Hi everyone! Welcome to our webinar about Back to Basics on Cybersecurity Concepts. I'm Sam Manjarres, I'm the Senior Audience Marketing Manager here at WatchGuard. And in our team we spend a lot of time thinking about you, about decisionmakers, leaders in your organizations that are looking to build secure work environments. During this webinar, we will review these basic security terms, strategies and best practices that can help any business implement strong security in their organizations.
The goal is to give you enough fuel today so you leave knowing how to create a risk free work environment for your business, for your employees, for your partners, for your stakeholders. So I'm really glad you're here and I hope you enjoy. This is the agenda for today, so I'm excited to share just some key concepts and terms that are that are really related to cybersecurity that I think we're hearing and seeing every day in the news. And so we kind of want to go over them and review them with you. We'll also take a look at the threat landscape and just try to understand vulnerabilities, incidents, data breaches, all of these events within the security space that it feels like are among us every day.
We also want to show you some of the key strategies that we strongly believe can help you secure your workforce in business. Many of you, I would assume, are under a hybrid model with remote workers. So I think this is going to be very helpful and we will close with some must have technologies that can make all of this happen. Right? Like what's that kind of that basic formula that you can follow to address all of your security concerns? And with that, we can get started. What is cybersecurity? This I took from the Cybersecurity and Infrastructure Security Agency, also known as CISA.
So great resource, by the way, for all of those of you in the U.S. or outside the U.S., really good educational resources for us to learn about cybersecurity. So from this source, cybersecurity is the art of protecting networks, devices and data from unauthorized access or criminal use.
It is the practice of ensuring confidentiality, integrity and availability of information. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet, or on someone else's system? It seems that everything relies on computers and the internet now. Communication, transportation, shopping, health care, education and so on. There are many risks, some more serious than others. But from a high level perspective, cyber attacks can hurt the integrity of your business.
And not having strong security ultimately comes down to loss, loss of data, financial loss, losing permanent or temporary access to systems, losing sensitive information, losing productivity, availability of your systems, losing reputation or lawsuits. And you know, let's be honest, there is no guarantee that even with the best precautions, some of these things won't happen to you. But there are steps that you can take to minimize the chances. So as we kind of go into this idea, what's the basic foundations for cybersecurity? What are some of those key terms? I thought it would be helpful to just go through some of those key terms and concepts that really are among us as we discuss security every day. Right? And it seemed helpful to just start by understanding that the differences between vulnerabilities, incidents and data breaches.
So let's take a look at these three concepts and how we can differentiate them. First, incidents. We understand incidents as a security event that compromises the integrity, confidentiality or availability of an information asset.
Then we have vulnerabilities. Vulnerabilities are considered any weakness in an asset or security protection which would allow for a threat to cause harm. It may be a flaw in coding, a mistake in configuration, a limitation of scope or capability, or an error in architecture that affects functions. And then we have data breaches. Breaches are incidents that result in the confirmed disclosure, not just the potential exposure of data to unauthorized parties.
So, you know, and you have it here on the screen, I like this description, a compromising event that leads to leaked or publicly exposed confidential information. This means if you look at these three concepts, this means that not every data breach features phishing attacks or accidental leaks of information. Some breaches are made possible when cybercriminals find vulnerabilities in unpatched software.
Others involve attackers probing networks for security misconfigurations that leave digital backdoors open. Also, we can conclude that many breaches aren't necessarily tied to vulnerabilities, the same way that incidents don't have to become vulnerabilities or lead to a data breach. The key is having the capabilities to identify these type of events and knowing how to respond. Continue in our kind of like our path of understanding these key concepts. I also wanted to highlight some of these common vulnerabilities, what they are, maybe give you some examples so that it also kind of helps you understand even your own threat landscape, right? Like within your organization or your industry based on your business model, you might find that you could be more vulnerable or more exposed to specific types of vulnerabilities, depending on the type of business that you operate.
So let's start with malware, a very common, commonly known type of vulnerability. It's malicious software. So it's any code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs. So this is a very short list on the screen, but it's definitely the the top malware types that we know and hear about all the time.
So ransomware is a type of malware, spyware, virus, worm. Also, if you if you've heard of Trojan Horse, that is a common malicious code or malware, then we also have DoS, or DDoS, which is Distributed Denial of Service. These are attacks that attempt to block access to resources. It is a violation of availability. And the DDoS type of attacks are often performed using botnets, which we are also going to cover on this list. Social engineering.
Social engineering are attacks that focus on people rather than technology. This type of attack is psychological, and it aims to either gain access to information or to logical or physical environments. Then we have identity theft. This is a big one. These are the actions that are performed to obtain confidential information of individuals or organizations, often to commit fraud. The Internet has made it easier, way easier for thieves to obtain personal and financial data.
