© 2015 IBM Corporation Cyber Security, Cyber Crime . . . . and the meteoric rise in the usage of smartphones and social media V3, 21 Apr15 John Palfreyman, IBM
Jul 20, 2015
© 2015 IBM Corporation
Cyber Security, Cyber Crime . . . . and the meteoric rise in the usage of smartphones and social media
V3, 21 Apr15
John Palfreyman, IBM
© 2015 IBM Corporation 2
1. Cyber Security & Cyber Crime in Context 2. Technology & Business Landscape 3. A Smarter Approach 4. The Future & Concluding Remarks
Agenda
© 2015 IBM Corporation 3
§ Politically neutral, cross-party policy voice of the internet and technology sector – Informing policy for a competitive, inclusive, networked society
§ Alerts EU, UK Parliamentarians, Policy Makers – potential impacts, implications, and unintended consequences – policies for online and digital technologies
§ Initiatives 1. Ubiquitous Broadband 2. Cyber Security and Counter e-Crime 3. Digital Education 4. Digital Health Services 5. Internet of Things & Smart UK 6. UK at the Centre of the Digital Single Market
Digital Policy Alliance (EURIM)
© 2015 IBM Corporation
Cyber Security & Cyber Crime in Context
Who are the bad guys & what are they up to?
© 2015 IBM Corporation 5
Cyber Security – IBM Definition
Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
© 2015 IBM Corporation 6
Cyber Security - Expanded
Hacking Malware Botnets
Denial of Service Trojans
Cyber-dependent crimes
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 7
Cyber Crime
Hacking Malware Botnets
Denial of Service Trojans
Cyber-dependent crime
Fraud Bullying
Theft Sexual Offences
Trafficking Drugs
Cyber-enabled crime
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 8
§ Confusion & hype abound § Common attack methods § Common methods of defense / counter / investigation § Data > Insight chain § Prosecution – burden of evidence § Learning & sharing possible, but patchy
Cyber Security & (counter) Cyber Crime
© 2015 IBM Corporation 9
Cyber Threat
M O
T I
V A
T I O
N
S O P H I S T I C A T I O N
National Security, Economic Espionage
Notoriety, Activism, Defamation
Hacktivists Lulzsec, Anonymous
Monetary Gain
Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack
Nuisance, Curiosity
Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red
Nation-state actors, APTs Stuxnet, Aurora, APT-1
© 2015 IBM Corporation
A new type of threat
Attacker generic Malware / Hacking / DDoS
IT Infrastructure
Traditional
Advanced Persistent Threat
Critical data / infrastructure
Attacker
!
© 2015 IBM Corporation 11
Attack Phases
1Break-in Spear phishing and remote
exploits to gain access
Command & Control (CnC)
2Latch-on
Malware and backdoors installed to establish a foothold
3Expand
Reconnaissance & lateral movement increase access & maintain presence
4Gather Acquisition & aggregation
of confidential data
Command & Control (CnC)
5Exfiltrate
Get aggregated data out to external network(s)
© 2015 IBM Corporation
IBM X-Force
12
March 2015IBM Security Systems
IBM X-Force Threat Intelligence Quarterly, 1Q 2015Explore the latest security trends—from “designer vulns” to mutations in malware— based on 2014 year-end data and ongoing research
© 2015 IBM Corporation 15
Cloud
DRIVERS § Speed & agility § Fast Innovation § CAPEX to OPEX USE CASES § SCM, HR, CRM as a
SERVICE § Predictive Analytics as a
SERVICE
© 2015 IBM Corporation 16
Mobile
DRIVERS § Mobility in Business § Agility & flexibility § Rate of technology change USE CASES § Information capture,
workflow management § Education where & when
needed § Case advice
Map
© 2015 IBM Corporation 17
Big Data / Analytics
DRIVERS § Drowning in Data § Insight for SMARTER § More UNRELIABLE
data USE CASES § Citizen Sentiment § Predictive Policing § OSINT augmentation
Open Source
Internal Sources
Intelligence Analysis
SIGINT Biometrics Email GeoINT Telephone Records
Data Records
© 2015 IBM Corporation 18
Social Business
DRIVERS § Use of Social
Channels § Smart Employment § Personnel Rotation USE CASES § Citizen Sentiment § Counter Terrorism § Knowledge Retention
Gather INTELLIGENCE • Social Media as OSINT • Individuals, Groups,
Events • Supplement traditional
sources
Efficient WORKING • Breaking down Silos • Collaboration • “Self help” Culture
Leverage KNOWLEDGE • Access to Experts, Content • Collaborative Ventures • Enables Innovation
Positive IMAGE • Promotion /
marketing • Recruiting • Citizen engagement
Internal External
© 2015 IBM Corporation 19
Systems of Engagement
ü Collaborative ü Interaction oriented ü User centric ü Unpredictable ü Dynamic
Big Data / Analytics
Cloud
Social Business
Mobile
© 2015 IBM Corporation 20
Use Case – European Air Force Secure Mobile CHALLENGE
• Support Organisational Transformation
• HQ Task Distribution
• Senior Staff demanding Mobile Access
SOLUTION
• IBM Connections
• MS Sharepoint Integration
• MaaS 360 based Tablet Security
BENEFITS
• Improved work efficiency
• Consistent & timely information access
• Secure MODERN tablet
© 2015 IBM Corporation 21
The Millennial Generation
EXPECT . . .
