This document discusses four steps organizations can take to help protect themselves from sophisticated cyber attacks:
1. Prioritize business objectives and set a risk tolerance by determining what is most important to the security of the business.
2. Protect the organization with a proactive security plan by identifying vulnerable areas, types of threats, and areas where an attack could cause the greatest loss.
3. Prepare a response plan for when an attack does occur by learning from past incidents and ensuring the ability to detect, respond to, and recover from attacks.
4. Promote a culture of security awareness across the organization to help prevent attacks from being successful.
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Are you confident in your company's cyber security posture? Read the latest S-RM report for guidance on mapping a path to cyber confidence: https://www.s-rminform.com/cyber-confidence/?utm_campaign=Cyber_Confidence&utm_source=slideshare&utm_medium=social
Gainful Information Security is an information security and systems development firm established in Harare, Zimbabwe in 2007 to partner with African private and public sectors for a secure, efficient and cost-effective information lifecycle.
Are you confident in your company's cyber security posture? Read the latest S-RM report for guidance on mapping a path to cyber confidence: https://www.s-rminform.com/cyber-confidence/?utm_campaign=Cyber_Confidence&utm_source=slideshare&utm_medium=social
Gartner Security & Risk Management Summit Brochuretrunko
The 2011 Gartner Security & Risk Management brochure is now available. Featuring more than 100+ sessions, 4 complete programs including Security, Risk/Compliance, CISO and Business Continuity Management. For details, please visit www.gartner.com/us/securityrisk
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
The new RSA Security Brief highlights that basic security lapses still contribute to most security incidents. The report identifies top areas for improvement and provides practical guidance on measures that deliver the greatest impact on organizations' ability to respond to cyber attacks and data breaches.
About RSA Security Brief :
RSA Security Briefs provide security leaders and risk management executives with essential guidance on today's most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today's forward-thinking security and risk management practitioners.
Read More via
This whitepaper discusses some common challenges and myths about data security when outsourcing engineering and looks at some industry best practices to address these concerns.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Gartner Security & Risk Management Summit Brochuretrunko
The 2011 Gartner Security & Risk Management brochure is now available. Featuring more than 100+ sessions, 4 complete programs including Security, Risk/Compliance, CISO and Business Continuity Management. For details, please visit www.gartner.com/us/securityrisk
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
The new RSA Security Brief highlights that basic security lapses still contribute to most security incidents. The report identifies top areas for improvement and provides practical guidance on measures that deliver the greatest impact on organizations' ability to respond to cyber attacks and data breaches.
About RSA Security Brief :
RSA Security Briefs provide security leaders and risk management executives with essential guidance on today's most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today's forward-thinking security and risk management practitioners.
Read More via
This whitepaper discusses some common challenges and myths about data security when outsourcing engineering and looks at some industry best practices to address these concerns.
The variety and complexity of cyber attacks is increasing. The attackers have a strong economic and political motivation thus leading to organized and targeted attacks. We have concluded that intrusions are inevitable, and have focused on strategies to work through the attack while limiting the losses. Our approach, called Self Cleansing Intrusion Tolerance (SCIT), leads to the next generation of secure servers. SCIT shifts the focus from intrusion avoidance to reducing the losses resulting from an intrusion. This additional layer of defense is justified, because the current reactive approaches cannot keep up with the rapidly increasing new threats.
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
All information, data, and material contained, presented, or provided on is for educational purposes only.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners.
It is not to be construed or intended as providing legal advice.
Company names mentioned herein are the property of, and may be trademarks of, their respective owners and are for educational purposes only.
17 U.S. Code § 107 - Limitations on exclusive rights: Fair use
Notwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
Holistic Cyber Risk Management Programs in the Financial Industry Must "Predict and Prevent" in Today's Complex Threat Environment, says new White Paper.
