Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Transcription

1

2 Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors Microsoft Confidential for internal use only

3 Wall Street Journal, JP Morgan, Lockheed, Bushehr nuclear reacto RSA, Microsoft, struggling Google Apple, Facebook, Sony, Target, Nordstrom's, ICANN Home Depot

4 Cyber Security is like a virus outbreak. It must be treated with same answers and focus Everyone is a target Impacts are financial, operational and reputational Basic hygiene and preparedness are essential Rapid identification and containment It begins by acknowledging the risk in everything you do, and build a resilient infrastructure

5 WHAT do CYBERCRIME HACKTIVISM TERRORISM Have in common? NO RULES 5

6 HOW do the CYBERCRIMALS HACKTIVISTS TERRORISTS See US? 6

7 % $500B $3.5M The median # of days that attackers reside within a victim s network before detection of all network intrusions are due to compromised user credentials The total potential cost of cybercrime to the global economy The average cost of a data breach to a company Security is a CEO level issue

8

9 2013 headlines from around the world Data of 20 million Chinese hotel guests leaked Blackhole Exploit Kit takes advantage of financial crisis in Cyprus Belgian telecom compromised in alleged cyber espionage campaign 105 million South Korean accounts exposed in credit card security breach DDoS attacks hit Reddit and European banks Symantec Internet Security Threat Report

10 Statistics from the front lines 25 zero-day vulnerabilities found in SCADA software from 20 suppliers 1 Cybercrime accounts for 95% of losses incurred by Brazilian banks 2 52% increase in EU critical infrastructure attacks from attacks against oil & energy companies in Norway in 2014 Wired New York Times 3 Fox News European Union Agency for Network and Information Security (ENISA) Threat Landscape Report

11

12 Encountered Malware by Region 4Q14 source: Security Intelligence Report (

13

14 Ransomware by country or region 2H14

15

16 Malware encounters and infections Singapore 30% Encounter rate Infection rate 15 20% 10 10% 5 0% 0 3Q13 4Q13 1Q14 2Q14 3Q13 4Q13 1Q14 2Q14 Singapore Worldwide

17 IS

18

19

20 Someone must be ultimately responsible If you protect your paper clips and diamond with equal vigor, you will soon have more paper clips and fewer diamonds Dean Rusk (USA Secretary of States ) Start with simple data classification Know your risks. What are they, where are they? Behind every security problem is a human being Do have anti virus on every machine Systems must be Resilient And Managed

21 Australia s Top 35 Non-persistent virtualised operating system Centralise host logging Network Segmentation & Segregation Centralise network logging Restrict NetBIOS Monitor System Infrastructure Patch & update to current applications Patch & update to current operating systems Use application whitelisting Protect the Endpoint Host based intrusion detection & prevention Host inspection of Microsoft Office Files Patch & update to current operating systems Inbound Host-based Firewall Randomise Local Administrator Passphrases Use gateway and desktop antivirus Lock down operating environments Monitor Traffic with Network IDPS Capture All Network Traffic Monitor the Network Educate Users Social engineering education Enforce strong passphrases Filter content by whitelist Force domain IP lookup Implement TLS between servers Filterweb content Whitelist web domains Whitelist HTTP/SSL connections Protect Enforced border gateway Firewall Force domain IP lookup Blacklist domains at the border gateway Defend the Web Harden Web & Server Apps Strong Authentications Restrict administrative privileges Use multi-factor authentication Implement data execution prevention Harden server applications Disable LanMan

22 Australia s Top 4 Patching applications and using the latest version of an application Patching operating systems Keeping admin right under strict control (and forbidding the use of administrative accounts for and browsing) Whitelisting applications

23