizon 2019 Data Breach Investigations Report
The average lifecycle of a breach was 314 days (from the breach to containment)
© 2020 Jack Henry & Associates, Inc.®6
Existing and Emerging Trends
• Increase in targeted attacks
• Offensive/defensive machine learning/AI -
‘Deepfake’, Phishing and Vishing
• Attacker code appearing ‘trusted’ while
privileges escalated
• Living off the land and evading detection
© 2020 Jack Henry & Associates, Inc.®7
Existing and Emerging Trends
• Supply chain attacks• Remote-working setup vulnerabilities (IOT)
• Legitimate IT management tools used as malware
• State sponsored attacks - Iran
• Ransomware resurgence – double?• Targeting backups is routine
© 2020 Jack Henry & Associates, Inc.®8
Encrypt critical and sensitive data. Decrypt for Security Inspection.
So What?
© 2020 Jack Henry & Associates, Inc.®9
Patch promptly after testing.
So What?
© 2020 Jack Henry & Associates, Inc.®10
Be vigilant. Implement systems for early breach detection.
So What?
© 2020 Jack Henry & Associates, Inc.®11
Make people and non-security staff an effective line of defense.
So What?
© 2020 Jack Henry & Associates, Inc.®12
Use the principle of least-privilege and only keep data on a need-to-know basis.
So What?
© 2020 Jack Henry & Associates, Inc.®13
Use strong authentication, including two-factor.
So What?
© 2020 Jack Henry & Associates, Inc.®14
A.I.
Applied Threat Intelligence
US-CERT
FBI FS-ISAC
iSIGHT
NCFTA
Platform
VendorsUTMs
3rd
Party
Other
Partners
© 2020 Jack Henry & Associates, Inc.®15
Detection and
Protection
• Baseline network and security
activity
• Visibility through and despite
encryption
• Singular visibility across security
and network monitoring
• Early breach detection/sandboxing
• DNS monitoring
• Vulnerability scanning
• Endpoint protection
© 2020 Jack Henry & Associates, Inc.®16© 2020 Jack Henry & Associates, Inc.®
Cyber Threats and Trends for 2020
S. Allen Eaves, Jr. CISSP, CISM, CRISC, SSCP, CFE
Director of Gladiator IT Security and Compliance Services