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
We are witnessing an onslaught of attacks coming in from highly organized cybercriminals. It is so bad, in fact, that the situation was recently described by U.S. Secretary of State, John Kerry as, “…pretty much the wild west…”.
By United Security Providers
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
A Time of Great Risk: The Time Between Compromise and Mitigation
In most organizations today, threat detection is based on various security sensors that attempt to look for anomalous behavior or for known signatures of malicious activity. These sensors include firewalls, intrusion detection/prevention systems (IDS/IPS), application gateways, anti- virus/anti-malware, endpoint protection, and more. They operate at and provide visibility into all layers of the IT stack.
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Most consumers are open to sharing, communicating and contributing
directly with manufacturers; indeed, this is rapidly becoming an
expectation. Brands have an open platform to do so through digital and
mobile channels and can no longer afford to be one step removed from
the consumer. The journey is just beginning, and it’s anyone’s game.
Learn about how cloud computing has accelerated IBM’s ability to innovate and do so in ways that improve how
IBM delivers services and support. In short, it has become a catalyst
for business transformation at IBM.
Insights from 1,500 IT decision makers giving a perspective on the level of Platform-as-a-service adoption and strategic relevance of this form of cloud computing.
How Cloud computing can drive innovation and improve customer loyalty with comments from the Cloud Industry Forum and including hints and tips on how to get started.
Presentation looking at future skills needed in the IT department if everything is outsourced to the cloud. Includes insights from IBM's CEO and CIO studies. The Future of the IT department whitepaper goes into details and models. Cloud Circle video featuring Mark Tomlinson walks you through presentation if needed.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Responding to and recovering from sophisticated security attacks
1. IBM Global Technology Services IBM Security Services
IBM Global Technology Services i
White Paper
Responding to—and
recovering from—sophisticated
security attacks
The four things you can do now to help keep your
organization safe
2. 2 Responding to—and recovering from—sophisticated security attacks
Contents How severe? Sophisticated attacks can include:
2 Introduction • Stealing intellectual property
• Confiscating bank accounts and other financial assets
3 Step 1: Prioritize your business objectives and set
• Distributing malware on individual computers and
your risk tolerance
across systems
4 Step 2: Protect your organization with a proactive
• Posting confidential business and/or customer
security plan
information online
7 Step 3: Prepare your response to the inevitable:
• Damaging critical infrastructure
a sophisticated attack
8 Step 4: Promote and support a culture of How frequent? A 2012 study of 2,618 business leaders and
security awareness
security practitioners in the United States, United Kingdom,
10 Get started now—before your company becomes a victim Germany, Hong Kong and Brazil found that they experienced
12 For more information an average of 66 attacks per week, with organizations in
Germany and the U.S. reporting the highest numbers: 82
and 79 per week, respectively. And in their 2012 mid-year
Introduction
report, IBM X-Force research and development teams noted
Like so many other things in today’s world, cyber attacks—
an upward trend in overall vulnerabilities, predicting a possible
along with those who perpetrate them—are becoming more
all-time high by the end of the year.2
sophisticated every year. At the same time, IT resources are
moving outside the firewall and enterprises are distributing
How costly? The average cost of recovering from a single
their applications and data across multiple devices. It’s now
cyber attack was estimated to be as much as nearly $300,000
clear that simply protecting an organization’s perimeter is not
by the organizations mentioned in the above 2012 study.3 That
enough. These sophisticated attacks—which include advanced
could amount to nearly $1 billion over the course of a year.
persistent threats, or APTs—are bypassing traditional defenses.
What’s more, we know that the people behind these
We know all too well how major security incidents can affect
sophisticated attacks are patient, long-term planners. They do
a company’s data, networks and corporate brand. We also
reconnaissance and target specific vulnerabilities. And they’re
know that sophisticated attacks, designed to gain continuous
shifting their focus from exploitation to destruction.
access to critical information or to cause damage in critical
infrastructure, are becoming more severe, more frequent and
more costly.
