Cyber Security Conference - A deeper look at Microsoft Security Strategy, Technology Trends and the Economy of Cybercrime, By Chief Security Advisor Reto Haeni, Microsoft Western Europe
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Technology Trends and the Economy of Cybercrime, By Chief Security Advisor Reto Haeni, Microsoft Western Europe
Samspillet mellem mennesker, processer og teknologi
Similar to Cyber Security Conference - A deeper look at Microsoft Security Strategy, Technology Trends and the Economy of Cybercrime, By Chief Security Advisor Reto Haeni, Microsoft Western Europe
Similar to Cyber Security Conference - A deeper look at Microsoft Security Strategy, Technology Trends and the Economy of Cybercrime, By Chief Security Advisor Reto Haeni, Microsoft Western Europe (20)
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Technology Trends and the Economy of Cybercrime, By Chief Security Advisor Reto Haeni, Microsoft Western Europe
1.
2. Year 2025
world Internet users
of consumer electronics sold
in emerging economies
mobile Internet
subscriptions globally
data will move through
or be stored in the cloud
3. Security and privacy are a top leadership concern
3
Managing risk in an increasingly connected world
“This Nexus of Forces is impacting
security in terms of new vulnerabilities.
–Ruggero Contu, Christian Canales and Lawrence Pingree. Forecast Overview: Information Security, Worldwide, 2014 Update. Gartner, Inc. June 25, 2014.
Impact of cyber attacks could be
as much as $3 trillion in lost
productivity and growth
Implications
Job security Customer loyalty
Intellectual property
Legal liabilityBrand reputation
$ 3.5M
Average cost of
a data breach to
a company
15 % increase YoY
median # of days attackers are
present on a victim network
before detection243
level issue
is a
CxO
Security
4. Verizon, “2014 Data Breach Investigations Report”
74.8%
Percentage of total security
incidents in 2013 directed toward
public sector
Make no mistake…we are Under Attack
Public Sector, Retail, Financial Services &
SOE’s are the primary targets
5. Some More Details - Evolution to Targeted
Threats
Indiscriminate Targeted
Consumer Enterprise Target
Single Vector Multi-vector
Manual Automated
Desktop Device and Cloud
Visible Concealed
Lone Agent Organised Ecosystem
Spam Information Theft
Information Theft Information Destruction
“The world is changing very fast. Big will not beat small anymore. It will be the fast
beating the slow.” Rupert Murdoch
6. Origin of Data Breaches
Who is behind data breaches? How do breaches occur?
98% stemmed from external agents (+6%)
4% implicated internal employees (-13%)
<1% committed by business partners (<>)
58% of all data theft tied to activist groups
81% utilized some form of hacking (+31%)
69% incorporated malware (+20%)
10% involved physical attacks (-19%)
7% employed social tactics (-4%)
5% resulted from privilege misuse (-12%)
Source: Verizon 2012 Data Breach investigations Report
7. We are not combating hackers
We are combating an ecosystem
Simplified diagram of the abuse supply chain
9. set policies and principles
identify, block, sinkhole
Seize, prosecute, takedown
security by design
identify, block, partner
starve
Anti-malware and
security ecosystem
Large-scale Public Services
Cloud Providers, Telco’s
Government
Ad Networks
Banks, Finance, Commerce
OEMs
Vendors
CERTs, ISPs &
Law Enforcement
How do we win?
It will take a partnership
11. Dependable, available
Predictable, consistent,
responsive service
Maintainable
Resilient, easily restored
Proven, ready
Trustworthy Computing
Working Toward a Safer, More Trusted Internet
Security Privacy Business PracticesReliability
Secures against attacks
Protects confidentiality,
integrity, and availability
of data and systems
Helps manage risk
Protects from unwanted
communication
User choice and control
Products, online services
adhere to fair information
principles
Commitment to
customer-centric
interoperability
Recognized industry
leader, world-class
partner
Open, transparent
12.
13. Elements to a Resilient Infrastructure
Protect Detect
Threat Information
Management
Response
23. We aggressively fight
cybercrime and advocate
extensively for enhancing
cybersecurity
We invest deeply in
building a trustworthy
computing platform
and security expertise
Microsoft is committed to protecting our customers
and being a global cybersecurity advocate
We have strong
principles and policies
that empower you to be
in control of your
information
Security
Privacy
Compliance
Transparency
Advocacy
Risk management Governance
34. OverallResilienceofanOrganizationsIT
Infrastructure
Wrapping Up: Overall Resilience
Use trustworthy cloud services to take advantage of the industry leading security processes,
technology and skills deployed in Microsoft’s Cloud Services
Cloud
Resilience
Stay Current (Upgrade) + Patch
Management
Align Active Directory to Threat
Environment
Assess Threats and
Countermeasures
Implement Secure Development
Practices
Use secured devices and enterprise mobility
management to gain more control over
information and apps in a BYOD as well as
enterprise steered device strategy
Work with Microsoft’s Consulting Services to
implement the security pillars Protect, Detect
and Respond to achieve resilience in your on-
premises infrastructure.
On-PremisesSystems
Resilience