SlideShare a Scribd company logo

2014: The Year of the Data Breach

Skyhigh Networks
Skyhigh Networks

There were more software vulnerabilities discovered in 2014 than ever before, and a record number of security breaches impacting 2 in 5 companies including Home Depot, eBay, and Apple. Get a recap of the biggest breaches of the year.

Technology
1 of 23
Download to read offline
Cybercrime is not just a hobby, it’s big business
Now there’s a thriving black market in software vulnerabilities driven by: NATION STATES TERROR GROUPS ORGANIZED CRIME
SECURITY VULNERABILITIES HIT AN ALL-TIME HIGH IN 2014 Security Vulnerabilities By Year (Includes code execution, gain information, XSS, SQL Injection, etc) 2010 8,000 6,000 4,000 2011 2012 2013 2014 Source: National Institute of Standards & Technology (NIST) Vulnerability Database
of vulnerabilities discovered in 2014 were defined as HIGH SEVERITY Source: National Institute of Standards & Technology (NIST) Vulnerability Database 24%
2014 VULNERABILITY REWIND Remember these bad boys?
Heartbleed CVE-2014-0160 Heartbleed makes the SSL layer used by millions of websites and thousands of cloud providers vulnerable. DISCOVERED: April 2014 SEVERITY LEVEL: Medium ATTACK VECTOR: OpenSSL VITAL STATS
Heartbleed CVE-2014-0160 DEFENSE CHECKLIST Check which services are vulnerable Change your passwords Use an encryption gateway 368 Number of cloud providers still vulnerable 24 hours after Heartbleed was reported
Shellshock CVE-2014-6271 Shellshock exposes a vulnerability in Bash, the widely-used shell for Unix-based operating systems such as Linux and OS X. DISCOVERED: September 2014 SEVERITY LEVEL: High ATTACK VECTOR: Bourne Again Shell (Bash) VITAL STATS
Shellshock CVE-2014-6271 90% Percentage of top IaaS providers vulnerable to Bash DEFENSE CHECKLIST Check for Bash vulnerabilities Update to the latest version of Bash Deploy a web application firewall
Sandworm CVE-2014-4114 Sandworm impacts all supported versions of Windows, allowing attackers to embed OLE files from external sources and download malware on target computers. DISCOVERED: October 2014 SEVERITY LEVEL: High ATTACK VECTOR: Microsoft Windows VITAL STATS
Sandworm CVE-2014-4114 DEFENSE CHECKLIST Source: Net Application “Desktop Operating System Market Share” Apply the official patch from Microsoft Update antivirus definitions Don’t open suspicious 70% email attachments Percentage of computers running a vulnerable version of Windows
POODLE CVE-2014-3566 POODLE lets attackers decrypt SSLv3 connections and hijack the cookie session that identifies you to a service, allowing them to control your account without needing your password. DISCOVERED: September 2014 SEVERITY LEVEL: Medium ATTACK VECTOR: SSLv3 VITAL STATS
POODLE CVE-2014-3566 61% Percentage of cloud services still vulnerable 24 hours after POODLE was reported DEFENSE CHECKLIST Disable SSLv3 on all services Rely on TLS version 1.0 or greater Likewise for browsers and forward proxies
The sheer number of vulnerabilities can make it difficult for companies to protect against breaches
2013 33% 2014 43% More than 2 in 5 companies experienced a breach of confidential data in 2014 Source: Ponemon Institute “Is Your Company Ready for A Big Data Breach?”
Michael’s 3 MILLION TOP 5 DATA BREACHES OF 2014 eBay 145 MILLION Home Depot 56 MILLION Sony 47,000 Apple iCloud 100 2014
MICHAEL’S January 2014 WHAT WAS STOLEN: 3 Million Customer Credit & Debit Card Numbers ROOT CAUSE: Malware
EBAY May 2014 WHAT WAS STOLEN: 145 Million Users’ Login Credentials & Personal Information (Name, Address, Data of Birth) ROOT CAUSE: Cyber Attack
WHAT WAS STOLEN: 100+ Nude Photos Of Celebrities ROOT CAUSE: Social APPLE ICLOUD Engineering August 2014
WHAT WAS STOLEN: 56 Million Payment Cards & 53 Million Email Addresses ROOT CAUSE: BlackPOS Malware HOME DEPOT September 2014
SONY PICTURES ENTERTAINMENT November 2014 WHAT WAS STOLEN: 47,000 Social Security Numbers of Employees and Celebrities, Scripts, Unreleased Movies ROOT CAUSE: Malware SONY PICTURES ENTERTAINMENT
Tip: To learn what cloud apps are in use at your company, get a complimentary cloud audit REQUEST COMPLIMENTARY CLOUD AUDIT http://bit.ly/ComplimentaryCloudAudit “With Skyhigh we discovered a wide range of services, allowing us to understand their associated risks and put in place policies to protect corporate data.” Steve Martino VP Information Security

