Hacker’s Perspective on New Risks: Revising Cybersecurity Priorities

Well, thank you so much, Jennifer and Chris, for that introduction. Let's get into the Hacker's Perspective on New Risks: Revising the Cybersecurity Priorities for 2023. As you already know, my name is Paula Januszkiewicz, and for the past 18 years I've been dealing with cybersecurity postures of our customers. My company secure is right now in the market for 14 years, and together with the team, we're helping customers all around the world. And also, I'm a Microsoft regional director, but I do not work, actually, for Microsoft. It's a very honorable role for me and in general, and it is something that basically means that I'm engaged both in technology and also business. So Microsoft says that it's for all these innovative people who can convert technology into something useful, and many other things as well. So I'm very proud to have that title as well and not work at Microsoft at the same time. And if it's about me speaking at the various conferences, I had a chance to deliver Keynote at the RSA, speaking at various BlackHats, also being at ignites. RSA is pretty much internationally and also other conferences. So after every conference-- this one as well-- you guys are able to always download tools. So therefore, let me share this QR code with you. Though, keep in mind, it's a security presentation, so it's quite ironic, isn't it? But anyway, whatever you click on over there, it's safe. This is our website where you are able to not only find this presentation, but also you can download the tools that I'm going to be using for this intense-- I hope-- presentation about what is currently happening in the cybersecurity field and what kind of priorities we should have in order to secure ourselves better for the upcoming year. So if we look at the impact of the cybercrime, let me share with you a couple of stories. First of all, what is important is that the good news is that even though hackers are quite intense right now and they are absolutely good at clearing traces, there is an increased amount of attacks-- actually, according to FBI, it's approximately 300%. In their poll, it says that we have amount of attacks that increased by 569%. Once the attack happens, there's always something that we are able to find. And that's basically a good news. Question is, of course, how does our current monitoring looks like? Are we able to build a full picture of the attack? And at the same time, are we able to drive conclusions and protect ourselves with appropriate technology to address the current problems? So when we look at the other impactful hacking stats, you can see that 77% of organizations do not have a cybersecurity incident response plan in place. And at the same time, the first statistic here is quite terrifying, because we can see that there is a year-on-year increase in ransomware in 1,318% in the first half of 2021. So why it's like that? Well, answer to this one is pretty straightforward. Cybercrime in general is a very lucrative business, and we have to be prepared to be attacked from many angles, many directions. And that's one thing, and hackers can always demand a ransom, and our data here is on scale. But at the same time, we don't really even sometimes know how to approach incident response, how to build an incident response plan, and how to choose appropriate priorities so that eventually we will not be a low hanging fruit for a hacker. Also, when we look into statistics that are by the James Comey, former FBI director, he says that there is like 200, which is the median number of days that attackers are present in the network before, actually, they got discovered. This is horrible, because it means that someone has like 200 days to go around our resources, maybe even escalate, go to the domain admin privileges, and stay there for the next 199 days and look for on privilege with privileged access information that might be just very, very useful for us that's our part of the our core business. So what if, for example, these hackers hit us, let's say in the day 170, and then they encrypt our data-- but not just data, but the data that's important for us, because they had that time to become familiar with what is actually in use by our company. Then, obviously, that's a big loss. We might be also dealing with a situation when we are not that smoothly able to recover from the backup. Therefore, the amount of days from the detection to full recovery that's out there, it is 80, which is quite a lot and expensive taking into consideration that we could spend that 80 days on something a little bit more practical. And these things are happening because attacks in general are inexpensive. So we can see that when we look into the load, the price of load, a load in general is a compromised device. That is a device that you are able to use, for example, for the fodder ataxia. So you got that on a temporary or permanent basis and you are able to use it as a part of the [? bot ?] network or maybe you can deliver an attack from it. Or from other angle, that is also a cost of a device that hacker has to pay in order to get access to it, meaning that you pay $1 to get a compromised PC, you encrypt its data, but you earn on it, let's say, $2,000 because someone is actually willing to pay. So that's what we mean by saying lucrative. Also when we look into other angles, we've got a denial of service that is pretty inexpensive, but also ransomware itself. You pay $66 up front, or 30% of the profit in the affiliate model. And also, if you want