SlideShare a Scribd company logo

IBM Security Services

Rainer Mueller
Rainer Mueller

Financial services is one of the most attacked industries. Are you protected?

Software
1 of 8
Download to read offline
IBM Global Technology Services Thought Leadership White Paper Financial services IBM Security Services cyber security intelligence index for financial services Financial services is one of the most attacked industries. Are you protected?
2 IBM Security Services cyber security intelligence index for financial services Contents 3 The cyber security landscape 5 How can you help keep your organization safe? 6 Let IBM help address your cyber security needs 7 Glossary About this report IBM Managed Security Services has developed this report to provide insights into the current threat landscape for the financial services industry and to offer solutions that can help you better protect your organization. Information is based on cyber security event data collected by IBM between 1 April 2012 and 31 March 2013 in the course of monitoring client security devices, as well as data derived from respond- ing to, and performing forensics on, cyber security incidents. Where noted, additional information comes from industry analysts and publicly available data. For a cross-industry overview of the threat landscape, please see the white paper, IBM Security Services Cyber Security Intelligence Index “A new class of high-bandwidth DDoS [distributed denial of service] attacks of up to 70 Gbps hit top U.S. banks in the second half of 2012, justifiably causing serious concerns among bank security staff, law enforcement and bank regulators.”1 —Gartner, Inc. “Banking executives are much more likely … to point to cybercrime than to systems fail- ures as the most important IT risk that threatens their company’s reputation.”2 —2012 IBM Global Reputational Risk and IT Study Cyber attacks against financial services firms have become more frequent and sophisticated. Companies within this industry have a complex back-office IT architecture, consisting of divers platforms and interfaces. They employ multiple front-office channels, including the Internet, mobile networks, automated teller machines (ATMs) and kiosks. At the same time, many financial services organizations rely on IT resources outside of their firewalls and distribute their applications and data across multiple devices. As a result, numerous vulnerable points exist that can lead to security breaches and data theft. Many of these attacks are designed to gain continuous access to critical information, to perpetrate fraud or to cause damage to critical infrastructures. In addition, hostile government and terrorist-sponsored attacks aimed at financial services are intended to cripple a country’s financial system. Such attacks can significantly impact financial services companies not only in terms of monetary losses but also in terms of credibility and reputation. In fact, most banking executives consider data breaches, data theft and cybercrime to be the most significant IT risk threatening their company’s reputation.3 e
3IBM Global Technology Services Case study: 21st century bank heist inflicts US$45 million in losses An international cybercrime organization used sophisticated intrusion techniques known as “unlimited operations” to hack into the systems of global financial institutions, steal prepaid debit card data and eliminate withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The operation spanned 26 countries. In a U.S. federal indictment announced in May 2013, eight defendants, who allegedly formed the New York-based cell of the organization, were charged variously with conspiracy to commit access device fraud, money-laundering conspiracy and money laundering. According to the indictment, the eight defendants, along with their co-conspirators, targeted New York City and withdrew approximately US$2.8 million in a matter of hours.4 The cyber security landscape By taking advantage of advanced analytics, IBM has been able to pore over and make sense of the massive amount of information that crosses platforms we monitor for our clients. This has allowed us to develop real insight into the kinds of attacks that are taking place, who may be launching them and how their techniques are evolving. Determining which security events require action Among financial services clients, IBM detects an average of more than 111 million security events annually, which is notably higher than for other industries. By implementing sophisticated correlation and analytic tools, we can determine which of those events are actual attacks—malicious activities attempting to collect, disrupt, deny, degrade or destroy information systems resources or the information itself. We then employ the work of security analysts, among others, who help further identify those attacks that qualify as security incidents and, therefore, should be further investigated. This process revealed that our financial ser- vices clients had an annual average of 87 incidents that required action. (See Figure 1.) Clients can significantly save time and resources by focusing only on those security incidents that require action rather than on all 111 million identified events. Not surprisingly, the incident rate within the financial services industry is one of the highest among all the industries we monitor. Attackers know that they stand to gain a significant potential payoff by breaching systems at these firms. Annual 111,268,300 Security events Security incidents Monthly 9,272,358 Weekly 2,139,775 Annual 87 Monthly 7 Weekly 1.67 Figure 1. Security intelligence allows IBM to identify which events are actual security incidents requiring action.