3. IBM Global Technology Services 3
In this paper we’ll discuss the four proactive steps that Identify those areas most vulnerable to attack
you can — and should —take now to help keep your Just as there are some things that are more important than
organization safe: others to the security of your business, there are also some
• Prioritize your business objectives and set your risk areas that are more vulnerable than others. This is not an
tolerance exercise in finger-pointing or laying blame. Instead, it’s an
• Protect your organization with a proactive security plan opportunity to see things as they are—so you can create a more
• Prepare your response to the inevitable: secure environment overall.
a sophisticated attack
• Promote and support a culture of security awareness. Identify the specific types of attacks that pose the
biggest threat
Sophisticated attacks are designed to wreak as much havoc as
Step 1: Prioritize your business objectives
possible—typically resulting in the loss or misuse of critical
and set your risk tolerance data, the disruption of critical infrastructure, or both. That’s
Experience over the past several years has made it clear that
why you need to look at your company’s information and
“security” is a relative term. Because no matter how much
business critical systems from an attacker’s point of view. And
we may want to create a completely and permanently secure
then ask yourself how an attacker could do the most damage.
enterprise and be done with it, reality dictates otherwise. Still,
the growing threat of sophisticated attacks demands that we Identify those areas that would incur the greatest loss
take seriously the business of securing our information and in the event of an attack
protecting our people and infrastructure. And that starts with This is where you come face to face with your biggest
setting priorities. nightmare. If you’re going to come up with a successful plan,
you need to be able to see just how much devastation would
Determine what’s most important to the security of occur if an attack were to succeed in striking your business
your business and why where it would hurt the most.
This sounds fairly obvious. But taking the time to really
think about your business objectives and discuss what’s most
important—and how much risk you’re willing to tolerate—
will help lay a solid foundation for a security strategy that You need to look at your
meets the unique needs of your entire organization. Once
company’s information and
you’ve established this baseline, you’ll have taken a big step
in the right direction. business critical systems from
an attacker’s point of view.
4. 4 Responding to—and recovering from—sophisticated security attacks
Step 2: Protect your organization with
Online gaming / entertainment sites hacked, 100 million a proactive security plan
customer records compromised Now that you’ve established your priorities, it’s time to
make your plans, get the right technology in place and put
Estimated costs: $3.6 billion everything into action. This is where you take the steps to
ensure that your company is aware of potential threats and
Victim: Online gaming community and entertainment sites
working proactively to defend itself against them—on an
ongoing basis.
What happened: An “external intrusion” to a gaming network
resulted in 70 million customer accounts being compromised,
Create a proactive and informed approach to
putting personal and credit card data at risk. The firm was
IT security
forced to “turn off” online services during the investigation,
Develop a security strategy with policies and technologies
causing public backlash and widespread negative press.
A second hack in the entertainment division compromised designed to proactively protect the assets and information you
additional client data. identified as priorities in Step 1. Arming your organization
to successfully manage against those vulnerabilities is an
Why it happened: Hackers allegedly were able to penetrate essential part of taking a proactive stance to security. And the
network security and gain access to unencrypted account and security policies you develop will lay the foundation for your
user data, and possibly some credit card data. information security management strategy. These policies
should document your security requirements, processes and
Damage done: In addition to widespread, negative public technology standards. There’s also a bonus to be had here: in
sentiment, the firm reportedly faced costs exceeding addition to helping you detect and eliminate vulnerabilities, a
$171 million in lost business and response expense. The
smart security strategy can also enhance business operations by
firm’s reported market capitalization fell by approximately
reducing risk and decreasing IT security management costs.
$3.6 billion, as the stock priced dropped 12 percent.
