SlideShare ist ein Scribd-Unternehmen logo

Responding to and recovering from sophisticated security attacks

IBM
IBM

What are the four things you need to know to keep your organisation safe from Security attacks?

Technologie
1 von 12
Downloaden Sie, um offline zu lesen
IBM Global Technology Services IBM Security Services IBM Global Technology Services i White Paper Responding to—and recovering from—sophisticated security attacks The four things you can do now to help keep your organization safe
2 Responding to—and recovering from—sophisticated security attacks Contents How severe? Sophisticated attacks can include: 2 Introduction • Stealing intellectual property • Confiscating bank accounts and other financial assets 3 Step 1: Prioritize your business objectives and set • Distributing malware on individual computers and your risk tolerance across systems 4 Step 2: Protect your organization with a proactive • Posting confidential business and/or customer security plan information online 7 Step 3: Prepare your response to the inevitable: • Damaging critical infrastructure a sophisticated attack 8 Step 4: Promote and support a culture of How frequent? A 2012 study of 2,618 business leaders and security awareness security practitioners in the United States, United Kingdom, 10 Get started now—before your company becomes a victim Germany, Hong Kong and Brazil found that they experienced 12 For more information an average of 66 attacks per week, with organizations in Germany and the U.S. reporting the highest numbers: 82 and 79 per week, respectively. And in their 2012 mid-year Introduction report, IBM X-Force research and development teams noted Like so many other things in today’s world, cyber attacks— an upward trend in overall vulnerabilities, predicting a possible along with those who perpetrate them—are becoming more all-time high by the end of the year.2 sophisticated every year. At the same time, IT resources are moving outside the firewall and enterprises are distributing How costly? The average cost of recovering from a single their applications and data across multiple devices. It’s now cyber attack was estimated to be as much as nearly $300,000 clear that simply protecting an organization’s perimeter is not by the organizations mentioned in the above 2012 study.3 That enough. These sophisticated attacks—which include advanced could amount to nearly $1 billion over the course of a year. persistent threats, or APTs—are bypassing traditional defenses. What’s more, we know that the people behind these We know all too well how major security incidents can affect sophisticated attacks are patient, long-term planners. They do a company’s data, networks and corporate brand. We also reconnaissance and target specific vulnerabilities. And they’re know that sophisticated attacks, designed to gain continuous shifting their focus from exploitation to destruction. access to critical information or to cause damage in critical infrastructure, are becoming more severe, more frequent and more costly.
IBM Global Technology Services 3 In this paper we’ll discuss the four proactive steps that Identify those areas most vulnerable to attack you can — and should —take now to help keep your Just as there are some things that are more important than organization safe: others to the security of your business, there are also some • Prioritize your business objectives and set your risk areas that are more vulnerable than others. This is not an tolerance exercise in finger-pointing or laying blame. Instead, it’s an • Protect your organization with a proactive security plan opportunity to see things as they are—so you can create a more • Prepare your response to the inevitable: secure environment overall. a sophisticated attack • Promote and support a culture of security awareness. Identify the specific types of attacks that pose the biggest threat Sophisticated attacks are designed to wreak as much havoc as Step 1: Prioritize your business objectives possible—typically resulting in the loss or misuse of critical and set your risk tolerance data, the disruption of critical infrastructure, or both. That’s Experience over the past several years has made it clear that why you need to look at your company’s information and “security” is a relative term. Because no matter how much business critical systems from an attacker’s point of view. And we may want to create a completely and permanently secure then ask yourself how an attacker could do the most damage. enterprise and be done with it, reality dictates otherwise. Still, the growing threat of sophisticated attacks demands that we Identify those areas that would incur the greatest loss take seriously the business of securing our information and in the event of an attack protecting our people and infrastructure. And that starts with This is where you come face to face with your biggest setting priorities. nightmare. If you’re going to come up with a successful plan, you need to be able to see just how much devastation would Determine what’s most important to the security of occur if an attack were to succeed in striking your business your business and why where it would hurt the most. This sounds fairly obvious. But taking the time to really think about your business objectives and discuss what’s most important—and how much risk you’re willing to tolerate— will help lay a solid foundation for a security strategy that You need to look at your meets the unique needs of your entire organization. Once company’s information and you’ve established this baseline, you’ll have taken a big step in the right direction. business critical systems from an attacker’s point of view.
4 Responding to—and recovering from—sophisticated security attacks Step 2: Protect your organization with Online gaming / entertainment sites hacked, 100 million a proactive security plan customer records compromised Now that you’ve established your priorities, it’s time to make your plans, get the right technology in place and put Estimated costs: $3.6 billion everything into action. This is where you take the steps to ensure that your company is aware of potential threats and Victim: Online gaming community and entertainment sites working proactively to defend itself against them—on an ongoing basis. What happened: An “external intrusion” to a gaming network resulted in 70 million customer accounts being compromised, Create a proactive and informed approach to putting personal and credit card data at risk. The firm was IT security forced to “turn off” online services during the investigation, Develop a security strategy with policies and technologies causing public backlash and widespread negative press. A second hack in the entertainment division compromised designed to proactively protect the assets and information you additional client data. identified as priorities in Step 1. Arming your organization to successfully manage against those vulnerabilities is an Why it happened: Hackers allegedly were able to penetrate essential part of taking a proactive stance to security. And the network security and gain access to unencrypted account and security policies you develop will lay the foundation for your user data, and possibly some credit card data. information security management strategy. These policies should document your security requirements, processes and Damage done: In addition to widespread, negative public technology standards. There’s also a bonus to be had here: in sentiment, the firm reportedly faced costs exceeding addition to helping you detect and eliminate vulnerabilities, a $171 million in lost business and response expense. The smart security strategy can also enhance business operations by firm’s reported market capitalization fell by approximately reducing risk and decreasing IT security management costs. $3.6 billion, as the stock priced dropped 12 percent. Identify existing vulnerabilities and fix them Lessons learned: It’s reported that one of the vulnerabilities This could involve a process as straightforward (but resource exploited was known to the company. Firms should leverage a framework for managing risk associated with information intensive) as making sure every operating system on every assets, as well as establish strong governance mechanisms to machine is up-to-date on security patches—and will stay that support that framework. way. Other vulnerabilities are more difficult to detect and fix, such as weaknesses in business applications. Illustrative purposes only. The actual facts and damages associated with these scenarios may vary from the examples provided. Estimated, based on publicly available financial information, published articles.
