This document discusses cyber crime in the context of new technologies like mobile devices and social media. It begins with an overview of common cyber attack methods and definitions of cyber security and cyber crime. It then examines how new technologies like cloud, mobile, big data/analytics and social media create new opportunities for cyber criminals while also making systems harder to defend. Specific challenges of mobile devices, bring your own devices, and social media are outlined. The document advocates a risk management approach to counter cyber crime that balances technical and people mitigations and calls for building security into new technologies from the start. It concludes by assessing preparedness and calling for a risk-aware culture to ensure fitness for purpose with emerging threats.

1. © 2015 IBM Corporation
Cyber Crime –
in a smart phone & social media
obsessed world
V2, 23 Mar 15
John Palfreyman, IBM

2. © 2015 IBM Corporation 2
1. Cyber Crime in Context
2. Technology & Business Landscape
3. A Smarter Approach
4. Concluding Remarks
Agenda

3. © 2015 IBM Corporation
Cyber Crime in Context
Who are the bad guys & what
are they up to?

4. © 2015 IBM Corporation 4
Cyber Security – IBM Definition
Cyber Security /–n 1. the protection of an organisation and
its assets from electronic attack to minimise the risk of
business disruption.

5. © 2015 IBM Corporation 5
Cyber Security - Expanded
Hacking
Malware
Botnets
Denial of Service
Trojans
Cyber-dependent crimes
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13

6. © 2015 IBM Corporation 6
Cyber Crime
Hacking
Malware
Botnets
Denial of Service
Trojans
Cyber-dependent crime
Fraud
Bullying
Theft
Sexual Offences
Trafficking
Drugs
Cyber-enabled crime
Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13

7. © 2015 IBM Corporation 7
 Confusion & hype abound
 Common attack methods
 Common methods of defense / counter / investigation
 Data > Insight chain
 Prosecution – burden of evidence
 Learning & sharing possible, but patchy
Cyber Security & (counter) Cyber Crime

8. © 2015 IBM Corporation 8
Cyber Threat
MOTIVATION
S O P H I S T I C A T I O N
National Security,
Economic Espionage
Notoriety, Activism,
Defamation
Hacktivists
Lulzsec,
Anonymous
Monetary
Gain
Organized crime
Zeus, ZeroAccess,
Blackhole Exploit Pack
Nuisance,
Curiosity
Insiders, Spammers,
Script-kiddies
Nigerian 419 Scams, Code Red
Nation-state
actors, APTs
Stuxnet,
Aurora, APT-1

9. © 2015 IBM Corporation
A new type of threat
Attacker generic
Malware / Hacking / DDoS
IT Infrastructure
Traditional
Advanced
Persistent
Threat
Critical data /
infrastructure
Attacker
!

10. © 2015 IBM Corporation 10
Attack Phases
11
Break-in Spear phishing and remote
exploits to gain access
Command
& Control (CnC)
22
Latch-on
Malware and backdoors
installed to establish a
foothold
33
Expand
Reconnaissance &
lateral movement increase
access & maintain presence
44
Gather Acquisition & aggregation
of confidential data
Command
& Control (CnC)
55
Exfiltrate
Get aggregated data out to
external network(s)

11. © 2015 IBM Corporation
IBM X-Force
November 2014IBM Security Systems
IBM X-Force Threat Intelligence Quarterly,
4Q 2014
Get a closer look at today’s security risks—from new threats arising from within the
Internet of Things, to the sources of malware and botnet infections.
11

12. © 2015 IBM Corporation
Technology & Business Landscape
New opportunities for cyber crime!

13. © 2015 IBM Corporation 13
Smarter Planet
Instrumented – Interconnected - Intelligent

14. © 2015 IBM Corporation 14
Cloud
DRIVERS
Speed & agility
Fast Innovation
CAPEX to OPEX
USE CASES
SCM, HR, CRM as a
SERVICE
Predictive Analytics as a
SERVICE

15. © 2015 IBM Corporation 15
Mobile
DRIVERS
Mobility in Business
Agility & flexibility
Rate of technology change
USE CASES
Information capture, workflow
management
Education where & when
needed
Case advice
Map

16. © 2015 IBM Corporation 16
Big Data / Analytics
DRIVERS
Drowning in Data
Insight for SMARTER
More UNRELIABLE data
USE CASES
Citizen Sentiment
Predictive Policing
OSINT augmentation

17. © 2015 IBM Corporation 17
Social Business
DRIVERS
Use of Social Channels
Smart Employment
Personnel Rotation
USE CASES
Citizen Sentiment
Counter Terrorism
Knowledge Retention

18. © 2015 IBM Corporation 18
Systems of Engagement
 Collaborative
 Interaction oriented
 User centric
 Unpredictable
 Dynamic
Big Data /
Analytics
Cloud
Social
Business
Mobile

19. © 2015 IBM Corporation 19
Use Case – European Air Force Secure Mobile
CHALLENGE
•Support Organisational Transformation
•HQ Task Distribution
•Senior Staff demanding Mobile Access
SOLUTION
•IBM Connections
•MS Sharepoint Integration
•MaaS 360 based Tablet Security
BENEFITS
•Improved work efficiency
•Consistent & timely information access
•Secure MODERN tablet

