Cybersecurity State of the World -...
Transcript of Cybersecurity State of the World -...
Cybersecurity – State of the World
Pierre Noel
Asia Chief Security Officer
Deep understanding of today’s threats
Microsoft Security Intelligence Report, Vol. 16
In-depth analysis of the
threat landscape of exploits,
vulnerabilities, and malware
computers worldwide
providing data from
Internet services
computers using the
Malicious Software
Removal Tool monthly
Web-page scans per
month from Bing
Security and privacy should be a top leadership concern
5
Managing risk in an increasingly connected world
“This Nexus of Forces is impacting
security in terms of new vulnerabilities.
–Ruggero Contu, Christian Canales and Lawrence Pingree. Forecast Overview: Information Security, Worldwide, 2014 Update. Gartner, Inc. June 25, 2014.
Impact of cyber attacks could be
as much as $3 trillion in lost
productivity and growth
Implications Job security Customer loyalty
Intellectual property
Legal liability Brand reputation
$ 3.5M Average cost of a data breach to a company
15 % increase YoY
median # of days attackers are
present on a victim network
before detection 243
level issue
is a
CEO
Security
>50% of enterprise
network attacks will use encrypted traffic to bypass controls by 2017
WW spending
on cybersecurity
to reach
$76.9B in
2015, up 8.2%
from 20141
Statistics from the front lines
>30% of SMB
security controls
will be cloud-
based by 20151
40% of security
controls in
enterprise data
centers will be
virtualized by
20162
75% of mobile
apps will fail
basic security
tests by 20151
Gartner Security & Risk Management Summit
Top Security Trends for 2014-2015
Responding to New SSL Threats
Belgian telecom
compromised in alleged cyber
espionage campaign
Data of 20
million Chinese
hotel guests
leaked
2013 headlines from around the world
105 million
South Korean
accounts
exposed in
credit card
security breach
Blackhole
Exploit Kit takes
advantage of
financial crisis in
Cyprus
DDoS attacks hit
Reddit and
European
banks
Symantec Internet Security Threat Report
Employee failure to follow cyber hygiene policies is #1 security concern
Source: Survey of 200 U.S. federal IT decision-makers, commissioned by the Fort Meade Alliance
Implementation of
technical/system safeguards
Employee training
Policy/procedure
implementation or changes
52% 42% 47% 42%
39%
66%
61%
57%
$5.6B estimated cost to
healthcare industry from
security breaches1
90% of surveyed
healthcare
organizations
have had at least
one data breach
in the past 2
years. 1
2014: statistics from the front lines
Stolen health
credentials
worth 10-20x
the value of a
U.S. credit card
number2
Healthcare
industry had
highest per
capita cost from
security incidents
in 2013 global
survey3
65% of surveyed
healthcare providers say
negligent insiders are biggest
security concern4
Ponemon Institute, Benchmark Study on Patient Privacy and Data Security, 3-12-2014 Ponemon Institute, 2014 Cost of Data Breach Study: Global Analysis
SANS Institute, Inaugural Health Care Survey
25 zero-day
vulnerabilities found in SCADA
software from 20
suppliers1
Statistics from the front lines
Wired
New York Times
Cybercrime
accounts for
95% of
losses incurred
by Brazilian
banks2
25 zero-day
vulnerabilities found in SCADA
software from 20
suppliers1
52%
increase in EU
critical
infrastructure
attacks from
2011-20124
300 attacks against oil &
energy companies
in Norway in
2014
3 Fox News
European Union Agency for Network and Information Security (ENISA) Threat Landscape Report
Who are the
BAD
GUYS?
Encountered Malware by Region – 4Q14 source: Security Intelligence Report (www.microsoft.com/sir)
Infection trends Hong Kong S.A.R.
Metric 3Q13 4Q13 1Q14 2Q14
Encounter rate, Hong Kong S.A.R. 15.7% 12.0% 13.4% 11.6%
Worldwide encounter rate 24.0% 21.4% 21.3% 19.1%
CCM, Hong Kong S.A.R. 3.2 5.9 4.7 4.5
Worldwide CCM 7.5 9.7 10.8 7.2
Infection and encounter statistics do not include Brantall, Filcout, and Rotbrow
Malware encounters and infections Hong Kong S.A.R.
0%
5%
10%
15%
20%
25%
30%
3Q13 4Q13 1Q14 2Q14
Encounter rate
0
2
4
6
8
10
12
3Q13 4Q13 1Q14 2Q14
Infection rate
Hong Kong S.A.R. Worldwide
Threat categories Hong Kong S.A.R.