IBM Global Technology Services 5 Mediate against any existing threats And because the security landscape is continuing to change Are you confident that you aren’t already the victim of a at an ever-increasing pace, it’s equally important that you sophisticated attack? Particularly pernicious attacks such implement policies for regular testing and review. as advanced persistent threats, or APTs, are designed to remain invisible for as long as possible, moving from one Take a smart approach to security intelligence compromised host to the next, without generating identifiable How do you stay on top of all this—without sending your network traffic. At the heart of every APT lies a remote IT department into a continual state of panic? Security control function, which enables criminals to navigate to intelligence and analytics tools can actively monitor and specific hosts within target organizations, manipulate local correlate data activity across multiple security technologies, systems, and gain continuous access to critical information. offering you the visibility and insight into what’s going on in To protect yourself, you need tools designed to detect remote your environment—to help you spot and investigate the kind control communications between your system and the of suspicious activity that could indicate an attack is underway. criminal invader. They help reduce complexity by communicating with one common language across multi-vendor environments, while taking the strain off your IT department and potentially delivering both time and cost savings. It’s become more important than ever that you pay serious Develop governance procedures and assign ownership of risk attention to testing your Like most other things, your security programs and policies security policies, procedures and designed to defend against threats such as sophisticated attacks will only be as good as your organization’s ability to ensure that technologies for effectiveness. everyone is playing by the rules. So you need to have a plan in place for staying on top of the situation for the long term. That includes deciding who’s going to monitor and manage your Test, test, and test some more security policies and how you’ll provide proof that your risk With the emergence of sophisticated attacks comes the reality posture is being maintained. Make sure your security program that one will strike your organization. It’s only a matter of has ownership and leadership assigned across critical business time. That’s why it’s become more important than ever that areas. By expanding accountability and awareness across key you pay serious attention to testing your security policies, areas of risk, you’ll create a heightened understanding and procedures and technologies for effectiveness—especially enforcement of the security controls you’ve put in place. since doing so is a key element of legal and regulatory And that, in turn, will allow you to create a more secure requirements for due care and diligence. Failure to do so can business environment. mean that corporate officers are held liable for the results of a security breach.
6 Responding to—and recovering from—sophisticated security attacks Demonstrate and document the value of your security investments Customer data stolen from retailer over 18+ months; at least There’s no getting around the fact that your organization will 45 million records lifted need to find the necessary room in its budget for creating and maintaining an effective security program. And because Estimated costs: Up to $900 million it’s very difficult to quantify value in terms of the attacks that didn’t take place, it’s a good idea to maintain ongoing Victim: Nationwide discount retailer communications about what you’re doing and why it’s important. By reporting significant activities that have or could What happened: Apparently 45 million customer credit and have penetrated critical systems and data, for example, you debit card numbers were stolen from the company’s systems, can demonstrate the value of security technology investments, although the true number of records stolen is difficult to determine, given the duration and nature of the incident. This identify gaps, stop attacks in progress, uncover streamlining data was sold to criminals and then used to make fraudulent opportunities, and inspire confidence in your approach. purchases. Why it happened: The company reportedly collected 49% and stored unnecessary and excessive amounts of personal information for too long and relied on outdated encryption technology to defend the data. Hackers apparently gained initial access into the central database of IT executives say they’re challenged by through unsecure wireless connections in retail stores. an inability to measure the effectiveness The company was subsequently found to be in violation of of their current security efforts.4 payment industry standards. Damage done: This is reported to be the largest breach of its kind to get widespread media coverage. In addition to lawsuits, Review everything to ensure that there are no gaps or hefty fines, and remediation costs, the damage to reputation unnecessary overlaps and other indirect costs is immeasurable. When you’re working as a group, but taking individual responsibility for specific aspects of a plan, it’s easy to make Lessons learned: Regular, periodic re-evaluation of the mistake of assuming that someone else has covered infrastructure and information risks is required as changing something that you haven’t. Likewise, it’s just as easy for threats and technologies can render previously acceptable more than one person to cover the same thing. So do a final protections obsolete. check for clarity and completeness—making sure that you’ve Illustrative purposes only. The actual facts and damages associated with included provisions for security intelligence, analytics and these scenarios may vary from the examples provided. Estimated, based monitoring, for example—to reduce unnecessary complexity on publicly available financial information, published articles. and spending, and looking for opportunities to simplify ongoing monitoring, management, and real-time decision making across technologies.
IBM Global Technology Services 7 Step 3: Prepare your response to the inevitable: a sophisticated attack Having the resources or skills Once you’ve implemented your security policies, procedures and technologies to the best of your ability, it’s time to address needed to actively respond to and how you’re going to handle a breach if and when it should investigate security incidents is key occur. In fact, as one analyst recently observed, “Most large to reducing their impact. enterprise security administrators and chief information security officers understand that it is not a matter of if, but when their organization will experience a breach.” 5 It’s clear that having access to the resources or skills needed Develop a detailed and coordinated response plan to actively respond to and investigate security incidents is An organization needs a unified, cross-company policy and key to reducing their impact. If your reputation is critical to process for managing its response to an incident. If you already your ability to conduct business, and you find that the nature have a plan in place, have you tested your plan and determined of your business may heighten your risk to sophisticated its effectiveness lately? attacks, you might want to consider employing ongoing threat monitoring and management. This approach uses technology Your incident response plan should specify how to stop an designed to improve defense, automate incident response and attack, identify what (if anything) was compromised, and conduct forensic analysis across a broad range of threats. calculate the financial and reputational impact. It should also offer guidelines for communicating with employees, any Take a consistent approach to assigning responsibility across the organization individuals whose information may have been compromised Accept the fact that virtually all organizations will fall victim and the media. to a sophisticated attack of some sort, at some time. Make Ensure you have access to the resources and tools sure your incident response plan specifies who will need to do needed to respond quickly what—and how everyone will share information. Coordination The longer it takes to resolve an attack, the more damage it’s across the enterprise is key to effective detection, remediation likely to do, and the more it’s likely to cost. What’s more, and containment. It’s important that everyone involved has a about 78 percent of those senior executives responding to a role to play—and knows what that role is. Determine which recent IBM-sponsored survey on reputational risk say they steps each stakeholder will take to prepare his or her area recover from relatively minor incidents (such as a website to help reduce the occurrence—and limit the extent—of outage) in less than six months. But it takes longer to recover sophisticated attacks. from reputational damage due to cybercrime—partly because it can be harder tosell the message that the problem has been entirely fixed.6
8 Responding to—and recovering from—sophisticated security attacks Step 4: Promote and support a culture of Payment processor suffers intrusion into core business, security awareness affecting 130 million customers The job of securing an enterprise’s network continues to grow infinitely more complex as information pours in from Estimated costs: Up to $500 million thousands of devices and through scores of public web-based services. One study reports that 91 percent of enterprise smart Victim: Payment processor phone users connect to corporate email, but only one in three is required to install mobile security software.7 In such What happened: Around 130 million customer credit and debit card numbers were stolen from a payment processing system, an environment, access is easy for everyone involved— resulting in fraudulent transactions. including criminals. Why it happened: Malicious software was apparently inserted Create and support a risk-aware culture throughout into the processing system and used to collect in-transit, your organization unencrypted payment data while it was being processed by It’s time to expand the mission of enterprise security, from the firm during the transaction authorization process. Card the tech staff and their machines to every person within the data included card numbers, expiration dates, and certain company, and everyone who does business with it. Since each other information from the magnetic stripe on the back of the person poses a potential breach, each one must also represent payment card. a piece of the solution. In the end, success hinges upon promoting and supporting a risk-aware culture, where the Damage done: This was a large, visible breach that also importance of security informs every decision and procedure received widespread media coverage. The firm reportedly at every level of the company. That means secure procedures paid in excess of $140 million in direct costs related to legal for data need to become second nature, much like locking the judgments, settlements, and fees. And the company’s market door behind you when you leave home. capitalization reportedly dropped by nearly half a billion dollars in the three months following the event. Ensure that each employee knows what to do The process of changing a company’s culture can be Lessons learned: Direct, forthright crisis response minimized client defection. The information shared and leveraged from an enormously challenging. But if you start by taking steps industry standards association strengthened the company’s to communicate the real importance of helping to improve security posture, allowing it to eventually recover its loss in security and teach everyone how to recognize and report market value. possible security problems, you will be heading in the right direction. Illustrative purposes only. The actual facts and damages associated with these scenarios may vary from the examples provided. Estimated, based on publicly available financial information, published articles.