4 IBM Security Services cyber security intelligence index for financial services Primary categories of incidents Our analysis shows that two types of incidents are most preva- lent among financial services companies. Together, malicious code and sustained probes or scans account for 70 percent of all incidents. (See Figure 2.) Figure 2. Malicious code and sustained probes or scans are the primary types of incidents affecting the financial services industry. 10% 12% Malicious code Sustained probe/scan Unauthorized access Suspicious activity Access or credentials abuse Denial of service 42% 28% 7% 1% Categories of incidents Figure 3. The vast majority of attacks are instigated by a combination of insiders and outsiders (multiple). Categories of attackers Outsiders 46.3% Multiple 52.7% Malicious insiders Inadvertent actors 0.8% 0.2% Who are these attackers, and why do they attack? Although this report is not focused on the perpetrators of attacks, it can provide some insight into the types of attackers responsible for them and their motivation. Insurance executives rank theft and cyber- crime as the leading IT risk factor with the potential to cause reputational damage.5 Outsiders are the primary culprits, with 46.3 percent of attacks (more than 40 of the 87 annual incidents) perpetrated entirely by outsiders and another 52.7 percent perpetrated by a combination of outsiders and insiders. (See Figure 3.) Attacks that are solely launched by malicious insiders or by inadvertent actors account for less than 1 percent of attackers, significantly lower than the 25 percent that IBM found across multiple industries.
5IBM Global Technology Services On the whole, sheer opportunity accounts for half of all attacks confronting IBM clients cross industry. (See Figure 4.) Because they typically lack sophistication, these attacks are relatively easy to detect. By reducing their number, a company can turn its time and resources to more sophisticated attacks. Figure 4. Opportunity is the primary motivator for attacks, and opportunistic attacks are generally easy to detect. Opportunistic 49% Industrial espionage, financial crime, terrorism, data theft 23% Other 6% Dissatisfaction with employer/ job 15% Attacker motivation Social activism, civil disobedience 7% How are these incidents possible? As shown in Figure 5, misconfigured systems or applications, along with end-user errors, are the primary reasons for security breaches, regardless of industry. By addressing these preventable factors and educating end users, organizations may be able to significantly reduce the number of attacks. How can you help keep your organization safe? Today’s technology has made cyber security more critical than ever and yet more challenging. Financial services organizations employ complex IT infrastructures consisting of systems that are connected to both internal and third-party networks. At the same time, customers access their accounts from a variety of devices, including laptop computers, mobile phones and tablets, which can also make systems more vulnerable to attacks. Striking a balance between security and accessibility is key to a successful cyber security approach. To address these cyber security challenges, financial services organizations must fundamentally change how they think about security. Updating technology and following best practices are not enough; combating attacks requires a more pragmatic approach that informs every decision and procedure. Figure 5. Cross industry, preventable factors are most often at the root of breaches, but oftentimes underlying factors cannot be identified. How breaches occur Misconfigured system or application End-user error Undetermined Vulnerable code Targeted attack, exploited 42% 31% 17% 5% 5%
6 IBM Security Services cyber security intelligence index for financial services Striking a balance between security and accessibility is key to a successful cyber security approach. To implement such an approach, your organization must: ●● Build a risk-aware culture. Because attacks can come from anywhere, it is crucial to determine your security risks and goals and then spread the word to everyone within the company. This must come from the top down, and tools should be implemented to track progress. ●● Automate security “hygiene.” A robust, security-rich system can help you keep track of every program that is running and make it possible to install updates and patches as they are released. This “hygiene” process should be routine and embedded in the foundation of your systems administration. ●● Manage incidents with intelligence. A company-wide effort to implement intelligent analytics and automated response capabilities is essential. Creating an automated and unified system that implements intelligent analytics can help you better monitor your operations and respond more quickly. Let IBM help address your cyber security needs It is easy to feel overwhelmed when you consider what it takes to protect your organization from sophisticated attacks. IBM Security Services consultants can help you plan, implement and manage virtually all aspects of your security strategy. Our senior security professionals have honed their skills in both the public and private sectors, working in corporate security leader- ship and consulting, investigative branches of government, law enforcement, and research and development. In addition to offering consulting services since 1995, IBM has helped to set the standard for accountability, reliability and protection in managed security services. IBM Managed Security Services can provide the security intelligence, expertise, tools and infrastructure you need to help secure your information assets from Internet attacks. We monitor and manage your security operations around the clock or as needed to help you enhance your information security posture, reduce your total cost of ownership and better address regulations, regardless of device type or vendor. To better understand how IBM can help you improve your business environment, talk to your IBM client representative to schedule a detailed session. Case study: A bank engages IBM to