Ola Wittenby - Hotlandskapet på Internet
•Descargar como PPT, PDF•
0 recomendaciones•764 vistas
Att bekämpa brott på internet blir för de flesta företag inte lättare med tiden. Cyberbrottslingar ökar hela tiden takt och sinnrikhet i deras attacker. Tekniken och tillvägagångssätten förbättras stadigt och attackerna blir ännu svårare att hitta och hindra.
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Ola Wittenby - Hotlandskapet på Internet
Similar a Ola Wittenby - Hotlandskapet på Internet (20)
Más de IBM Sverige
Más de IBM Sverige (20)
Último
Último (20)
Ola Wittenby - Hotlandskapet på Internet
- 1. © 2014 IBM Corporation BusinessConnect A New Era of Smart Hotlandskapet på Internet Ola Wittenby ola.wittenby@se.ibm.com Stockholm 2014-10-07
- 2. A New Era of Smart © 2014 2 IBM Corporation
- 3. A New Era of Smart A new security reality is here 61% of organizations say data theft and cybercrime are their greatest threats 2012 IBM Global Reputational Risk & IT Study $3.5M Average cost of a data breach 2014 Cost of Data Breach, Ponemon Institute 70% of security executives have cloud and mobile security concerns 2013 IBM CISO Survey 83% have difficulty finding the security skills they need 2012 ESG Research 85 45 of enterprises 614% security tools from Mobile malware growth in just one year 2012 - 2013 Juniper Mobile Threat Report vendors IBM client example © 2014 3 IBM Corporation
- 4. A New Era of Smart © 2014 4 IBM Corporation
- 5. A New Era of Smart We are in an era of continous breaches 2011 2012 2013 SQL injection Spear phishing Attack types Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014 Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change DDoS Third-party software Physical access Malware XSS Watering hole Undisclosed Note: Size of circle estimates relative impact of incident in terms of cost to business. © 2014 5 IBM Corporation
- 6. A New Era of Smart The cybercrime ecosystem Developer / Malware writer Exploiter / Distributor •Spam •Phishing •Pharming •Social Engineering Hosting / Outsourcing © 2014 6 IBM Corporation
- 7. A New Era of Smart One-day attack methods demonstrate how quickly attackers rush to exploit a vulnerability © 2014 7 IBM Corporation
- 8. A New Era of Smart Attackers optimize and refine target selection © 2014 8 IBM Corporation
- 9. A New Era of Smart Effectively targeting end-users Watering Hole Malvertising Attacker injects malware on special interest website Vulnerable niche users exploited Attacker injects malware on ad network Malicious ad embedded on legitimate websites Vulnerable users exploited © 2014 9 IBM Corporation
- 10. A New Era of Smart Spam continues to be a main channel for malware into companies In March 2014, we saw the highest levels of spam measured during the last two and a half years. © 2014 10 IBM Corporation
- 11. A New Era of Smart Significant increase in Java vulnerabilities © 2014 11 IBM Corporation
- 12. A New Era of Smart Weponized content focused on end-user applications © 2014 12 IBM Corporation
- 13. A New Era of Smart Attackers exploit application vulnerabilities to access sensitive data 50% of web applications they have deployed Test and Remediate AppVulns Not testing puts the organization at risk. Broken authentication can result in that the attacker looks like a legitimate user. of organizations underestimate the number Protect Web Servers Bugs means increased risks for loss of critical information. Mitigating potential damages makes cleanup a challenge. Expect the Unexpected Plan incident response for the unkown rather than the known. © 2014 13 IBM Corporation
- 14. A New Era of Smart Attackers use exploit kits to deliver payload Styx Exploit Kit Rising in popularity Successful in exploiting IE and Firefox on Windows © 2014 14 IBM Corporation
- 15. A New Era of Smart The cybercrime ecosystem Criminals just buy what they need… •Weaponized content (Malware) •Delivery (spam, phishing, pharming…) •Hosting •SLA Developer / Malware writer Exploiter / Distributor •Spam •Phishing •Pharming •Social Engineering Hosting / Outsourcing Or just rent a hacker to get what they need… •Industrial espionage •Bank fraud © 2014 15 IBM Corporation
- 16. A New Era of Smart © 2014 16 IBM Corporation
- 17. A New Era of Smart Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. © 2014 17 IBM Corporation
Notas del editor
- A new security reality is here: Sophisticated attackers break through conventional safeguards every day. Organized criminals, hacktivists, governments and adversaries are compelled by financial gain, politics and notoriety to attack your most valuable assets. Their operations are well-funded and business-like ‒ attackers patiently evaluate targets based on potential effort and reward. Their methods are extremely targeted ‒ they use social media and other entry points to track down people with access, take advantage of trust, and exploit them as vulnerabilities. Meanwhile, negligent employees inadvertently put the business at risk via human error. Even worse, security investments of the past fail to protect against these new classes of attacks. The result is more severe security breaches more often. 61% of organizations say data theft and cybercrime are the greatest threats to their reputation (2012 Global Reputational Risk & IT Study, IBM). And the costs are staggering. By one estimate, the average cost of a breach is over $3.5 million (2014 Cost of a Data Breach Study, Ponemon Institute) <MOUSE CLICK> Cloud, mobile, social and big data drive unprecedented change. Businesses are adopting mobile, social, big data and cloud to analyze and share information at unprecedented rates. This influx of new innovation, technologies, and end-points push more and more business transactions outside company walls and completely transform enterprise security as we know it. As the traditional network perimeter around the data center permanently dissolves, it is more difficult to defend company data from the increasing gaps in security, and to verify that users accessing data are protected. In one study, 70% of security executives expressed concern about cloud and mobile security. (2013 CISO Survey, IBM) Theft or loss of mobile devices, privacy concerns associated with cloud, and accidental sharing of sensitive data are some of the key fears. (2013 Juniper Mobile Threat Report) Without dynamic protection, an organization may spend more time recovering from attacks than it does preventing them. And those who do not prepare for change are leaving their companies dangerously exposed. <MOUSE CLICK> Yesterday’s security practices are no longer sustainable Up to now, organizations have responded to security concerns by deploying a new tool to address each new risk. Now they have to install, configure, manage, patch, upgrade, and pay for dozens of non-integrated solutions with limited views of the landscape. Costly and complex, these fragmented security capabilities do not provide the visibility and coordination needed to stop today’s sophisticated attacks. Moreover, the skills and expertise needed to keep up with a constant stream of new threats is not always available. 83% of enterprises report having difficulty finding the security skills they need (2012 ESG Research). As new risks emerge, the environment will grow more complex and the skills gap wider. 49% of IT executives say that they are challenged by an inability to measure the effectiveness of their current security efforts (Security Intelligence Can Deliver Value Beyond Expectations And Needs To Be Prioritized, Forrester) and 31% of IT professionals have no risk strategy at all (2013 Global Reputational Risk & IT Study, IBM). Many security teams are simply operating in the dark.