IBM Global Technology Services 9 Our security essentials At IBM, we are constantly striving to find the balance between that’s running, be confident that it’s current, and have improving the way we do business and the need to control risk. a system in place to install updates and patches as The company’s comprehensive response includes technology, they’re released. process and policy measures. It involves 10 essential practices. 6. Control network access—Companies that channel 1. Build a risk-aware culture—where there’s simply zero registered data through monitored access points will have a tolerance, at a company level, when colleagues are far easier time spotting and isolating malware. careless about security. Management needs to push this change relentlessly from the very top down, while also 7. Security in the clouds—If an enterprise is migrating certain implementing tools to track progress. IT services to a cloud environment, it will be in close quarters with lots of others—possibly including scam 2. Manage incidents and respond—A company-wide effort artists. So it’s important to have the tools and procedures to implement intelligent analytics and automated response to isolate yourself from the others, and to monitor capabilities is essential. Creating an automated and unified possible threats. system will enable an enterprise to monitor its operations— and respond quickly. 8. Patrol the neighborhood—An enterprise’s culture of security must extend beyond company walls, and establish best 3. Defend the workplace—Each work station, laptop or smart practices among its contractors and suppliers. This is phone provides a potential opening for malicious a similar process to the drive for quality control a attacks. The settings on each device must all be subject to generation ago. centralized management and enforcement. And the streams of data within an enterprise have to be classified and routed 9. Protect the company jewels—Each enterprise should carry solely to its circle of users. out an inventory of its critical assets—whether it’s scientific or technical data, confidential documents or clients’ private 4. Security by design—One of the biggest vulnerabilities in information—and ensure it gets special treatment. Each information systems comes from implementing services priority item should be guarded, tracked, and encrypted as if first, and then adding security on afterwards. The only the company’s survival hinged on it. solution is to build in security from the beginning, and to carry out regular tests to track compliance. 10. Track who’s who—Companies that mismanage the “identity lifecycle” are operating in the dark and could be vulnerable 5. Keep it clean—Managing updates on a hodgepodge to intrusions. You can address this risk by implementing of software can be next to impossible. In a secure meticulous systems to identify people, manage their system, administrators can keep track of every program permissions, and revoke them as soon as they depart.
10 Responding to— and recovering from—sophisticated security attacks small amounts of key personal data from public social media sites, attackers have been able to use clever social engineering Build a risk- Control network aware culture access “tricks” to gain unrestricted access to targeted accounts. They have even bypassed two-factor authentication by convincing Manage incidents Security in the mobile providers to relocate a user’s voicemail. So it’s not and respond clouds a matter of whether your company will become a victim, but when. In fact, 61 percent of the senior executives who Defend the Patrol the workplace neighborhood participated in IBM’s recent study on reputational risk and IT said that data breaches, data theft and cybercrime posed the Security by Protect the greatest threat to their companies’ reputations.8 design company jewels Keep it clean Track who’s who It’s not a matter of whether your company will become a victim, but when. Figure 1. Ten essential practices: A successful security program strikes a balance that allows for flexibility and innovation while maintaining consistent safeguards that are understood and practiced throughout the organization. It’s okay to seek help It’s easy to feel overwhelmed when you consider what it Get started now—before your company takes to protect your organization from sophisticated attacks. becomes a victim There’s a lot to talk about, think about and worry about. But IBM X-Force reported just over 4,400 new security you just need to take it one step at a time. And you don’t need vulnerabilities for the first half of 2012. Assuming that this to go it alone. trend continued throughout the rest of the year, the total projected vulnerabilities would likely surpass the record of IBM Security Services consultants can help you plan, nearly 9,000, set in 2010. In addition, the rate of unpatched implement and manage virtually all aspects of your security vulnerabilities for the first half of 2012 was the highest that strategy. They’re senior security professionals who have IBM X-Force had seen since 2008. honed their skills in both the public and private sectors, working in corporate security leadership and consulting, Many organizations have had to deal with the fallout caused investigative branches of government, law enforcement, by password and personal data leaks. And these attacks have and research and development. become increasingly sophisticated. For example, by obtaining
IBM Global Technology Services 11 In addition to offering consulting services, IBM has helped to set the standard for accountability, reliability and protection What would a Security Health Scan find at your company? in managed security services since 1995. These services are Here are sample Security Health Scan findings for several designed to help you enhance your information security types of organizations, showing the average number of posture, lower your total cost of ownership and demonstrate vulnerabilities found after just one of three consecutive compliance by outsourcing the monitoring and management of weekly scans. It’s not a surprise to see that even the most your security operations to IBM, regardless of device type or secure companies can find they have significant exposures, vendor, on a 24x7x365 basis or as needed. sometimes on multiple fronts. In today’s dynamic business environment, where boundaries no longer exist, you’re more than likely to find at least some vulnerabilities and exposures. IBM Managed Security Services can provide the security intelligence, expertise, tools and infrastructure you need to help secure your information assets from Internet attacks University Insurance company around the clock, often at a fraction of the cost of in-house Severe Severe security resources. 106 86 Begin with a complimentary Security Health Scan Moderate Moderate By now you’re probably starting to think about how 7 11 vulnerable your company may be. You can get a glimpse with a complimentary Security Health Scan from IBM Security Critical Critical Services. Here’s how it works: IBM will scan up to 10 IP 23 17 addresses or a web domain of your choosing once a week for three weeks, at no charge. You’ll receive a detailed analysis Virtual hosting/ City government of the vulnerabilities that are found—classified by their level web hosting provider Severe Severe of severity—along with step-by-step instructions on how 112 112 to remediate them. What’s more, for the duration of your scanning period you’ll have access to the IBM Managed Moderate Security Services Virtual Security Operations Center portal 20 and all the intelligence and threat information it provides. Moderate Critical 20 38 Critical 9
12 Responding to— and recovering from—sophisticated security attacks For more information To learn more about how IBM Security Services can help you reduce costs and increase your protection against sophisticated threats, please contact your IBM representative or IBM Business Partner, or visit the following website: © Copyright IBM Corporation 2013 ibm.com/services/security IBM Global Services Route 100 To sign up for a complimentary Security Health Scan, visit: Somers, NY 10589 U.S.A. ibm.com/security-scan Produced in the United States of America February 2013 All Rights Reserved IBM, the IBM logo, ibm.com and X-Force are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 Ponemon Institute LLC, The Impact of Cybercrime on Business: Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil sponsored by Check Point Software Technologies, May 2012. 2 IBM X-Force 2012 Mid-year Trend and Risk Report, September 2012. 3 See note 1 above. 4 Security Intelligence Can Deliver Value Beyond Expectations And Needs To Be Prioritized, a commissioned study conducted by Forrester Consulting on behalf of IBM Global  Technology Services, May 2012. 5 Blog post: “Okay, Breaches Are Inevitable: So Now What Do We Do?” by Paula Musich, Current Analysis, July 20, 2012. 6 IBM Global Technology Services, Reputational risk and IT, September 2012. 7 Kaspersky Labs, Enterprise Mobile Security Survey, December 2010. 8 See note 6 above. Please Recycle SEW03029-USEN-00

