ibm security services
TRANSCRIPT
IBM Global Technology Services
Thought Leadership White Paper
Financial services
IBM Security Services cyber security intelligence index for financial servicesFinancial services is one of the most attacked industries. Are you protected?
2 IBM Security Services cyber security intelligence index for financial services
Contents
3 The cyber security landscape
5 How can you help keep your organization safe?
6 Let IBM help address your cyber security needs
7 Glossary
About this report
IBM Managed Security Services has developed this report to provide insights into the current threat landscape for the financial services industry and to offer solutions that can help you better protect your organization. Information is based on cyber security event data collected by IBM between 1 April 2012 and 31 March 2013 in the course of monitoring client security devices, as well as data derived from respond-ing to, and performing forensics on, cyber security incidents. Where noted, additional information comes from industry analysts and publicly available data.
For a cross-industry overview of the threat landscape, please see the white paper, IBM Security Services Cyber Security Intelligence Index
“A new class of high-bandwidth DDoS [distributed denial of service] attacks of up to 70 Gbps hit top U.S. banks in the second half of 2012, justifiably causing serious concerns among bank security staff, law enforcement and bank regulators.”1
—Gartner, Inc.
“Banking executives are much more likely … to point to cybercrime than to systems fail-ures as the most important IT risk that threatens their company’s reputation.”2
—2012 IBM Global Reputational Risk and IT Study
Cyber attacks against financial services firms have become morefrequent and sophisticated. Companies within this industry have a complex back-office IT architecture, consisting of diversplatforms and interfaces. They employ multiple front-office channels, including the Internet, mobile networks, automated teller machines (ATMs) and kiosks. At the same time, many financial services organizations rely on IT resources outside of their firewalls and distribute their applications and data across multiple devices. As a result, numerous vulnerable points exist that can lead to security breaches and data theft.
Many of these attacks are designed to gain continuous access to critical information, to perpetrate fraud or to cause damage to critical infrastructures. In addition, hostile government and terrorist-sponsored attacks aimed at financial services are intended to cripple a country’s financial system. Such attacks can significantly impact financial services companies not only in terms of monetary losses but also in terms of credibility and reputation. In fact, most banking executives consider data breaches, data theft and cybercrime to be the most significant IT risk threatening their company’s reputation.3
e
3IBM Global Technology Services
Case study: 21st century bank heist inflicts US$45 million in losses
An international cybercrime organization used sophisticated intrusion techniques known as “unlimited operations” to hack into the systems of global financial institutions, steal prepaid debit card data and eliminate withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The operation spanned 26 countries.
In a U.S. federal indictment announced in May 2013, eight defendants, who allegedly formed the New York-based cell of the organization, were charged variously with conspiracy to commit access device fraud, money-laundering conspiracy and money laundering. According to the indictment, the eight defendants, along with their co-conspirators, targeted New York City and withdrew approximately US$2.8 million in a matter of hours.4
The cyber security landscapeBy taking advantage of advanced analytics, IBM has been able to pore over and make sense of the massive amount of information that crosses platforms we monitor for our clients. This has allowed us to develop real insight into the kinds of attacks that are taking place, who may be launching them and how their techniques are evolving.
Determining which security events require actionAmong financial services clients, IBM detects an average of more than 111 million security events annually, which is notably higher than for other industries. By implementing sophisticated
correlation and analytic tools, we can determine which of those events are actual attacks—malicious activities attempting to collect, disrupt, deny, degrade or destroy information systems resources or the information itself. We then employ the work of security analysts, among others, who help further identify those attacks that qualify as security incidents and, therefore, should be further investigated. This process revealed that our financial ser-vices clients had an annual average of 87 incidents that required action. (See Figure 1.) Clients can significantly save time and resources by focusing only on those security incidents that require action rather than on all 111 million identified events.
Not surprisingly, the incident rate within the financial services industry is one of the highest among all the industries we monitor. Attackers know that they stand to gain a significant potential payoff by breaching systems at these firms.
Annual 111,268,300
Security events Security incidents
Monthly 9,272,358
Weekly 2,139,775
Annual 87
Monthly 7
Weekly 1.67
Figure 1. Security intelligence allows IBM to identify which events are actual security incidents requiring action.
4 IBM Security Services cyber security intelligence index for financial services
Primary categories of incidentsOur analysis shows that two types of incidents are most preva-lent among financial services companies. Together, malicious code and sustained probes or scans account for 70 percent of all incidents. (See Figure 2.)
