Top 5 Cyber Security Findings by Experts You Can’t Afford to Miss
Key Findings from the 2015 IBM Cyber Security Intelligence Index
-
Upload
ibm-security -
Category
Technology
-
view
272 -
download
2
Transcript of Key Findings from the 2015 IBM Cyber Security Intelligence Index
© 2015 IBM Corporation
2015 IBM Cyber Security
Intelligence Index
July 2015
2© 2015 IBM Corporation
Today’s panelists
Nick Bradley
Practice Lead Threat
Research Group
IBM Security
@bradleyv20
Nick Coleman
Global Head Cyber
Security Intelligence
IBM Security
@colemansec
Adam Trunkey
Global Marketing
Security Services
IBM Security
@atrunkey
3© 2015 IBM Corporation
Agenda – about this session
Our goal is to help you better understand the current
threat landscape:
1. Looking at the volume of attacks, the industries most
affected, the most prevalent types of attacks, using
the newly released Cyber Security Intelligence Index
2. Sharing some deeper insights into the Cyber Security
threat landscape – what it means to companies and
how can you, as a Security leader, better equip your
organization for success against the evolving global
threat landscape
3. Provide some example use cases that are meaningful
to customers that can help better understand key
threats that are occurring and how to use threat
intelligence to help you minimize risks in your
organization
4© 2015 IBM Corporation
What is happening in the threat landscape - The challenges of keeping up with a perpetually evolving cyber security environment.
61%
data theft and cybercrimeare the greatest threatsto their reputation
of organizations say
Average data
breach in the
US cost
$6.5million2015 Cost of Data Breach Study: Global Analysis
Ponemon Institute
2012 IBM Global Reputational Risk & IT Study
80%
of enterpriseshave difficulty finding the security skills they need
tools from
vendors
85
45IBM client example
2013 Forrester Consulting, “Surviving theTechnical Security Skills Crisis”
70%
11.6M
2013 IBM CISO Survey
IBM X-Force® Threat Intelligence Quarterly 1Q 2015
Mobile malware is affecting
of security execs are concerned about cloud
and mobile security
mobile devices
5© 2015 IBM Corporation
How we see the threat landscape
6© 2015 IBM Corporation
2014 was the year the Internet fell apart, with data breaches making regular front-page headlines. And has continued into 2015…
2014
January August September
Large U.S. arts and
crafts retailer reveals
long-running
malware-related
breach affecting
several million
payment cards
In one of the largest
healthcare data
breaches in the U.S.,
the Social Security
numbers and other
data for millions of
patients was
compromised
A major U.S. home
goods retailer fell
victim to a point-of-
sale attack that
affected thousands of
stores, exposed
millions of payment
card data records and
resulted in theft of
millions of email
addresses
7© 2015 IBM Corporation
The IBM 2015 Cyber Security Intelligence Index is a key way IBM sheds light on what is happening across the threat landscape.
Source of data for the Index
Cyber security event data collected in the
course of monitoring client security
devices
Data derived from responding to and
performing forensics on client cyber
security incidents
Date range for this report:
1 January 2014 – 31 December 2014
Key questions addressed
What’s happening across the threat
landscape?
What kinds of attacks are being launched?
How many of those attacks result in
incidents requiring investigation?
Billions of security events every year
A sample of over 1,000 clients
133 monitored countries
Worldwide IBM Cyber Security
Intelligence Index based upon:Between 1,000 and 5,000 employees
Approximately 500 security devices
deployed within the network
“Average” client described in this
report:
Designed to complement the
IBM X-Force® Quarterly Report
8© 2015 IBM Corporation
Two industries were targeted in over 50 percent of all incidents observed by IBM.
2013
2014
20.80%
25.33%
21.70%
19.08%
18.60%
17.79%
6.20%
9.37%
5.80%
5.08%
Finance and
insurance
Finance and
insurance
Manufacturing Information and
communication
Information and
communicationManufacturing
Retail and
wholesale
Health and
social
services
Retail and
wholesale
Electric and
utilities
Incident rates across monitored industries
9© 2015 IBM Corporation
For the average client, IBM filters 81,342,747 security events to identify the 109 security incidents that can potentially do harm.
