SlideShare a Scribd company logo

Cyber crime in a Smart Phone & Social Media Obsessed World

Download as PPT, PDF
John Palfreyman
John Palfreyman

This document discusses cyber crime in the context of new technologies like mobile devices and social media. It begins with an overview of common cyber attack methods and definitions of cyber security and cyber crime. It then examines how new technologies like cloud, mobile, big data/analytics and social media create new opportunities for cyber criminals while also making systems harder to defend. Specific challenges of mobile devices, bring your own devices, and social media are outlined. The document advocates a risk management approach to counter cyber crime that balances technical and people mitigations and calls for building security into new technologies from the start. It concludes by assessing preparedness and calling for a risk-aware culture to ensure fitness for purpose with emerging threats.

Technology
1 of 36
© 2015 IBM Corporation Cyber Crime – in a smart phone & social media obsessed world V2, 23 Mar 15 John Palfreyman, IBM
© 2015 IBM Corporation 2 1. Cyber Crime in Context 2. Technology & Business Landscape 3. A Smarter Approach 4. Concluding Remarks Agenda
© 2015 IBM Corporation Cyber Crime in Context Who are the bad guys & what are they up to?
© 2015 IBM Corporation 4 Cyber Security – IBM Definition Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
© 2015 IBM Corporation 5 Cyber Security - Expanded Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crimes Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 6 Cyber Crime Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crime Fraud Bullying Theft Sexual Offences Trafficking Drugs Cyber-enabled crime Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 7  Confusion & hype abound  Common attack methods  Common methods of defense / counter / investigation  Data > Insight chain  Prosecution – burden of evidence  Learning & sharing possible, but patchy Cyber Security & (counter) Cyber Crime
© 2015 IBM Corporation 8 Cyber Threat MOTIVATION S O P H I S T I C A T I O N National Security, Economic Espionage Notoriety, Activism, Defamation Hacktivists Lulzsec, Anonymous Monetary Gain Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack Nuisance, Curiosity Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red Nation-state actors, APTs Stuxnet, Aurora, APT-1
© 2015 IBM Corporation A new type of threat Attacker generic Malware / Hacking / DDoS IT Infrastructure Traditional Advanced Persistent Threat Critical data / infrastructure Attacker !
© 2015 IBM Corporation 10 Attack Phases 11 Break-in Spear phishing and remote exploits to gain access Command & Control (CnC) 22 Latch-on Malware and backdoors installed to establish a foothold 33 Expand Reconnaissance & lateral movement increase access & maintain presence 44 Gather Acquisition & aggregation of confidential data Command & Control (CnC) 55 Exfiltrate Get aggregated data out to external network(s)
© 2015 IBM Corporation IBM X-Force November 2014IBM Security Systems IBM X-Force Threat Intelligence Quarterly, 4Q 2014 Get a closer look at today’s security risks—from new threats arising from within the Internet of Things, to the sources of malware and botnet infections. 11
© 2015 IBM Corporation Technology & Business Landscape New opportunities for cyber crime!
© 2015 IBM Corporation 13 Smarter Planet Instrumented – Interconnected - Intelligent
© 2015 IBM Corporation 14 Cloud DRIVERS Speed & agility Fast Innovation CAPEX to OPEX USE CASES SCM, HR, CRM as a SERVICE Predictive Analytics as a SERVICE
© 2015 IBM Corporation 15 Mobile DRIVERS Mobility in Business Agility & flexibility Rate of technology change USE CASES Information capture, workflow management Education where & when needed Case advice Map
© 2015 IBM Corporation 16 Big Data / Analytics DRIVERS Drowning in Data Insight for SMARTER More UNRELIABLE data USE CASES Citizen Sentiment Predictive Policing OSINT augmentation
© 2015 IBM Corporation 17 Social Business DRIVERS Use of Social Channels Smart Employment Personnel Rotation USE CASES Citizen Sentiment Counter Terrorism Knowledge Retention
© 2015 IBM Corporation 18 Systems of Engagement  Collaborative  Interaction oriented  User centric  Unpredictable  Dynamic Big Data / Analytics Cloud Social Business Mobile
© 2015 IBM Corporation 19 Use Case – European Air Force Secure Mobile CHALLENGE •Support Organisational Transformation •HQ Task Distribution •Senior Staff demanding Mobile Access SOLUTION •IBM Connections •MS Sharepoint Integration •MaaS 360 based Tablet Security BENEFITS •Improved work efficiency •Consistent & timely information access •Secure MODERN tablet