Figure 2. Malicious code and sustained probes or scans are the primary types of incidents affecting the financial services industry.
10%
12%
Maliciouscode
Sustainedprobe/scan
Unauthorizedaccess
Suspiciousactivity
Access orcredentials
abuse
Denial ofservice
42%
28%
7% 1%
Categories of incidents
Figure 3. The vast majority of attacks are instigated by a combination of insiders and outsiders (multiple).
Categories of attackers
Outsiders
46.3%
Multiple
52.7%
Maliciousinsiders
Inadvertentactors
0.8% 0.2%Who are these attackers, and why do they attack?Although this report is not focused on the perpetrators of attacks, it can provide some insight into the types of attackers responsible for them and their motivation.
Insurance executives rank theft and cyber-crime as the leading IT risk factor with the potential to cause reputational damage.5
Outsiders are the primary culprits, with 46.3 percent of attacks (more than 40 of the 87 annual incidents) perpetrated entirely by outsiders and another 52.7 percent perpetrated by a combination of outsiders and insiders. (See Figure 3.) Attacks that are solely launched by malicious insiders or by inadvertent actors account for less than 1 percent of attackers, significantly lower than the 25 percent that IBM found across multiple industries.
5IBM Global Technology Services
On the whole, sheer opportunity accounts for half of all attacks confronting IBM clients cross industry. (See Figure 4.) Because they typically lack sophistication, these attacks are relatively easy to detect. By reducing their number, a company can turn its time and resources to more sophisticated attacks.
Figure 4. Opportunity is the primary motivator for attacks, and opportunistic attacks are generally easy to detect.
Opportunistic
49%
Industrial espionage,financial crime,
terrorism, data theft
23%
Other
6%
Dissatisfactionwith employer/ job
15%
Attacker motivation
Social activism,civil disobedience
7%
How are these incidents possible?As shown in Figure 5, misconfigured systems or applications, along with end-user errors, are the primary reasons for security breaches, regardless of industry. By addressing these preventable factors and educating end users, organizations may be able to significantly reduce the number of attacks.
How can you help keep your organization safe?Today’s technology has made cyber security more critical than ever and yet more challenging. Financial services organizations employ complex IT infrastructures consisting of systems that are connected to both internal and third-party networks. At the same time, customers access their accounts from a variety of devices, including laptop computers, mobile phones and tablets, which can also make systems more vulnerable to attacks. Striking a balance between security and accessibility is key to a successful cyber security approach.
To address these cyber security challenges, financial services organizations must fundamentally change how they think about security. Updating technology and following best practices are not enough; combating attacks requires a more pragmatic approach that informs every decision and procedure.
Figure 5. Cross industry, preventable factors are most often at the root of breaches, but oftentimes underlying factors cannot be identified.
How breaches occur
Misconfiguredsystem or application
End-user error
Undetermined
Vulnerable code
Targeted attack,exploited
42%
31%
17%
5%
5%
6 IBM Security Services cyber security intelligence index for financial services
Striking a balance between security and accessibility is key to a successful cyber securityapproach.
To implement such an approach, your organization must:
●● Build a risk-aware culture. Because attacks can come from anywhere, it is crucial to determine your security risks and goals and then spread the word to everyone within the company. This must come from the top down, and tools should be implemented to track progress.
●● Automate security “hygiene.” A robust, security-rich systemcan help you keep track of every program that is running and make it possible to install updates and patches as they are released. This “hygiene” process should be routine and embedded in the foundation of your systems administration.
●● Manage incidents with intelligence. A company-wide effortto implement intelligent analytics and automated response capabilities is essential. Creating an automated and unified system that implements intelligent analytics can help you better monitor your operations and respond more quickly.
Let IBM help address your cyber security needsIt is easy to feel overwhelmed when you consider what it takes to protect your organization from sophisticated attacks. IBM Security Services consultants can help you plan, implementand manage virtually all aspects of your security strategy. Our senior security professionals have honed their skills in both the public and private sectors, working in corporate security leader-ship and consulting, investigative branches of government, law enforcement, and research and development.
In addition to offering consulting services since 1995, IBM has helped to set the standard for accountability, reliability and protection in managed security services. IBM Managed Security
Services can provide the security intelligence, expertise, tools and infrastructure you need to help secure your information assets from Internet attacks. We monitor and manage your security operations around the clock or as needed to help you enhance your information security posture, reduce your total cost of ownership and better address regulations, regardless of device type or vendor.