Recommended

The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseSkyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...Skyhigh Networks
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015Skyhigh Networks
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaSkyhigh Networks
 
Infographic under the hood of a connected car hack
Infographic under the hood of a connected car hackInfographic under the hood of a connected car hack
Infographic under the hood of a connected car hackIBM Security
 
The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) Lori MacVittie
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015Prayukth K V
 

Recommended

The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseSkyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...Skyhigh Networks
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015Skyhigh Networks
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaSkyhigh Networks
 
Infographic under the hood of a connected car hack
Infographic under the hood of a connected car hackInfographic under the hood of a connected car hack
Infographic under the hood of a connected car hackIBM Security
 
The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) The Internet of Security Things (A Story about Change)
The Internet of Security Things (A Story about Change) Lori MacVittie
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015Cloud adoption and risk report Europe q1 2015
Cloud adoption and risk report Europe q1 2015Prayukth K V
 
MetaCert Security Sales Deck
MetaCert Security Sales DeckMetaCert Security Sales Deck
MetaCert Security Sales DeckPaul Walsh
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectNetskope
 
State of Application Delivery 2017 - Cloud Insights
State of Application Delivery 2017 - Cloud Insights State of Application Delivery 2017 - Cloud Insights
State of Application Delivery 2017 - Cloud Insights Lori MacVittie
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...Netskope
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...DefCamp
 
Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionNetskope
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
State of Application Delivery 2017 - DevOps Insights
State of Application Delivery 2017 - DevOps Insights State of Application Delivery 2017 - DevOps Insights
State of Application Delivery 2017 - DevOps Insights Lori MacVittie
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope
 
Are you ready for Hosting 3.0?
Are you ready for Hosting 3.0?Are you ready for Hosting 3.0?
Are you ready for Hosting 3.0?shawnnewman
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
The Riskiest Industries in the Cloud
The Riskiest Industries in the CloudThe Riskiest Industries in the Cloud
The Riskiest Industries in the CloudCloudLock
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudNetskope
 
Infographic: Mobile At Work
Infographic: Mobile At WorkInfographic: Mobile At Work
Infographic: Mobile At WorkBlueboxer2014
 
Windows Server 2003 Infographic
Windows Server 2003 InfographicWindows Server 2003 Infographic
Windows Server 2003 InfographicDamon Crawford
 
The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the WebSkyhigh Networks
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouSkyhigh Networks
 

More Related Content

What's hot

MetaCert Security Sales Deck
MetaCert Security Sales DeckMetaCert Security Sales Deck
MetaCert Security Sales DeckPaul Walsh
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectNetskope
 
State of Application Delivery 2017 - Cloud Insights
State of Application Delivery 2017 - Cloud Insights State of Application Delivery 2017 - Cloud Insights
State of Application Delivery 2017 - Cloud Insights Lori MacVittie
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...Netskope
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...DefCamp
 
Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionNetskope
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
 
State of Application Delivery 2017 - DevOps Insights
State of Application Delivery 2017 - DevOps Insights State of Application Delivery 2017 - DevOps Insights
State of Application Delivery 2017 - DevOps Insights Lori MacVittie
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageCindy Kim
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope
 
Are you ready for Hosting 3.0?
Are you ready for Hosting 3.0?Are you ready for Hosting 3.0?
Are you ready for Hosting 3.0?shawnnewman
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
The Riskiest Industries in the Cloud
The Riskiest Industries in the CloudThe Riskiest Industries in the Cloud
The Riskiest Industries in the CloudCloudLock
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudNetskope
 
Infographic: Mobile At Work
Infographic: Mobile At WorkInfographic: Mobile At Work
Infographic: Mobile At WorkBlueboxer2014
 
Windows Server 2003 Infographic
Windows Server 2003 InfographicWindows Server 2003 Infographic
Windows Server 2003 InfographicDamon Crawford
 

What's hot (20)

MetaCert Security Sales Deck
MetaCert Security Sales DeckMetaCert Security Sales Deck
MetaCert Security Sales Deck
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?
 
Data Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier EffectData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect
 
State of Application Delivery 2017 - Cloud Insights
State of Application Delivery 2017 - Cloud Insights State of Application Delivery 2017 - Cloud Insights
State of Application Delivery 2017 - Cloud Insights
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
Web Isolation 101: Securing Web Apps against data exfiltration and shielding ...
 
Cloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity EditionCloud Security for Dummies Webinar — The Identity Edition
Cloud Security for Dummies Webinar — The Identity Edition
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesForrester Research: Securing the Cloud When Users are Left to Their Own Devices
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
 
State of Application Delivery 2017 - DevOps Insights
State of Application Delivery 2017 - DevOps Insights State of Application Delivery 2017 - DevOps Insights
State of Application Delivery 2017 - DevOps Insights
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
Social Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the MessageSocial Media Balancing Security & Authenticity without Controlling the Message
Social Media Balancing Security & Authenticity without Controlling the Message
 
Netskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good ThingNetskope — Shadow IT Is A Good Thing
Netskope — Shadow IT Is A Good Thing
 
Are you ready for Hosting 3.0?
Are you ready for Hosting 3.0?Are you ready for Hosting 3.0?
Are you ready for Hosting 3.0?
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAM
 
The Riskiest Industries in the Cloud
The Riskiest Industries in the CloudThe Riskiest Industries in the Cloud
The Riskiest Industries in the Cloud
 
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudCure for the Common Cloud: How Healthcare can Safely Enable the Cloud
Cure for the Common Cloud: How Healthcare can Safely Enable the Cloud
 
Infographic: Mobile At Work
Infographic: Mobile At WorkInfographic: Mobile At Work
Infographic: Mobile At Work
 
Windows Server 2003 Infographic
Windows Server 2003 InfographicWindows Server 2003 Infographic
Windows Server 2003 Infographic
 

Viewers also liked

How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouSkyhigh Networks
 
The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudSkyhigh Networks
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines Skyhigh Networks
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSkyhigh Networks
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - FranticMiika Puputti
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hackingTjylen Veselyj
 
How to make a presentation like Steve Jobs
How to make a presentation like Steve JobsHow to make a presentation like Steve Jobs
How to make a presentation like Steve JobsHeyday ApS
 
Make Your Presentation Memorable
Make Your Presentation MemorableMake Your Presentation Memorable
Make Your Presentation MemorableEthos3
 
Make Your Presentation Pop
Make Your Presentation PopMake Your Presentation Pop
Make Your Presentation PopArtisan Talent
 

Viewers also liked (11)

The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the Web
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink You
 
The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the Cloud
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines
 
Searching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done RightSearching Encrypted Cloud Data: Academia and Industry Done Right
Searching Encrypted Cloud Data: Academia and Industry Done Right
 
Cloud Security Alliance - Guidance
Cloud Security Alliance - GuidanceCloud Security Alliance - Guidance
Cloud Security Alliance - Guidance
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - Frantic
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hacking
 
How to make a presentation like Steve Jobs
How to make a presentation like Steve JobsHow to make a presentation like Steve Jobs
How to make a presentation like Steve Jobs
 
Make Your Presentation Memorable
Make Your Presentation MemorableMake Your Presentation Memorable
Make Your Presentation Memorable
 
Make Your Presentation Pop
Make Your Presentation PopMake Your Presentation Pop
Make Your Presentation Pop
 

Similar to 2014: The Year of the Data Breach

Web Application Security
Web Application SecurityWeb Application Security
Web Application Securitysudip pudasaini
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionAlert Logic
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackTim Mackey
 
3/ Black Duck @ OPEN'16
3/ Black Duck @ OPEN'163/ Black Duck @ OPEN'16
3/ Black Duck @ OPEN'16Kangaroot
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416Anthony Arrott
 
Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Waqas Amir
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesBunmi Sowande
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Achieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityAchieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityDell World
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesTechBiz Forense Digital
 

Similar to 2014: The Year of the Data Breach (20)

Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload ProtectionReducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStackSecure application deployment in Apache CloudStack
Secure application deployment in Apache CloudStack
 
3/ Black Duck @ OPEN'16
3/ Black Duck @ OPEN'163/ Black Duck @ OPEN'16
3/ Black Duck @ OPEN'16
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416
 
Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015Symantec Internet Security Threat Report Volume 2015
Symantec Internet Security Threat Report Volume 2015
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
How Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software VulnerabilitiesHow Malware Works - Understanding Software Vulnerabilities
How Malware Works - Understanding Software Vulnerabilities
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Achieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email SecurityAchieving Deeper Network, Mobile and Email Security
Achieving Deeper Network, Mobile and Email Security
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

