SlideShare a Scribd company logo

Cybersecurity 2020 threat landscape and its implications (AMER)

Download as PPTX, PDF
Cloudflare
Cloudflare

Cybersecurity decisions have direct implications to individuals, enterprises and organizations but also have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, and those of our customers, significantly. This reliance and targeting have been magnified during COVID19, where the cybercriminals have sunk to new lows at the same time as that reliance on tech has increased. This session will explore how these technologies are going to change the experiences of our lives for the better and for the worse. It will explore the most recent cybersecurity breaches, predict the key security issues for 2020 and discuss current security priorities.

Related slideshows

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Cism course ppt
Cism course pptCism course ppt
Cism course ppt
 
1 of 42
1 Cybersecurity 2020 Threat Landscape and its Implications Featuring Guest Speaker from Forrester
2 Today’s Speakers Guest Speaker, Sandy Carielli Principal Analyst Forrester Arun Singh Product Marketing Lead, Security Cloudflare
3 Agenda 1 Security Threat Trends and Implications - 2 Recommendations and Solutions 3 Q&A
4 Cloudflare Introduction
5 Cloudflare is an intelligent, integrated global cloud network that delivers security, performance, and reliability for all your Internet infrastructure, people and connected devices. CLOUDFLARE’S MISSION: Help build a better Internet Confidential. Copyright © Cloudflare, Inc.
6 27M+ Internet properties 37 Tbps Of network capacity 200 Cities and 95+ countries 45B Cyber threats blocked each day in Q1 ‘20 99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network Help Build A Better Internet 6 Note: Map Data as of Jan, 15, 2020
Cybersecurity 2020 Threat Landscape and its Implications Sandy Carielli Principal Analyst
8© 2020 Forrester. Reproduction Prohibited. 33% of firms suffered a breach as a result of an external attack. This is how.
9© 2020 Forrester. Reproduction Prohibited. Some Of The Top Threats In 2020 Are Web App Based Bots APIs Client Side Attacks Forrester Report: “Top Cybersecurity Threats In 2020”
10© 2020 Forrester. Reproduction Prohibited. The New Normal
11© 2020 Forrester. Reproduction Prohibited. Breaches Due To Improperly Secured APIs Common Causes Were Poor Access Control and Unauthenticated API Endpoints https://www.wired.com/story/i-scraped-millions-of-venmo-payments-your-data-is-at-risk/?verso=true https://www.csoonline.com/article/3268025/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html https://www.theinquirer.net/inquirer/news/3066805/usps-data-breach-api-flaw https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
12© 2020 Forrester. Reproduction Prohibited. https://www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf
13© 2020 Forrester. Reproduction Prohibited. Client Side Validation + Poor API Authorization = Data Leakage 13
14© 2020 Forrester. Reproduction Prohibited. “Magecart Attacks Are A Supply Chain Problem” Forrester Report: “Top Cybersecurity Threats In 2020”
15 Increases in global Internet utilization
16
17 ITALY ● National quarantine ordered on March 9th, 2020 ● 20% increase in utilization
18 Global Trends ● Global increases in traffic in all regions ● Japan and India continue to see increases after a temporary decline in late March
19 ● 250% increase in websites related to kids activities ● Over 100% increase in the top 5 categories Categorical increases
20 Event related traffic declines ● Up to 50% decline in traffic at sporting event sites ● Travel sites experiencing similar declines
21 Rising security concerns
22
23 Hospital websites Almost 2x increase in attacks in March and April
24 Since the murder of George Floyd there’s also been a large increase in attacks on US government websites. Cyberattacks against the society The category with the biggest increase in cyberattacks was Advocacy Groups with a staggering increase of 1,120x.
25 Q1 DDoS Trends ● In Q1 2020, 92% of the attacks were under 10 Gbps, compared to 84% in Q4 2019
26 Q1 DDoS Trends ● Majority of the attacks peaked below 1 million packets per second (pps).
27 Q1 DDoS Trends ● 79% of DDoS attacks in Q1 lasted between 30 to 60 minutes, compared to 60% in Q4, which represents a 19% increase.
28 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
29 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
30 Application-level attacks ● United States accounted for the largest number of application-level attacks that Cloudflare blocked
31 Top 4 application attack vectors ● Command Injection ● SQL injection ● File Inclusion ● Fake search engine crawler
“Bad bots comprise about 20% of all web traffic.” - “Top Cybersecurity Threats In 2020,” Forrester Report
33© 2020 Forrester. Reproduction Prohibited. The Many Flavors Of Bad Bots Web scraping Credential Stuffing Checkout abuse Inventory hoarding Card fraud Web recon Ad fraud DDoS Business logic Influence fraud
34© 2020 Forrester. Reproduction Prohibited. Bot Attacks Impact Wider Range Of Personas Security Marketing Fraud eCommerce Customer Experience
35 Online Shoe Retailer Valuable inventory was hoarded, damaging brand and reducing revenue ● Premium limited release inventory was being purchased and “hoarded” by bots ● Approx. 75% of all traffic came from bots ● Resulted in high infrastructure costs ● Created bad will for customers ● Cloudflare solved with 0.1% false positive rate
36© 2020 Forrester. Reproduction Prohibited. From Sneakers To Toilet Paper: What Is “Valuable?”
37© 2020 Forrester. Reproduction Prohibited. The New Normal
Collaborate And Automate “Siloed teams perform even worse when everything is remote. The friction of work handoffs is further compounded by distance.” - “Agile, DevOps, And COVID-19,” Forrester Blog
39© 2020 Forrester. Reproduction Prohibited. • Enumerate, manage and protect API assets … and don’t trust client-side data! • Protect client-side code • Use bot management tooling to change the economics of bot attacks • Consider how the “new normal” changes how attackers might target your products or services • Invest in automation – but make sure your automations are built on solid processes • Focus on CI/CD integrations and collaboration in remote work situations Recommendations
Thank You. © 2020 Forrester. Reproduction Prohibited.
41 Thank you!
42 Q&A