Annual security events, attacks and incidents
2013 2014
109
Incidents
18,856
Attacks
91,765,453
Events109
Incidents
12,017
Attacks
81,342,747
Events
.91%incident-
to-attack
ratio
.65%incident-
to-attack
ratio
Incident Attack serious enough
to warrant deeper
investigation
Attack Malicious activity attempting to
collect, disrupt or destroy
information or system resources
Event Activity on a system or network
detected by a security device or
application
10© 2015 IBM Corporation
Unauthorized access, malicious code and sustained probes or scans dominate the threat landscape.
Categories of security incidents among the top five industries
38% Malicious code
37% Unauthorized access
20% Sustained probe/scan
19% Unauthorizedaccess
12% Suspiciousactivity
9% Access or credentials abuse
2% Denial ofservice
20% Maliciouscode
20% Sustained probe/scan
11% Suspiciousactivity
8% Access orcredentials abuse
4% Denial ofservice
2013 2014
11© 2015 IBM Corporation
Three “malware-less” threats emerged that exploit existing but unknown vulnerabilities.
ShellShock Heartbleed Unicorn
Attackers targeted
existing vulnerabilities
in the UNIX shell
Rapid response by
cyber criminals
following news of
vulnerabilities
Example of “malware-
less” attack—more
difficult to detect
Exploits vulnerability in
OpenSSL protocol
Allows attackers to
access and read
memory of systems
thought to be protected
IBM has tracked over
1.8M Heartbleed
attacks against
customers
Discovered by IBM,
Unicorn is a complex
vulnerability in
Microsoft Internet
Explorer
Allows remote code to
gain control access to
programs via a data-
only attack
12© 2015 IBM Corporation
Who are the bad guys?
Outsiders
Malicious
insiders Inadvertent
actors
38%31.5%
23.5%
55% of attacks came from people
who had insider access to an
organization’s systems
13© 2015 IBM Corporation
Where are these attackers located, and what are the threat levels by country?
14© 2015 IBM Corporation
And from the IBM sponsored work of the Ponemon Institute, we can see the cost of a data breach is on the rise.
NEW DATA from the
2015 Cost of Data Breach Study: Global Analysis
Independently conducted by Ponemon Institute,
Sponsored by IBM
$154Average global cost
per record
compromised
$1.57 million
up 12%
over 2
years
Average cost of lost
business per data breach
up 23%
over 2
years
$3.8 millionAverage global total
cost per data breach
15© 2015 IBM Corporation
Global and country-specific averages show key data breach costs.
Cost per record*
Cost per incident*
*Currencies converted to US dollars
$136$154Highest countries
Lowest countries
$217
$211
$78
$56in Brazil
in India
in the U.S.
in Germany
$136$3.8M $6.5M
$4.9M
$1.8M
$1.5Min Brazil
in India
in the U.S.
in Germany23%
Global average
12%
Global average
increase over two years
Highest countries
Lowest countries
increase over two years
16© 2015 IBM Corporation
Per-record data breach costs vary widely, with a significant year-to-year increase in several industries.
Healthcare Financial
Consumer Energy
Retail
Technology
$363 $215
$136 $132
$165
$127* Currencies converted to US dollars
Industrial
$155
Public
$68
17© 2015 IBM Corporation
With threats and costs of a breach increasing, optimizing threat prevention and response can be a challenge for any organization.
Firewall
logs
Proxy
logs
IDS/IPS1
logs
Web
logs
Application
logs
Authent-
ication
logs
Malware
detection
logs
Email logsNetwork
security
logs
Building
access
logs
Fraud
payment
logs
CSIRT3
incidents
Vulner-
ability
patch
mgmt
DNS/
DHCP4
logs
Call/
IVR5
logs
Endpoint
security
logs
Employee
directory
SSO/
LDAP2
context
Application
inventory
Website
marketing
analytics
1Intrusion detection system / intrusion prevention system (IDS/IPS); Single sign-on (SSO) / lightweight directory access protocol (LDAP); 3Computer security
incident response team (CSIRT); 4Domain name system (DNS) / dynamic host configuration protocol (DHCP); 5Interactive voice response (IVR); 5Information
sharing and analysis center; (ISAC) 6Intellectual property; (IP) 7Open source intelligence (OSI); Malware detection or defense system (MDS)8
Ever-increasingproliferation of data sources
Malware
Hashes /
MD58
Brand
abuse
phishing
indicators
Malware
campaigns/
indicators
Fraud
payment
logs
Top tier
phishing
indicators
Customer asset
/ credentialsThreat
landscap
e intel
Intel as a
service
(IaaS)
Staff asset
/
credentials
Industry
threat
intel
sharing
Public
sector
threat
intel
ISAC5
threat
intel
Law
enforcemt
threat
intel
Passive
DNS4
intel
OSINT7
sentiment
analysis
Undergd/dar
k Web intel
6IP
reputation
intel
Human
Intel
Technical
Intel
Actor
intel/indic
ators
Human
Intel
(HUMINT)
Technical
Intel
(TECHINT)
• Threats and exposures
that affect a specific
organization
• Third party insight
• Industry- and geography-
specific threats and trends
Internal External
18© 2015 IBM Corporation
Operationalizing intelligence enables organizations to answer the most critical questions about today’s threats.
