Top Banner
Cost of CyberCrime Current Practices 1990 2000 2010 2020 0% Cyber Crime Costs $15.4 Million per US Company. 17% Increase Credits Forbes Sophisticated Cyber Attacks Anti-virus Effectiveness Process Stabilization Reduce defects, incidents, through Continuous Improvement Security Architecture designed to lower risks Future State 43.2% Effective Sophisticated Attacks Software Quality /Defects 80% Effective *** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC*** Reduce Defects, Incidents and unplanned expenses TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary
16

Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Jun 17, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Co

st o

f C

ybe

rCri

me

Current Practices

1990 2000 2010 2020 0%

Cyber Crime Costs

• $15.4 Million per US

Company.

• 17% Increase

Credits ForbesSophisticated Cyber Attacks

Anti-virus Effectiveness

Process Stabilization

Reduce defects, incidents, through Continuous

Improvement

Security Architecture designed to lower risks

Future State

43.2% Effective

Sophisticated Attacks

Software Quality /Defects

80% Effective

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

Reduce Defects, Incidents and unplanned expenses

TRENDS IN CYBERSECURITY /CRIME

Cyber Threat Summary

Page 2: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

References:

• RCMP Cybercrime: an overview of incidents and issues in Canada.• Canadian Anti-Fraud Centre (CAFC). • Canadian Cyber Incident Response Centre (CCIRC) – Get Cyber Safe Guide for Small and Medium Businesses.• Public Safety and Canadian National Security - Enhancing Critical Infrastructure Resiliency.• Statistics Canada Police-reported cybercrime in Canada, 2012.• REDSOCKS Malware Trend Report, Q1 2015. • Common Vulnerabilities and Exposures. • Ponemon Institute - Cyber Crime Costs Continue to Grow.• McAfee - Net Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II.• PWC - US cybersecurity: Progress stalled Key findings from the 2015 US State of Cybercrime Survey.• Juniper - Cybercrime will Cost Businesses $2 Trillion by 2019.• Lloyd’s and University of Cambridge - This is how much a cybercrime blackout would cost the U.S.• The Open Web Application Security Project.• FBI = Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain.

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 3: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: RCMP Cybercrime: an overview of incidents and issues in Canada

This report covers a broad range of criminal offences where the Internet and information technologies are used to carry out illegal activities. It describes select crimes in Canada’s digital landscape to show the rising technical complexity, sophistication and expansion of cybercrime. While difficult to measure, these crimes show no sign of slowing in Canada. The RCMP breaks cybercrime into two categories:

• technology-as-target - criminal offences targeting computers and other information technologies, such as those involving the unauthorized use of computers or mischief in relation to data, and;

• technology-as-instrument - criminal offences where the Internet and information technologies are instrumental in the commission of a crime, such as those involving fraud, identity theft, intellectual property infringements, money laundering, drug trafficking, human trafficking, organized crime activities, child sexual exploitation or cyber bullying.

Ref. Link; http://www.rcmp-grc.gc.ca/pubs/cc-report-rapport-cc-eng.pdf

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 4: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Canadian Anti-Fraud Centre (CAFC)

• Tax scams - It is tax time again and fraudsters will use this opportunity to attempt to scam consumers and businesses out of their hard earned money.

• Wire frauds - One type of wire fraud currently targeting businesses is the Business Executive Scam (BES) which is a type of phishing.

• Directory scams - Businesses receive an invoice for a directory, publication or listing that they did not order or authorize.

• The supplier swindle - Canadian businesses are losing significant amounts of money to fraudsters who claim to represent their regular supplier.

• Prize Scam - Seniors are solicited over the phone or email and advised they are the winner of a large lottery or sweepstakes. Prior to receiving any winnings, the consumer must first pay an upfront fee. No winnings are ever received.

• The Emergency Scam - Scammers use social media, the internet and newspapers to target potential senior victims, a call is received claiming to be a family member or a close friend advising about an urgent situation that requires immediate funds.

• Romance Scam - There is a growing number of seniors who are turning to the internet to find love, unfortunately scammers know this and use every type of dating or social networking site to seek out potential victims.