© 2015 IBM Corporation 20 The Millennial Generation EXPECT . . . to embrace technology for improved productivity and simplicity in their personal lives tools that seem made for and by them freedom of choice, embracing change and innovation INNOVATE . . . •Actively involve a large user population •Work at Internet Scale and Speed •Discover the points of value via iteration •Engage the Millennial generation
© 2015 IBM Corporation Smart Phones (& Tablets) . . . 21  Used in the same way as a personal computer  Ever increasing functionality (app store culture) . . .  . . . and often more accessible architectures  Offer “anywhere” banking, social media, e-mail . . .  Include non-PC (!) features Context, MMS, TXT  Emergence of authentication devices
© 2015 IBM Corporation . . . are harder to defend ? . . . 22  Anti-virus software missing, or inadequate  Encryption / decryption drains the battery  Battery life is always a challenge  Stolen or “found” devices– easy to loose  Malware, mobile spyware, impersonation  Extends set of attack vectors  Much R&D into securing platform
© 2015 IBM Corporation . . . and Bring your Own Device now mainstream 23  Bring-your-own device expected  Securing corporate data  Additional complexities  Purpose-specific endpoints  Device Management
© 2015 IBM Corporation Social Media – Lifestyle Centric Computing 24 www.theconversationprism.com  Different Channels  Web centric  Conversational  Personal  Open  Explosive growth
© 2015 IBM Corporation Social Media – Special Security Challenges 25Source: Digital Shadows, Sophos, Facebook  Too much information  Online impersonation  Trust / Social Engineering / PSYOP  Targeting (Advanced, Persistent Threat) Source: Digital Shadows, Sophos, Facebook
© 2015 IBM Corporation A Smarter Approach to countering cyber crime
© 2015 IBM Corporation 27 Balance Technical Mitigation Better firewalls Improved anti-virus Advanced Crypto People Mitigation Leadership Education Culture Process
© 2015 IBM Corporation 28  Monitor threats  Understand (your) systems  Assess Impact & Probability  Design containment mechanisms  Don’t expect perfect defences  Containment & quarantine planning  Learn & improve Risk Management Approach
© 2015 IBM Corporation Securing a Mobile Device DEVICE •Enrolment & access control •Security Policy enforcement •Secure data container •Remote wipe TRANSACTION •Allow transactions on individual basis •Device monitoring & event detection •Sever risk engine – allow, restrict, flag for review APPLICATION •Endpoint management – software •Application: secure by design •Application scanning for vulnerabilities ACCESS •Enforce access policies •Approved devices and users •Context aware authorisation 29
© 2015 IBM Corporation Secure, Social Business 30 LEADERSHIP •More senior, most impact •Important to leader, important to all •Setting “tone” for culture CULTURE •Everyone knows importance AND risk •Full but SAFE usage •Mentoring PROCESS •What’s allowed, what’s not •Internal & external usage •Smart, real time black listing EDUCATION •Online education (benefits, risks) •Annual recertification •For all, at all levels
© 2015 IBM Corporation Concluding Remarks and a quick look forward . .
© 2015 IBM Corporation 32 Global Technology Outlook – Beyond Systems of Engagement
© 2015 IBM Corporation 33 Contextual, Adaptive Security Monitor and Distill Correlate and Predict Adapt and Pre-empt Security 3.0 Risk Prediction and Planning Encompassing event correlation, risk prediction, business impact assessment and defensive strategy formulation Multi-level monitoring & big data analytics Ranging from active, in device to passive monitoring Adaptive and optimized response Adapt network architecture, access protocols / privileges to maximize attacker workload
© 2015 IBM Corporation 34 1. Are you ready to respond to a cyber crime or security incident and quickly remediate? 2. Do you have the visibility and analytics needed to monitor threats? 3. Do you know where your corporate crown jewels are and are they adequately protected? 4. Can you manage your endpoints from servers to mobile devices and control network access? 5. Do you build security in and continuously test all critical web/mobile applications? 6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise? 7. Do you have a risk aware culture and management system that can ensure compliance? Fitness for Purpose
© 2015 IBM Corporation 35 1. Many Similarities – Cyber Crime vs Security – Threat Sophistication 2. Social Business & Mobile offer transformational value 3. New vulnerabilities need to be understood to be mitigated 4. Mitigation needs to be balanced, risk management based and “designed in” Summary
© 2015 IBM Corporation Thanks John Palfreyman, IBM 2dsegma@uk.ibm.com