2014: The Year of the Data Breach

  • 1.
  • 2. Cybercrime is not just a hobby, it’s big business
  • 3. Now there’s a thriving black market in software vulnerabilities driven by: NATION STATES TERROR GROUPS ORGANIZED CRIME
  • 4. SECURITY VULNERABILITIES HIT AN ALL-TIME HIGH IN 2014 Security Vulnerabilities By Year (Includes code execution, gain information, XSS, SQL Injection, etc) 2010 8,000 6,000 4,000 2011 2012 2013 2014 Source: National Institute of Standards & Technology (NIST) Vulnerability Database
  • 5. of vulnerabilities discovered in 2014 were defined as HIGH SEVERITY Source: National Institute of Standards & Technology (NIST) Vulnerability Database 24%
  • 6. 2014 VULNERABILITY REWIND Remember these bad boys?
  • 7. Heartbleed CVE-2014-0160 Heartbleed makes the SSL layer used by millions of websites and thousands of cloud providers vulnerable. DISCOVERED: April 2014 SEVERITY LEVEL: Medium ATTACK VECTOR: OpenSSL VITAL STATS
  • 8. Heartbleed CVE-2014-0160 DEFENSE CHECKLIST Check which services are vulnerable Change your passwords Use an encryption gateway 368 Number of cloud providers still vulnerable 24 hours after Heartbleed was reported
  • 9. Shellshock CVE-2014-6271 Shellshock exposes a vulnerability in Bash, the widely-used shell for Unix-based operating systems such as Linux and OS X. DISCOVERED: September 2014 SEVERITY LEVEL: High ATTACK VECTOR: Bourne Again Shell (Bash) VITAL STATS
  • 10. Shellshock CVE-2014-6271 90% Percentage of top IaaS providers vulnerable to Bash DEFENSE CHECKLIST Check for Bash vulnerabilities Update to the latest version of Bash Deploy a web application firewall
  • 11. Sandworm CVE-2014-4114 Sandworm impacts all supported versions of Windows, allowing attackers to embed OLE files from external sources and download malware on target computers. DISCOVERED: October 2014 SEVERITY LEVEL: High ATTACK VECTOR: Microsoft Windows VITAL STATS
  • 12. Sandworm CVE-2014-4114 DEFENSE CHECKLIST Source: Net Application “Desktop Operating System Market Share” Apply the official patch from Microsoft Update antivirus definitions Don’t open suspicious 70% email attachments Percentage of computers running a vulnerable version of Windows
  • 13. POODLE CVE-2014-3566 POODLE lets attackers decrypt SSLv3 connections and hijack the cookie session that identifies you to a service, allowing them to control your account without needing your password. DISCOVERED: September 2014 SEVERITY LEVEL: Medium ATTACK VECTOR: SSLv3 VITAL STATS
  • 14. POODLE CVE-2014-3566 61% Percentage of cloud services still vulnerable 24 hours after POODLE was reported DEFENSE CHECKLIST Disable SSLv3 on all services Rely on TLS version 1.0 or greater Likewise for browsers and forward proxies
  • 15. The sheer number of vulnerabilities can make it difficult for companies to protect against breaches
  • 16. 2013 33% 2014 43% More than 2 in 5 companies experienced a breach of confidential data in 2014 Source: Ponemon Institute “Is Your Company Ready for A Big Data Breach?”
  • 17. Michael’s 3 MILLION TOP 5 DATA BREACHES OF 2014 eBay 145 MILLION Home Depot 56 MILLION Sony 47,000 Apple iCloud 100 2014
  • 18. MICHAEL’S January 2014 WHAT WAS STOLEN: 3 Million Customer Credit & Debit Card Numbers ROOT CAUSE: Malware
  • 19. EBAY May 2014 WHAT WAS STOLEN: 145 Million Users’ Login Credentials & Personal Information (Name, Address, Data of Birth) ROOT CAUSE: Cyber Attack
  • 20. WHAT WAS STOLEN: 100+ Nude Photos Of Celebrities ROOT CAUSE: Social APPLE ICLOUD Engineering August 2014
  • 21. WHAT WAS STOLEN: 56 Million Payment Cards & 53 Million Email Addresses ROOT CAUSE: BlackPOS Malware HOME DEPOT September 2014
  • 22. SONY PICTURES ENTERTAINMENT November 2014 WHAT WAS STOLEN: 47,000 Social Security Numbers of Employees and Celebrities, Scripts, Unreleased Movies ROOT CAUSE: Malware SONY PICTURES ENTERTAINMENT
  • 23. Tip: To learn what cloud apps are in use at your company, get a complimentary cloud audit REQUEST COMPLIMENTARY CLOUD AUDIT http://bit.ly/ComplimentaryCloudAudit “With Skyhigh we discovered a wide range of services, allowing us to understand their associated risks and put in place policies to protect corporate data.” Steve Martino VP Information Security