Identify existing vulnerabilities and fix them
Lessons learned: It’s reported that one of the vulnerabilities
This could involve a process as straightforward (but resource
exploited was known to the company. Firms should leverage
a framework for managing risk associated with information intensive) as making sure every operating system on every
assets, as well as establish strong governance mechanisms to machine is up-to-date on security patches—and will stay that
support that framework. way. Other vulnerabilities are more difficult to detect and fix,
such as weaknesses in business applications.
Illustrative purposes only. The actual facts and damages associated with
these scenarios may vary from the examples provided. Estimated, based
on publicly available financial information, published articles.
5. IBM Global Technology Services 5
Mediate against any existing threats And because the security landscape is continuing to change
Are you confident that you aren’t already the victim of a at an ever-increasing pace, it’s equally important that you
sophisticated attack? Particularly pernicious attacks such implement policies for regular testing and review.
as advanced persistent threats, or APTs, are designed to
remain invisible for as long as possible, moving from one Take a smart approach to security intelligence
compromised host to the next, without generating identifiable How do you stay on top of all this—without sending your
network traffic. At the heart of every APT lies a remote IT department into a continual state of panic? Security
control function, which enables criminals to navigate to intelligence and analytics tools can actively monitor and
specific hosts within target organizations, manipulate local correlate data activity across multiple security technologies,
systems, and gain continuous access to critical information. offering you the visibility and insight into what’s going on in
To protect yourself, you need tools designed to detect remote your environment—to help you spot and investigate the kind
control communications between your system and the of suspicious activity that could indicate an attack is underway.
criminal invader. They help reduce complexity by communicating with one
common language across multi-vendor environments, while
taking the strain off your IT department and potentially
delivering both time and cost savings.
It’s become more important
than ever that you pay serious Develop governance procedures and assign ownership
of risk
attention to testing your Like most other things, your security programs and policies
security policies, procedures and designed to defend against threats such as sophisticated attacks
will only be as good as your organization’s ability to ensure that
technologies for effectiveness.
everyone is playing by the rules. So you need to have a plan in
place for staying on top of the situation for the long term. That
includes deciding who’s going to monitor and manage your
Test, test, and test some more security policies and how you’ll provide proof that your risk
With the emergence of sophisticated attacks comes the reality posture is being maintained. Make sure your security program
that one will strike your organization. It’s only a matter of has ownership and leadership assigned across critical business
time. That’s why it’s become more important than ever that areas. By expanding accountability and awareness across key
you pay serious attention to testing your security policies, areas of risk, you’ll create a heightened understanding and
procedures and technologies for effectiveness—especially enforcement of the security controls you’ve put in place.
since doing so is a key element of legal and regulatory And that, in turn, will allow you to create a more secure
requirements for due care and diligence. Failure to do so can business environment.
mean that corporate officers are held liable for the results of
a security breach.
6. 6 Responding to—and recovering from—sophisticated security attacks
Demonstrate and document the value of your security
investments Customer data stolen from retailer over 18+ months; at least
There’s no getting around the fact that your organization will 45 million records lifted
need to find the necessary room in its budget for creating
and maintaining an effective security program. And because Estimated costs: Up to $900 million
it’s very difficult to quantify value in terms of the attacks
that didn’t take place, it’s a good idea to maintain ongoing Victim: Nationwide discount retailer
communications about what you’re doing and why it’s
important. By reporting significant activities that have or could What happened: Apparently 45 million customer credit and
have penetrated critical systems and data, for example, you debit card numbers were stolen from the company’s systems,
can demonstrate the value of security technology investments, although the true number of records stolen is difficult to
determine, given the duration and nature of the incident. This
identify gaps, stop attacks in progress, uncover streamlining
data was sold to criminals and then used to make fraudulent
opportunities, and inspire confidence in your approach.
purchases.
Why it happened: The company reportedly collected
49%
and stored unnecessary and excessive amounts of
personal information for too long and relied on outdated
encryption technology to defend the data. Hackers
apparently gained initial access into the central database
of IT executives say they’re challenged by through unsecure wireless connections in retail stores.
an inability to measure the effectiveness The company was subsequently found to be in violation of
of their current security efforts.4 payment industry standards.
