© 2014 IBM Corporation

IBM Security Services

1 © 2014 IBM Corporation

IBM Security Intelligence, Integration and Expertise

Kawther HacianeClient Solution Executive – Security services

Morocco & North West Africa

June 2014

© 2014 IBM Corporation2

Security Today

The Evolving Threat Landscape

© 2014 IBM Corporation - Morocco

IBM Security Services

3

more than

half a billion recordsof personally identifiable information (PII) were leaked in 2013

© 2014 IBM Corporation - Morocco

IBM Security Services

4

© 2014 IBM Corporation - Morocco

IBM Security Services

5 5

The average large company must filter through 1,400 cyber attacks weekly to identify the 1.7 incidents that can do harm.

Security Intelligence

Number of Attacks Number of Incidents

Annual 73,400 Annual 90.2

Weekly 1,400 Weekly 1.7

Monthly 6,100 Monthly 7.51

Attacks: Security events identified as malicious activity attempting to collect information or harm IT resources

Incidents: Attacks that have been reviewed by a security analyst and deemed worthy of deeper investigation

© 2014 IBM Corporation - Morocco

IBM Security Services

6

Morocco UNWANTED SOFTWARE & MALWARE

Highlights: • In 4Q13, 44.9% of computers in Morocco encountered malware, compared to the 4Q13 worldwide

encountered rate of 21.6%

• The MSRT detected and removed malware from 39.8 of every 1 000 unique computer scanned in Morocco 4Q13

Source: Microsoft _Security_Intelligence_Report_Volume_16_Regional_Threat_Assessment

• A CCM score of 39.8 compared to the 4Q13 worldwide CCM of 17.8

© 2014 IBM Corporation - Morocco

IBM Security Services

8

Threats categories

© 2014 IBM Corporation - Morocco

IBM Security Services

9

Defacement

Definition: attack on a website that changes the visual appearance of the site or a webpage

Is it happening in Morocco?

Highlights:

• Total notifications: 7,060 defacement of which 1,355 single ip and 5,705 mass defacements

• All sectors have been targeted by mass defacement or single ip

• Defacement attacks have been increasing and will continue growing

• All the information contained in Zone-H's cybercrime archive were either collected online from public sources or directly notified anonymously to Zone-H’s

• Governments and Industries have been the most preferred targets for Cyber Attackers with similar values (respectively 23% and 22%). Targets belonging to finance rank at number three (7%), immediately ahead of News (6%) and Education (5%). (http://hackmageddon.com/2014/01/19/2013-cyber-attacks-statistics-summary/)

© 2014 IBM Corporation - Morocco

IBM Security Services

10

Information security in the News

© 2014 IBM Corporation - Morocco

IBM Security Services

11 11

Today’s threats are more sophisticated

Threat Type % of Incidents Threat Profile

Advanced, Persistent Threat / Mercenary

National governments

Organized crime Industrial spies Terrorist cells

Equals less than 10 percent

Sophisticated tradecraft Foreign intelligence agencies, organized crime groups Well financed and often acting for profit Target technology as well as information Target and exploit valuable data Establish covert presence on sensitive networks Difficult to detect Increasing in prevalence

Hacktivist

“White hat” and “black hat” hackers

“Protectors of “Internet freedoms”

Equals less than 10 percent

Inexperienced-to-higher-order skills Target known vulnerabilities Prefer denial of service attacks BUT use malware as

means to introduce more sophisticated tools Detectable, but hard to attribute Increasing in prevalence

Opportunist Worm and virus

writers Script Kiddie

20 percent

Inexperienced or opportunistic behavior Acting for thrills, bragging rights Limited funding Target known vulnerabilities Use viruses, worms, rudimentary Trojans, bots Easily detected

Inadvertent Actor

Insiders - employees, contractors, outsourcers

60 percent

No funding Causes harm inadvertently by unwittingly carrying

viruses, or posting, sending or losing sensitive data Increasing in prevalence with new forms of mobile

access and social business

Source: Government Accountability Office (GAO), Department of Homeland Security's (DHS's) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434

Po

ten

tial

Im

pac

t

© 2014 IBM Corporation - Morocco

IBM Security Services

12

The top reasons why attacks are possible are all related tosystem hygiene or user knowledge.

End user didn’t think before clicking to open an email or website

Weak password or default password in use

Insecure configuration

Use of legacy or unpatched hardware or software

Lack of basic network security protection and segmentation

1

23

4

5

© 2014 IBM Corporation - Morocco

IBM Security Services

13

Key controls make the difference!

IBM developed essential practices required to achieve better security.

Essential practices

7. Address new complexity of cloud and virtualization

6. Control network access and help assure resilience

1. Build a risk-aware culture and management system

2. Manage security incidents with greater intelligence

3. Defend the mobile and social workplace

5. Automate security “hygiene”

4. Security-rich services, by design

10. Manage the identity lifecycle

8. Manage third-party security compliance

9. Better secure data and protect privacy

Maturity-based approach

Proactive

Au

tom

ate

dM

an

ua

l

Reactive

Proficient

Basic

Optimized

Security

intelligence

© 2014 IBM Corporation - Morocco

IBM Security Services

14

Our 2013 CISO study uncovered challenges for security leaders

Key finding Challenge

More work needs to be done to improve information sharing outside the organization

How do I best manage a broad set of concerns

from a diverse set of business

stakeholders?

Mobile security technology has significant attention and investment

How do I improve mobile security

policy and management – not just deploy

the latest technology?

In general, technical and business metrics are still focused on operational issues

How do I translate security metrics

into the language of the business to

help guide strategy?

© 2014 IBM Corporation - Morocco

IBM Security Services

15

Optimize ahead of Attackersidentify critical assets, analyze behavior, spot anomalies

Defragment your Mobile postureconstantly apply updates and review BYOD policies

Social Defense needs Socializationeducate users and engender suspicion

Don’t forget the basicsscanning, patching, configurations, passwords

Key takeaways for CIO’s and CISO’s

© 2014 IBM Corporation

IBM Security Services

16

www.ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.