Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2014 IBM Corporation IBM Security Services 1 © 2014 IBM Corporation IBM Security Intelligence, Integration and Expertise Kawther Haciane Client Solution.

Published byChad Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2014 IBM Corporation IBM Security Services 1 © 2014 IBM Corporation IBM Security Intelligence, Integration and Expertise Kawther Haciane Client Solution."— Presentation transcript:

1 © 2014 IBM Corporation IBM Security Services 1 © 2014 IBM Corporation IBM Security Intelligence, Integration and Expertise Kawther Haciane Client Solution Executive – Security services Morocco & North West Africa June 2014

2 © 2014 IBM Corporation 2 Security Today The Evolving Threat Landscape

3 © 2014 IBM Corporation - Morocco IBM Security Services 3 more than half a billion records of personally identifiable information (PII) were leaked in 2013

4 © 2014 IBM Corporation - Morocco IBM Security Services 4

5 © 2014 IBM Corporation - Morocco IBM Security Services 5 5 The average large company must filter through 1,400 cyber attacks weekly to identify the 1.7 incidents that can do harm. Security Intelligence Number of AttacksNumber of Incidents Annual 73,400 Annual 90.2 Weekly 1,400Weekly 1.7 Monthly 6,100 Monthly 7.51 Attacks: Security events identified as malicious activity attempting to collect information or harm IT resources Incidents: Attacks that have been reviewed by a security analyst and deemed worthy of deeper investigation

6 © 2014 IBM Corporation - Morocco IBM Security Services 6 Morocco UNWANTED SOFTWARE & MALWARE Highlights: In 4Q13, 44.9% of computers in Morocco encountered malware, compared to the 4Q13 worldwide encountered rate of 21.6% The MSRT detected and removed malware from 39.8 of every 1 000 unique computer scanned in Morocco 4Q13 Source: Microsoft _Security_Intelligence_Report_Volume_16_Regional_Threat_Assessment A CCM score of 39.8 compared to the 4Q13 worldwide CCM of 17.8

7 © 2014 IBM Corporation - Morocco IBM Security Services 7 Tunisia UNWANTED SOFTWARE & MALWARE Highlights: In 4Q13, 52.3% of computers in Tunisia encountered malware, compared to the 4Q13 worldwide encounter rate of 21.6% The MSRT detected and removed malware from 49.5 of every 1 000 unique computer scanned in Morocco 4Q13 A CCM score of 49.5, compared to the 4Q13 worldwide CCM of 17.8 Source: Microsoft _Security_Intelligence_Report_Volume_16_Regional_Threat_Assessment

8 © 2014 IBM Corporation - Morocco IBM Security Services 8 Threats categories

9 © 2014 IBM Corporation - Morocco IBM Security Services 9 Defacement Definition: attack on a website that changes the visual appearance of the site or a webpage Is it happening in Morocco? Highlights: Total notifications: 7,060 defacement of which 1,355 single ip and 5,705 mass defacements All sectors have been targeted by mass defacement or single ip Defacement attacks have been increasing and will continue growing All the information contained in Zone-H's cybercrime archive were either collected online from public sources or directly notified anonymously to Zone-H’s Governments and Industries have been the most preferred targets for Cyber Attackers with similar values (respectively 23% and 22%). Targets belonging to finance rank at number three (7%), immediately ahead of News (6%) and Education (5%). (http://hackmageddon.com/2014/01/19/2013-cyber-attacks-statistics-summary/)http://hackmageddon.com/2014/01/19/2013-cyber-attacks-statistics-summary/

10 © 2014 IBM Corporation - Morocco IBM Security Services 10 Information security in the News