More Related Content

Cybersecurity 2020 threat landscape and its implications (AMER)

  • 1. 1 Cybersecurity 2020 Threat Landscape and its Implications Featuring Guest Speaker from Forrester
  • 2. 2 Today’s Speakers Guest Speaker, Sandy Carielli Principal Analyst Forrester Arun Singh Product Marketing Lead, Security Cloudflare
  • 3. 3 Agenda 1 Security Threat Trends and Implications - 2 Recommendations and Solutions 3 Q&A
  • 5. 5 Cloudflare is an intelligent, integrated global cloud network that delivers security, performance, and reliability for all your Internet infrastructure, people and connected devices. CLOUDFLARE’S MISSION: Help build a better Internet Confidential. Copyright © Cloudflare, Inc.
  • 6. 6 27M+ Internet properties 37 Tbps Of network capacity 200 Cities and 95+ countries 45B Cyber threats blocked each day in Q1 ‘20 99% Of the Internet-connected population in the developed world population is located within 100 milliseconds of our network Help Build A Better Internet 6 Note: Map Data as of Jan, 15, 2020
  • 7. Cybersecurity 2020 Threat Landscape and its Implications Sandy Carielli Principal Analyst
  • 8. 8© 2020 Forrester. Reproduction Prohibited. 33% of firms suffered a breach as a result of an external attack. This is how.
  • 9. 9© 2020 Forrester. Reproduction Prohibited. Some Of The Top Threats In 2020 Are Web App Based Bots APIs Client Side Attacks Forrester Report: “Top Cybersecurity Threats In 2020”
  • 10. 10© 2020 Forrester. Reproduction Prohibited. The New Normal
  • 11. 11© 2020 Forrester. Reproduction Prohibited. Breaches Due To Improperly Secured APIs Common Causes Were Poor Access Control and Unauthenticated API Endpoints https://www.wired.com/story/i-scraped-millions-of-venmo-payments-your-data-is-at-risk/?verso=true https://www.csoonline.com/article/3268025/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html https://www.theinquirer.net/inquirer/news/3066805/usps-data-breach-api-flaw https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
  • 12. 12© 2020 Forrester. Reproduction Prohibited. https://www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf
  • 13. 13© 2020 Forrester. Reproduction Prohibited. Client Side Validation + Poor API Authorization = Data Leakage 13
  • 14. 14© 2020 Forrester. Reproduction Prohibited. “Magecart Attacks Are A Supply Chain Problem” Forrester Report: “Top Cybersecurity Threats In 2020”
  • 15. 15 Increases in global Internet utilization
  • 16. 16
  • 17. 17 ITALY ● National quarantine ordered on March 9th, 2020 ● 20% increase in utilization
  • 18. 18 Global Trends ● Global increases in traffic in all regions ● Japan and India continue to see increases after a temporary decline in late March
  • 19. 19 ● 250% increase in websites related to kids activities ● Over 100% increase in the top 5 categories Categorical increases
  • 20. 20 Event related traffic declines ● Up to 50% decline in traffic at sporting event sites ● Travel sites experiencing similar declines