§ to embrace technology for improved productivity and simplicity in their personal lives
§ tools that seem made for and by them
§ freedom of choice, embracing change and innovation
INNOVATE . . .
• Actively involve a large user population
• Work at Internet Scale and Speed
• Discover the points of value via iteration
• Engage the Millennial generation
© 2015 IBM Corporation
Smart Phones (& Tablets) . . .
22
§ Used in the same way as a personal computer § Ever increasing functionality (app store culture) . . . § . . . and often more accessible architectures § Offer “anywhere” banking, social media, e-mail . . . § Include non-PC (!) features Context, MMS, TXT § Emergence of authentication devices
© 2015 IBM Corporation
. . . are harder to defend ? . . .
23
§ Anti-virus software missing, or inadequate § Encryption / decryption drains the battery § Battery life is always a challenge § Stolen or “found” devices– easy to loose § Malware, mobile spyware, impersonation § Extends set of attack vectors § Much R&D into securing platform
© 2015 IBM Corporation
. . . and Bring your Own Device now mainstream
24
§ Bring-your-own device expected § Securing corporate data
§ Additional complexities § Purpose-specific endpoints
§ Device Management
© 2015 IBM Corporation
Social Media – Lifestyle Centric Computing
25 www.theconversationprism.com
§ Different Channels § Web centric § Conversational § Personal § Open § Explosive growth
© 2015 IBM Corporation
Social Media – Special Security Challenges
26 Source: Digital Shadows, Sophos, Facebook
§ Too much information § Online impersonation § Trust / Social Engineering / PSYOP § Targeting (Advanced, Persistent
Threat)
Source: Digital Shadows, Sophos, Facebook
© 2015 IBM Corporation 28
Balance
Technical Mitigation Better firewalls
Improved anti-virus Advanced Crypto
People Mitigation Leadership Education
Culture Process
© 2015 IBM Corporation 29
ü Monitor threats ü Understand (your) systems ü Assess Impact & Probability ü Design containment mechanisms ü Don’t expect perfect defences ü Containment & quarantine planning ü Learn & improve
Risk Management Approach
© 2015 IBM Corporation
Securing a Mobile Device
DEVICE
• Enrolment & access control
• Security Policy enforcement
• Secure data container
• Remote wipe
TRANSACTION
• Allow transactions on individual basis
• Device monitoring & event detection
• Sever risk engine – allow, restrict, flag for
review
APPLICATION
• Endpoint management – software
• Application: secure by design
• Application scanning for vulnerabilities
ACCESS
• Enforce access policies
• Approved devices and users
• Context aware authorisation 30
© 2015 IBM Corporation
Secure, Social Business
31
LEADERSHIP
• More senior, most impact
• Important to leader, important to all
• Setting “tone” for culture
CULTURE
• Everyone knows importance AND risk
• Full but SAFE usage
• Mentoring
PROCESS
• What’s allowed, what’s not
• Internal & external usage
• Smart, real time black listing
EDUCATION
• Online education (benefits, risks)
• Annual recertification
• For all, at all levels
© 2015 IBM Corporation 34
Contextual, Adaptive Security
Monitor and Distill
Correlate and Predict
Adapt and Pre-empt
Security 3.0
Risk Prediction and Planning
Encompassing event correlation, risk prediction, business impact
assessment and defensive strategy formulation
Multi-level monitoring & big data analytics
Ranging from active, in
device to passive monitoring
Adaptive and optimized response
Adapt network architecture, access protocols /
privileges to maximize attacker workload
© 2015 IBM Corporation 35
1. Are you ready to respond to a cyber crime or security incident and quickly remediate?
2. Do you have the visibility and analytics needed to monitor threats?
3. Do you know where your corporate crown jewels are and are they adequately protected?
4. Can you manage your endpoints from servers to mobile devices and control network access?
5. Do you build security in and continuously test all critical web/mobile applications?
6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?
7. Do you have a risk aware culture and management system that can ensure compliance?
Fitness for Purpose
© 2015 IBM Corporation 36
1. Many Similarities – Cyber Crime vs Security – Threat Sophistication
2. Social Business & Mobile offer transformational value
3. New vulnerabilities need to be understood to be mitigated
4. Mitigation needs to be balanced, risk management based and “designed in”
Summary