Empfohlen

Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Fns Incident Management Powered By En Case
Fns Incident Management Powered By En CaseFns Incident Management Powered By En Case
Fns Incident Management Powered By En Casetbeckwith
 
Small Business Technology Challenges
Small Business Technology ChallengesSmall Business Technology Challenges
Small Business Technology ChallengesInfinity Technologies
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securitybethpatrick
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceS-RM Risk and Intelligence Consulting
 

Empfohlen

Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Fns Incident Management Powered By En Case
Fns Incident Management Powered By En CaseFns Incident Management Powered By En Case
Fns Incident Management Powered By En Casetbeckwith
 
Small Business Technology Challenges
Small Business Technology ChallengesSmall Business Technology Challenges
Small Business Technology ChallengesInfinity Technologies
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securitybethpatrick
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Challenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceChallenging Insecurity: A Roadmap to Cyber Confidence
Challenging Insecurity: A Roadmap to Cyber ConfidenceS-RM Risk and Intelligence Consulting
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security RisksEnterprise Security Risk Management
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...Booz Allen Hamilton
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Rm
RmRm
Rmansulag19
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 

Weitere ähnliche Inhalte

Was ist angesagt?

2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingRaghuraman Ramamurthy
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReportfinance40
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...Booz Allen Hamilton
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 

Was ist angesagt? (20)

Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochure
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
Rm
RmRm
Rm
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 

Ähnlich wie Responding to and recovering from sophisticated security attacks

Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceNational Retail Federation
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent ThreatsBooz Allen Hamilton
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...United Security Providers AG
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptxlochanrajdahal
 

Ähnlich wie Responding to and recovering from sophisticated security attacks (20)

Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromise
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Countering Advanced Persistent Threats
Countering Advanced Persistent ThreatsCountering Advanced Persistent Threats
Countering Advanced Persistent Threats
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...The Importance of Consolidating Your Infrastructure Security – by United Secu...
The Importance of Consolidating Your Infrastructure Security – by United Secu...
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Assess risks to IT security.pptx
Assess risks to IT security.pptxAssess risks to IT security.pptx
Assess risks to IT security.pptx
 

Mehr von IBM

The New Economy
The New EconomyThe New Economy
The New EconomyIBM
 
Brand enthusiasm
Brand enthusiasmBrand enthusiasm
Brand enthusiasmIBM
 
Future of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperFuture of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperIBM
 
Success in the cloud, why workload matters
Success in the cloud, why workload mattersSuccess in the cloud, why workload matters
Success in the cloud, why workload mattersIBM
 
Exploring the-frontiers-of-cloud-computing
Exploring the-frontiers-of-cloud-computingExploring the-frontiers-of-cloud-computing
Exploring the-frontiers-of-cloud-computingIBM
 