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness Briefing
Department of Defense
 
Cyber crime presentation
Cyber crime presentation Cyber crime presentation
Cyber crime presentation
Priya Saluja
 
Cyber security
Cyber security Cyber security
Cyber security
Sachith Lekamge
 
cyber security
cyber securitycyber security
cyber security
BasineniUdaykumar
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Chitra Mudunuru
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
Kandarp Shah
 

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Dr. Kishor Nikam
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness Briefing
Department of Defense
 
Cyber crime presentation
Cyber crime presentation Cyber crime presentation
Cyber crime presentation
Priya Saluja
 
Cyber security
Cyber security Cyber security
Cyber security
Sachith Lekamge
 
cyber security
cyber securitycyber security
cyber security
BasineniUdaykumar
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Chitra Mudunuru
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
PraphullaShrestha1
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
Kandarp Shah
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
ChandanChandu928137
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
Dawood Faheem Abbasi
 
Final cyber crime and security
Final cyber crime and securityFinal cyber crime and security
Final cyber crime and security
nikunjandy
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Ramesh Upadhaya
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Dmitriy Scherbina
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
Simon Salter
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Shivam Lohiya
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime
Anjana Ks
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
Akhil Nadh PC
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
Hussain777
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Komal003
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
Sanjay Kumar
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
Jayant Raj
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
Dominic Rajesh
 
Cyber crime social media &; family
Cyber crime social media &; familyCyber crime social media &; family
Cyber crime social media &; family
Dr.Keshav Sathaye
 
Unlocking a Mystery: The Amazing Mind of an Open Data Hacker
Unlocking a Mystery: The Amazing Mind of an Open Data HackerUnlocking a Mystery: The Amazing Mind of an Open Data Hacker
Unlocking a Mystery: The Amazing Mind of an Open Data Hacker
Nik Garkusha
 

More Related Content

What's hot

Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cybercrime
CybercrimeCybercrime
Cybercrime
Komal003
 

What's hot (20)

Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
 
Final cyber crime and security
Final cyber crime and securityFinal cyber crime and security
Final cyber crime and security
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security
Cyber securityCyber security
Cyber security
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 

Viewers also liked

Daarin Group - Profile
Daarin Group - ProfileDaarin Group - Profile
Daarin Group - Profile
websitevendum
 
Cyber Crime and Social Media
Cyber Crime and Social MediaCyber Crime and Social Media
Cyber Crime and Social Media
jen-morgan
 
how does smart phone works?
how does smart phone works?how does smart phone works?
how does smart phone works?
Sakshi Bhargava
 

Viewers also liked (16)

Cyber crime social media &; family
Cyber crime social media &; familyCyber crime social media &; family
Cyber crime social media &; family
 
Unlocking a Mystery: The Amazing Mind of an Open Data Hacker
Unlocking a Mystery: The Amazing Mind of an Open Data HackerUnlocking a Mystery: The Amazing Mind of an Open Data Hacker
Unlocking a Mystery: The Amazing Mind of an Open Data Hacker
 
Daarin Group - Profile
Daarin Group - ProfileDaarin Group - Profile
Daarin Group - Profile
 
