Cyber Security at CTX15, London

© 2015 IBM Corporation

Cyber Security, Cyber Crime . . . . and the meteoric rise in the usage of smartphones and social media

V3, 21 Apr15

John Palfreyman, IBM

© 2015 IBM Corporation 2

1.  Cyber Security & Cyber Crime in Context 2.  Technology & Business Landscape 3.  A Smarter Approach 4.  The Future & Concluding Remarks

Agenda


§  Politically neutral, cross-party policy voice of the internet and technology sector –  Informing policy for a competitive, inclusive, networked society

§  Alerts EU, UK Parliamentarians, Policy Makers –  potential impacts, implications, and unintended consequences –  policies for online and digital technologies

§  Initiatives 1.  Ubiquitous Broadband 2.  Cyber Security and Counter e-Crime 3.  Digital Education 4.  Digital Health Services 5.  Internet of Things & Smart UK 6.  UK at the Centre of the Digital Single Market

Digital Policy Alliance (EURIM)


Cyber Security & Cyber Crime in Context

Who are the bad guys & what are they up to?


Cyber Security – IBM Definition

Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.


Cyber Security - Expanded

Hacking Malware Botnets

Denial of Service Trojans

Cyber-dependent crimes

Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13


Cyber Crime

Hacking Malware Botnets

Denial of Service Trojans

Cyber-dependent crime

Fraud Bullying

Theft Sexual Offences

Trafficking Drugs

Cyber-enabled crime

Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13


§  Confusion & hype abound §  Common attack methods §  Common methods of defense / counter / investigation §  Data > Insight chain §  Prosecution – burden of evidence §  Learning & sharing possible, but patchy

Cyber Security & (counter) Cyber Crime


Cyber Threat

M O

T I

V A

T I O

N

S O P H I S T I C A T I O N

National Security, Economic Espionage

Notoriety, Activism, Defamation

Hacktivists Lulzsec, Anonymous

Monetary Gain

Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack

Nuisance, Curiosity

Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red

Nation-state actors, APTs Stuxnet, Aurora, APT-1


A new type of threat

Attacker generic Malware / Hacking / DDoS

IT Infrastructure

Traditional

Advanced Persistent Threat

Critical data / infrastructure

Attacker

!


Attack Phases

1Break-in Spear phishing and remote

exploits to gain access

Command & Control (CnC)

2Latch-on

Malware and backdoors installed to establish a foothold

3Expand

Reconnaissance & lateral movement increase access & maintain presence

4Gather Acquisition & aggregation

of confidential data

Command & Control (CnC)

5Exfiltrate

Get aggregated data out to external network(s)


IBM X-Force

12

March 2015IBM Security Systems

IBM X-Force Threat Intelligence Quarterly, 1Q 2015Explore the latest security trends—from “designer vulns” to mutations in malware— based on 2014 year-end data and ongoing research


Technology & Business Landscape

New opportunities for cyber crime!


Smarter Planet

Instrumented – Interconnected - Intelligent


Cloud

DRIVERS §  Speed & agility §  Fast Innovation §  CAPEX to OPEX USE CASES §  SCM, HR, CRM as a

SERVICE §  Predictive Analytics as a

SERVICE


Mobile

DRIVERS §  Mobility in Business §  Agility & flexibility §  Rate of technology change USE CASES §  Information capture,

workflow management §  Education where & when

needed §  Case advice

Map


Big Data / Analytics

DRIVERS §  Drowning in Data §  Insight for SMARTER §  More UNRELIABLE

data USE CASES §  Citizen Sentiment §  Predictive Policing §  OSINT augmentation

Open Source

Internal Sources

Intelligence Analysis

SIGINT Biometrics Email GeoINT Telephone Records

Data Records


Social Business

DRIVERS §  Use of Social

Channels §  Smart Employment §  Personnel Rotation USE CASES §  Citizen Sentiment §  Counter Terrorism §  Knowledge Retention

Gather INTELLIGENCE •  Social Media as OSINT •  Individuals, Groups,

Events •  Supplement traditional

sources

Efficient WORKING •  Breaking down Silos •  Collaboration •  “Self help” Culture

Leverage KNOWLEDGE •  Access to Experts, Content •  Collaborative Ventures •  Enables Innovation

Positive IMAGE •  Promotion /

marketing •  Recruiting •  Citizen engagement

Internal External


Systems of Engagement

ü  Collaborative ü  Interaction oriented ü  User centric ü  Unpredictable ü  Dynamic

Big Data / Analytics

Cloud

Social Business

Mobile


Use Case – European Air Force Secure Mobile CHALLENGE

• Support Organisational Transformation

• HQ Task Distribution

• Senior Staff demanding Mobile Access

SOLUTION

•  IBM Connections

• MS Sharepoint Integration

• MaaS 360 based Tablet Security

BENEFITS

•  Improved work efficiency

• Consistent & timely information access

• Secure MODERN tablet


The Millennial Generation

EXPECT . . .

