Post on 17-Dec-2015
© 2014 IBM Corporation
IBM Security Services
1 © 2014 IBM Corporation
IBM Security Intelligence, Integration and Expertise
Kawther HacianeClient Solution Executive – Security services
Morocco & North West Africa
June 2014
© 2014 IBM Corporation2
Security Today
The Evolving Threat Landscape
© 2014 IBM Corporation - Morocco
IBM Security Services
3
more than
half a billion recordsof personally identifiable information (PII) were leaked in 2013
© 2014 IBM Corporation - Morocco
IBM Security Services
4
© 2014 IBM Corporation - Morocco
IBM Security Services
5 5
The average large company must filter through 1,400 cyber attacks weekly to identify the 1.7 incidents that can do harm.
Security Intelligence
Number of Attacks Number of Incidents
Annual 73,400 Annual 90.2
Weekly 1,400 Weekly 1.7
Monthly 6,100 Monthly 7.51
Attacks: Security events identified as malicious activity attempting to collect information or harm IT resources
Incidents: Attacks that have been reviewed by a security analyst and deemed worthy of deeper investigation
© 2014 IBM Corporation - Morocco
IBM Security Services
6
Morocco UNWANTED SOFTWARE & MALWARE
Highlights: • In 4Q13, 44.9% of computers in Morocco encountered malware, compared to the 4Q13 worldwide
encountered rate of 21.6%
• The MSRT detected and removed malware from 39.8 of every 1 000 unique computer scanned in Morocco 4Q13
Source: Microsoft _Security_Intelligence_Report_Volume_16_Regional_Threat_Assessment
• A CCM score of 39.8 compared to the 4Q13 worldwide CCM of 17.8
© 2014 IBM Corporation - Morocco
IBM Security Services
8
Threats categories
© 2014 IBM Corporation - Morocco
IBM Security Services
9
Defacement
Definition: attack on a website that changes the visual appearance of the site or a webpage
Is it happening in Morocco?
Highlights:
• Total notifications: 7,060 defacement of which 1,355 single ip and 5,705 mass defacements
• All sectors have been targeted by mass defacement or single ip
• Defacement attacks have been increasing and will continue growing
• All the information contained in Zone-H's cybercrime archive were either collected online from public sources or directly notified anonymously to Zone-H’s
• Governments and Industries have been the most preferred targets for Cyber Attackers with similar values (respectively 23% and 22%). Targets belonging to finance rank at number three (7%), immediately ahead of News (6%) and Education (5%). (http://hackmageddon.com/2014/01/19/2013-cyber-attacks-statistics-summary/)
© 2014 IBM Corporation - Morocco
IBM Security Services
10
Information security in the News
© 2014 IBM Corporation - Morocco
IBM Security Services
11 11
Today’s threats are more sophisticated
Threat Type % of Incidents Threat Profile
Advanced, Persistent Threat / Mercenary
National governments
Organized crime Industrial spies Terrorist cells
Equals less than 10 percent
Sophisticated tradecraft Foreign intelligence agencies, organized crime groups Well financed and often acting for profit Target technology as well as information Target and exploit valuable data Establish covert presence on sensitive networks Difficult to detect Increasing in prevalence
Hacktivist
“White hat” and “black hat” hackers
“Protectors of “Internet freedoms”
Equals less than 10 percent
Inexperienced-to-higher-order skills Target known vulnerabilities Prefer denial of service attacks BUT use malware as
means to introduce more sophisticated tools Detectable, but hard to attribute Increasing in prevalence
Opportunist Worm and virus
writers Script Kiddie
20 percent
Inexperienced or opportunistic behavior Acting for thrills, bragging rights Limited funding Target known vulnerabilities Use viruses, worms, rudimentary Trojans, bots Easily detected
Inadvertent Actor
Insiders - employees, contractors, outsourcers
60 percent
No funding Causes harm inadvertently by unwittingly carrying
viruses, or posting, sending or losing sensitive data Increasing in prevalence with new forms of mobile
access and social business
Source: Government Accountability Office (GAO), Department of Homeland Security's (DHS's) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434
Po
ten
tial
Im
pac
t
© 2014 IBM Corporation - Morocco
IBM Security Services
12
The top reasons why attacks are possible are all related tosystem hygiene or user knowledge.
End user didn’t think before clicking to open an email or website
Weak password or default password in use
Insecure configuration
Use of legacy or unpatched hardware or software
Lack of basic network security protection and segmentation
1
23
4
5
© 2014 IBM Corporation - Morocco
IBM Security Services
13
Key controls make the difference!
IBM developed essential practices required to achieve better security.
Essential practices
7. Address new complexity of cloud and virtualization
6. Control network access and help assure resilience
1. Build a risk-aware culture and management system
2. Manage security incidents with greater intelligence
3. Defend the mobile and social workplace
5. Automate security “hygiene”
4. Security-rich services, by design
10. Manage the identity lifecycle
8. Manage third-party security compliance
9. Better secure data and protect privacy
Maturity-based approach
Proactive
Au
tom
ate
dM
an
ua
l
Reactive
Proficient
Basic
Optimized
Security
intelligence
© 2014 IBM Corporation - Morocco
IBM Security Services
14
Our 2013 CISO study uncovered challenges for security leaders
Key finding Challenge
More work needs to be done to improve information sharing outside the organization
How do I best manage a broad set of concerns
from a diverse set of business
stakeholders?
Mobile security technology has significant attention and investment
How do I improve mobile security
policy and management – not just deploy
the latest technology?
In general, technical and business metrics are still focused on operational issues
How do I translate security metrics
into the language of the business to
help guide strategy?
© 2014 IBM Corporation - Morocco
IBM Security Services
15
Optimize ahead of Attackersidentify critical assets, analyze behavior, spot anomalies
Defragment your Mobile postureconstantly apply updates and review BYOD policies
Social Defense needs Socializationeducate users and engender suspicion
Don’t forget the basicsscanning, patching, configurations, passwords
Key takeaways for CIO’s and CISO’s
© 2014 IBM Corporation
IBM Security Services
16
www.ibm.com/security
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.