Personal Branding Playbook for LinkedIn
Personal Branding Playbook for LinkedInPersonal Branding Playbook for LinkedIn
Personal Branding Playbook for LinkedIn
 
BRC CMH Ppt
BRC CMH PptBRC CMH Ppt
BRC CMH Ppt
 
Cyber-Crime e Social Media
Cyber-Crime e Social MediaCyber-Crime e Social Media
Cyber-Crime e Social Media
 
Cyber Crime and Social Media
Cyber Crime and Social MediaCyber Crime and Social Media
Cyber Crime and Social Media
 
Facebook
FacebookFacebook
Facebook
 
how does smart phone works?
how does smart phone works?how does smart phone works?
how does smart phone works?
 
BRC Introduction Ppt
BRC Introduction PptBRC Introduction Ppt
BRC Introduction Ppt
 
Personal Profile Template
Personal Profile TemplatePersonal Profile Template
Personal Profile Template
 
Smart uses of smart phone for students
Smart uses of smart phone for studentsSmart uses of smart phone for students
Smart uses of smart phone for students
 
Ram Kumar G Personal Profile
Ram Kumar G Personal ProfileRam Kumar G Personal Profile
Ram Kumar G Personal Profile
 
Executive assistant resume
Executive assistant resume Executive assistant resume
Executive assistant resume
 
Smart Use of Smart Phone by Chheda Sanjay Visanji
Smart Use of Smart Phone by Chheda Sanjay VisanjiSmart Use of Smart Phone by Chheda Sanjay Visanji
Smart Use of Smart Phone by Chheda Sanjay Visanji
 
Maria Grazia Maffucci - progettazione per competenze
Maria Grazia Maffucci - progettazione per competenzeMaria Grazia Maffucci - progettazione per competenze
Maria Grazia Maffucci - progettazione per competenze
 

Similar to Cyber crime in a Smart Phone & Social Media Obsessed World

Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
John Palfreyman
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM Security
 
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
IBM Security
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
IBM Security
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
IBM Security
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud access
AGILLY
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
IBM Security
 

Similar to Cyber crime in a Smart Phone & Social Media Obsessed World (20)

Securing Systems of Engagement
Securing Systems of EngagementSecuring Systems of Engagement
Securing Systems of Engagement
 
Smarter Cyber Security
Smarter Cyber SecuritySmarter Cyber Security
Smarter Cyber Security
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
 
Bordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareBordless Breaches and Migrating Malware
Bordless Breaches and Migrating Malware
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
 
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
 
Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud access
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Cyber crime in a Smart Phone & Social Media Obsessed World