Free Cloud e-guide
Free Cloud e-guideFree Cloud e-guide
Free Cloud e-guideIBM
 
IBM & CIF - Cloud Channel Research 2013
IBM & CIF - Cloud Channel Research 2013IBM & CIF - Cloud Channel Research 2013
IBM & CIF - Cloud Channel Research 2013IBM
 
Big data cloud cloud circle keynote_final laura colvine 8th november 2012
Big data cloud cloud circle keynote_final laura colvine 8th november 2012Big data cloud cloud circle keynote_final laura colvine 8th november 2012
Big data cloud cloud circle keynote_final laura colvine 8th november 2012IBM
 
Future of the it department 17 may 2012 mt
Future of the it department 17 may 2012 mtFuture of the it department 17 may 2012 mt
Future of the it department 17 may 2012 mtIBM
 
How Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperHow Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperIBM
 
Cloud The Future Of The IT Department
Cloud The Future Of The IT DepartmentCloud The Future Of The IT Department
Cloud The Future Of The IT DepartmentIBM
 
IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...
IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...
IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...IBM
 

Mehr von IBM (12)

The New Economy
The New EconomyThe New Economy
The New Economy
 
Brand enthusiasm
Brand enthusiasmBrand enthusiasm
Brand enthusiasm
 
Future of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paperFuture of enterprise IT function IBM white paper
Future of enterprise IT function IBM white paper
 
Success in the cloud, why workload matters
Success in the cloud, why workload mattersSuccess in the cloud, why workload matters
Success in the cloud, why workload matters
 
Exploring the-frontiers-of-cloud-computing
Exploring the-frontiers-of-cloud-computingExploring the-frontiers-of-cloud-computing
Exploring the-frontiers-of-cloud-computing
 
Free Cloud e-guide
Free Cloud e-guideFree Cloud e-guide
Free Cloud e-guide
 
IBM & CIF - Cloud Channel Research 2013
IBM & CIF - Cloud Channel Research 2013IBM & CIF - Cloud Channel Research 2013
IBM & CIF - Cloud Channel Research 2013
 
Big data cloud cloud circle keynote_final laura colvine 8th november 2012
Big data cloud cloud circle keynote_final laura colvine 8th november 2012Big data cloud cloud circle keynote_final laura colvine 8th november 2012
Big data cloud cloud circle keynote_final laura colvine 8th november 2012
 
Future of the it department 17 may 2012 mt
Future of the it department 17 may 2012 mtFuture of the it department 17 may 2012 mt
Future of the it department 17 may 2012 mt
 
How Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security PaperHow Does IBM Deliver Cloud Security Paper
How Does IBM Deliver Cloud Security Paper
 
Cloud The Future Of The IT Department
Cloud The Future Of The IT DepartmentCloud The Future Of The IT Department
Cloud The Future Of The IT Department
 
IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...
IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...
IBM Partnering For A Smarter Planet Exploring The Role Of Ecosystems In Evo...
 

Kürzlich hochgeladen

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Kürzlich hochgeladen (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Responding to and recovering from sophisticated security attacks