§  to embrace technology for improved productivity and simplicity in their personal lives

§  tools that seem made for and by them

§  freedom of choice, embracing change and innovation

INNOVATE . . .

•  Actively involve a large user population

•  Work at Internet Scale and Speed

•  Discover the points of value via iteration

•  Engage the Millennial generation


Smart Phones (& Tablets) . . .

22

§  Used in the same way as a personal computer §  Ever increasing functionality (app store culture) . . . §  . . . and often more accessible architectures §  Offer “anywhere” banking, social media, e-mail . . . §  Include non-PC (!) features Context, MMS, TXT §  Emergence of authentication devices


. . . are harder to defend ? . . .

23

§  Anti-virus software missing, or inadequate §  Encryption / decryption drains the battery §  Battery life is always a challenge §  Stolen or “found” devices– easy to loose §  Malware, mobile spyware, impersonation §  Extends set of attack vectors §  Much R&D into securing platform


. . . and Bring your Own Device now mainstream

24

§  Bring-your-own device expected §  Securing corporate data

§  Additional complexities §  Purpose-specific endpoints

§  Device Management


Social Media – Lifestyle Centric Computing

25 www.theconversationprism.com

§  Different Channels §  Web centric §  Conversational §  Personal §  Open §  Explosive growth


Social Media – Special Security Challenges

26 Source: Digital Shadows, Sophos, Facebook

§  Too much information §  Online impersonation §  Trust / Social Engineering / PSYOP §  Targeting (Advanced, Persistent

Threat)

Source: Digital Shadows, Sophos, Facebook


A Smarter Approach

to countering cyber crime


Balance

Technical Mitigation Better firewalls

Improved anti-virus Advanced Crypto

People Mitigation Leadership Education

Culture Process


ü  Monitor threats ü  Understand (your) systems ü  Assess Impact & Probability ü  Design containment mechanisms ü  Don’t expect perfect defences ü  Containment & quarantine planning ü  Learn & improve

Risk Management Approach


Securing a Mobile Device

DEVICE

•  Enrolment & access control

•  Security Policy enforcement

•  Secure data container

•  Remote wipe

TRANSACTION

•  Allow transactions on individual basis

•  Device monitoring & event detection

•  Sever risk engine – allow, restrict, flag for

review

APPLICATION

•  Endpoint management – software

•  Application: secure by design

•  Application scanning for vulnerabilities

ACCESS

•  Enforce access policies

•  Approved devices and users

•  Context aware authorisation 30


Secure, Social Business

31

LEADERSHIP

•  More senior, most impact

•  Important to leader, important to all

•  Setting “tone” for culture

CULTURE

•  Everyone knows importance AND risk

•  Full but SAFE usage

•  Mentoring

PROCESS

•  What’s allowed, what’s not

•  Internal & external usage

•  Smart, real time black listing

EDUCATION

•  Online education (benefits, risks)

•  Annual recertification

•  For all, at all levels


The Future & Concluding Remarks

What next . . .


Global Technology Outlook – Beyond Systems of Engagement


Contextual, Adaptive Security

Monitor and Distill

Correlate and Predict

Adapt and Pre-empt

Security 3.0

Risk Prediction and Planning

Encompassing event correlation, risk prediction, business impact

assessment and defensive strategy formulation

Multi-level monitoring & big data analytics

Ranging from active, in

device to passive monitoring

Adaptive and optimized response

Adapt network architecture, access protocols /

privileges to maximize attacker workload


1.  Are you ready to respond to a cyber crime or security incident and quickly remediate?

2.  Do you have the visibility and analytics needed to monitor threats?

3.  Do you know where your corporate crown jewels are and are they adequately protected?

4.  Can you manage your endpoints from servers to mobile devices and control network access?

5.  Do you build security in and continuously test all critical web/mobile applications?

6.  Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?

7.  Do you have a risk aware culture and management system that can ensure compliance?

Fitness for Purpose


1.  Many Similarities – Cyber Crime vs Security – Threat Sophistication

2.  Social Business & Mobile offer transformational value

3.  New vulnerabilities need to be understood to be mitigated

4.  Mitigation needs to be balanced, risk management based and “designed in”

Summary


Thanks

John Palfreyman, IBM [email protected]

Cyber Security at CTX15, London

Technology

ibm corporation ibm

cyber threat

counter ecrime

enabled crime source

t i o n national security

o t i v

t i o n s o p h i s

aggregated data