2014: The Year of the Data Breach

There were more software vulnerabilities discovered in 2014 than ever before, and a record number of security breaches impacting 2 in 5 companies including Home Depot, eBay, and Apple. Get a recap of the biggest breaches of the year.

Published in: Technology

2014: The Year of the Data Breach from Skyhigh Networks Cloud Security Software

Transcript

• 1. Cybercrime is not just a hobby, it’s big business
• 2. Now there’s a thriving black market in software vulnerabilities driven by: NATION STATES TERROR GROUPS ORGANIZED CRIME
• 3. SECURITY VULNERABILITIES HIT AN ALL-TIME HIGH IN 2014 Security Vulnerabilities By Year (Includes code execution, gain information, XSS, SQL Injection, etc) 2010 8,000 6,000 4,000 2011 2012 2013 2014 Source: National Institute of Standards & Technology (NIST) Vulnerability Database
• 4. of vulnerabilities discovered in 2014 were defined as HIGH SEVERITY Source: National Institute of Standards & Technology (NIST) Vulnerability Database 24%
• 5. 2014 VULNERABILITY REWIND Remember these bad boys?
• 6. Heartbleed CVE-2014-0160 Heartbleed makes the SSL layer used by millions of websites and thousands of cloud providers vulnerable. DISCOVERED: April 2014 SEVERITY LEVEL: Medium ATTACK VECTOR: OpenSSL VITAL STATS
• 7. Heartbleed CVE-2014-0160 DEFENSE CHECKLIST Check which services are vulnerable Change your passwords Use an encryption gateway 368 Number of cloud providers still vulnerable 24 hours after Heartbleed was reported
• 8. Shellshock CVE-2014-6271 Shellshock exposes a vulnerability in Bash, the widely-used shell for Unix-based operating systems such as Linux and OS X. DISCOVERED: September 2014 SEVERITY LEVEL: High ATTACK VECTOR: Bourne Again Shell (Bash) VITAL STATS
• 9. Shellshock CVE-2014-6271 90% Percentage of top IaaS providers vulnerable to Bash DEFENSE CHECKLIST Check for Bash vulnerabilities Update to the latest version of Bash Deploy a web application firewall
• 10. Sandworm CVE-2014-4114 Sandworm impacts all supported versions of Windows, allowing attackers to embed OLE files from external sources and download malware on target computers. DISCOVERED: October 2014 SEVERITY LEVEL: High ATTACK VECTOR: Microsoft Windows VITAL STATS
• 11. Sandworm CVE-2014-4114 DEFENSE CHECKLIST Source: Net Application “Desktop Operating System Market Share” Apply the official patch from Microsoft Update antivirus definitions Don’t open suspicious 70% email attachments Percentage of computers running a vulnerable version of Windows
• 12. POODLE CVE-2014-3566 POODLE lets attackers decrypt SSLv3 connections and hijack the cookie session that identifies you to a service, allowing them to control your account without needing your password. DISCOVERED: September 2014 SEVERITY LEVEL: Medium ATTACK VECTOR: SSLv3 VITAL STATS
• 13. POODLE CVE-2014-3566 61% Percentage of cloud services still vulnerable 24 hours after POODLE was reported DEFENSE CHECKLIST Disable SSLv3 on all services Rely on TLS version 1.0 or greater Likewise for browsers and forward proxies
• 14. The sheer number of vulnerabilities can make it difficult for companies to protect against breaches
• 15. 2013 33% 2014 43% More than 2 in 5 companies experienced a breach of confidential data in 2014 Source: Ponemon Institute “Is Your Company Ready for A Big Data Breach?”
• 16. Michael’s 3 MILLION TOP 5 DATA BREACHES OF 2014 eBay 145 MILLION Home Depot 56 MILLION Sony 47,000 Apple iCloud 100 2014
• 17. MICHAEL’S January 2014 WHAT WAS STOLEN: 3 Million Customer Credit & Debit Card Numbers ROOT CAUSE: Malware
• 18. EBAY May 2014 WHAT WAS STOLEN: 145 Million Users’ Login Credentials & Personal Information (Name, Address, Data of Birth) ROOT CAUSE: Cyber Attack
• 19. WHAT WAS STOLEN: 100+ Nude Photos Of Celebrities ROOT CAUSE: Social APPLE ICLOUD Engineering August 2014
• 20. WHAT WAS STOLEN: 56 Million Payment Cards & 53 Million Email Addresses ROOT CAUSE: BlackPOS Malware HOME DEPOT September 2014
• 21. SONY PICTURES ENTERTAINMENT November 2014 WHAT WAS STOLEN: 47,000 Social Security Numbers of Employees and Celebrities, Scripts, Unreleased Movies ROOT CAUSE: Malware SONY PICTURES ENTERTAINMENT
• 22. Tip: To learn what cloud apps are in use at your company, get a complimentary cloud audit REQUEST COMPLIMENTARY CLOUD AUDIT http://bit.ly/ComplimentaryCloudAudit “With Skyhigh we discovered a wide range of services, allowing us to understand their associated risks and put in place policies to protect corporate data.” Steve Martino VP Information Security