deloitte on
technology
No Such Thing as Hacker-proof
Security breaches breakdown
Top causes of data breaches1
Total number of vulnerabilities identified1,2
30
HACKERS
40%
Percent
change
-30
6000
ACCIDENTAL LEAK
23%
4000
HARD DRIVE THEFT OR LOSS
23%
INSIDER THEFT
8%
2000
OTHER
6%
Vulnerabilities
2006
2007
2008
2009
2010
2011
2012
Based on a study of global cyber activity, hackers continue to be responsible for the largest number of data breaches. The general trend of
vulnerabilities that allow attackers to compromise availability, confidentiality, or integrity of a computer system is upward. For 2012, there were
approximately 101 new vulnerabilities each week.
Average cost mix of attacks and remediation time in U.S.3
Percent of total cost
0%
20%
40%
60%
80%
100%
60
30
Average
days to
remediate
Malicious
code
Denial of
services
Web-based
attacks
Stolen
devices
Malicious
insiders
Botnets &
malware
Phishing
Viruses,
& social & trojans
engineering
In 2012, the average amount of time needed to resolve a cyber attack was 24 days with an average total cost of $591,780 during this period, a 42%
increase from 2011’s average cost.
From repair to prevention to prediction
The evolution of defense
Cyber intelligence: A broader landscape
Perimeter defense
Classic security controls like firewalls,
antivirus, and intrusion detection
systems to defend against noisy,
opportunistic hackers
Defense in-depth
Introduction of intrusion prevention
systems and encryption, investment
in securing access on the inside
Cyber security
What happened, and
how do I fix it?
Cyber
intelligence
Cyber forensics
Who did it,when,
and why?
Cyber intelligence
Security viewed as a smoke detector,
not a fire truck, with proactive
agendas based on risk and value,
and the addition of cyber analytics,
forensics, and logistics
Cyber analytics
Where and how
might the next
attack occur?
Cyber logistics
What are the risk vectors
in supply and operations?
Despite business investments in cyber security, the “bad guys” may still get in, and the “good stuff” may still get out. It’s likely time to round out
defense-in-depth and move from cyber security to cyber intelligence.
Percentage of long-dwell breaches4
Intrusion to containment time in breach investigations5
80
0-30 days
66%
9%
60
5%
31-90 days
14%
91-180 days
40
27%
181-365 days
25%
20
2 years
20%
Percent
Pre-2008
2008
2009
2010
2011
2012
According to a study examining the time from initial compromise
to detection, the percent of breaches that remain undiscovered for
months or more has been increasing since 2010. Like Cold War
sleepers, long-dwell hackers remain until the value and opportunity
of an attack ripens.
3+ years
In 2012, the average time from initial breach to detection was 210 days
– 35 days longer than in 2011. Well resourced, highly organized, and
adaptive hackers are increasingly staging multi-dimensional, persistent
and sustained security breaches, seeking IP and operational intelligence.
Cyber security inspired by other disciplines
The castle walls6
Botnets as bird flu7,8
Environment
Agent
In his presentation at FedTalks 2013, Dr. Patrick Dowd, the CTO
and Chief Architect of the NSA, spoke about the dangers of uneven
cyber, in which the castle wall is 2 feet high in some places, and
100 feet in others. Enterprises should even out their cyber security
in order to minimize opportunities for hackers to access data.
Host
In a presentation on the evolving nature of cyber threats, Ben
Hammersley, a leading Internet technologist, said that the correct
metaphor for cyber security threats isn’t border-based but viral:
We should start thinking of “botnets as bird flu” and focus on the
origin of an attack rather than perimeter defense and counterattacks.
Gladwell’s “Three Rules”9
“The Law of the Few”
Nation-state-sponsored
hackers have a rare set
of advantages: resources,
influence, and knowledge
“The Stickiness Factor”
Cyber breaches have shifted
away from smash-and-grab
attacks as long-term dwells
prove more effective
“The Power of Context”
The postdigital world
of ubiquitous connectivity
and ill-prepared enterprises
enables cyber attacks
In his book “The Tipping Point," Malcolm Gladwell presents the theory that any change in the “Three Rules of Epidemics” can cause a tipping point in
a movement. Recent developments in the cyber world in the three change agents are presenting hackers with new opportunities to attack. Faced
with this tipping point, organizations need to aggressively quarantine detected incidents at the earliest possible time, allowing the threat to be
understood and traced from a controlled environment where business risk has been contained.
The future of cyber
Cyber big ideas
Cyber Common
Operating Picture (COP)
Integrates, visualizes and
automates the cybersecurity
framework and increases
information sharing and
insight from captured data
Hyperconnected risk
management framework
Enables near real-time
sharing of cyber threat
information, produces and
tracks reports, reduces risks
through consultation
Privacy office
of the future
Uses new techniques like
analytics and design
thinking to foster a culture
of privacy and transparency
and promote compliance
Digital Identities10
Creates identity ecosystems
inside and outside organizations,
embeds identity programs
into core services, validates
users in real time
Cyber human capital
Expands pipeline of qualified
cybersecurity candidates,
improves high cybersecurity
proficiency, establishes a
cybersecurity reserve program
National cyber
incentives program
Leverages incentives such
as tax breaks, preference
programs, and subsidies to
promote cyber development
The question is not if you will be attacked, but
when — and how you will deal with it. Cyber intelligence involves
a combination of prevention, early detection, and rapid response.
BOTTOM LINE
For more information please visit www.deloitte.com/us/techtrends2013.
SOURCES 1 Symantec Corporation, “Internet Threat Security Report 2013,” April 2013. 2 Symantec Corporation, “Internet Threat Security Report 2012,” April 2012. 3 Ponemon
Institute, “2012 Cost of Cyber Crime Study: United States,” October 2012. 4 Verizon, “2013 Data Breach Investigations Report,” 2013. 5 Trustwave, “2013 Global Security Report,”
Nicholas J. Percoco, 2013. 6 Cory Bennett, Inside NSA’s data protection, cloud strategy, http://fedscoop.com/inside-nsas-data-protection-cloud-strategy (June 12, 2013). 7 Kenneth
Corbin, Cybersecurity Isn't a Border-based Threat, it's a Viral Threat, http://www.cio.com/article/711526/Cybersecurity_Isn_t_a_Border_based_Threat_it_s_a_Viral_Threat (July 19,
2012). 8 Principles of Epidemiology in Public Health Practice, Centers for Disease Control and Prevention, http://www.cdc.gov/osels/scientific_edu/ss1978/lesson1/Section8.html
(May 18, 2012). 9 Malcolm Gladwell, The Tipping Point (New York: Little, Brown & Company, 2000) 10 Additional information is available in Deloitte Consulting LLP (2012),
"Tech Trends 2012: Elevate IT for digital business", www.deloitte.com/us/techtrends2012, Chapter 8.
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other
professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your
business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any
loss sustained by any person who relies on this publication.
As used in this document, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure
of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2013 Deloitte Development LLC. All rights reserved.