  • 1. © 2015 IBM Corporation Cyber Crime – in a smart phone & social media obsessed world V2, 23 Mar 15 John Palfreyman, IBM
  • 2. © 2015 IBM Corporation 2 1. Cyber Crime in Context 2. Technology & Business Landscape 3. A Smarter Approach 4. Concluding Remarks Agenda
  • 3. © 2015 IBM Corporation Cyber Crime in Context Who are the bad guys & what are they up to?
  • 4. © 2015 IBM Corporation 4 Cyber Security – IBM Definition Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
  • 5. © 2015 IBM Corporation 5 Cyber Security - Expanded Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crimes Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
  • 6. © 2015 IBM Corporation 6 Cyber Crime Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crime Fraud Bullying Theft Sexual Offences Trafficking Drugs Cyber-enabled crime Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
  • 7. © 2015 IBM Corporation 7  Confusion & hype abound  Common attack methods  Common methods of defense / counter / investigation  Data > Insight chain  Prosecution – burden of evidence  Learning & sharing possible, but patchy Cyber Security & (counter) Cyber Crime
  • 8. © 2015 IBM Corporation 8 Cyber Threat MOTIVATION S O P H I S T I C A T I O N National Security, Economic Espionage Notoriety, Activism, Defamation Hacktivists Lulzsec, Anonymous Monetary Gain Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack Nuisance, Curiosity Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red Nation-state actors, APTs Stuxnet, Aurora, APT-1
  • 9. © 2015 IBM Corporation A new type of threat Attacker generic Malware / Hacking / DDoS IT Infrastructure Traditional Advanced Persistent Threat Critical data / infrastructure Attacker !
  • 10. © 2015 IBM Corporation 10 Attack Phases 11 Break-in Spear phishing and remote exploits to gain access Command & Control (CnC) 22 Latch-on Malware and backdoors installed to establish a foothold 33 Expand Reconnaissance & lateral movement increase access & maintain presence 44 Gather Acquisition & aggregation of confidential data Command & Control (CnC) 55 Exfiltrate Get aggregated data out to external network(s)
  • 11. © 2015 IBM Corporation IBM X-Force November 2014IBM Security Systems IBM X-Force Threat Intelligence Quarterly, 4Q 2014 Get a closer look at today’s security risks—from new threats arising from within the Internet of Things, to the sources of malware and botnet infections. 11
  • 12. © 2015 IBM Corporation Technology & Business Landscape New opportunities for cyber crime!
  • 13. © 2015 IBM Corporation 13 Smarter Planet Instrumented – Interconnected - Intelligent
  • 14. © 2015 IBM Corporation 14 Cloud DRIVERS Speed & agility Fast Innovation CAPEX to OPEX USE CASES SCM, HR, CRM as a SERVICE Predictive Analytics as a SERVICE
  • 15. © 2015 IBM Corporation 15 Mobile DRIVERS Mobility in Business Agility & flexibility Rate of technology change USE CASES Information capture, workflow management Education where & when needed Case advice Map
  • 16. © 2015 IBM Corporation 16 Big Data / Analytics DRIVERS Drowning in Data Insight for SMARTER More UNRELIABLE data USE CASES Citizen Sentiment Predictive Policing OSINT augmentation
  • 17. © 2015 IBM Corporation 17 Social Business DRIVERS Use of Social Channels Smart Employment Personnel Rotation USE CASES Citizen Sentiment Counter Terrorism Knowledge Retention
  • 18. © 2015 IBM Corporation 18 Systems of Engagement  Collaborative  Interaction oriented  User centric  Unpredictable  Dynamic Big Data / Analytics Cloud Social Business Mobile
  • 19. © 2015 IBM Corporation 19 Use Case – European Air Force Secure Mobile CHALLENGE •Support Organisational Transformation •HQ Task Distribution •Senior Staff demanding Mobile Access SOLUTION •IBM Connections •MS Sharepoint Integration •MaaS 360 based Tablet Security BENEFITS •Improved work efficiency •Consistent & timely information access •Secure MODERN tablet
  • 20. © 2015 IBM Corporation 20 The Millennial Generation EXPECT . . . to embrace technology for improved productivity and simplicity in their personal lives tools that seem made for and by them freedom of choice, embracing change and innovation INNOVATE . . . •Actively involve a large user population •Work at Internet Scale and Speed •Discover the points of value via iteration •Engage the Millennial generation
  • 21. © 2015 IBM Corporation Smart Phones (& Tablets) . . . 21  Used in the same way as a personal computer  Ever increasing functionality (app store culture) . . .  . . . and often more accessible architectures  Offer “anywhere” banking, social media, e-mail . . .  Include non-PC (!) features Context, MMS, TXT  Emergence of authentication devices
  • 22. © 2015 IBM Corporation . . . are harder to defend ? . . . 22  Anti-virus software missing, or inadequate  Encryption / decryption drains the battery  Battery life is always a challenge  Stolen or “found” devices– easy to loose  Malware, mobile spyware, impersonation  Extends set of attack vectors  Much R&D into securing platform
