cyber crime in a smart phone & social media obsessed world
TRANSCRIPT
© 2015 IBM Corporation
Cyber Crime –
in a smart phone & social media obsessed world
V2, 23 Mar 15
John Palfreyman, IBM
© 2015 IBM Corporation 2
1. Cyber Crime in Context
2. Technology & Business Landscape
3. A Smarter Approach
4. Concluding Remarks
Agenda
© 2015 IBM Corporation 4
Cyber Security – IBM Definition
Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
© 2015 IBM Corporation 5
Cyber Security - Expanded
Hacking
Malware
Botnets
Denial of Service
Trojans
Cyber-dependent crimes
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 6
Cyber Crime
Hacking
Malware
Botnets
Denial of Service
Trojans
Cyber-dependent crime
Fraud
Bullying
Theft
Sexual Offences
Trafficking
Drugs
Cyber-enabled crime
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 7
Confusion & hype abound
Common attack methods
Common methods of defense / counter / investigation
Data > Insight chain
Prosecution – burden of evidence
Learning & sharing possible, but patchy
Cyber Security & (counter) Cyber Crime
© 2015 IBM Corporation 8
Cyber Threat
M O
T I
V A
T I
O N
S O P H I S T I C A T I O N
National Security, Economic Espionage
Notoriety, Activism, Defamation
HacktivistsLulzsec, Anonymous
Monetary Gain
Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack
Nuisance,Curiosity
Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red
Nation-state actors, APTsStuxnet, Aurora, APT-1
© 2015 IBM Corporation
A new type of threat
Attacker genericMalware / Hacking / DDoS
IT Infrastructure
Traditional
Advanced PersistentThreat
Critical data /infrastructure
Attacker
!
© 2015 IBM Corporation 10
Attack Phases
11Break-in Spear phishing and remote
exploits to gain access
Command & Control (CnC)
22Latch-on
Malware and backdoors installed to establish a foothold
33Expand
Reconnaissance &lateral movement increase access & maintain presence
44Gather Acquisition & aggregation
of confidential data
Command & Control (CnC)
55
ExfiltrateGet aggregated data out to external network(s)
© 2015 IBM Corporation
IBM X-Force
N ovember 2014IBM Security Systems
IBM X-Force Threat Intelligence Quarterly, 4Q 2014Get a closer look at today’s security risks—from new threats arising from within the Internet of Things, to the sources of malware and botnet infections.
11
© 2015 IBM Corporation 14
Cloud
DRIVERS
Speed & agility
Fast Innovation
CAPEX to OPEX
USE CASES
SCM, HR, CRM as a SERVICE
Predictive Analytics as a SERVICE
© 2015 IBM Corporation 15
Mobile
DRIVERS
Mobility in Business
Agility & flexibility
Rate of technology change
USE CASES
Information capture, workflow management
Education where & when needed
Case advice
Map
© 2015 IBM Corporation 16
Big Data / Analytics
DRIVERS
Drowning in Data
Insight for SMARTER
More UNRELIABLE data
USE CASES
Citizen Sentiment
Predictive Policing
OSINT augmentation
© 2015 IBM Corporation 17
Social Business
DRIVERS
Use of Social Channels
Smart Employment
Personnel Rotation
USE CASES
Citizen Sentiment
Counter Terrorism
Knowledge Retention
© 2015 IBM Corporation 18
Systems of Engagement
Collaborative
Interaction oriented
User centric
Unpredictable
Dynamic
Big Data / Analytics
Cloud
Social Business
Mobile
© 2015 IBM Corporation 19
Use Case – European Air Force Secure Mobile
CHALLENGE
•Support Organisational Transformation
•HQ Task Distribution
•Senior Staff demanding Mobile Access
SOLUTION
•IBM Connections
•MS Sharepoint Integration
•MaaS 360 based Tablet Security
BENEFITS
•Improved work efficiency
•Consistent & timely information access
•Secure MODERN tablet
© 2015 IBM Corporation 20
The Millennial Generation
EXPECT . . .
to embrace technology for improved productivity and simplicity in their personal lives
tools that seem made for and by them
freedom of choice, embracing change and innovation
INNOVATE . . .