identify vulnerabilities and help strengthen its security posture The need With security a top priority, this Kuwaiti commercial and investment bank wanted to test and evaluate its public-facing and internal systems for possible threats and cyber attacks. The company sought an external service provider to deliver thorough and cost-effective security testing and evaluation. The IBM solution The bank engaged IBM Security Services to test and evaluate its network and application security. The IBM team conducted penetration testing to demonstrate how attackers could significantly affect the business. It also assessed designated web-based and nonmainframe-type applications and documented security risks while recommending corrective actions. As a result, the bank was able to gain a better view of its security posture and a “hacker’s eye view” into its network. IBM delivered a more accurate list of security vulnerabilities and an action plan, along with recommendation on how the bank could move forward with its security planning. This helped reduce potential attacks that might target the vulnerabilities in the network.
7IBM Global Technology Services Term Definition Access or credentials abuse Activity detected that violates the known use policy of that network or falls outside of what is considered typical usage. Attacks Security events that have been identified by correlation and analytics tools as malicious activity attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security events such as SQL injection, URL tampering, denial of service and spear phishing fall into this category. Breach or compromise An incident that has successfully defeated security measures and accomplished its designated task. Denial of Attempts to flood a server or network with such a service large amount of traffic or malicious traffic that it renders the device unable to perform its designed functions. Droppers Malicious software designed to install other malicious software on a target. Event An event is an observable occurrence in a system or network. Inadvertent Any attack or suspicious activity coming from an actor IP address inside a customer network that is allegedly being executed without the knowledge of the user. Incidents Attacks or security events that have been reviewed by human security analysts and have been deemed a security incident worthy of deeper investigation. Keyloggers Software designed to record the keystrokes typed on a keyboard. This malicious software is primarily used to steal passwords. Malicious A term used to describe software created for code malicious use. It is usually designed to disrupt systems, gain unauthorized access or gather information about the system or user being attacked. Third-party software, Trojan software, keyloggers and droppers can fall into this category. Term Definition Outsiders Any attacks that come from an IP address external to a customer’s network. Phishing A term used to describe when a user is tricked into browsing a malicious URL designed to pose as a website they trust, thus tricking them into providing information that can then be used to compromise their system or accounts and steal their identity. Security Any device or software designed specifically to device detect or protect a host or network from malicious activity. Such network-based devices are often referred to as intrusion detection and prevention systems (IDS, IPS or IDPS), while the host-based versions are often referred to as host-based intrusion detection or prevention systems (HIDS or HIPS). Security An event on a system or network detected by event a security device or application. Spear phishing Phishing attempts with specific targets. These targets are usually chosen strategically in order to gain access to very specific devices or victims. SQL injection An attack used that attempts to pass SQL com- mands through a website in order to elicit a desired response that the website is not designed to provide. Suspicious activity These are lower-priority attacks or instances of suspicious traffic that could not be classified into one single category. They are usually detected over time by analyzing data collected over an extended period. Sustained probe/scan Reconnaissance activity usually designed to gather information about the targeted systems, such as operating systems, open ports and running services. Trojan Malicious software hidden inside another software software package that appears safe. Unauthorized This usually denotes suspicious activity on a system access or failed attempts to access a system by a user who does not have access. Wiper Malicious software designed to erase data and destroy the capability to restore it.
For more information To learn more about how IBM can help you protect your organization from cyber threats and strengthen your IT security, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/services/security Follow us on Twitter@ibmSecurity Additionally, IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize an IT financing solution to suit your business goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing © Copyright IBM Corporation 2013 IBM Corporation IBM Global Technology Services Route 100 Somers, NY 10589 Produced in the United States of America August 2013 IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 Gartner, Inc., “Arming financial and e-commerce services against top 2013 cyber threats,” Report #G00237376, 29 January 2013. 2 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 3 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 4 U.S. Department of Justice, “Eight members of New York cell of cybercrime organization indicted in $45 million cybercrime campaign,” 9 May 2013, http://www.justice.gov/usao/nye/pr/2013/2013may09.html 5 IBM, “Reputational risk and IT in the insurance industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” November 2012. SEW03034-USEN-01 Please Recycle

