Cyber attack on Twitter, 250,000 accounts hacked

Transcription

1

2 HEADLINES Impact and Cost At least 19 states have introduced or are considering security breach legislation in Most of the bills would amend existing security breach laws. According to the Ponemon Institute s most recent "Annual Study: U.S. Cost of a Data Breach" (March 2012), the findings showed that the average cost in the education vertical [was] $142 per record. the University of Nebraska data breach could cost the university over $92 million Data Breaches Put a Dent in Colleges Finances as Well as Reputations The Chronical of Higher Education: At Indiana U. s data center, in Bloomington, staff members were aghast to learn that the university was among several in recent weeks to come upon security breaches in their information-technology operations. The costs of a cyber attack on the University of Maryland that was made public last month will run into the millions of dollars Costs related to datasecurity lapses dating to 2011 at the Maricopa County Community College District, in Arizona, could climb to $17.1-million, says Tom Gariepy, a district spokesman. CHE Cyber attack on Twitter, 250,000 accounts hacked AP

3 ! Malware is becoming more complex and short-lived

4 250 million 700 million 40 billion Millions Billions 18+ billion 420 million 35 billion messages/month Millions Enterprise Risk Mitigation System

5 What if I have a Cybersecurity Incident? For Incident Response, use your existing Microsoft Premier Services agreement! Premier Support 24x7 Call and mention that you are experiencing a potential cyber security incident. Any staff member who has been authorized with access to open Premier Support cases should do so with a Severity A classification for Cyber incidents. Or you can reach out to your GBS Security Deep Remote Technical Support GBS Incident Responder Global Onsite Support within 24-hours or less Cybersecurity Team Onsite Security Incident Response Team

6 Protect Protect your most valuable assets to help prevent compromise from cyberattacks Microsoft Security Risk Assessment Security Development Lifecycle Workshops* RAP as a Service for MS Security Active Directory Security Offerings* Persistent Adversary Detection Service Enhanced Mitigation Experience Toolkit Offerings * Detect Monitor your network for attacks, vulnerabilities, and persistent threats Microsoft Threat Detection Service Incident Response Respond Investigate and disrupt suspicious events to provide a diagnosis and potential mitigations Tactical Recovery Strategic Recovery

7

8 Offline Assessment for AD Security (OAADS) Active Directory Security Assessment (ADSA) Proactive service that collects information on key security technology, people and process areas for your environment and analyzes this information against best practices and currently relevant security threats against your identity store. Review of customer s Active Directory providing the customer with a comprehensive, holistic assessment of the overall security of the Active Directory implementation. 4 Days Fixed Price Offering/Premier 1 Forest; < 100 Domain Controllers (DC) Approx. 4 weeks Onsite (duration varies) 2-3 Forests; >100 DC s Questionnaire + Tools Delivered through Premier or MCS Interviews + Tools + Visual inspection POP - Security Lateral Account Movement (SLAM) Enhanced Security Administrative Provides education on credential theft as well as real world tested sample capabilities. Helps customers begin compartmentalizing local Administrator credentials through password randomization. Designed to help thwart credential theft attacks by limiting exposure of domain administrative credentials. Implements new secure domain 3 days Fixed Price Offering/Premier AD lab environment. Minimum: 1 Domain Controller, 1 system for each member operating system Approx. 25 weeks; Onsite (duration varies) Implements New Secure Domain Education + Planning + Strategy Delivered through MCS

9 ABOUT SOLUTION Designed to develop and/or adapt your security strategy to help reduce cyber risks across the enterprise. Provides a proactive approach to security that identifies breakdowns in people, processes, and technologies before they affect operations. Using on-site, in-person interviews and technical examination, MSRA results in the creation of a roadmap customized for your business. Remediation roadmap prioritizes findings into tactical and systemic recommendations that can be acted upon in a timeframe methodology ABOUT DELIVERY Two-week engagement with two consultants onsite with your team to gather and validate information through a series of interviews with key personnel, a risk management session and technical inquiry. Specifically, the service involves: ü Risk Management Workshop ü Qualitative Interviews ü Roadmap Presentation

10

11 Enhanced Mitigation Experience Toolkit (EMET) Freely downloadable technology that protects against security vulnerability exploitation. Enhances existing protections in the Windows OS and adds new protections that help stop exploitation of unknown or unpatched security vulnerabilities Free-Download EMET- Proactive Operations Program (POP) EMET POP includes an Educational workshop on EMET and EMET deployment, as well as assistance with pilot in non-production lab environment 2-3 Days/Onsite Fixed Price Offering through Premier EMET- Deployment and Reporting Assist you with in-depth education and preparation for an EMET pilot, with conducting a full EMET production pilot, and with deploying an EMET ERS to monitor EMET events and configurations. EMET Production Pilot (3 weeks) - Delivered through MCS ERS Production and Deployment (5 weeks) Through MCS EMET + ERS Production Deployment (8 weeks)- Through MCS

12