Ref. Link; http://www.antifraudcentre-centreantifraude.ca/index-eng.htm

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 5: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Canadian Cyber Incident Response Centre (CCIRC) – Get Cyber Safe Guide for Small and

Medium Businesses

• Cyber crime and smaller businesses /Small and medium-sized businesses (i.e., businesses with fewer than 500 employees) employed 10 million people in 2012, nearly 90% of all employees in Canada.

• In 2012, 87% of Canadian businesses used the Internet, and 46% had a website.

• The largest growth area for targeted cyber attacks in 2012 was businesses with fewer than 250 employees — 31% of all attacks targeted them.

• Over a 12-month period in 2012, 69% of Canadian businesses surveyed reported some kind of cyber attack, costing them approximately $5.3 million, or about $15,000 per attack.

Ref. Link; http://www.getcybersafe.gc.ca/cnt/rsrcs/pblctns/smll-bsnss-gd/smll-bsnss-gd-eng.pdf

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 6: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Public Safety and Canadian National Security - Enhancing Critical Infrastructure Resiliency

Enhancing the resiliency of critical infrastructure can be achieved through the appropriate combination of security measures to address intentional and accidental incidents; business continuity practices to deal with disruptions and ensure the continuation of essential services; and emergency management planning to ensure adequate response procedures are in place to deal with unforeseen disruptions and natural disasters.

Enhancing the resiliency of critical infrastructure can be described as actions and programs that:• identify risks to critical infrastructure and interdependencies• assess and prioritize risks• take steps to mitigate or protective measures to reduce risks and the potential for disruptions• conduct exercises to assess measures and identify strengths and areas of improvement• refine and upgrade critical infrastructure plans in all sectors• result in swift and more effective response and recovery efforts when disruptions occur.

Ref. Link; http://www.publicsafety.gc.ca/cnt/ntnl-scrt/crtcl-nfrstrctr/nhncng-rslnc-eng.aspx

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 7: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Statistics Canada Police-reported cybercrime in Canada, 2012

In 2012, 9,084 incidents of cybercrime were reported by Canadian police services participating in the newest version of the Uniform Crime Reporting Survey. This represented a rate of 33 cybercrime incidents per 100,000 population.

Property violations accounted for 61% of police-reported cybercrimes in 2012, totalling 5,544 incidents. Fraud, the most common property violation, accounted for more than half (54%) of all cybercrimes coming to the attention of police. An accused was identified by police in a relatively small proportion (6%) of property-related cybercrimes in 2012.

Ref. Link; http://www.statcan.gc.ca/daily-quotidien/140925/dq140925b-eng.pdf

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 8: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: REDSOCKS Malware Trend Report, Q1 2015

In the first quarter of 2015, almost 20 million, new and unique malicious files were processed in the RedSocks Malware Labs. 7 Million in January, 6 million in February, and up to 7 million again in March. Compared with the last quarter of 2014, that is a drop of 14 percent. This quarter the overall detection by Anti-Virus software was only 42.32 percent, which is a drop of 38.74 percent when compared to the fourth quarter of 2014. The detection rate for January was 41.92 percent. For February, it was 42.93 percent and in March, the average detection was only 42.14 percent. Please note that identification rates can change based on samples chosen, scanning engines used and time of scanning.

Ref. Link; http://www.redsocks.nl/files/RedSocks_Malware_Trend_Report_Q1-20150424.pdf

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 9: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: The Open Web Application Security Project.

• A1-Injection• A2-Broken Authentication and Session Management• A3-Cross-Site Scripting (XSS)• A4-Insecure Direct Object References• A5-Security Misconfiguration• A6-Sensitive Data Exposure• A7-Missing Function Level Access Control• A8-Cross-Site Request Forgery (CSRF)• A9-Using Components with Known Vulnerabilities• A10-Unvalidated Redirects and Forwards

Ref. Link; https://www.owasp.org/index.php/Top_10_2013-Top_10

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 10: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Common Vulnerabilities and Exposures

ID Brand Products Vul Exploits1. Microsoft 378 3483 1842. Apple 100 2284 453. Oracle 241 2258 234. IBM 566 2073 325. CISCO 1064 1817 276. Linux 13 1208 237. HP 1594 1126 348. Google 39 1095 169. VMWare 56 204 510. SAP 84 178 1211. McAfee 78 139 612. Symantec 183 92 1213. OpenOffice 2 35 115. Websense 19 27 016. Alienvault 3 17 417. Splunk 1 15 2