Recommended

Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail SecurityIBM Software India
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security indexsukiennong.vn
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Effects of IT Governance Measures on Cyber-attack Incidents
Effects of IT Governance Measures on Cyber-attack IncidentsEffects of IT Governance Measures on Cyber-attack Incidents
Effects of IT Governance Measures on Cyber-attack IncidentsThe International Journal of Business Management and Technology
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocHewlett Packard Enterprise Business Value Exchange
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 

Recommended

Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail SecurityIBM Software India
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security indexsukiennong.vn
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Effects of IT Governance Measures on Cyber-attack Incidents
Effects of IT Governance Measures on Cyber-attack IncidentsEffects of IT Governance Measures on Cyber-attack Incidents
Effects of IT Governance Measures on Cyber-attack IncidentsThe International Journal of Business Management and Technology
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Cyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocCyber Crime is Wreaking Havoc
Cyber Crime is Wreaking HavocHewlett Packard Enterprise Business Value Exchange
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enBankir_Ru
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2Semir Ibrahimovic
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Heidi
HeidiHeidi
Heidikategat
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile MenacesNalneesh Gaur
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-finalΔρ. Γιώργος K. Κασάπης
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?Spire Research and Consulting
 
Are you putting your organization at risk?
Are you putting your organization at risk?Are you putting your organization at risk?
Are you putting your organization at risk?Panaya
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8John Palfreyman
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...Accenture Technology
 

More Related Content

What's hot

Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperNetIQ
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enBankir_Ru
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry BrianHuntMSFCPACRISC
 
Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile MenacesNalneesh Gaur
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 

What's hot (19)

Top Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White PaperTop Solutions and Tools to Prevent Devastating Malware White Paper
Top Solutions and Tools to Prevent Devastating Malware White Paper
 
Combating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced AnalyticsCombating Cybersecurity Challenges with Advanced Analytics
Combating Cybersecurity Challenges with Advanced Analytics
 
Whitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_enWhitepaper 2015 industry_drilldown_finance_en
Whitepaper 2015 industry_drilldown_finance_en
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van Symons
 
Heidi
HeidiHeidi
Heidi
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Managing Mobile Menaces
Managing Mobile MenacesManaging Mobile Menaces
Managing Mobile Menaces
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutions
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final2017 global-cyber-risk-transfer-report-final
2017 global-cyber-risk-transfer-report-final
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?220715_Cybersecurity: What's at stake?
220715_Cybersecurity: What's at stake?
 