Most companies and other institutions store information about their clients in databases. And if or when those databases become compromised, you, me, all of us could become victims of identity theft. And I think you probably are not going to be surprised. But we are going to come back to the specific threat of identity theft. As we continue our discussion today.
Then we also have phishing, also a very trendy type of vulnerability. We hear about it all the time. It's a social engineering attack that attempts to collect information from victims. And phishing attacks can take place over email, text messages, through social networks or via smartphone apps. Phishing attacks are often successful because they mimic legitimate communications from trusted entities or groups such as false emails, a false text from your bank, from a retail website, sometimes even from someone you know. Botnets, So botnets are a collection of innocent computers that have been compromised by malicious code to perform criminal actions.
These actions can include DDoS, plotting attacks, hosting false web services, spoofing DNS, among other types of malicious attacks. Before we go on to talk about some of the key data and the reported data breaches that we see in the news, I want to launch a poll question to the to the group in this room. How many malware attacks do you think were blocked by WatchGuard in June alone? So you have a couple options here: More than three hundred thousand, More than a million, more than five million, or more than eight million? How much work do you think we have every day to try to block malware attacks? Okay, let's see. So we have. Yes, well, it was pretty close between the last two. 39% voted more than five million, 38% voted more than eight million.
And the answer is more than five million. So let me show you a quick screenshot from our Threat Lab. So in June alone, a little over five million malware attacks were blocked by WatchGuard.
And this is just to give you a quick snapshot of the activity, the security activity that we have to track. Malware attacks happen twice every second, and 122 times every minute. So it's interesting to see just for this one type of vulnerability, right? Needless to say, all of the other things that we have to try and detect and protect and block. Just looking at malware attacks, this is the type of activity that you receive in just one month.
And I would love to invite you to visit our threat lab. We will have a link at the end of this presentation. You can actually browse by region and it will show you the top ten malware attacks. It'll give you a more comprehensive explanation on what's going on in the security landscape. And then moving on with more data, what's more interesting is reported data breaches. Let's just take a look at what happened in 2021.
If you follow any security media outlets, you probably get flooded with all of these statistics every day. And it was kind of hard to try to condense to just a few because, you know, you could really just spend so much time just analyzing the data that is available from public data breaches. So I thought I would look at only a couple of sources like the Identity Theft Resource Center and the most recent Verizon Data Breach Investigation Report.
And just try to really consolidate some key stats that kind of give you an idea of the top concerns and the top breaches that are happening just across markets, across industries. This goes beyond the company size, or the type of business. I think we all can relate or familiarize with these constant security events. It really is not exclusionary.
But let's look at the list. So we start with overall, there were 69% more data breaches in 2021 compared to 2020. according to the Identity Theft Resource Center and in their latest report on data breaches. Ransomware in general impacted 80% of busineses in 2021.
And then there's an interesting stat on Web Applications. So 70% of incidents involved Web applications. This, according to the Verizon Data Breach Investigation Report, was far and away the top cyber attack vector in 2021. And along with that, that same type of incident, 80% of those attacks targeting Web apps involved the use of stolen credentials. So this really emphasizes the importance of user awareness, strong authentication protocols, especially at the endpoint level. And then also coming from the Verizon Data Breach Investigation Report, this very alarming stat on supply chain, which I'm sure you also have heard of.
Supply chain breaches accounted for 62% of system intrusion. And really, their overall comment on these incidents is that software supply chain is a major avenue for exploitation by attackers in recent years. Let's close on this outlook, on publicly available and reported data breaches with how this is affecting, specifically, identity security. This also is taken from the Verizon Data Breach Investigation Report. It's really showing how stolen credentials in phishing attacks, but mostly stolen credentials lead the incidents and data breaches.
Among the more than 20,000 security incidents and more than 5000 confirmed data breaches that they use as their sample in their report, the use of stolen credentials was by far mostly represented across different types of sources. It was represented in third party breaches, in phishing attacks, basic web application attacks. So really, I mean, it's again, this is not new, but it's just kind of like coming back to the reality that identity and credential theft is definitely one of the most used methods by hackers to gain access to an organization. I also thought it was interesting to note the differences here in how stolen credentials and phishing attacks can be driven by human error. And I want you to remember this, because I'm coming back to this data breach investigation report later in the presentation. And I want you to remember the impact of human error risk.
Exploitation vulnerabilities and botnets can be a little more higher level and more, it requires more social engineering. So that's why we are categorizing that as threat actor driven. Now that we've discussed the key cybersecurity concepts, the common vulnerabilities and also the trends in data breaches, we can move on to a more optimistic part of our conversation and look at some strategies that you can implement to secure the workforce. These strategies are mostly thinking about organizations that have a hybrid model. And by that we mean some percentage of their staff or their contractors or stakeholders, Essentially, users that require access to their platforms and networks, are doing this remotely.