Ref. Link; https://cve.mitre.org/

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 11: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Ponemon Institute - Cyber Crime Costs Continue to Grow

Cyber crimes are growing more common, more costly, and taking longer to resolve. Those are among the findings of the fifth annual Cost of Cyber Crime Study conducted by the respected Ponemon Institute on behalf of HP Enterprise Security. The 2014 global study of U.S.-based companies, which spanned seven nations, found that over the course of a year the average cost of cyber crime climbed by more than 9% to $12.7 million for companies in the United States, up from 11.6 million in the 2013 study. The average time to resolve a cyber attack is also rising, climbing to 45 days, up from 32 days in 2013.

Ref. Link; http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report/

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 12: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: McAfee - Net Losses: Estimating the Global Cost of Cybercrime Economic impact of

cybercrime II

Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion.1 A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion. Even the smallest of these figures is more than the national income of most countries and governments and companies underestimate how much risk they face from cybercrime and how quickly this risk can grow.

Ref. Link; http://www.mcafee.com/ca/resources/reports/rp-economic-impact-cybercrime2.pdf

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 13: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: PWC - US cybersecurity: Progress stalled Key findings from the 2015 US State of Cybercrime Survey

Cybersecurity leaders from these organizations worked together to evaluate survey responses from more than 500 executives of US businesses, law enforcement services, and government agencies. We evaluated trends in the frequency and impact of cybercrime incidents, cybersecurity threats, information security spending, and the risks of third-party business partners in private and public organizations.

We also assessed how businesses are adapting to evolving expectations of the information security function and the Board of Directors. In addition to analysis of the survey results, this report also draws on previous PwC research that includes PwC’s 18th Annual Global CEO Survey, The Global State of Information Security® Survey 2015, and the 2015 Digital IQ Survey. We leveraged these surveys to provide a more thorough and balanced look into the current state of cybersecurity and cyberthreats.

Ref. Link; http://www.pwc.com/en_US/us/increasing-it-effectiveness/publications/assets/2015-us-cybercrime-survey.pdf

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 14: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Juniper - Cybercrime will Cost Businesses $2 Trillion by 2019

The rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015, according to research from Juniper.

Ref. Link; http://www.securitymagazine.com/articles/86352-cybercrime-will-cost-businesses-2-trillion-by-2019

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 15: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Lloyd’s and University of Cambridge - This is how much a cybercrime blackout would cost the U.S.

The extent of the economic damage can be estimated in one massive sum: $1 trillion. That’s according to a recent study by specialist insurance company Lloyd’s and University of Cambridge’s Centre for Risk Studies.

The report looked at two scenarios. One where a group of terrorists or “disgruntled insider” hackers break into the power system and bring 50 of the almost 700 generators in the northeastern U.S. offline, resulting in a blackout that lasts about 4 days. The damage: $243 billion in immediate and tangential economic loss.

The second scenario is where things get even worse. A group of hackers target the U.S. power grid and take out twice as many generators for the same amount of time. The economic damage more than quadruples to $1 trillion, or about 6% of U.S. GDP.

Ref. Link; http://fortune.com/2015/07/09/cybercrime-blackout-cost/

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME

Page 16: Trends in CyberCrime€¦ · TRENDS IN CYBERSECURITY /CRIME Cyber Threat Summary . References: • RCMP Cybercrime: an overview of incidents and issues in Canada. • Canadian Anti-Fraud

Reference: Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain.

Cyber criminals are selling the information on the black market at a rate of $50 for each partial EHR, compared to $1 for a stolen social security number or credit card number. EHR can then be used to file fraudulent insurance claims, obtain prescription medication, and advance identity theft. EHR theft is also more difficult to detect, taking almost twice as long as normal identity theft.

Ref. Link; http://www.illuminweb.com/wp-content/uploads/ill-mo-uploads/103/2418/health-systems-cyber-intrusions.pdf

*** THIS DOCUMENT HAS BEEN CLASSIFIED FOR PUBLIC ACCESS BY SECURE KNOWLEDGE MANAGEMENT INC***

TRENDS IN CYBERSECURITY /CRIME