0%
1%
2%
3%
4%
5%
6%
7%
8%
En
cou
nte
r ra
te (
perc
en
t o
f all r
ep
ort
ing
com
pu
ters
)
Hong Kong S.A.R. Worldwide
Ransomware by country or region 2H14
30,000 computers
down for two
weeks
“If you protect your paper clips and
diamond with equal vigor, you will
soon have more paper clips and fewer
diamonds”
It all starts with
Data Classification
Classification
• HBI information is usually labeled
Confidential or HBI.
• Unauthorized disclosure of HBI
would cause severe or catastrophic
material loss.
• Examples of common forms of
sensitive information include
(without limitation)
• social security numbers,
• credit card numbers,
• username and password
combinations.
• In many cases this data is
encrypted.
• MBI information is usually labeled
Confidential or MBI.
• Only specific groups of employees,
or approved non-employees with a
legitimate corporate business need,
have access to MBI content.
• Unauthorized disclosure may cause
• serious material loss due to
identity or brand damage,
• operational disruption,
• damage to corporations
reputation,
• legal or regulatory liability.
• LBI information carries no or little
risk of impact to the corporation if
lost or stolen.
• Released financials, Public
Relations campaigns and released
product information are examples
of LBI.
26
Domain Joined Non Domain Joined
MSIT Standards PC with TPM PC w/o TPM PC MS Phone Non-PC Device
Enterprise Class PCs
with TPM
MSIT Recommended:
Consumer PC with
TPM
Consumer PCs MSIT Standards Windows Mobile 8
Sony, ASUS…Acer Enterprise Class and
Consumer PCs
Android and Future
Chrome OS devices
Apple Mac with
Bootcamp
Apple Mac with
Bootcamp
Apple Mac with Mac
OS X
iPhone & iPad
MSIT Services
Helpdesk Hardware Support Yes Best Effort Best Effort Maybe No No
Helpdesk Software Support Yes Yes Yes Yes Yes
LOB Applications Yes Yes Yes Yes Yes No
Patching Yes Yes Yes No No No
Driver support in MSIT Images Yes Yes No Maybe No No
BitLocker Yes Yes No * No No No *
Direct Access Yes Yes No No No No
VPN with Smartcard Yes Yes Yes Yes No No
WIFI Yes Yes Yes Yes Yes Yes
Exchange Yes Yes Yes Yes Yes Yes
Corporate Access (i.e. Applications,
Print, File Shares & SharePoint) Yes Yes Yes Limited Limited Limited
Lync / UC Yes Yes Yes Yes No No
* Concerns with PII / HBI data loss
Resilience “The bamboo
that bends is
than the oak that resists.” ~ Japanese proverb
stronger
Defining Resilience Profіlіng a Resіlіent Іnformatіon System
% Degradation of
Operational Effectiveness
Attacker Work Factor
Detection
Penetration
Recovery
Initiated
Recon Escalation Recovery
Making it
Resilient
The Impact of Security Standards
30
Case Study:
Australia
Collaboration between Microsoft and the Australian government resulted in a series of
implementations across local government agencies to provide better resilience to cyber
incidents.
Patch & update to current applications
Patch & update to current operating systems
Use application whitelisting
Host based intrusion detection & prevention
Host inspection of Microsoft Office Files
Patch & update to current operating systems
Inbound Host-based Firewall Randomise Local Administrator Passphrases
Use gateway and desktop antivirus
Lock down operating environments
Social engineering education
Enforce strong passphrases
Restrict administrative privileges
Use multi-factor authentication
Implement data execution prevention
Harden server applications
Disable LanMan
Filterweb content
Whitelist web domains
Whitelist HTTP/SSL connections
Enforced border gateway Firewall
Force domain IP lookup
Blacklist domains at the border gateway
Filter email content by whitelist
Force domain IP lookup
Implement TLS between email servers
Capture All Network Traffic
Monitor Traffic with Network IDPS
Restrict NetBIOS
Centralise network logging
Network Segmentation & Segregation
Centralise host logging
Non-persistent virtualised operating system
Monitor System Infra-
structure
Educate Users
Monitor the
Network
Protect Email
Defend the Web
Protect the
Endpoint
Harden Web & Server Apps
Strong Authenti-
cations
Resilience as a Strategic Priority Microsoft + Australia
Australia’s Top 4
Patching
applications and
using the latest
version of an
application
Patching
operating
systems
Keeping admin
right under strict
control (and forbidding the
use of administrative
accounts for email
and browsing)
Whitelisting
applications
Cybersecurity – State of the World
Pierre Noel
Asia Chief Security Officer
http://aka.ms/WCP235
Session Evaluation