To better understand how IBM can help you improve your business environment, talk to your IBM client representative to schedule a detailed session.
Case study: A bank engages IBM to identify vulnerabilities and help strengthen its security posture
The needWith security a top priority, this Kuwaiti commercial and investment bank wanted to test and evaluate its public-facing and internal systems for possible threats and cyber attacks. The company sought an external service provider to deliver thorough and cost-effective security testing and evaluation.
The IBM solutionThe bank engaged IBM Security Services to test and evaluate its network and application security. The IBM team conducted penetration testing to demonstrate how attackers could significantly affect the business. It also assessed designated web-based and nonmainframe-type applications and documented security risks while recommending corrective actions.
As a result, the bank was able to gain a better view of its security posture and a “hacker’s eye view” into its network. IBM delivered a more accurate list of security vulnerabilities and an action plan, along with recommendation on how the bank could move forward with its security planning. This helped reduce potential attacks that might target the vulnerabilities in the network.
7IBM Global Technology Services
Term Definition
Access or
credentials
abuse
Activity detected that violates the known use policy of that network or falls outside of what is considered typical usage.
Attacks Security events that have been identified by correlation and analytics tools as malicious activity attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security events such as SQL injection, URL tampering, denial of service and spear phishing fall into this category.
Breach or
compromise
An incident that has successfully defeated security measures and accomplished its designated task.
Denial of Attempts to flood a server or network with such a
service large amount of traffic or malicious traffic that it renders the device unable to perform its designed functions.
Droppers Malicious software designed to install other malicious software on a target.
Event An event is an observable occurrence in a system or network.
Inadvertent Any attack or suspicious activity coming from an
actor IP address inside a customer network that is allegedly being executed without the knowledge of the user.
Incidents Attacks or security events that have been reviewed by human security analysts and have been deemed a security incident worthy of deeper investigation.
Keyloggers Software designed to record the keystrokes typed on a keyboard. This malicious software is primarily used to steal passwords.
Malicious A term used to describe software created for
code malicious use. It is usually designed to disrupt systems, gain unauthorized access or gather information about the system or user being attacked. Third-party software, Trojan software, keyloggers and droppers can fall into this category.
Term Definition
Outsiders Any attacks that come from an IP address external to a customer’s network.
Phishing A term used to describe when a user is tricked into browsing a malicious URL designed to pose as a website they trust, thus tricking them into providing information that can then be used to compromise their system or accounts and steal their identity.
Security Any device or software designed specifically to
device detect or protect a host or network from malicious activity. Such network-based devices are often referred to as intrusion detection and prevention systems (IDS, IPS or IDPS), while the host-based versions are often referred to as host-based intrusion detection or prevention systems (HIDS or HIPS).
Security An event on a system or network detected by
event a security device or application.
Spear
phishing
Phishing attempts with specific targets. These targets are usually chosen strategically in order to gain access to very specific devices or victims.
SQL injection An attack used that attempts to pass SQL com-mands through a website in order to elicit a desired response that the website is not designed to provide.
Suspicious
activity
These are lower-priority attacks or instances of suspicious traffic that could not be classified into one single category. They are usually detected over time by analyzing data collected over an extended period.
Sustained
probe/scan
Reconnaissance activity usually designed to gather information about the targeted systems, such as operating systems, open ports and running services.
Trojan Malicious software hidden inside another software
software package that appears safe.
Unauthorized This usually denotes suspicious activity on a system
access or failed attempts to access a system by a user who does not have access.
Wiper Malicious software designed to erase data and destroy the capability to restore it.
For more informationTo learn more about how IBM can help you protect your organization from cyber threats and strengthen your IT security, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/services/security
Follow us on Twitter@ibmSecurity
Additionally, IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize an IT financing solution to suit your business goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing
© Copyright IBM Corporation 2013
IBM Corporation IBM Global Technology Services Route 100 Somers, NY 10589
Produced in the United States of America August 2013
IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.
1 Gartner, Inc., “Arming financial and e-commerce services against top 2013 cyber threats,” Report #G00237376, 29 January 2013.
2 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012.
3 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012.
4 U.S. Department of Justice, “Eight members of New York cell of cybercrime organization indicted in $45 million cybercrime campaign,” 9 May 2013, http://www.justice.gov/usao/nye/pr/2013/2013may09.html
5 IBM, “Reputational risk and IT in the insurance industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” November 2012.
SEW03034-USEN-01
Please Recycle