Viewers also liked

Are you putting your organization at risk?
Are you putting your organization at risk?Are you putting your organization at risk?
Are you putting your organization at risk?Panaya
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8John Palfreyman
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...Accenture Technology
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
The Promise of Artificial Intelligence: Redefining management in the workforc...
The Promise of Artificial Intelligence: Redefining management in the workforc...The Promise of Artificial Intelligence: Redefining management in the workforc...
The Promise of Artificial Intelligence: Redefining management in the workforc...accenture
 
The Coming of Age for Artificial Intelligence
The Coming of Age for Artificial Intelligence The Coming of Age for Artificial Intelligence
The Coming of Age for Artificial Intelligence Accenture Technology
 

Viewers also liked (10)

Are you putting your organization at risk?
Are you putting your organization at risk?Are you putting your organization at risk?
Are you putting your organization at risk?
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
 
Security Technology Vision 2016
Security Technology Vision 2016Security Technology Vision 2016
Security Technology Vision 2016
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
The Promise of Artificial Intelligence: Redefining management in the workforc...
The Promise of Artificial Intelligence: Redefining management in the workforc...The Promise of Artificial Intelligence: Redefining management in the workforc...
The Promise of Artificial Intelligence: Redefining management in the workforc...
 
The Coming of Age for Artificial Intelligence
The Coming of Age for Artificial Intelligence The Coming of Age for Artificial Intelligence
The Coming of Age for Artificial Intelligence
 
AI and the Future of Growth
AI and the Future of GrowthAI and the Future of Growth
AI and the Future of Growth
 
Technology Vision 2017 - Overview
Technology Vision 2017 - OverviewTechnology Vision 2017 - Overview
Technology Vision 2017 - Overview
 

Similar to IBM Security Services

Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...
CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...
CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...ijsc
 
Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...
Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...
Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...ijsc
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESIJNSA Journal
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCybAnastaciaShadelb
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksIRJET Journal
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020CBIZ, Inc.
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
 

Similar to IBM Security Services (20)

Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...
CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...
CYBERSECURITY STRATEGIES FOR SAFEGUARDING CUSTOMER’S DATA AND PREVENTING FINA...
 
Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...
Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...
Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Fina...
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
 
Cyber security
Cyber securityCyber security
Cyber security
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
12Cyber Research ProposalCyb
12Cyber Research ProposalCyb12Cyber Research ProposalCyb
12Cyber Research ProposalCyb
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Sel03129 usen
Sel03129 usenSel03129 usen
Sel03129 usen
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020Commercial Real Estate - Cyber Risk 2020
Commercial Real Estate - Cyber Risk 2020
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 

Recently uploaded

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 

Recently uploaded (20)