11 © 2014 IBM Corporation - Morocco IBM Security Services 11 Today’s threats are more sophisticated ThreatType% of IncidentsThreat Profile Advanced, Persistent Threat / Mercenary  National governments  Organized crime  Industrial spies  Terrorist cells Equals less than 10 percent  Sophisticated tradecraft  Foreign intelligence agencies, organized crime groups  Well financed and often acting for profit  Target technology as well as information  Target and exploit valuable data  Establish covert presence on sensitive networks  Difficult to detect  Increasing in prevalence Hacktivist  “White hat” and “black hat” hackers  “Protectors of “Internet freedoms” Equals less than 10 percent  Inexperienced-to-higher-order skills  Target known vulnerabilities  Prefer denial of service attacks BUT use malware as means to introduce more sophisticated tools  Detectable, but hard to attribute  Increasing in prevalence Opportunist  Worm and virus writers  Script Kiddie 20 percent  Inexperienced or opportunistic behavior  Acting for thrills, bragging rights  Limited funding  Target known vulnerabilities  Use viruses, worms, rudimentary Trojans, bots  Easily detected Inadvertent Actor  Insiders - employees, contractors, outsourcers 60 percent  No funding  Causes harm inadvertently by unwittingly carrying viruses, or posting, sending or losing sensitive data  Increasing in prevalence with new forms of mobile access and social business Source: Government Accountability Office (GAO), Department of Homeland Security's (DHS's) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434 Potential Impact

12 © 2014 IBM Corporation - Morocco IBM Security Services 12 The top reasons why attacks are possible are all related to system hygiene or user knowledge. End user didn’t think before clicking to open an email or website Weak password or default password in use Insecure configuration Use of legacy or unpatched hardware or software Lack of basic network security protection and segmentation 1 2 3 4 5

13 © 2014 IBM Corporation - Morocco IBM Security Services 13 Key controls make the difference! IBM developed essential practices required to achieve better security. Essential practices 7. Address new complexity of cloud and virtualization 6. Control network access and help assure resilience 1. Build a risk-aware culture and management system 2. Manage security incidents with greater intelligence 3. Defend the mobile and social workplace 5. Automate security “hygiene” 4. Security-rich services, by design 10.Manage the identity lifecycle 8. Manage third-party security compliance 9. Better secure data and protect privacy Maturity-based approach Proactive Automated Manual Reactive Proficient Basic Optimize d Security intelligence

14 © 2014 IBM Corporation - Morocco IBM Security Services 14 Our 2013 CISO study uncovered challenges for security leaders Key findingChallenge  More work needs to be done to improve information sharing outside the organization How do I best manage a broad set of concerns from a diverse set of business stakeholders?  Mobile security technology has significant attention and investment How do I improve mobile security policy and management – not just deploy the latest technology?  In general, technical and business metrics are still focused on operational issues How do I translate security metrics into the language of the business to help guide strategy?

15 © 2014 IBM Corporation - Morocco IBM Security Services 15 Optimize ahead of Attackers identify critical assets, analyze behavior, spot anomalies Defragment your Mobile posture constantly apply updates and review BYOD policies Social Defense needs Socialization educate users and engender suspicion Don’t forget the basics scanning, patching, configurations, passwords Key takeaways for CIO’s and CISO’s

16 © 2014 IBM Corporation IBM Security Services 16 www.ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Download ppt "© 2014 IBM Corporation IBM Security Services 1 © 2014 IBM Corporation IBM Security Intelligence, Integration and Expertise Kawther Haciane Client Solution."

Similar presentations

IBM Industry Security Electric Sector Security Awareness Rising

IBM Industry Security Electric Sector Security Awareness Rising
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
RTC Agile Planning Component

RTC Agile Planning Component
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.

® IBM Software Group © 2007 IBM Corporation Achieving Harmony IBM's Platform and Methodology for Systems Engineering and Embedded Software Development.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM X-Force Threat Intelligence Quarterly 2Q 2014 Diana Kelley Executive Security.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM X-Force Threat Intelligence Quarterly 2Q 2014 Diana Kelley Executive Security.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM X-Force: The Emerging Threat Landscape Michael P. Hamelin Lead X-Force Security.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM X-Force: The Emerging Threat Landscape Michael P. Hamelin Lead X-Force Security.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Unify and Simplify: Security Management

Unify and Simplify: Security Management
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Study Results Advanced Persistent Threat Awareness.

Study Results Advanced Persistent Threat Awareness.
Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?

Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
© 2009 IBM Corporation ® IBM Lotus Notes and Domino Product Roadmap April 2009.

© 2009 IBM Corporation ® IBM Lotus Notes and Domino Product Roadmap April 2009.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.

Similar presentations

Ads by Google