  • 22. 22
  • 23. 23 Hospital websites Almost 2x increase in attacks in March and April
  • 24. 24 Since the murder of George Floyd there’s also been a large increase in attacks on US government websites. Cyberattacks against the society The category with the biggest increase in cyberattacks was Advocacy Groups with a staggering increase of 1,120x.
  • 25. 25 Q1 DDoS Trends ● In Q1 2020, 92% of the attacks were under 10 Gbps, compared to 84% in Q4 2019
  • 26. 26 Q1 DDoS Trends ● Majority of the attacks peaked below 1 million packets per second (pps).
  • 27. 27 Q1 DDoS Trends ● 79% of DDoS attacks in Q1 lasted between 30 to 60 minutes, compared to 60% in Q4, which represents a 19% increase.
  • 28. 28 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
  • 29. 29 Late March events ● Largest attack mitigated (550 Gbps) ● 55% increase in number of attacks (compared to first half)
  • 30. 30 Application-level attacks ● United States accounted for the largest number of application-level attacks that Cloudflare blocked
  • 31. 31 Top 4 application attack vectors ● Command Injection ● SQL injection ● File Inclusion ● Fake search engine crawler
  • 32. “Bad bots comprise about 20% of all web traffic.” - “Top Cybersecurity Threats In 2020,” Forrester Report
  • 33. 33© 2020 Forrester. Reproduction Prohibited. The Many Flavors Of Bad Bots Web scraping Credential Stuffing Checkout abuse Inventory hoarding Card fraud Web recon Ad fraud DDoS Business logic Influence fraud
  • 34. 34© 2020 Forrester. Reproduction Prohibited. Bot Attacks Impact Wider Range Of Personas Security Marketing Fraud eCommerce Customer Experience
  • 35. 35 Online Shoe Retailer Valuable inventory was hoarded, damaging brand and reducing revenue ● Premium limited release inventory was being purchased and “hoarded” by bots ● Approx. 75% of all traffic came from bots ● Resulted in high infrastructure costs ● Created bad will for customers ● Cloudflare solved with 0.1% false positive rate
  • 36. 36© 2020 Forrester. Reproduction Prohibited. From Sneakers To Toilet Paper: What Is “Valuable?”
  • 37. 37© 2020 Forrester. Reproduction Prohibited. The New Normal
  • 38. Collaborate And Automate “Siloed teams perform even worse when everything is remote. The friction of work handoffs is further compounded by distance.” - “Agile, DevOps, And COVID-19,” Forrester Blog
  • 39. 39© 2020 Forrester. Reproduction Prohibited. • Enumerate, manage and protect API assets … and don’t trust client-side data! • Protect client-side code • Use bot management tooling to change the economics of bot attacks • Consider how the “new normal” changes how attackers might target your products or services • Invest in automation – but make sure your automations are built on solid processes • Focus on CI/CD integrations and collaboration in remote work situations Recommendations
  • 40. Thank You. © 2020 Forrester. Reproduction Prohibited.