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 

IBM Security Services

  • 1. IBM Global Technology Services Thought Leadership White Paper Financial services IBM Security Services cyber security intelligence index for financial services Financial services is one of the most attacked industries. Are you protected?
  • 2. 2 IBM Security Services cyber security intelligence index for financial services Contents 3 The cyber security landscape 5 How can you help keep your organization safe? 6 Let IBM help address your cyber security needs 7 Glossary About this report IBM Managed Security Services has developed this report to provide insights into the current threat landscape for the financial services industry and to offer solutions that can help you better protect your organization. Information is based on cyber security event data collected by IBM between 1 April 2012 and 31 March 2013 in the course of monitoring client security devices, as well as data derived from respond- ing to, and performing forensics on, cyber security incidents. Where noted, additional information comes from industry analysts and publicly available data. For a cross-industry overview of the threat landscape, please see the white paper, IBM Security Services Cyber Security Intelligence Index “A new class of high-bandwidth DDoS [distributed denial of service] attacks of up to 70 Gbps hit top U.S. banks in the second half of 2012, justifiably causing serious concerns among bank security staff, law enforcement and bank regulators.”1 —Gartner, Inc. “Banking executives are much more likely … to point to cybercrime than to systems fail- ures as the most important IT risk that threatens their company’s reputation.”2 —2012 IBM Global Reputational Risk and IT Study Cyber attacks against financial services firms have become more frequent and sophisticated. Companies within this industry have a complex back-office IT architecture, consisting of divers platforms and interfaces. They employ multiple front-office channels, including the Internet, mobile networks, automated teller machines (ATMs) and kiosks. At the same time, many financial services organizations rely on IT resources outside of their firewalls and distribute their applications and data across multiple devices. As a result, numerous vulnerable points exist that can lead to security breaches and data theft. Many of these attacks are designed to gain continuous access to critical information, to perpetrate fraud or to cause damage to critical infrastructures. In addition, hostile government and terrorist-sponsored attacks aimed at financial services are intended to cripple a country’s financial system. Such attacks can significantly impact financial services companies not only in terms of monetary losses but also in terms of credibility and reputation. In fact, most banking executives consider data breaches, data theft and cybercrime to be the most significant IT risk threatening their company’s reputation.3 e
  • 3. 3IBM Global Technology Services Case study: 21st century bank heist inflicts US$45 million in losses An international cybercrime organization used sophisticated intrusion techniques known as “unlimited operations” to hack into the systems of global financial institutions, steal prepaid debit card data and eliminate withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The operation spanned 26 countries. In a U.S. federal indictment announced in May 2013, eight defendants, who allegedly formed the New York-based cell of the organization, were charged variously with conspiracy to commit access device fraud, money-laundering conspiracy and money laundering. According to the indictment, the eight defendants, along with their co-conspirators, targeted New York City and withdrew approximately US$2.8 million in a matter of hours.4 The cyber security landscape By taking advantage of advanced analytics, IBM has been able to pore over and make sense of the massive amount of information that crosses platforms we monitor for our clients. This has allowed us to develop real insight into the kinds of attacks that are taking place, who may be launching them and how their techniques are evolving. Determining which security events require action Among financial services clients, IBM detects an average of more than 111 million security events annually, which is notably higher than for other industries. By implementing sophisticated correlation and analytic tools, we can determine which of those events are actual attacks—malicious activities attempting to collect, disrupt, deny, degrade or destroy information systems resources or the information itself. We then employ the work of security analysts, among others, who help further identify those attacks that qualify as security incidents and, therefore, should be further investigated. This process revealed that our financial ser- vices clients had an annual average of 87 incidents that required action. (See Figure 1.) Clients can significantly save time and resources by focusing only on those security incidents that require action rather than on all 111 million identified events. Not surprisingly, the incident rate within the financial services industry is one of the highest among all the industries we monitor. Attackers know that they stand to gain a significant potential payoff by breaching systems at these firms. Annual 111,268,300 Security events Security incidents Monthly 9,272,358 Weekly 2,139,775 Annual 87 Monthly 7 Weekly 1.67 Figure 1. Security intelligence allows IBM to identify which events are actual security incidents requiring action.