Damage done: This is reported to be the largest breach of its
kind to get widespread media coverage. In addition to lawsuits,
Review everything to ensure that there are no gaps or hefty fines, and remediation costs, the damage to reputation
unnecessary overlaps and other indirect costs is immeasurable.
When you’re working as a group, but taking individual
responsibility for specific aspects of a plan, it’s easy to make Lessons learned: Regular, periodic re-evaluation of
the mistake of assuming that someone else has covered infrastructure and information risks is required as changing
something that you haven’t. Likewise, it’s just as easy for threats and technologies can render previously acceptable
more than one person to cover the same thing. So do a final protections obsolete.
check for clarity and completeness—making sure that you’ve
Illustrative purposes only. The actual facts and damages associated with
included provisions for security intelligence, analytics and these scenarios may vary from the examples provided. Estimated, based
monitoring, for example—to reduce unnecessary complexity on publicly available financial information, published articles.
and spending, and looking for opportunities to simplify
ongoing monitoring, management, and real-time decision
making across technologies.
7. IBM Global Technology Services 7
Step 3: Prepare your response to the
inevitable: a sophisticated attack Having the resources or skills
Once you’ve implemented your security policies, procedures
and technologies to the best of your ability, it’s time to address
needed to actively respond to and
how you’re going to handle a breach if and when it should investigate security incidents is key
occur. In fact, as one analyst recently observed, “Most large to reducing their impact.
enterprise security administrators and chief information
security officers understand that it is not a matter of if, but
when their organization will experience a breach.” 5
It’s clear that having access to the resources or skills needed
Develop a detailed and coordinated response plan to actively respond to and investigate security incidents is
An organization needs a unified, cross-company policy and key to reducing their impact. If your reputation is critical to
process for managing its response to an incident. If you already your ability to conduct business, and you find that the nature
have a plan in place, have you tested your plan and determined of your business may heighten your risk to sophisticated
its effectiveness lately? attacks, you might want to consider employing ongoing threat
monitoring and management. This approach uses technology
Your incident response plan should specify how to stop an designed to improve defense, automate incident response and
attack, identify what (if anything) was compromised, and conduct forensic analysis across a broad range of threats.
calculate the financial and reputational impact. It should
also offer guidelines for communicating with employees, any Take a consistent approach to assigning responsibility
across the organization
individuals whose information may have been compromised
Accept the fact that virtually all organizations will fall victim
and the media.
to a sophisticated attack of some sort, at some time. Make
Ensure you have access to the resources and tools sure your incident response plan specifies who will need to do
needed to respond quickly what—and how everyone will share information. Coordination
The longer it takes to resolve an attack, the more damage it’s across the enterprise is key to effective detection, remediation
likely to do, and the more it’s likely to cost. What’s more, and containment. It’s important that everyone involved has a
about 78 percent of those senior executives responding to a role to play—and knows what that role is. Determine which
recent IBM-sponsored survey on reputational risk say they steps each stakeholder will take to prepare his or her area
recover from relatively minor incidents (such as a website to help reduce the occurrence—and limit the extent—of
outage) in less than six months. But it takes longer to recover sophisticated attacks.
from reputational damage due to cybercrime—partly because
it can be harder tosell the message that the problem has been
entirely fixed.6
8. 8 Responding to—and recovering from—sophisticated security attacks
Step 4: Promote and support a culture of
Payment processor suffers intrusion into core business, security awareness
affecting 130 million customers The job of securing an enterprise’s network continues to
grow infinitely more complex as information pours in from
Estimated costs: Up to $500 million thousands of devices and through scores of public web-based
services. One study reports that 91 percent of enterprise smart
Victim: Payment processor
phone users connect to corporate email, but only one in
three is required to install mobile security software.7 In such
What happened: Around 130 million customer credit and debit
card numbers were stolen from a payment processing system, an environment, access is easy for everyone involved—
resulting in fraudulent transactions. including criminals.