  • 23. © 2015 IBM Corporation . . . and Bring your Own Device now mainstream 23  Bring-your-own device expected  Securing corporate data  Additional complexities  Purpose-specific endpoints  Device Management
  • 24. © 2015 IBM Corporation Social Media – Lifestyle Centric Computing 24 www.theconversationprism.com  Different Channels  Web centric  Conversational  Personal  Open  Explosive growth
  • 25. © 2015 IBM Corporation Social Media – Special Security Challenges 25Source: Digital Shadows, Sophos, Facebook  Too much information  Online impersonation  Trust / Social Engineering / PSYOP  Targeting (Advanced, Persistent Threat) Source: Digital Shadows, Sophos, Facebook
  • 26. © 2015 IBM Corporation A Smarter Approach to countering cyber crime
  • 27. © 2015 IBM Corporation 27 Balance Technical Mitigation Better firewalls Improved anti-virus Advanced Crypto People Mitigation Leadership Education Culture Process
  • 28. © 2015 IBM Corporation 28  Monitor threats  Understand (your) systems  Assess Impact & Probability  Design containment mechanisms  Don’t expect perfect defences  Containment & quarantine planning  Learn & improve Risk Management Approach
  • 29. © 2015 IBM Corporation Securing a Mobile Device DEVICE •Enrolment & access control •Security Policy enforcement •Secure data container •Remote wipe TRANSACTION •Allow transactions on individual basis •Device monitoring & event detection •Sever risk engine – allow, restrict, flag for review APPLICATION •Endpoint management – software •Application: secure by design •Application scanning for vulnerabilities ACCESS •Enforce access policies •Approved devices and users •Context aware authorisation 29
  • 30. © 2015 IBM Corporation Secure, Social Business 30 LEADERSHIP •More senior, most impact •Important to leader, important to all •Setting “tone” for culture CULTURE •Everyone knows importance AND risk •Full but SAFE usage •Mentoring PROCESS •What’s allowed, what’s not •Internal & external usage •Smart, real time black listing EDUCATION •Online education (benefits, risks) •Annual recertification •For all, at all levels
  • 31. © 2015 IBM Corporation Concluding Remarks and a quick look forward . .
  • 32. © 2015 IBM Corporation 32 Global Technology Outlook – Beyond Systems of Engagement
  • 33. © 2015 IBM Corporation 33 Contextual, Adaptive Security Monitor and Distill Correlate and Predict Adapt and Pre-empt Security 3.0 Risk Prediction and Planning Encompassing event correlation, risk prediction, business impact assessment and defensive strategy formulation Multi-level monitoring & big data analytics Ranging from active, in device to passive monitoring Adaptive and optimized response Adapt network architecture, access protocols / privileges to maximize attacker workload
  • 34. © 2015 IBM Corporation 34 1. Are you ready to respond to a cyber crime or security incident and quickly remediate? 2. Do you have the visibility and analytics needed to monitor threats? 3. Do you know where your corporate crown jewels are and are they adequately protected? 4. Can you manage your endpoints from servers to mobile devices and control network access? 5. Do you build security in and continuously test all critical web/mobile applications? 6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise? 7. Do you have a risk aware culture and management system that can ensure compliance? Fitness for Purpose
  • 35. © 2015 IBM Corporation 35 1. Many Similarities – Cyber Crime vs Security – Threat Sophistication 2. Social Business & Mobile offer transformational value 3. New vulnerabilities need to be understood to be mitigated 4. Mitigation needs to be balanced, risk management based and “designed in” Summary
  • 36. © 2015 IBM Corporation Thanks John Palfreyman, IBM 2dsegma@uk.ibm.com

Editor's Notes

  1. Traditionally, the attackers came from the Internet. They usually used some standard or generic malware, hacking technique or ddos tool, attacked critical infrastructure and tested what they could get their hands on. With that scenario, protecting the infrastructure was usually sufficient. With APT, this scenario has changed. Attackers are looking for specific data or infrastructure to target and they are very persistent in getting there. They are still using some kind of malware or exploit to get there, but they are usually very advanced, zero day versions, and often employ multiple exploits at once. And the number of possible entry points has increased greatly – there are still servers to be attacked, but also desktop PCs, mobile devices such as laptops and mobile phones (often vulnerable and with closed systems, e.g. iPhone) and entry points such as social networks, which are all connected in some way these days. And the attack might not come from the Internet alone anymore – malware inserted through USB sticks is an emerging threat.