  • 4. 4 IBM Security Services cyber security intelligence index for financial services Primary categories of incidents Our analysis shows that two types of incidents are most preva- lent among financial services companies. Together, malicious code and sustained probes or scans account for 70 percent of all incidents. (See Figure 2.) Figure 2. Malicious code and sustained probes or scans are the primary types of incidents affecting the financial services industry. 10% 12% Malicious code Sustained probe/scan Unauthorized access Suspicious activity Access or credentials abuse Denial of service 42% 28% 7% 1% Categories of incidents Figure 3. The vast majority of attacks are instigated by a combination of insiders and outsiders (multiple). Categories of attackers Outsiders 46.3% Multiple 52.7% Malicious insiders Inadvertent actors 0.8% 0.2% Who are these attackers, and why do they attack? Although this report is not focused on the perpetrators of attacks, it can provide some insight into the types of attackers responsible for them and their motivation. Insurance executives rank theft and cyber- crime as the leading IT risk factor with the potential to cause reputational damage.5 Outsiders are the primary culprits, with 46.3 percent of attacks (more than 40 of the 87 annual incidents) perpetrated entirely by outsiders and another 52.7 percent perpetrated by a combination of outsiders and insiders. (See Figure 3.) Attacks that are solely launched by malicious insiders or by inadvertent actors account for less than 1 percent of attackers, significantly lower than the 25 percent that IBM found across multiple industries.
  • 5. 5IBM Global Technology Services On the whole, sheer opportunity accounts for half of all attacks confronting IBM clients cross industry. (See Figure 4.) Because they typically lack sophistication, these attacks are relatively easy to detect. By reducing their number, a company can turn its time and resources to more sophisticated attacks. Figure 4. Opportunity is the primary motivator for attacks, and opportunistic attacks are generally easy to detect. Opportunistic 49% Industrial espionage, financial crime, terrorism, data theft 23% Other 6% Dissatisfaction with employer/ job 15% Attacker motivation Social activism, civil disobedience 7% How are these incidents possible? As shown in Figure 5, misconfigured systems or applications, along with end-user errors, are the primary reasons for security breaches, regardless of industry. By addressing these preventable factors and educating end users, organizations may be able to significantly reduce the number of attacks. How can you help keep your organization safe? Today’s technology has made cyber security more critical than ever and yet more challenging. Financial services organizations employ complex IT infrastructures consisting of systems that are connected to both internal and third-party networks. At the same time, customers access their accounts from a variety of devices, including laptop computers, mobile phones and tablets, which can also make systems more vulnerable to attacks. Striking a balance between security and accessibility is key to a successful cyber security approach. To address these cyber security challenges, financial services organizations must fundamentally change how they think about security. Updating technology and following best practices are not enough; combating attacks requires a more pragmatic approach that informs every decision and procedure. Figure 5. Cross industry, preventable factors are most often at the root of breaches, but oftentimes underlying factors cannot be identified. How breaches occur Misconfigured system or application End-user error Undetermined Vulnerable code Targeted attack, exploited 42% 31% 17% 5% 5%
  • 6. 6 IBM Security Services cyber security intelligence index for financial services Striking a balance between security and accessibility is key to a successful cyber security approach. To implement such an approach, your organization must: ●● Build a risk-aware culture. Because attacks can come from anywhere, it is crucial to determine your security risks and goals and then spread the word to everyone within the company. This must come from the top down, and tools should be implemented to track progress. ●● Automate security “hygiene.” A robust, security-rich system can help you keep track of every program that is running and make it possible to install updates and patches as they are released. This “hygiene” process should be routine and embedded in the foundation of your systems administration. ●● Manage incidents with intelligence. A company-wide effort to implement intelligent analytics and automated response capabilities is essential. Creating an automated and unified system that implements intelligent analytics can help you better monitor your operations and respond more quickly. Let IBM help address your cyber security needs It is easy to feel overwhelmed when you consider what it takes to protect your organization from sophisticated attacks. IBM Security Services consultants can help you plan, implement and manage virtually all aspects of your security strategy. Our senior security professionals have honed their skills in both the public and private sectors, working in corporate security leader- ship and consulting, investigative branches of government, law enforcement, and research and development. In addition to offering consulting services since 1995, IBM has helped to set the standard for accountability, reliability and protection in managed security services. IBM Managed Security Services can provide the security intelligence, expertise, tools and infrastructure you need to help secure your information assets from Internet attacks. We monitor and manage your security operations around the clock or as needed to help you enhance your information security posture, reduce your total cost of ownership and better address regulations, regardless of device type or vendor. To better understand how IBM can help you improve your business environment, talk to your IBM client representative to schedule a detailed session. Case study: A bank engages IBM to identify vulnerabilities and help