So let's start: In total, I have four strategies that I want you to consider when enabling a secure work environment. And, you know, since we've been talking a lot about phishing, and also credential theft, let's just start with one thing; really wanting to protect happy clickers. Breaches are relevant to our everyday duties.
And I don't think any of us are excluded from the potential of being a happy clicker. And we're all just targets of spear phishing campaigns. Some may be even more susceptible to clicking on anything. But maybe it's just because we are not very criminally minded. But the point is, breaches are relevant to our everyday life and what we do every day, both at work, outside of work.
Phishing is on many occasions the first step to further attacks from stealing passwords So it starts with stealing a password and then it goes down to downloading malware. So enabling the right technology for users, establishing policies and training your staff to spot phishing attempts, are critical to your security strategy. Patch and update software. So this is very important to us. We take these strategies very, very seriously as a company that sells software and security, but also internally, like as part of our culture, embracing the culture of patching and software updates.
It should be one of your top goals and commitments, if you really are taking security seriously. And really it's because vulnerability remediation speed, it matters. It can make a difference, right? A patch is often used to repair flaws or bugs in deployed code As well as introduce new features and capabilities. And the reality is, many breaches are still due to unpatched software with known vulnerabilities. And I think if you remember what I said in the beginning, having the power of understanding the type of incident my really lead to creating additional defenses. Because if you can differentiate between an incident and a vulnerability, then you might be able to stop it from becoming a vulnerability.
Before we move on to another strategy, I do want to relate this to the subject of notes on end of life software. Continued use of end of life software poses consequential risk to your system that can allow an attacker to exploit security vulnerabilities. So we highly recommend not using unsupported EOL (End of Life) software. So, moving onto Domain Name Systems (DNS). So adding DNS protection can really help you get control and visibility over Internet traffic. DNS level protection and content filtering keeps your business safe from phishing, from ransomware and other attacks even when your user is outside of the network.
So again, this particularly would be helpful if you have remote workers that don't always use a VPN connection. This is my first strategy, which I wanted to discuss this while bringing back the Verizon Data Breach Investigation Report. So if you take a moment to look at this graph, it's very interesting. And again, remember, I was talking about the human element and breaches that can be driven by human error. So I'm going to take a moment to read what the caption is for the graph from the report. And it says: "The human element continues to drive breaches."
"This year, 82% of breaches involved the human element," "Whether it is the use of stolen credentials, phishing, misuse, or simply an error," "people continue to play a very large role in incidents and breaches alike." So I think I want to pause because security awareness and training is not a groundbreaking strategy. In fact, if we go back to the title of our webinar, the idea today is just, it's back to basics, right? Let's review these foundational concepts that can help us understand our ideal security infrastructure and what we think we need to do to address that within our organizations. I left the security awareness training strategy last, but really, it should be the first thing that you address in your organization if you don't already have a security awareness program in place.
Empowering your employees with the security education that they need to protect themselves and their organization is a foundational step. Training your users so that they're able to detect a potential cyber attack, that can be cost saving. Just remember all the things that you can lose because of poor cybersecurity.
You can gain a lot by prioritizing security awareness among your staff, your stakeholders, and everybody that may need or require access to your systems. We are now ready to discuss the solutions to secure your organization. What is the recipe? What are the things that I need to look at in terms of investing in technology that can help me address all of these different potential events that we've been discussing? And before we do that, we want to launch another poll question. So what cybersecurity solutions do you currently have in your organization? Okay, so here are the options: Endpoint Security, Multi-factor Authentication, Wi-Fi Security, Network Security, or none? Okay.
I'm happy to see that nobody said none. There's a good mix of Endpoint Security, MFA, Wi-Fi and Network Security here. It seems endpoint is very popular, so that's good. I'll tell our endpoint team. (laughs) And MFA is ramping up too. It's interesting how MFA is quickly becoming part of the key solutions.
I think two years ago or we should say pre-pandemic, it felt like the market was still seeing it as something optional and now it's just a must-have really. And if we go back to all the reported data breaches and how many of them involve credential theft, I think it all makes sense. Well, thank you for your answers. This is really good and helpful.
So let's continue. I didn't want to spend too much time talking about solutions today because it really wasn't about that. I think today the goal was to review the key concepts and to really just go through some of those essential areas that will help you understand what is needed in your organization when it comes to security. But then obviously when you have all of that, you also need to understand what those technologies are like. How do I put all of this in place? And I think this is your most basic recipe, right? These are the different solutions and technologies that will help you address the security concerns that we have reviewed today. And you seem to be familiar with many of these.
