• No results found

Cybercrime: the New Reality of Information Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cybercrime: the New Reality of Information Security"

Copied!
18
0
0

Loading.... (view fulltext now)

Download now ( 18 Page )

Full text

(1)

© 2012 IBM Corporation

Cybercrime: the New Reality of

Information Security

Christina Peters,

Senior Counsel,

Security and Privacy

IBM

Jack Danahy,

Director for Advanced Security,

IBM Security Systems

Thomas X. Grasso, Jr.

Supervisory Special Agent

Federal Bureau of Investigation

(2)

© 2012 IBM Corporation 2

Cybersecurity Incidents:

This is Not a Drill

540,000,000+: All Records Breached Since 2005 (est.) (privacyrights.org)

$6,750,000: Average Cost Per Incident as of 2009 (ponemon.org)

(3)

© 2012 IBM Corporation 3

What are privacy professionals asking?

What’s behind cybercrime?

What do cybercriminals do?

How can you tell you’re a target? What can you do?

What are the implications for organizations and for society?

(4)

4

The

Underground Economy and

Identity Trafficking

Thomas X. Grasso, Jr.

Supervisory Special Agent

Federal Bureau of Investigation

(5)

5

Cyber Underground

A highly organized criminal network based

primarily in Eastern Europe

Consist of Specialized Cells for Specific

Functions

Utilize Web Forums to meet, cut deals, and

exchange stolen data.

(6)

6

Cyber Criminal Activities

Conduct network intrusion on merchant processors

Write Viruses, Trojans and other Malware

Use of Spam/Phishing to exploit banks, credit card

users, online account holders

Escrow and Auction Fraud

Use of compromised credit cards and compromised

(7)

7

How They Work

Computer Hackers

Data Brokers

Distribution Activities

Counterfeit Document Producers

(8)

© 2012 IBM Corporation 8

The world is becoming more digitized and interconnected

Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more

EVERYTHING IS EVERYWHERE

With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared

CONSUMERIZATION OF IT

The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere

DATA

EXPLOSION

The speed and dexterity of attacks has increased coupled with new actors with new motivations from cyber crime to terrorism to state-sponsored intrusions

ATTACK

(9)

© 2012 IBM Corporation 9

Targeted Attacks Shake Businesses and Governments

IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011

Attack Type

SQL Injection URL Tampering Spear Phishing 3rd Party SW DDoS Secure ID Unknown

Mar April May June July Aug

Feb Sony Epsilon L3 Communications Sony BMG Greece US Senate NATO AZ Police Turkish Government SK Communications Korea Monsanto RSA HB Gary Nintendo Brazil Gov. Lockheed Martin Vanguard Defense Booz Allen Hamilton PBS PBS SOCA Malaysian Gov.

Site Peru Special Police Gmail Accounts Spanish Nat. Police Citigroup Sega Fox News X-Factor Italy PM Site IMF Northrop Grumman Bethesda Software

Size of circle estimates relative impact of breach

(10)

© 2012 IBM Corporation 10

There is Escalation in Potential for Damaging Impact

Adversary

Motive

The national cybersecurity agenda

is rising in importance

Damage / Impact to Life and Property

National Security

Monetary Gain

Espionage,

Political Activism

Revenge

Curiosity

Script-kiddies or hackers using tools, web-based “how-to’s” Insiders, using inside information

Organized crime, hackers and crackers with sophisticated tools, expertise and

substantial resources

Competitors, hacktivists

Nation-state actors; targeted attacks (advanced persistent threat)

(11)

© 2012 IBM Corporation 11

Cyber Security has Become a Board Room Discussion

Business results Sony estimates potential $1B long term impact – $171M / 100 customers* Supply chain Epsilon breach impacts 100 national brands Legal exposure TJX estimates $150M class action settlement in release of credit / debit card info Impact of hacktivism Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony … Audit risk Zurich Insurance PLc fined £2.275M ($3.8M) for the loss and exposure of 46K customer records Brand image HSBC data breach discloses 24K private banking customers

(12)

© 2012 IBM Corporation 12

Security Has Become a Complex Permutation

People

Data

Applications

Infrastructure

Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers

Systems applications Web applications Web 2.0 Mobile apps

Structured Unstructured At rest In motion

(13)

© 2012 IBM Corporation 13

Security Must Evolve to an Intelligence View

Proactive Autom at ed Manua l Reactive

Optimized

Organizations use predictive and automated security

analytics to drive toward

security intelligence

Proficient

Security is layered into the IT fabric and

business operations

Basic

Organizations employ perimeter

protection, which

regulates access and feeds manual reporting

(14)