strengthen its security posture The need With security a top priority, this Kuwaiti commercial and investment bank wanted to test and evaluate its public-facing and internal systems for possible threats and cyber attacks. The company sought an external service provider to deliver thorough and cost-effective security testing and evaluation. The IBM solution The bank engaged IBM Security Services to test and evaluate its network and application security. The IBM team conducted penetration testing to demonstrate how attackers could significantly affect the business. It also assessed designated web-based and nonmainframe-type applications and documented security risks while recommending corrective actions. As a result, the bank was able to gain a better view of its security posture and a “hacker’s eye view” into its network. IBM delivered a more accurate list of security vulnerabilities and an action plan, along with recommendation on how the bank could move forward with its security planning. This helped reduce potential attacks that might target the vulnerabilities in the network.
  • 7. 7IBM Global Technology Services Term Definition Access or credentials abuse Activity detected that violates the known use policy of that network or falls outside of what is considered typical usage. Attacks Security events that have been identified by correlation and analytics tools as malicious activity attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security events such as SQL injection, URL tampering, denial of service and spear phishing fall into this category. Breach or compromise An incident that has successfully defeated security measures and accomplished its designated task. Denial of Attempts to flood a server or network with such a service large amount of traffic or malicious traffic that it renders the device unable to perform its designed functions. Droppers Malicious software designed to install other malicious software on a target. Event An event is an observable occurrence in a system or network. Inadvertent Any attack or suspicious activity coming from an actor IP address inside a customer network that is allegedly being executed without the knowledge of the user. Incidents Attacks or security events that have been reviewed by human security analysts and have been deemed a security incident worthy of deeper investigation. Keyloggers Software designed to record the keystrokes typed on a keyboard. This malicious software is primarily used to steal passwords. Malicious A term used to describe software created for code malicious use. It is usually designed to disrupt systems, gain unauthorized access or gather information about the system or user being attacked. Third-party software, Trojan software, keyloggers and droppers can fall into this category. Term Definition Outsiders Any attacks that come from an IP address external to a customer’s network. Phishing A term used to describe when a user is tricked into browsing a malicious URL designed to pose as a website they trust, thus tricking them into providing information that can then be used to compromise their system or accounts and steal their identity. Security Any device or software designed specifically to device detect or protect a host or network from malicious activity. Such network-based devices are often referred to as intrusion detection and prevention systems (IDS, IPS or IDPS), while the host-based versions are often referred to as host-based intrusion detection or prevention systems (HIDS or HIPS). Security An event on a system or network detected by event a security device or application. Spear phishing Phishing attempts with specific targets. These targets are usually chosen strategically in order to gain access to very specific devices or victims. SQL injection An attack used that attempts to pass SQL com- mands through a website in order to elicit a desired response that the website is not designed to provide. Suspicious activity These are lower-priority attacks or instances of suspicious traffic that could not be classified into one single category. They are usually detected over time by analyzing data collected over an extended period. Sustained probe/scan Reconnaissance activity usually designed to gather information about the targeted systems, such as operating systems, open ports and running services. Trojan Malicious software hidden inside another software software package that appears safe. Unauthorized This usually denotes suspicious activity on a system access or failed attempts to access a system by a user who does not have access. Wiper Malicious software designed to erase data and destroy the capability to restore it.
  • 8. For more information To learn more about how IBM can help you protect your organization from cyber threats and strengthen your IT security, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/services/security Follow us on Twitter@ibmSecurity Additionally, IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize an IT financing solution to suit your business goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing © Copyright IBM Corporation 2013 IBM Corporation IBM Global Technology Services Route 100 Somers, NY 10589 Produced in the United States of America August 2013 IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 Gartner, Inc., “Arming financial and e-commerce services against top 2013 cyber threats,” Report #G00237376, 29 January 2013. 2 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 3 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 4 U.S. Department of Justice, “Eight members of New York cell of cybercrime organization indicted in $45 million cybercrime campaign,” 9 May 2013, http://www.justice.gov/usao/nye/pr/2013/2013may09.html 5 IBM, “Reputational risk and IT in the insurance industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” November 2012. SEW03034-USEN-01 Please Recycle