But network security is really a foundational solution for your infastructure. If you want to protect your network from malware, malicious content, and phishing attacks, then obviously multifactor authentication. It's what helps you protect identity. It helps you protect access.
It also could definitely have an impact on employee productivity. Just think about the use of many passwords, and resetting passwords. So by enabling this type of authentication, you may be also creating additional efficiency for your staff in your organization.
There's Secure Wi-Fi. So definitely something that can help you create high performance wi-fi speed with the security that you need. And it will have an impact in protecting from data theft and malware. and then Endpoint Security, which you all know very much, it seems.
Just protecting your endpoints and all of your devices from infections and malicious processes. It's just it's you know, it's really where you have to be. I think with that, we really have covered everything that we wanted to share with you today in our webinar. Next, I just want to go through some final comments and it looks like we might have time for Q&A. So that's great. Please, if you haven't yet, make sure that you include your questions in the chat, or even if it's just comments, if you're interested in reviewing something that you want to go back to I'm happy to do that since we have some extra time.
But as some closing comments, just remember the goal. The goal is to create a risk free work environment. And your decisions and actions that you take ultimately determine the strength of your organization's security culture.
And I think the key takeaways for today really are represented in these four areas: Foster a culture of security aware individuals. Implement technologies that protect, prevent, detect and respond. So there is a lot in here, right? But this is just to be able to represent the importance of awareness and saying "Yes, Yes. You do need some of those technologies that are going to enable the security for you." But also going back to best practices like patch management and software updates. Right? Those are the things that are going to help you prevent.
And it doesn't all fall on technology. It really is your proactivity on keeping your systems up to date and as clean as possible. Yes, exactly what I was just saying by being consistent about software updates and patch management and embracing the concept of layered security.
So I think for those of you that are very focused on endpoint security, that's great. And that really will get you far, especially because with strong endpoint security, you can also rely on consistent monitoring, right. And detection and response. But if you really are thinking about creating the most secure environment and you have all of these different variables, such as remote workers, cloud adoption, digital transformation, these are all elements of advancement and ways of growing your organization that need more than just one approach to security. So when we say think about layered security, we really mean look at all of these different use cases that apply to you and go back to the recipe. Like I was saying, what's your recipe for having really strong security? And so that's when you will realize what is the right combination of security technologies that can help you cover all your bases.
I also wanted to share this slide. Full disclaimer, I stole this slide from our CIO's presentation yesterday at WatchGuard's Town Hall. And I thought as I've been working on creating the content for this webinar, I just thought that this was very relevant to this group who wanted to join and learn about the basics of cybersecurity.
And I think he was sharing this in the context of the same thing that I've been trying to do today. Right? So like trying to leverage on the importance of creating a culture of security awareness, creating a culture of security aware individuals. And so he was just doing his part on reminding us of all the things that we can do, what we are doing every day to remain, to keep our work environment as secure as possible and not just leave it all to the technology. So these are things that actually don't cost much money. so awareness and patient vigilance. So I think just like staying in touch, we have a strong security awareness program.
So when we get invitations to take tests every month and so on. So like really staying connected and participating in those different program events so that we can continue to learn and discover any latest phishing attempts that some actors may be trying on us. Leaving corporate security controls turned on. seeing something and saying something. And this is all related to the idea of advocacy, but really training your staff and training your employees and also letting them just, like, act on some things that look suspicious.
And this could also have an impact not just internally. Becoming a security advocate internally could lead to also being an external advocate. So if you have customers, if you have partners and you are learning all these things through your own security awareness program, share that knowledge with all of your interested parties. Because that can really have an impact with some other organizations or groups that may not have access to that type of security awareness. So the last one is very similar: Advocate partner and customer security. Be a part of that conversation and share the knowledge and share the awareness.
Just a closing thought, Today wasn't really to talk about any advanced security strategies or like the latest products that are going to help you protect and detect. but really is about how important it is to understand the risks of vulnerabilities and the risks of cyber attacks. That is the best way to defend yourself and your organization against threats, because I think that's what's going to give you the outlet to then knowing how you want to invest in cybersecurity. And that's all we have today. My last slide is just to acknowledge some of the sources that I would love to review for the content today. The WatchGuard Resource Center, which you can access on our website.
The WatchGuard Threat Lab, I showed you a little bit of that, but it's just a great interactive tool to help you see what's going on in the threat landscape. And then these are some of my most commonly used sources for cybersecurity awareness and cybersecurity education. So feel free to check them out, too. There's definitely a lot of good learning that comes from these different reports and resources. And with that, we are done for today.
Thanks all again for joining. Please join again. Keep an eye on our on our upcoming webinars. We have really good an interest in discussions that we're bringing to you. Thanks again and have a good day or afternoon depending on where you're joining from. Goodbye.
2022-08-01