Top 5 Cyber Security Findings by Experts You Can’t Afford to Miss facebook.com/appknox twitter.com/appknox IBM X-Force Threat Intelligence Report 2016 5 42.7% 18% 15.1% 7.7% 5.2% 4.1% 2.9% 2.2% 1.1% 0.7% Undisclosed Malware DDoS Misconfiguration Malvertising SQLi Phishing Physical access Watering hole Brute force Most-common Attack Types Computer Services Retail Healthcare Media and Entertainment Financial markets Travel and Transportation Government Education Telecommunications Non-profit Professional services Energy and Utilities Industrial Products 30.2% 14.7% 9.2% 8.5% 7.7% 7.7% 7.4% 4.8% 4.8% 2.2% 1.8% 0.7% Most-commonly Attacked Industries 0.4% The phrase “We take your security very seriously” was an oft-used mantra throughout the year, though it was unfortunately often followed with “but regret to inform you,” as hundreds of millions of individuals discovered their private information had been stolen Identity Theft Resource Center Data Breach Report 4 The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format Data Breach Banking/Credit/Financial No. of breaches Records exposed Business Educational Government Medical/Healthcare 43 4,382 15 8 40 109,883 302,410 102,828 1,269,890 4 Category Total 110 1,789,393 (2016 Breaches identified by the ITRC as of 3/1/2016) In the healthcare industry in particular, unencrypted lost and stolen devices are a big problem of industries have experienced a PHI breach The fact that an organization is not in the healthcare industry or isn’t a HIPAA-covered entity doesn’t mean that it’s not at risk of a PHI data breach Verizon - 2015 Protected Health Information Data Breach Report 3 for half of the population of the United States has been impacted by breaches since 2009 PHI 90% Just one mobile device infected with malware can cost an organization on average $9,485 $21,042 is the average cost to investigate, contain and remediate from a potential financial breach on an employee's mobile device The root cause of many of today’s data breaches is an employee’s mobile device Ponemon Institute LLC - The Economic Risk of Confidential Data on Mobile Devices in the Workplace 2 Mobile risk is a real number. Of the 53,844 mobile devices in the average Global 2000 enterprise, 1700 of those devices are infected by malware at any given time 38% In 2015, 38% more security incidents were detected than in 2014 Theft of “hard” intellectual property increased 56% in 2015 While employees remain the most cited source of compromise, incidents attributed to business partners climbed 22% Many executives are declaring cyber as the risk that will define our generation - Dennis Chesley, Global Risk Consulting Leader, PwC PwC - The Global State of Information Security ® Survey 2016 1 56% 22%