•Actively involve a large user population
•Work at Internet Scale and Speed
•Discover the points of value via iteration
•Engage the Millennial generation
© 2015 IBM Corporation
Smart Phones (& Tablets) . . .
21
Used in the same way as a personal computer
Ever increasing functionality (app store culture) . . .
. . . and often more accessible architectures
Offer “anywhere” banking, social media, e-mail . . .
Include non-PC (!) features Context, MMS, TXT
Emergence of authentication devices
© 2015 IBM Corporation
. . . are harder to defend ? . . .
22
Anti-virus software missing, or inadequate
Encryption / decryption drains the battery
Battery life is always a challenge
Stolen or “found” devices– easy to loose
Malware, mobile spyware, impersonation
Extends set of attack vectors
Much R&D into securing platform
© 2015 IBM Corporation
. . . and Bring your Own Device now mainstream
23
Bring-your-own device expected
Securing corporate data
Additional complexities
Purpose-specific endpoints
Device Management
© 2015 IBM Corporation
Social Media – Lifestyle Centric Computing
24www.theconversationprism.com
Different Channels
Web centric
Conversational
Personal
Open
Explosive growth
© 2015 IBM Corporation
Social Media – Special Security Challenges
25Source: Digital Shadows, Sophos, Facebook
Too much information
Online impersonation
Trust / Social Engineering / PSYOP
Targeting (Advanced, Persistent Threat)
Source: Digital Shadows, Sophos, Facebook
© 2015 IBM Corporation 27
Balance
Technical Mitigation
Better firewalls
Improved anti-virus
Advanced Crypto
People Mitigation
Leadership
Education
Culture
Process
© 2015 IBM Corporation 28
Monitor threats
Understand (your) systems
Assess Impact & Probability
Design containment mechanisms
Don’t expect perfect defences
Containment & quarantine planning
Learn & improve
Risk Management Approach
© 2015 IBM Corporation
Securing a Mobile Device
DEVICE
•Enrolment & access control
•Security Policy enforcement
•Secure data container
•Remote wipe
TRANSACTION
•Allow transactions on individual basis
•Device monitoring & event detection
•Sever risk engine – allow, restrict, flag for review
APPLICATION
•Endpoint management – software
•Application: secure by design
•Application scanning for vulnerabilities
ACCESS
•Enforce access policies
•Approved devices and users
•Context aware authorisation
29
© 2015 IBM Corporation
Secure, Social Business
30
LEADERSHIP
•More senior, most impact
•Important to leader, important to all
•Setting “tone” for culture
CULTURE
•Everyone knows importance AND risk
•Full but SAFE usage
•Mentoring
PROCESS
•What’s allowed, what’s not
•Internal & external usage
•Smart, real time black listing
EDUCATION
•Online education (benefits, risks)
•Annual recertification
•For all, at all levels
© 2015 IBM Corporation 33
Contextual, Adaptive Security
Monitorand Distill
Correlate and Predict
Adapt and Pre-empt
Security 3.0
Risk Prediction and Planning
Encompassing event correlation, risk prediction, business impact
assessment and defensive strategy formulation
Multi-level monitoring &big data analytics
Ranging from active, in device to passive
monitoring
Adaptive and optimized response
Adapt network architecture, access protocols / privileges to maximize attacker workload
© 2015 IBM Corporation 34
1. Are you ready to respond to a cyber crime or security incident and quickly remediate?
2. Do you have the visibility and analytics needed to monitor threats?
3. Do you know where your corporate crown jewels are and are they adequately protected?
4. Can you manage your endpoints from servers to mobile devices and control network access?
5. Do you build security in and continuously test all critical web/mobile applications?
6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?
7. Do you have a risk aware culture and management system that can ensure compliance?
Fitness for Purpose
© 2015 IBM Corporation 35
1. Many Similarities – Cyber Crime vs Security – Threat Sophistication
2. Social Business & Mobile offer transformational value
3. New vulnerabilities need to be understood to be mitigated
4. Mitigation needs to be balanced, risk management based and “designed in”
Summary