© 2012 IBM Corporation 14

Future Outlook

Cybercrime trends

Legislative and related activity

White House Proposal and GOP response now available

Various draft legislation in both houses

IBM helping to launch ABA task force on legal issues related to

cybersecurity

(15)

© 2012 IBM Corporation 15

White House Cyber Security Agenda

Emerging Technologies and Cloud Computing

End Game: Reduce Data Breaches

DHS Consolidation and FISMA Reform

(16)

© 2012 IBM Corporation 16 16

Congressional Attention

We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control… But just as we failed in the past to invest in our physical infrastructure – our roads, our bridges and rails – we've failed to invest in the security of our digital infrastructure… This status quo is no longer acceptable – not when there's so much at stake. We can and we must do better. – President Obama, May 29, 2009*

*

Source: FACT SHEET: Cybersecurity Legislative Proposal

Current bills:

• Cybersecurity Act of 2012 introduced

2/14/2012 by Sens. Lieberman (I-CT),

Collins (R-ME), Rockefeller (D-WV) and

Feinstein (D-CA)

• Lungren

• Information Sharing:

• Feinstein bill, also section 7 of

Cybersecurity Act

• Rogers

• Cyber security often “trumped” by other

pressing priorities

• Ongoing debate about which agency has

priority jurisdiction over cyber security

(17)

© 2012 IBM Corporation 17

References

2010/2011 CSI Computer Crime and Security Survey,

http://gocsi.com/survey

IBM X-Force Threat Insight Quarterly Report,

http://www-935.ibm.com/services/us/iss/html/xforce-threat-insight.html

White House Cybersecurity Legislative Proposal,

http://www.whitehouse.gov/the-press-office/2011/05/12/fact-sheet-cybersecurity-legislative-proposal

Recommendations of the House Republican Cybersecurity Task Force,

http://thornberry.house.gov/UploadedFiles/CSTF_Final_Recommendations.pdf

Cybersecurity Act of 2012 (proposed)

http://www.hsgac.senate.gov/media/majority-media/lieberman-collins-rockefeller-feinstein_offer-bipartisan-comprehensive-bill-to-secure-fed-and-critical-private-sector-cyber-systems

Cyber Intelligence Sharing and Protection Act of 2011 (Rogers & Ruppersberger)

http://mikerogers.house.gov/News/DocumentSingle.aspx?DocumentID=270598

SEC CF Disclosure Guidance: Topic No. 2,

(18)

© 2012 IBM Corporation 18

Contacts

Christina Peters

cpeters@us.ibm.com

(720) 396-5384

Jack Danahy

jack.danahy@us.ibm.com

(603) 774-8200

Tom Grasso

FBI Cyber Division

tom@ncfta.net

(412) 802-8000 ext. 258

PGP Fingerprint:

References

Download now ( PDF - 18 Page - 2.24 MB )

Related documents

09 History. Effective after October 1, 2013 MI-SG-FLD009-03

• major events, developments, and issues related to the decline of European empires and the process of decolonization in postwar Asia, Africa, and the Middle East, and the

Results of physician licence examination and scholarship contract compliance by the graduates of regional quotas in Japanese medical schools: a nationwide cross-sectional survey

The passing rate of the entrants to the chiikiwaku, regional quota of entrants to medical schools, for the National License Examination for Physicians was higher than the rate

Faith-based substance abuse programs

Furthermore, other dimensions of spirituality, such as spiritual beliefs, spiritual practices, spiritual maturity, and the day-to-day experiences of a spiritual life (e.g. feeling

Executive Master Program Green Mobility Engineering. Technology + Management

For that, they will attain knowledge, skills, capabilities and competences in the fields of energy efficient combustion machines, regenerative fuels, energy sources

VASOPRESSOR AGENTS IN SEPTIC SHOCK

Vasopressin vs Noradrenaline as Initial therapy in Septic Shock (VANISH): a randomised controlled trial. A double-blind parallel group factorial (2x2) randomised controlled trial

The role of a resource centre in the empowerment of community based organisations in Cape Town's townships

This study addresses the potential role that a resource centre can play in the empowerment of civil society, and in particular community based organisations (CBOs) in poverty

Labour of love: emotions and identities in doctoral supervision

I am Field Leader for Higher Education Research and Development at the university, which includes leading the university’s programme in academic practice which is mandatory for

Gaining Proficiency in French Through Service Learning: An Action Research Project with Secondary French Students in California and Secondary Students in a French School in France

This teacher action research project is a qualitative study. I am the teacher of record, hereafter referred to as researcher, for a 4th year French class at a senior high school in