Why it happened: Malicious software was apparently inserted Create and support a risk-aware culture throughout
into the processing system and used to collect in-transit, your organization
unencrypted payment data while it was being processed by It’s time to expand the mission of enterprise security, from
the firm during the transaction authorization process. Card the tech staff and their machines to every person within the
data included card numbers, expiration dates, and certain company, and everyone who does business with it. Since each
other information from the magnetic stripe on the back of the person poses a potential breach, each one must also represent
payment card. a piece of the solution. In the end, success hinges upon
promoting and supporting a risk-aware culture, where the
Damage done: This was a large, visible breach that also importance of security informs every decision and procedure
received widespread media coverage. The firm reportedly at every level of the company. That means secure procedures
paid in excess of $140 million in direct costs related to legal
for data need to become second nature, much like locking the
judgments, settlements, and fees. And the company’s market
door behind you when you leave home.
capitalization reportedly dropped by nearly half a billion dollars
in the three months following the event.
Ensure that each employee knows what to do
The process of changing a company’s culture can be
Lessons learned: Direct, forthright crisis response minimized
client defection. The information shared and leveraged from an enormously challenging. But if you start by taking steps
industry standards association strengthened the company’s to communicate the real importance of helping to improve
security posture, allowing it to eventually recover its loss in security and teach everyone how to recognize and report
market value. possible security problems, you will be heading in the
right direction.
Illustrative purposes only. The actual facts and damages associated with
these scenarios may vary from the examples provided. Estimated, based
on publicly available financial information, published articles.
9. IBM Global Technology Services 9
Our security essentials
At IBM, we are constantly striving to find the balance between that’s running, be confident that it’s current, and have
improving the way we do business and the need to control risk. a system in place to install updates and patches as
The company’s comprehensive response includes technology, they’re released.
process and policy measures. It involves 10 essential practices.
6. Control network access—Companies that channel
1. Build a risk-aware culture—where there’s simply zero registered data through monitored access points will have a
tolerance, at a company level, when colleagues are far easier time spotting and isolating malware.
careless about security. Management needs to push this
change relentlessly from the very top down, while also 7. Security in the clouds—If an enterprise is migrating certain
implementing tools to track progress. IT services to a cloud environment, it will be in close
quarters with lots of others—possibly including scam
2. Manage incidents and respond—A company-wide effort artists. So it’s important to have the tools and procedures
to implement intelligent analytics and automated response to isolate yourself from the others, and to monitor
capabilities is essential. Creating an automated and unified possible threats.
system will enable an enterprise to monitor its operations—
and respond quickly. 8. Patrol the neighborhood—An enterprise’s culture of security
must extend beyond company walls, and establish best
3. Defend the workplace—Each work station, laptop or smart practices among its contractors and suppliers. This is
phone provides a potential opening for malicious a similar process to the drive for quality control a
attacks. The settings on each device must all be subject to generation ago.
centralized management and enforcement. And the streams
of data within an enterprise have to be classified and routed 9. Protect the company jewels—Each enterprise should carry
solely to its circle of users. out an inventory of its critical assets—whether it’s scientific
or technical data, confidential documents or clients’ private
4. Security by design—One of the biggest vulnerabilities in information—and ensure it gets special treatment. Each
information systems comes from implementing services priority item should be guarded, tracked, and encrypted as if
first, and then adding security on afterwards. The only the company’s survival hinged on it.
solution is to build in security from the beginning, and to
carry out regular tests to track compliance. 10. Track who’s who—Companies that mismanage the “identity
lifecycle” are operating in the dark and could be vulnerable
5. Keep it clean—Managing updates on a hodgepodge to intrusions. You can address this risk by implementing
of software can be next to impossible. In a secure meticulous systems to identify people, manage their
system, administrators can keep track of every program permissions, and revoke them as soon as they depart.
