© 2020 Jack Henry & Associates, Inc.®1 © 2020 Jack Henry & Associates, Inc.®

Cyber Threats and Trends for 2020

S. Allen Eaves, Jr. CISSP, CISM, CRISC, SSCP, CFE

Director of Gladiator IT Security and Compliance Services

© 2020 Jack Henry & Associates, Inc.®2

ProfitStars Multi-part Webinar Series

Proactive Cybersecurity: Staying Ahead of Threats

1. Assessing Your Biggest Security Risks Before It Is Too Late – October 29th

2. Machine Learning and the Latest Protection Methods – December 12th

3. Cyber Threats and Trends for 2020 – January 14th

4. Ransomware is Alive and Well: Are You? – February 12th

5. Gone Phishing – Tips, Tricks, and Lessons Learned in the Battle of Social

Engineering – March 18th

6. Unleashing the true value of GRC – April (TBD)

© 2020 Jack Henry & Associates, Inc.®3

• Accenture: The Cost of Cybercrime

• The Hacker News: Top 5

Cybersecurity and Cybercrime

Predictions for 2020

• Verizon, 2019 Data Breach

Investigations Report

• Kaspersky®, Advanced Persistent

Threats in 2020

• McAfee Labs 2020 Threats

Predictions

• Forbes: 6, 141 and 42 More

Cybersecurity Predictions –

Published Dec. 2019

• Krebs on Security

• The RSAC 2020 Trend Report

• The New Norms: Trend Micro Security

Predictions for 2020

• Forrester: Predictions 2020: This

Time, Cyberattacks Get Personal

• Gartner: Top 7 Security and Risk

Trends for 2020

• Sophos 2020 Threat Report

• Gladiator and JHA InfoSec teams

• CRN: 5 Emerging Cybersecurity

Trends To Watch In 2020

• IBM X-Force Labs

• Digital Shadows: 2020 Cybersecurity

Forecasts

© 2020 Jack Henry & Associates, Inc.®4

Verizon 2019 Data Breach Investigations Report

Overall 71% of breaches were financially motivated and 25% were motivated by espionage.

Of those breaches in the FI industry 88% were financially motivated.

© 2020 Jack Henry & Associates, Inc.®5

IBM reported the

average time to identify

a breach in 2019 was

206 days

Verizon 2019 Data Breach Investigations Report

The average lifecycle of a breach was 314 days (from the breach to containment)

© 2020 Jack Henry & Associates, Inc.®6

Existing and Emerging Trends

• Increase in targeted attacks

• Offensive/defensive machine learning/AI -

‘Deepfake’, Phishing and Vishing

• Attacker code appearing ‘trusted’ while

privileges escalated

• Living off the land and evading detection

© 2020 Jack Henry & Associates, Inc.®7

Existing and Emerging Trends

• Supply chain attacks• Remote-working setup vulnerabilities (IOT)

• Legitimate IT management tools used as malware

• State sponsored attacks - Iran

• Ransomware resurgence – double?• Targeting backups is routine

© 2020 Jack Henry & Associates, Inc.®8

Encrypt critical and sensitive data. Decrypt for Security Inspection.

So What?

© 2020 Jack Henry & Associates, Inc.®9

Patch promptly after testing.

So What?

© 2020 Jack Henry & Associates, Inc.®10

Be vigilant. Implement systems for early breach detection.

So What?

© 2020 Jack Henry & Associates, Inc.®11

Make people and non-security staff an effective line of defense.

So What?

© 2020 Jack Henry & Associates, Inc.®12

Use the principle of least-privilege and only keep data on a need-to-know basis.

So What?

© 2020 Jack Henry & Associates, Inc.®13

Use strong authentication, including two-factor.

So What?

© 2020 Jack Henry & Associates, Inc.®14

A.I.

Applied Threat Intelligence

US-CERT

FBI FS-ISAC

iSIGHT

NCFTA

Platform

VendorsUTMs

3rd

Party

Other

Partners

© 2020 Jack Henry & Associates, Inc.®15

Detection and

Protection

• Baseline network and security

activity

• Visibility through and despite

encryption

• Singular visibility across security

and network monitoring

• Early breach detection/sandboxing

• DNS monitoring

• Vulnerability scanning

• Endpoint protection

© 2020 Jack Henry & Associates, Inc.®16© 2020 Jack Henry & Associates, Inc.®

Cyber Threats and Trends for 2020

S. Allen Eaves, Jr. CISSP, CISM, CRISC, SSCP, CFE

Director of Gladiator IT Security and Compliance Services