Upload
john-palfreyman
View
96
Download
1
Tags:
Embed Size (px)
Citation preview
© 2015 IBM Corporation
Cyber Security, Cyber Crime . .
. . and the meteoric rise in the usage of smartphones and social media
V2, 21 May 15
John Palfreyman, IBM
© 2015 IBM Corporation 2
1. Cyber Security & Cyber Crime in Context
2. Technology & Business Landscape
3. A Smarter Approach
4. Future : Safer through Data / Analytics
Agenda
© 2015 IBM Corporation 3
Cyber Security – IBM Definition
Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
© 2015 IBM Corporation 4
Cyber Security - Expanded
Hacking
Malware
Botnets
Denial of Service
Trojans
Cyber-dependent crimes
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 5
Cyber Crime
Hacking
Malware
Botnets
Denial of Service
Trojans
Cyber-dependent crime
Fraud
Bullying
Theft
Sexual Offences
Trafficking
Drugs
Cyber-enabled crime
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 6
Cyber Threat
M O
T I
V A
T I
O N
S O P H I S T I C A T I O N
National Security, Economic Espionage
Notoriety, Activism, Defamation
HacktivistsLulzsec, Anonymous
Monetary Gain
Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack
Nuisance,Curiosity
Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red
Nation-state actors, APTsStuxnet, Aurora, APT-1
© 2015 IBM Corporation
A new type of threat
Attacker genericMalware / Hacking / DDoS
IT Infrastructure
Traditional
Advanced PersistentThreat
Critical data /infrastructure
Attacker
!!
© 2015 IBM Corporation 11
The Millennial Generation
EXPECT . . .
to embrace technology for improved productivity and simplicity in their personal lives
tools that seem made for and by them
freedom of choice, embracing change and innovation
INNOVATE . . .
•Actively involve a large user population
•Work at Internet Scale and Speed
•Discover the points of value via iteration
•Engage the Millennial generation
© 2015 IBM Corporation
Smart Phones (& Tablets) . . .
12
Used in the same way as a personal computer
Ever increasing functionality (app store culture) . . .
. . . and often more accessible architectures
Offer “anywhere” banking, social media, e-mail . . .
Include non-PC (!) features Context, MMS, TXT
Harder to defend?
Bring Your Own Device Expected
© 2015 IBM Corporation
Social Media – Lifestyle Centric Computing
13www.theconversationprism.com
Different Channels
Web centric
Conversational
Personal
Open
Explosive growth
© 2015 IBM Corporation 15
Balance
Technical Mitigation
Better firewalls
Improved anti-virus
Advanced Crypto
People Mitigation
Leadership
Education
Culture
Process
© 2015 IBM Corporation
Securing a Mobile Device
DEVICE
•Enrolment & access control
•Security Policy enforcement
•Secure data container
•Remote wipe
TRANSACTION
•Allow transactions on individual basis
•Device monitoring & event detection
•Sever risk engine – allow, restrict, flag for
review
APPLICATION
•Endpoint management – software
•Application: secure by design
•Application scanning for vulnerabilities
ACCESS
•Enforce access policies
•Approved devices and users
•Context aware authorisation16
© 2015 IBM Corporation
Secure, Social Business
17
LEADERSHIP
•More senior, most impact
•Important to leader, important to all
•Setting “tone” for culture
CULTURE
•Everyone knows importance AND risk
•Full but SAFE usage
•Mentoring
PROCESS
•What’s allowed, what’s not
•Internal & external usage
•Smart, real time black listing
EDUCATION
•Online education (benefits, risks)
•Annual recertification
•For all, at all levels
© 2015 IBM Corporation
Near Daily Leaks of Sensitive Data
40% increase in reported data
breaches and incidents
Relentless Use of Multiple Methods
500,000,000+ records were leaked, while the future
shows no sign of change
2011 2012 2013
Note: Size of circle estimates relative impact of incident in terms of cost to business.
SQL injection Spear phishing
DDoS Third-party software
Physical access
Malware XSS Watering hole Undisclosed
Attack types
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014
Continuous Attack
© 2015 IBM Corporation
Future Security
Monitor& Distill
Correlate & Predict
Adapt &Pre-empt
Correlate events
Predict risk
Business impact
Defense strategies
Cognitive Planning
Active
In-device
Near Field
Passive
Contextual Insights
Adaptive Response
Controls Management Agents Active
Security 3.0
© 2015 IBM Corporation 21
1. Many Similarities – Cyber Crime vs Security – Threat Sophistication
2. Social Business & Mobile offer transformational value
3. New vulnerabilities need to be understood to be mitigated
4. Mitigation - balanced, risk management based and “designed in”
5. Future safety demands smarter use of data
Summary