  • 1. IBM Global Technology Services IBM Security Services IBM Global Technology Services i White Paper Responding to—and recovering from—sophisticated security attacks The four things you can do now to help keep your organization safe
  • 2. 2 Responding to—and recovering from—sophisticated security attacks Contents How severe? Sophisticated attacks can include: 2 Introduction • Stealing intellectual property • Confiscating bank accounts and other financial assets 3 Step 1: Prioritize your business objectives and set • Distributing malware on individual computers and your risk tolerance across systems 4 Step 2: Protect your organization with a proactive • Posting confidential business and/or customer security plan information online 7 Step 3: Prepare your response to the inevitable: • Damaging critical infrastructure a sophisticated attack 8 Step 4: Promote and support a culture of How frequent? A 2012 study of 2,618 business leaders and security awareness security practitioners in the United States, United Kingdom, 10 Get started now—before your company becomes a victim Germany, Hong Kong and Brazil found that they experienced 12 For more information an average of 66 attacks per week, with organizations in Germany and the U.S. reporting the highest numbers: 82 and 79 per week, respectively. And in their 2012 mid-year Introduction report, IBM X-Force research and development teams noted Like so many other things in today’s world, cyber attacks— an upward trend in overall vulnerabilities, predicting a possible along with those who perpetrate them—are becoming more all-time high by the end of the year.2 sophisticated every year. At the same time, IT resources are moving outside the firewall and enterprises are distributing How costly? The average cost of recovering from a single their applications and data across multiple devices. It’s now cyber attack was estimated to be as much as nearly $300,000 clear that simply protecting an organization’s perimeter is not by the organizations mentioned in the above 2012 study.3 That enough. These sophisticated attacks—which include advanced could amount to nearly $1 billion over the course of a year. persistent threats, or APTs—are bypassing traditional defenses. What’s more, we know that the people behind these We know all too well how major security incidents can affect sophisticated attacks are patient, long-term planners. They do a company’s data, networks and corporate brand. We also reconnaissance and target specific vulnerabilities. And they’re know that sophisticated attacks, designed to gain continuous shifting their focus from exploitation to destruction. access to critical information or to cause damage in critical infrastructure, are becoming more severe, more frequent and more costly.
  • 3. IBM Global Technology Services 3 In this paper we’ll discuss the four proactive steps that Identify those areas most vulnerable to attack you can — and should —take now to help keep your Just as there are some things that are more important than organization safe: others to the security of your business, there are also some • Prioritize your business objectives and set your risk areas that are more vulnerable than others. This is not an tolerance exercise in finger-pointing or laying blame. Instead, it’s an • Protect your organization with a proactive security plan opportunity to see things as they are—so you can create a more • Prepare your response to the inevitable: secure environment overall. a sophisticated attack • Promote and support a culture of security awareness. Identify the specific types of attacks that pose the biggest threat Sophisticated attacks are designed to wreak as much havoc as Step 1: Prioritize your business objectives possible—typically resulting in the loss or misuse of critical and set your risk tolerance data, the disruption of critical infrastructure, or both. That’s Experience over the past several years has made it clear that why you need to look at your company’s information and “security” is a relative term. Because no matter how much business critical systems from an attacker’s point of view. And we may want to create a completely and permanently secure then ask yourself how an attacker could do the most damage. enterprise and be done with it, reality dictates otherwise. Still, the growing threat of sophisticated attacks demands that we Identify those areas that would incur the greatest loss take seriously the business of securing our information and in the event of an attack protecting our people and infrastructure. And that starts with This is where you come face to face with your biggest setting priorities. nightmare. If you’re going to come up with a successful plan, you need to be able to see just how much devastation would Determine what’s most important to the security of occur if an attack were to succeed in striking your business your business and why where it would hurt the most. This sounds fairly obvious. But taking the time to really think about your business objectives and discuss what’s most important—and how much risk you’re willing to tolerate— will help lay a solid foundation for a security strategy that You need to look at your meets the unique needs of your entire organization. Once company’s information and you’ve established this baseline, you’ll have taken a big step in the right direction. business critical systems from an attacker’s point of view.
  • 4. 4 Responding to—and recovering from—sophisticated security attacks Step 2: Protect your organization with Online gaming / entertainment sites hacked, 100 million a proactive security plan customer records compromised Now that you’ve established your priorities, it’s time to make your plans, get the right technology in place and put Estimated costs: $3.6 billion everything into action. This is where you take the steps to ensure that your company is aware of potential threats and Victim: Online gaming community and entertainment sites working proactively to defend itself against them—on an ongoing basis. What happened: An “external intrusion” to a gaming network resulted in 70 million customer accounts being compromised, Create a proactive and informed approach to putting personal and credit card data at risk. The firm was IT security forced to “turn off” online services during the investigation, Develop a security strategy with policies and technologies causing public backlash and widespread negative press. A second hack in the entertainment division compromised designed to proactively protect the assets and information you additional client data. identified as priorities in Step 1. Arming your organization to successfully manage against those vulnerabilities is an Why it happened: Hackers allegedly were able to penetrate essential part of taking a proactive stance to security. And the network security and gain access to unencrypted account and security policies you develop will lay the foundation for your user data, and possibly some credit card data. information security management strategy. These policies should document your security requirements, processes and Damage done: In addition to widespread, negative public technology standards. There’s also a bonus to be had here: in sentiment, the firm reportedly faced costs exceeding addition to helping you detect and eliminate vulnerabilities, a $171 million in lost business and response expense. The smart security strategy can also enhance business operations by firm’s reported market capitalization fell by approximately reducing risk and decreasing IT security management costs. $3.6 billion, as the stock priced dropped 12 percent. Identify existing vulnerabilities and fix them Lessons learned: It’s reported that one of the vulnerabilities This could involve a process as straightforward (but resource exploited was known to the company. Firms should leverage a framework for managing risk associated with information intensive) as making sure every operating system on every assets, as well as establish strong governance mechanisms to machine is up-to-date on security patches—and will stay that support that framework. way. Other vulnerabilities are more difficult to detect and fix, such as weaknesses in business applications. Illustrative purposes only. The actual facts and damages associated with these scenarios may vary from the examples provided. Estimated, based on publicly available financial information, published articles.
  • 5. IBM Global Technology Services 5 Mediate against any existing threats And because the security landscape is continuing to change Are you confident that you aren’t already the victim of a at an ever-increasing pace, it’s equally important that you sophisticated attack? Particularly pernicious attacks such implement policies for regular testing and review. as advanced persistent threats, or APTs, are designed to remain invisible for as long as possible, moving from one Take a smart approach to security intelligence compromised host to the next, without generating identifiable How do you stay on top of all this—without sending your network traffic. At the heart of every APT lies a remote IT department into a continual state of panic? Security control function, which enables criminals to navigate to intelligence and analytics tools can actively monitor and specific hosts within target organizations, manipulate local correlate data activity across multiple security technologies, systems, and gain continuous access to critical information. offering you the visibility and insight into what’s going on in To protect yourself, you need tools designed to detect remote your environment—to help you spot and investigate the kind control communications between your system and the of suspicious activity that could indicate an attack is underway. criminal invader. They help reduce complexity by communicating with one common language across multi-vendor environments, while taking the strain off your IT