New Managed Cyber Security · 2020. 6. 12. · What our specialists were able to exploit Upload malicious files in 55.6% from all cases Pivot orimpersonate employees in 63.9%from

Managed Cyber Security

About me● CEO Bit Sentinel since 2015

● Founder & Coordinator DefCamp since 2011

● Cybersecurity adviser and mentor for infosec startups

● Important community recognition: ● Nominated in 30 Under 30 by Forbes in 2016● Nominated by Financial Times – New Europe 100: Changemakers in Central and Eastern

Europe in 2016● Nominated in Forbes Heroes in 2018

What you will learn today

● Attractive assets that companies own that can become target for hackers and cyber

criminals

● What our certified specialists were able to exploit

● What is a penetration test? When do you need a pentest?

● What are Managed Cyber Security services?

Our Customers

Large Company Medium CompanySmall Company Startups

RetailTransportSaaSFintechHealthcareTelecomOther

What assets were in the scope?

0 20 40 60 80 100 120

Web Applications

Mobile Applications

APIs

Software Applications

Network Assets

BM Applications

% of customers that had in scope

What was considered sensitive for customers?

0 20 40 60 80 100 120

Sensitive Internal Data

Personal Identifying Info

Authentication Credentials

Payment Card Data

Bank Account Data

System Configuration

Classified Info

Trade Secrets

Copyrighted Materials

Source Code

% of customers that considered sensitive for the business

Have we obtained access to sensitive information?

89%

8%3%

YesNoNot in the scope61%19%

3%17%

YesNoNot in the scopePartially

Have we gained unauthorised access to most critical asset?

What our specialists were able to exploit

● Upload malicious files in 55.6% from all cases● Pivot or impersonate employees in 63.9% from all cases● Escalate privileges in the network in 72.2% from all cases● Perform denial of service in 83.3% from all cases● Alter information on the main websites in 61.1% from all cases● Steal money or tokens/coins in 47.2% from all cases● Steal sensitive data in 86.1% from all cases● We could have been identified in only 8.3% of cases

What our specialists were able to exploit● Perform attacks with a critical or high impact to business without any significant access in

75% of cases● The company had capabilities to identify security incidents or data breaches in 5.6% of

cases (partially)

Other facts:

● network segmentation was present in 52.8% of cases● security monitoring tools such as firewall/ids/ips were present < 10%

of cases● Only 26% of the identified bugs could be fixed with the existing resources

Efficient security testing

Penetration Testing / Vulnerability Assessment

● Black Box, limited access to information about infrastructure

● White Box, explicit knowledge of the infrastructure (code, different accounts levels etc)

● Grey Box, a mix from the above

Did you know?

Phishing emails are responsible for about 91% of cyber attacks

92% of malware is delivered via email

The average time to identify a breach is 197 days

Average time to contain a breach is 69 days

In 2018 there were 16,555 new vulnerabilities reported (CVE)

Cryptojacking is one of the more serious cyber threats to watch out for in 2020

The global cost of cybercrime is expected to exceed $2 trillion in 2020

The main cause of data breaches are malicious/criminal attacks ->responsible for 48% of all data breaches

38% of malicious file extensions are Microsoft Office files

Ransomware is expected to cost businesses and organizations $11.5 billion in 2020

Before you had a breach, did you know...● What are your most critical assets?● How can you restore if the system is down?● What are your vulnerabilities?● What are the security mitigation mechanisms in place?● If your systems generates qualified alerts to identify

incidents?

● How to hunt vulnerabilities in your system?● Do you have an onboarding process for new systems?

When you have a breach, do you know...

● If you have an incident response plan?● Who should be notified?● How can be the threat isolated?● How can you collect evidences?● Who you can ask to assist you in the entire technical

process?

After the breach, do you know...

● How can you learn from a breach to prevent further from happening?

● How can the impact be reduced for a similar event?● How similar events can be detected in the future?● What additional detection & defense mechanisms

needs to be introduced?

● How can you check if any additional assets are compromised?

When do you actually need these servicesPenetration testing

• new application or infrastructures in place

• major changes to existing apps, services or network

• every 12 months

Managed Cyber Security Services

• develop a mature program to detect, prevent and respond to cyber threats

• 365/24/7 because criminals never sleep

Thank you!

Email: [email protected]

Phone: +40.746.649.998

Skype: andreiavadanei

Website: bit-sentinel.com