Who are the
adversaries I
should be most
concerned about? What campaigns are
targeting organizations
like mine?
Who is vulnerable to their
kinds of attacks? Have
others already been
attacked? How is attacker
behavior trending?How can I better adapt my
defense posture to
counter these adversaries?
How have other victims
reacted?
What is the nature of
my adversary?
Criminal? Industrialized
or highly focused?What kinds of tools,
techniques & practices
are adversaries using &
how serious are they?
19© 2015 IBM Corporation
But many organizations still lack a comprehensive approach to put their security intelligence strategy into action.
• What tradecraft are others seeing?
• What findings are most relevant?
• How can I utilize this intel?
• What is the fastest route to
containment and controlled loss?
• Are my people in the right place,
doing the right things?
• How should incidents and
response shape strategy?
• How can I expand my strategy to
address cloud-based risk?
• How can I optimize visibility with
intelligence and SIEM?
• How can I better plan, allocate and
respond with expertise?
• How can I learn from and apply
experience with real-world threats?
PLANNING AND BUILDING
CAPABILITY
LEVERAGING INTELLIGENCE
MANAGING RESPONSE
How can I strengthen and
extend my current
investment in security
operations?
Security Intelligence
Platform
How do I address phases
of an attack lifecycle?
20© 2015 IBM Corporation
Security intelligence underpins the overall security challenge. It is core to IBM’s approach with clients.
Buyers
CISO, CIO, and Line-of-Business
Deliver a broad portfolio of solutions differentiated
through their integration and innovation to address the latest trends
Key Security Trends
Advanced Threats
Skills Shortage
Cloud Mobile andInternet of Things
Compliance Mandates
IBM Security Portfolio
Strategy, Risk and Compliance Cybersecurity Assessment and Response
Security Intelligence and Operations
Advanced Fraud
Protection
Identity and Access
Management
Data Security
Application Security
Network, Mobileand Endpoint
Protection
Advanced Threat and Security Research
Support the
CISO agenda1
Innovate around
megatrends2
Lead in selected
segments3
21© 2015 IBM Corporation
What makes IBM Security different – global view of threat.
monitored countries (MSS)
service delivery experts
devices under contract+
endpoints protected+
events managed per day+
IBM Security by the Numbers
+
+
22© 2015 IBM Corporation
How can the Index help you? Key questions to ask about your organization’s exposure.
What level of events, attacks,
incidents are you seeing?
• Events – what is the tuning and how efficient is your
SOC / SIEM working for you?
• Are you getting the right use cases and data to allow
you to manage and see the threats?
• Do you have the right intelligence processing and
insight you need today to see?
Are you prepared and able to
respond to the incidents?
• Do you have the intelligence to be able to see what
is happening out there?
• How many incidents are you facing a year, do you
have the support and preparation you need?
23© 2015 IBM Corporation
Cybersecurity Awareness Executive Briefing – Security Services
Behind the scenes illustration
of modern cyber attacks
Cyber attacks happen on a daily basis – we see
them on the news but how do they happen and why?
A 2 hour briefing that goes behind the scenes, using
real-world scenarios, illustrative examples, and
interactive demonstrations to examine the anatomy
of modern cyber attacks:
The 5-stage chain attackers typically follow
Common methods and attack surfaces
The role of social media
Technological advancement and operational
sophistication
Generate executive level awareness on current
threat level, cyber risk profile, global trends, potential
attack impact and essential practices
Discuss key actions that can be taken today to
better protect yourself and your organization
Data
Infrastructure
People
24© 2015 IBM Corporation
IBM can help you chart the course to a more secure organization.
Learn more! Download the
2015 Cyber Security Intelligence Index
Contact your IBM sales representative for a discussion on:
Cyber Security Assessment and Response Services
Advanced Threat Intelligence or other IBM Security offerings
Download the
2015 Cost of Data Breach Study
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security