department and potentially delivering both time and cost savings. It’s become more important than ever that you pay serious Develop governance procedures and assign ownership of risk attention to testing your Like most other things, your security programs and policies security policies, procedures and designed to defend against threats such as sophisticated attacks will only be as good as your organization’s ability to ensure that technologies for effectiveness. everyone is playing by the rules. So you need to have a plan in place for staying on top of the situation for the long term. That includes deciding who’s going to monitor and manage your Test, test, and test some more security policies and how you’ll provide proof that your risk With the emergence of sophisticated attacks comes the reality posture is being maintained. Make sure your security program that one will strike your organization. It’s only a matter of has ownership and leadership assigned across critical business time. That’s why it’s become more important than ever that areas. By expanding accountability and awareness across key you pay serious attention to testing your security policies, areas of risk, you’ll create a heightened understanding and procedures and technologies for effectiveness—especially enforcement of the security controls you’ve put in place. since doing so is a key element of legal and regulatory And that, in turn, will allow you to create a more secure requirements for due care and diligence. Failure to do so can business environment. mean that corporate officers are held liable for the results of a security breach.
  • 6. 6 Responding to—and recovering from—sophisticated security attacks Demonstrate and document the value of your security investments Customer data stolen from retailer over 18+ months; at least There’s no getting around the fact that your organization will 45 million records lifted need to find the necessary room in its budget for creating and maintaining an effective security program. And because Estimated costs: Up to $900 million it’s very difficult to quantify value in terms of the attacks that didn’t take place, it’s a good idea to maintain ongoing Victim: Nationwide discount retailer communications about what you’re doing and why it’s important. By reporting significant activities that have or could What happened: Apparently 45 million customer credit and have penetrated critical systems and data, for example, you debit card numbers were stolen from the company’s systems, can demonstrate the value of security technology investments, although the true number of records stolen is difficult to determine, given the duration and nature of the incident. This identify gaps, stop attacks in progress, uncover streamlining data was sold to criminals and then used to make fraudulent opportunities, and inspire confidence in your approach. purchases. Why it happened: The company reportedly collected 49% and stored unnecessary and excessive amounts of personal information for too long and relied on outdated encryption technology to defend the data. Hackers apparently gained initial access into the central database of IT executives say they’re challenged by through unsecure wireless connections in retail stores. an inability to measure the effectiveness The company was subsequently found to be in violation of of their current security efforts.4 payment industry standards. Damage done: This is reported to be the largest breach of its kind to get widespread media coverage. In addition to lawsuits, Review everything to ensure that there are no gaps or hefty fines, and remediation costs, the damage to reputation unnecessary overlaps and other indirect costs is immeasurable. When you’re working as a group, but taking individual responsibility for specific aspects of a plan, it’s easy to make Lessons learned: Regular, periodic re-evaluation of the mistake of assuming that someone else has covered infrastructure and information risks is required as changing something that you haven’t. Likewise, it’s just as easy for threats and technologies can render previously acceptable more than one person to cover the same thing. So do a final protections obsolete. check for clarity and completeness—making sure that you’ve Illustrative purposes only. The actual facts and damages associated with included provisions for security intelligence, analytics and these scenarios may vary from the examples provided. Estimated, based monitoring, for example—to reduce unnecessary complexity on publicly available financial information, published articles. and spending, and looking for opportunities to simplify ongoing monitoring, management, and real-time decision making across technologies.
  • 7. IBM Global Technology Services 7 Step 3: Prepare your response to the inevitable: a sophisticated attack Having the resources or skills Once you’ve implemented your security policies, procedures and technologies to the best of your ability, it’s time to address needed to actively respond to and how you’re going to handle a breach if and when it should investigate security incidents is key occur. In fact, as one analyst recently observed, “Most large to reducing their impact. enterprise security administrators and chief information security officers understand that it is not a matter of if, but when their organization will experience a breach.” 5 It’s clear that having access to the resources or skills needed Develop a detailed and coordinated response plan to actively respond to and investigate security incidents is An organization needs a unified, cross-company policy and key to reducing their impact. If your reputation is critical to process for managing its response to an incident. If you already your ability to conduct business, and you find that the nature have a plan in place, have you tested your plan and determined of your business may heighten your risk to sophisticated its effectiveness lately? attacks, you might want to consider employing ongoing threat monitoring and management. This approach uses technology Your incident response plan should specify how to stop an designed to improve defense, automate incident response and attack, identify what (if anything) was compromised, and conduct forensic analysis across a broad range of threats. calculate the financial and reputational impact. It should also offer guidelines for communicating with employees, any Take a consistent approach to assigning responsibility across the organization individuals whose information may have been compromised Accept the fact that virtually all organizations will fall victim and the media. to a sophisticated attack of some sort, at some time. Make Ensure you have access to the resources and tools sure your incident response plan specifies who will need to do needed to respond quickly what—and how everyone will share information. Coordination The longer it takes to resolve an attack, the more damage it’s across the enterprise is key to effective detection, remediation likely to do, and the more it’s likely to cost. What’s more, and containment. It’s important that everyone involved has a about 78 percent of those senior executives responding to a role to play—and knows what that role is. Determine which recent IBM-sponsored survey on reputational risk say they steps each stakeholder will take to prepare his or her area recover from relatively minor incidents (such as a website to help reduce the occurrence—and limit the extent—of outage) in less than six months. But it takes longer to recover sophisticated attacks. from reputational damage due to cybercrime—partly because it can be harder tosell the message that the problem has been entirely fixed.6
  • 8. 8 Responding to—and recovering from—sophisticated security attacks Step 4: Promote and support a culture of Payment processor suffers intrusion into core business, security awareness affecting 130 million customers The job of securing an enterprise’s network continues to grow infinitely more complex as information pours in from Estimated costs: Up to $500 million thousands of devices and through scores of public web-based services. One study reports that 91 percent of enterprise smart Victim: Payment processor phone users connect to corporate email, but only one in three is required to install mobile security software.7 In such What happened: Around 130 million customer credit and debit card numbers were stolen from a payment processing system, an environment, access is easy for everyone involved— resulting in fraudulent transactions. including criminals. Why it happened: Malicious software was apparently inserted Create and support a risk-aware culture throughout into the processing system and used to collect in-transit, your organization unencrypted payment data while it was being processed by It’s time to expand the mission of enterprise security, from the firm during the transaction authorization process. Card the tech staff and their machines to every person within the data included card numbers, expiration dates, and certain company, and everyone who does business with it. Since each other information from the magnetic stripe on the back of the person poses a potential breach, each one must also represent payment card. a piece of the solution. In the end, success hinges upon promoting and supporting a risk-aware culture, where the Damage done: This was a large, visible breach that also importance of security informs every decision and procedure received widespread media coverage. The firm reportedly at every level of the company. That means secure procedures paid in excess of $140 million in direct costs related to legal for data need to become second nature, much like locking the judgments, settlements, and fees. And the company’s market door behind you when you leave home. capitalization reportedly dropped by nearly half a billion dollars in the three months following the event. Ensure that each employee knows what to do The process of changing a company’s culture can be Lessons learned: Direct, forthright crisis response minimized client defection. The information shared and leveraged from an enormously challenging. But if you start by taking steps industry standards association strengthened the company’s to communicate the real importance of helping to improve security posture, allowing it to eventually recover its loss in security and teach everyone how to recognize and report market value. possible security problems, you will be heading in the right direction. Illustrative purposes only. The actual facts and damages associated with these scenarios may vary from the examples provided. Estimated, based on publicly available financial information, published articles.