10. 10 Responding to— and recovering from—sophisticated security attacks
small amounts of key personal data from public social media
sites, attackers have been able to use clever social engineering
Build a risk- Control network
aware culture access “tricks” to gain unrestricted access to targeted accounts. They
have even bypassed two-factor authentication by convincing
Manage incidents Security in the mobile providers to relocate a user’s voicemail. So it’s not
and respond clouds a matter of whether your company will become a victim,
but when. In fact, 61 percent of the senior executives who
Defend the Patrol the
workplace neighborhood participated in IBM’s recent study on reputational risk and IT
said that data breaches, data theft and cybercrime posed the
Security by Protect the greatest threat to their companies’ reputations.8
design company jewels
Keep it clean Track who’s who
It’s not a matter of whether your company
will become a victim, but when.
Figure 1. Ten essential practices: A successful security program strikes a balance
that allows for flexibility and innovation while maintaining consistent safeguards that
are understood and practiced throughout the organization. It’s okay to seek help
It’s easy to feel overwhelmed when you consider what it
Get started now—before your company takes to protect your organization from sophisticated attacks.
becomes a victim There’s a lot to talk about, think about and worry about. But
IBM X-Force reported just over 4,400 new security you just need to take it one step at a time. And you don’t need
vulnerabilities for the first half of 2012. Assuming that this to go it alone.
trend continued throughout the rest of the year, the total
projected vulnerabilities would likely surpass the record of IBM Security Services consultants can help you plan,
nearly 9,000, set in 2010. In addition, the rate of unpatched implement and manage virtually all aspects of your security
vulnerabilities for the first half of 2012 was the highest that strategy. They’re senior security professionals who have
IBM X-Force had seen since 2008. honed their skills in both the public and private sectors,
working in corporate security leadership and consulting,
Many organizations have had to deal with the fallout caused investigative branches of government, law enforcement,
by password and personal data leaks. And these attacks have and research and development.
become increasingly sophisticated. For example, by obtaining
11. IBM Global Technology Services 11
In addition to offering consulting services, IBM has helped to
set the standard for accountability, reliability and protection What would a Security Health Scan find at your company?
in managed security services since 1995. These services are Here are sample Security Health Scan findings for several
designed to help you enhance your information security types of organizations, showing the average number of
posture, lower your total cost of ownership and demonstrate vulnerabilities found after just one of three consecutive
compliance by outsourcing the monitoring and management of weekly scans. It’s not a surprise to see that even the most
your security operations to IBM, regardless of device type or secure companies can find they have significant exposures,
vendor, on a 24x7x365 basis or as needed. sometimes on multiple fronts. In today’s dynamic business
environment, where boundaries no longer exist, you’re more
than likely to find at least some vulnerabilities and exposures.
IBM Managed Security Services can provide the security
intelligence, expertise, tools and infrastructure you need to
help secure your information assets from Internet attacks
University Insurance company
around the clock, often at a fraction of the cost of in-house
Severe Severe
security resources. 106 86
Begin with a complimentary Security Health Scan
Moderate Moderate
By now you’re probably starting to think about how
7 11
vulnerable your company may be. You can get a glimpse with
a complimentary Security Health Scan from IBM Security Critical Critical
Services. Here’s how it works: IBM will scan up to 10 IP 23 17
addresses or a web domain of your choosing once a week for
three weeks, at no charge. You’ll receive a detailed analysis Virtual hosting/ City government
of the vulnerabilities that are found—classified by their level web hosting provider
Severe Severe
of severity—along with step-by-step instructions on how 112 112
to remediate them. What’s more, for the duration of your
scanning period you’ll have access to the IBM Managed Moderate
Security Services Virtual Security Operations Center portal 20
and all the intelligence and threat information it provides. Moderate
Critical 20
38 Critical
9