John KirchRegional Director - North Asia
International Computer AssociationJuly 27th, 2017
Leveraging Artificial Intelligence to detectNew, Emerging Cyber Threats in Realtime
Darktrace : Background & Growth• Founded by world-leading mathematicians,
from the University of Cambridge, and cyber operations experts
• Fundamental technology innovation• Powered by machine learning and
mathematics• 3,000+ deployments worldwide • 600% year-on-year growth• Dual HQs in San Francisco, and
Cambridge, UK, and over 24 offices worldwide
“Darktrace detects threats without having to define the activity in advance” CIO, City of Las Vegas
“Darktrace’s technology is unique”CISO, Telstra
ICA
EvolutionICA
The Evolution of Cyber Security
Source: National Oil Company Conference 2014 - Evolving Cyber Security
ICA
The Cyber Landscape – Evolving Attack Sophistication
Source: National Oil Company Conference 2014 - Evolving Cyber Security
ICA
Selected Large Hacking Incidents Worldwide (1-6)SONY2014 Hackers believed to be associated with North Korea rampaged through the servers of Sony Pictures Entertainment in retaliation for a film comedy showing North Korean leader Kim Jong-un’s face being melted off.
ICA
TARGET2013- Dec110Mcustomers’personalandfinancialinformationwasexposed.TheCEOlaterresignedaspartofthefalloutfromthemassivebreach.
JPMorgan2014Hackershijackeda-JPMorganChaseserverandstoledataofmillionsofthebank’saccounts.ThedataallegedlyusedinfraudschemesgeneratingUS$100M+.
HOMEDEPOT2014Hackersstoleemailand creditcarddatafor50Mcustomers.Thebreachcosttheretailchainatleast$179Minsettlementswithconsumersandcreditcardcompanies.
USOfficePersonnelMgmt2015AdatabreachofSSNs,names,addressesof21.5Mpersonsincludinganundisclosednumberofpersonswhohadbackgroundchecksbutwerenotcurrentorformergovernmentemployees!
YAHOO2013-AugHackerscompromisedonebillionofYahoo’suseraccountsinAugust2013.Thatmakesthisthebiggestknownhackofuserdataofalltime.
Selected Large Hacking Incidents Worldwide (6-10)Chipotle2017An Eastern European gang reportedly used phishing to steal the credit card information of millions of Chipotle customers. The breach was part of a larger scam targeting restaurants.
ICA
LEGALFIRMs2015ChinesehackersaccessedemailaccountsatfirmsCravathSwaine&MooreandWeilGotshal &Manges—andlearnedaboutupcomingcorporatemergers.TheyallegedlymadeoverUS$4Mtradingontheinformation.
SWIFT2016NorthKoreanhackersreportedlyexploitedweaknessesintheSWIFTpaymentsystemtostealUS$8MfromtheBangladeshCentralBank’saccountattheNewYorkFederalReserve.
TESCO2016Hackersdrainedatotalofaround$3.2Mfrommorethan9,000accountsinTescoBank,thebankrunbythegiantgrocerychain.Tescowasforcedtoreimbursecustomersforthestolenmoney.
WANNACRYMay12th,2017The WannaCryransomwareattack wasaglobalcyberattack affecting200K+devicesrunningin150countrieswhichtargetedcomputersrunningtheWindows OSbyencryptingdataanddemandingransompaymentsinthe Bitcoin.
The World’s Ten Largest Cyber Security Hotspots in 2016
0.00%
5.00%
10.00%
15.00%
20.00%
25.00%
USA China BRA IND GER Russia UK FR JPN Viet
1 2 3 4 5 6 7 8 9 10
23.96%
9.63%
5.84% 5.11% 3.35% 3.07% 2.61% 2.35% 2.25% 2.16%
1 USA 23.96%
2 China 9.63%
3 BRA 5.84%
4 IND 5.11%
5 GER 3.35%
6 Russia 3.07%
7 UK 2.61%
8 FR 2.35%
9 JPN 2.25%
10 Viet 2.16%
SourceBusinessInsider:May,2017
ICA
Key Hacking Incidents Japan (1-5)ICA
2013 – April
JapanAerospaceExplorationAgency(JAXA)
Foundunauthorizedaccesstoserversfromoutside.
2011– Sept
MitsubishiHeavyIndustries,Ltd.(MHI),andJapan’sHouseofRepresent-Atives (HR)
Experiencedavirusinfectionbytargetedattacks
2012– May
JapanNuclearEnergySafetyOrganization(JNES)
Informationleakageforpossiblymonths
2013– Jan
MinistryofAgriculture,Forestry&Fisheries
TPPnegotiations-relatedinformationstolen
2013– Fall
VariousJapangovernmentagencies.
Zero-dayattackinfectedtargeteduser’swebbrowsers
Source:Sasakawa USAFebruary,2016
Key Hacking Incidents Japan (6-10)ICA
2016– May
Injustthreehours,criminalsmanagedtosteal¥1.4Billion(~US$12.7M)usingabout1,4007-11BANKATMsinJapan
2016– Jan
Dataon7.93M JTBclientsleakedbyunauthorizedserveraccess,includingclientnames,addresses,emailaddressesandpassportnumbers.Cause:anemployeeopenedavirus-infectedemailfile
2016– Oct
HackersattackedtheUniversityofToyama'sHydrogenIsotopeResearchCenterandresearchonFukushimanuclearcrisis-personalinformationonnearly1,500researcherswasleaked.
2014– Jan
JapanAtomicEnergyAgency(JAEA)Experienceddatabreachviavirusinfection
2015– May
JapanPensionService- Anemailvirusinfecteddesktopscausingthelossof1.25Mconfidentialdatarecords
Source:Sasakawa USAFebruary,2016
Key Global Cyber Security Trends
Source: The Global State of Information Security Survey 2016 PwC
ICA
An Increasingly Complex Digital World
Source: The Global State of Information Security Survey 2016 PwC
ICA
Increasing Damages from Cyber Incidents
Enterprise+Mobility+Scada/ICS+IoT +SaaS/Cloud
LargerAttackSurface->MoreThreats
ALargerNumberofAttacks->GreaterDamages
ICA
The Volume of Data Leakages is IncreasingICA
Network Breaches: Increasingly Caused by Email Spam/ Phishing
Source: AntiPhishing Working Group Phishing Activity Trends Report - Q4 2016; IBM X-Force Threat Intelligence Index 2017
ICA
Average Cost of Data Breach by Amount of Data LeakedICA
Average Cost of a Data BreachICA
Four Main Types of Cyber AdversariesICA
Data Breach Perpetrators (2016)
Source:Verizon2017
ICA
Tactics Used in Data Breaches (2016)
Source:Verizon2017
ICA
Cyber Attacks: The Scene is ChangingICA
Business Impact
• Hac
Reputation
Operations
Financial
ICA
TheHackingofTARGETCostOverUS$300Million+
Boardroom Conversations
"Cyber security is a board level issue, and I am responsible for it.”
Dido Harding, CEO, Talktalk
ICA
Advanced External Threats
Looking for what you expect an attacker to do isn’t enough
• Technical knowledge is advanced• Barrier to entry is lower - download
an exploit kit • Attack methods are constantly
evolving
ICA
Insider Threat
Insiders move at consumer technology speeds, not enterprise tech speeds
• Insiders are technically enabled• Wearable technology• Blocking or monitoring of cloud services• Learn normality for every piece of tech, across environments
ICA