  • 9. IBM Global Technology Services 9 Our security essentials At IBM, we are constantly striving to find the balance between that’s running, be confident that it’s current, and have improving the way we do business and the need to control risk. a system in place to install updates and patches as The company’s comprehensive response includes technology, they’re released. process and policy measures. It involves 10 essential practices. 6. Control network access—Companies that channel 1. Build a risk-aware culture—where there’s simply zero registered data through monitored access points will have a tolerance, at a company level, when colleagues are far easier time spotting and isolating malware. careless about security. Management needs to push this change relentlessly from the very top down, while also 7. Security in the clouds—If an enterprise is migrating certain implementing tools to track progress. IT services to a cloud environment, it will be in close quarters with lots of others—possibly including scam 2. Manage incidents and respond—A company-wide effort artists. So it’s important to have the tools and procedures to implement intelligent analytics and automated response to isolate yourself from the others, and to monitor capabilities is essential. Creating an automated and unified possible threats. system will enable an enterprise to monitor its operations— and respond quickly. 8. Patrol the neighborhood—An enterprise’s culture of security must extend beyond company walls, and establish best 3. Defend the workplace—Each work station, laptop or smart practices among its contractors and suppliers. This is phone provides a potential opening for malicious a similar process to the drive for quality control a attacks. The settings on each device must all be subject to generation ago. centralized management and enforcement. And the streams of data within an enterprise have to be classified and routed 9. Protect the company jewels—Each enterprise should carry solely to its circle of users. out an inventory of its critical assets—whether it’s scientific or technical data, confidential documents or clients’ private 4. Security by design—One of the biggest vulnerabilities in information—and ensure it gets special treatment. Each information systems comes from implementing services priority item should be guarded, tracked, and encrypted as if first, and then adding security on afterwards. The only the company’s survival hinged on it. solution is to build in security from the beginning, and to carry out regular tests to track compliance. 10. Track who’s who—Companies that mismanage the “identity lifecycle” are operating in the dark and could be vulnerable 5. Keep it clean—Managing updates on a hodgepodge to intrusions. You can address this risk by implementing of software can be next to impossible. In a secure meticulous systems to identify people, manage their system, administrators can keep track of every program permissions, and revoke them as soon as they depart.
  • 10. 10 Responding to— and recovering from—sophisticated security attacks small amounts of key personal data from public social media sites, attackers have been able to use clever social engineering Build a risk- Control network aware culture access “tricks” to gain unrestricted access to targeted accounts. They have even bypassed two-factor authentication by convincing Manage incidents Security in the mobile providers to relocate a user’s voicemail. So it’s not and respond clouds a matter of whether your company will become a victim, but when. In fact, 61 percent of the senior executives who Defend the Patrol the workplace neighborhood participated in IBM’s recent study on reputational risk and IT said that data breaches, data theft and cybercrime posed the Security by Protect the greatest threat to their companies’ reputations.8 design company jewels Keep it clean Track who’s who It’s not a matter of whether your company will become a victim, but when. Figure 1. Ten essential practices: A successful security program strikes a balance that allows for flexibility and innovation while maintaining consistent safeguards that are understood and practiced throughout the organization. It’s okay to seek help It’s easy to feel overwhelmed when you consider what it Get started now—before your company takes to protect your organization from sophisticated attacks. becomes a victim There’s a lot to talk about, think about and worry about. But IBM X-Force reported just over 4,400 new security you just need to take it one step at a time. And you don’t need vulnerabilities for the first half of 2012. Assuming that this to go it alone. trend continued throughout the rest of the year, the total projected vulnerabilities would likely surpass the record of IBM Security Services consultants can help you plan, nearly 9,000, set in 2010. In addition, the rate of unpatched implement and manage virtually all aspects of your security vulnerabilities for the first half of 2012 was the highest that strategy. They’re senior security professionals who have IBM X-Force had seen since 2008. honed their skills in both the public and private sectors, working in corporate security leadership and consulting, Many organizations have had to deal with the fallout caused investigative branches of government, law enforcement, by password and personal data leaks. And these attacks have and research and development. become increasingly sophisticated. For example, by obtaining
  • 11. IBM Global Technology Services 11 In addition to offering consulting services, IBM has helped to set the standard for accountability, reliability and protection What would a Security Health Scan find at your company? in managed security services since 1995. These services are Here are sample Security Health Scan findings for several designed to help you enhance your information security types of organizations, showing the average number of posture, lower your total cost of ownership and demonstrate vulnerabilities found after just one of three consecutive compliance by outsourcing the monitoring and management of weekly scans. It’s not a surprise to see that even the most your security operations to IBM, regardless of device type or secure companies can find they have significant exposures, vendor, on a 24x7x365 basis or as needed. sometimes on multiple fronts. In today’s dynamic business environment, where boundaries no longer exist, you’re more than likely to find at least some vulnerabilities and exposures. IBM Managed Security Services can provide the security intelligence, expertise, tools and infrastructure you need to help secure your information assets from Internet attacks University Insurance company around the clock, often at a fraction of the cost of in-house Severe Severe security resources. 106 86 Begin with a complimentary Security Health Scan Moderate Moderate By now you’re probably starting to think about how 7 11 vulnerable your company may be. You can get a glimpse with a complimentary Security Health Scan from IBM Security Critical Critical Services. Here’s how it works: IBM will scan up to 10 IP 23 17 addresses or a web domain of your choosing once a week for three weeks, at no charge. You’ll receive a detailed analysis Virtual hosting/ City government of the vulnerabilities that are found—classified by their level web hosting provider Severe Severe of severity—along with step-by-step instructions on how 112 112 to remediate them. What’s more, for the duration of your scanning period you’ll have access to the IBM Managed Moderate Security Services Virtual Security Operations Center portal 20 and all the intelligence and threat information it provides. Moderate Critical 20 38 Critical 9
  • 12. 12 Responding to— and recovering from—sophisticated security attacks For more information To learn more about how IBM Security Services can help you reduce costs and increase your protection against sophisticated threats, please contact your IBM representative or IBM Business Partner, or visit the following website: © Copyright IBM Corporation 2013 ibm.com/services/security IBM Global Services Route 100 To sign up for a complimentary Security Health Scan, visit: Somers, NY 10589 U.S.A. ibm.com/security-scan Produced in the United States of America February 2013 All Rights Reserved IBM, the IBM logo, ibm.com and X-Force are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 Ponemon Institute LLC, The Impact of Cybercrime on Business: Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil sponsored by Check Point Software Technologies, May 2012. 2 IBM X-Force 2012 Mid-year Trend and Risk Report, September 2012. 3 See note 1 above. 4 Security Intelligence Can Deliver Value Beyond Expectations And Needs To Be Prioritized, a commissioned study conducted by Forrester Consulting on behalf of IBM Global  Technology Services, May 2012. 5 Blog post: “Okay, Breaches Are Inevitable: So Now What Do We Do?” by Paula Musich, Current Analysis, July 20, 2012. 6 IBM Global Technology Services, Reputational risk and IT, September 2012. 7 Kaspersky Labs, Enterprise Mobile Security Survey, December 2010. 8 See note 6 above. Please Recycle SEW03029-USEN-00