20. © 2015 IBM Corporation 20
The Millennial Generation
EXPECT . . .
to embrace technology for improved
productivity and simplicity in their personal
lives
tools that seem made for and by them
freedom of choice, embracing change and
innovation
INNOVATE . . .
•Actively involve a large user population
•Work at Internet Scale and Speed
•Discover the points of value via iteration
•Engage the Millennial generation

21. © 2015 IBM Corporation
Smart Phones (& Tablets) . . .
21
 Used in the same way as a personal computer
 Ever increasing functionality (app store culture) . . .
 . . . and often more accessible architectures
 Offer “anywhere” banking, social media, e-mail . . .
 Include non-PC (!) features Context, MMS, TXT
 Emergence of authentication devices

22. © 2015 IBM Corporation
. . . are harder to defend ? . . .
22
 Anti-virus software missing, or inadequate
 Encryption / decryption drains the battery
 Battery life is always a challenge
 Stolen or “found” devices– easy to loose
 Malware, mobile spyware, impersonation
 Extends set of attack vectors
 Much R&D into securing platform

23. © 2015 IBM Corporation
. . . and Bring your Own Device now mainstream
23
 Bring-your-own device expected
 Securing corporate data
 Additional complexities
 Purpose-specific endpoints
 Device Management

24. © 2015 IBM Corporation
Social Media – Lifestyle Centric Computing
24
www.theconversationprism.com
 Different Channels
 Web centric
 Conversational
 Personal
 Open
 Explosive growth

25. © 2015 IBM Corporation
Social Media – Special Security Challenges
25Source: Digital Shadows, Sophos, Facebook
 Too much information
 Online impersonation
 Trust / Social Engineering / PSYOP
 Targeting (Advanced, Persistent
Threat)
Source: Digital Shadows, Sophos, Facebook

26. © 2015 IBM Corporation
A Smarter Approach
to countering cyber crime

27. © 2015 IBM Corporation 27
Balance
Technical Mitigation
Better firewalls
Improved anti-virus
Advanced Crypto
People Mitigation
Leadership
Education
Culture
Process

28. © 2015 IBM Corporation 28
 Monitor threats
 Understand (your) systems
 Assess Impact & Probability
 Design containment mechanisms
 Don’t expect perfect defences
 Containment & quarantine planning
 Learn & improve
Risk Management Approach

29. © 2015 IBM Corporation
Securing a Mobile Device
DEVICE
•Enrolment & access control
•Security Policy enforcement
•Secure data container
•Remote wipe
TRANSACTION
•Allow transactions on individual basis
•Device monitoring & event detection
•Sever risk engine – allow, restrict, flag for review
APPLICATION
•Endpoint management – software
•Application: secure by design
•Application scanning for vulnerabilities
ACCESS
•Enforce access policies
•Approved devices and users
•Context aware authorisation
29

30. © 2015 IBM Corporation
Secure, Social Business
30
LEADERSHIP
•More senior, most impact
•Important to leader, important to all
•Setting “tone” for culture
CULTURE
•Everyone knows importance AND risk
•Full but SAFE usage
•Mentoring
PROCESS
•What’s allowed, what’s not
•Internal & external usage
•Smart, real time black listing
EDUCATION
•Online education (benefits, risks)
•Annual recertification
•For all, at all levels

31. © 2015 IBM Corporation
Concluding Remarks
and a quick look forward . .

32. © 2015 IBM Corporation 32
Global Technology Outlook – Beyond Systems of Engagement

33. © 2015 IBM Corporation 33
Contextual, Adaptive Security
Monitor
and Distill
Correlate
and Predict
Adapt and
Pre-empt
Security
3.0
Risk Prediction and
Planning
Encompassing event correlation,
risk prediction, business impact
assessment and defensive strategy
formulation
Multi-level monitoring &
big data analytics
Ranging from active, in
device to passive
monitoring
Adaptive and
optimized response
Adapt network architecture, access protocols /
privileges to maximize attacker workload

34. © 2015 IBM Corporation 34
1. Are you ready to respond to a cyber crime or security incident and quickly remediate?
2. Do you have the visibility and analytics needed to monitor threats?
3. Do you know where your corporate crown jewels are and are they adequately protected?
4. Can you manage your endpoints from servers to mobile devices and control network access?
5. Do you build security in and continuously test all critical web/mobile applications?
6. Can you automatically manage and limit the identities and access of your employees, partners
and vendors to your enterprise?
7. Do you have a risk aware culture and management system that can ensure compliance?
Fitness for Purpose

35. © 2015 IBM Corporation 35
1. Many Similarities – Cyber Crime vs Security – Threat Sophistication
2. Social Business & Mobile offer transformational value
3. New vulnerabilities need to be understood to be mitigated
4. Mitigation needs to be balanced, risk management based and “designed in”
Summary

36. © 2015 IBM Corporation
Thanks
John Palfreyman, IBM
2dsegma@uk.ibm.com