2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

Transcription

1 2012 雲 端 資 安 報 告 黃 建 榮 資 深 顧 問 - Verizon Taiwan August

2 It s All About Security Protecting assets from threats that could impact the business Protecting Assets... Stationary data Data in transit Software Hardware Physical infrastructure From Threat Agents... External - outside the organization Partner a business relationship Internal employees Taking Threat Actions... Hacking Malware Physical attacks Misuse Social tactics To Prevent Harm to the Business Exposure of intellectual property Exposure of employees and/or customers personal/private information Exposure of private business transactions Business slow-down or interruption from damage to hardware or software Fines or other actions by agencies that regulate the business Harm to the brand reputation 2

3 Hold on Wha??? Why is telecom company investigating breaches? 3

4 Enterprise Solutions to Meet Business Imperatives IT Services Security Services Communications Services Networking Services Mobility Cloud-based Services Data Center Services Managed Applications Managed IT Equipment and Services Professional Services Government, Risk and Compliance Identity and Access Management Managed Security Equipment and Services ICSA Labs Professional Services RISK Team falls here Contact Center Services Unified Communications Video, Web and Audio Conferencing Traditional Voice Emergency Communications Services Equipment and Services Professional Services Internet Private WAN Private Point to Point Access Services Managed Networks Equipment and Services Professional Services Advanced Communications Applications and Content Global Communications Hardware Mobile Data Voice and Messaging Professional Services 4

5 What is the Data Breach Investigations Report? (DBIR) Verizon s Data Breach Investigations Report (DBIR) is an ongoing, unbiased study into the world of cybercrime. Analyzes forensic evidence of data breaches Uncovers how sensitive data is stolen from organizations, who s doing it, why they re doing it, and, what might be done to prevent it. 5

6 Why We Do It Studying security breaches helps Verizon and the Customer understand how they occur. Real science measures what happened across thousands of instances, and converts that data into better decisions, more effective security. The better we understand them, the better we can prepare for and prevent them. 6

7 When there s a Breach call the Investigative Response (IR) Team! The Investigative Response Team: Experience & Expertise Detect / Prevent / Respond 24 x 7 hotline / Onsite support within 24 hours Digital forensics / investigation Computer incident response Fraud analytics Electronic data recovery Electronic crimes counter-surveillance Protocols for containment Transition of evidence to law enforcement for prosecution The expansive data set generated through these activities offers an interesting glimpse into the trends surrounding computer crime and data compromise, which is detailed in the Data Breach Investigation Reports. 7

8 2012 Data Breach Investigations Report 8

9 2012 Data Breach Investigations Report Global Study 澳 洲 聯 邦 警 察 荷 蘭 高 科 技 罪 案 組 愛 爾 蘭 報 告 與 資 訊 安 全 服 務 英 國 警 察 中 央 電 子 犯 罪 部 門 美 國 秘 勤 局 9

10 Data Collection and Analysis Methodology - VERIS Data Sample 855 data breaches 174 million stolen records in combined dataset Collection and Analysis VERIS (Verizon Enterprise Risk and Incident Sharing) framework used to collect data after investigation VERIS provides a common language for describing security incidents (or threats) in a structured and repeatable manner Case data anonymized and aggregated RISK Intelligence team provides analytics VERIS: 10

11 The Threat Environment 2012 DBIR Key Findings: Threat Agents Threat Agents are the source of a breach 98% of all data breaches stemmed from external agents (+6%) 4% implicated internal employees (-13%) <1% committed by business partners 58% of all data theft tied to activist groups 11 11

12 External Threat Agents on the rise 12

13 The Threat Environment 2012 DBIR Key Findings: Threat Actions Threat Actions are what Threat Agents did to gain access a protected system or device 81% utilized some form of hacking (+31%) 69% incorporated malware (+20%) 10% involved physical attacks (-19%) 7% employed social tactics (-4%) 5% resulted from privilege misuse (-12%) 13 13

14 Top Ten Threat Actions for Larger Organizations 14

15 Compromised Assets 15

16 Most Compromised Assets 16

17 Compromised Data 17

18 The 3-Day Workweek 18

19 Time Span of Events 19

20 Breach Discovery 20

21 The Threat Environment 2012 DBIR Key Findings: Commonalities 79% of victims were targets of opportunity (-4%) 96% of attacks were not highly difficult (+4%) 94% of all data compromised involved servers (+18%) 85% of breaches took weeks or more to discover (+6%) 92% of incidents were discovered by a third party (+6%) 97% of breaches were avoidable through simple or intermediate controls (+1%) 96% of victims subject to PCI DSS had NOT achieved compliance (+7%) 21 21

22 Recommendations: Smaller Orgs 22

23 Recommendations: Larger Orgs 23

24 Verizon Enterprise Security Solutions Can Help 24

25 The Verizon Advantage We are serious about security Application Security Assurance Breach Prevention Compliance Log Mgmt Data Discovery Data Protection Identity Mgmt Mobility Security Threat Mgmt (MSS) Vulnerability Mgmt Delivered vulnerability mgmt engagements in 2010 and 2011 Delivered GRC engagements in 2010 and 2011 Analyzed data breaches involving 1 Billion records More PCI QSAs than any other firm in the world 7 SOCs track & manage >5 Billion security events & alarms monthly Scanned >100 Million files; discovered >1 Billion sensitive data elements Led one of the world s largest DLP deployments (400,000+ seats ) Manage millions of identities for governments of 25+ countries Manage security of 250,000+ mobile devices Largest & highest rated MSSP in the world (Gartner, Forrester, etc) Delivered vulnerability mgmt engagements in 2010 and

26 Thank you! 30