Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Transcription

1 Cybersecurity THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY Gary Meshell World Wide Leader Financial Services Industry IBM Security March You have been breached; What Happens Next 2 IBM Security

2 We have been breeched; Now we must be prepared to respond Phishing Credentials Stolen Database Stolen Encrypted Communication FBI Calls CEO Twitter Sentiment Falls Update C-Level Executives Insider? Victim? Validate Altered Financial Reports Response Website Legal Deposition BOOM Malware Deployed Remote Access to Network Additional Compromises First Public Indicator Stock Price Falls Press Conference Forensic Research Notify Customers & Partners Board of Directors Meeting SEC Investigation 3 IBM Security Equifax Timeline of Events March 8 th Warning Given Via Homeland Security CVE 2017 Struts REST $133 May 13 th First Batch of sensitive data $135 July 31 st CIO tell CEO $145 Aug 2 nd Mandiant hired for investigation $145 Sept 5th Equihax domain $141 Stock Fell 13.7% $120 securityequifax2017.com Fake Site Sept 15 th CIO & CISO Retire $92 Sept 27 th CEO Resigns 12 Years 18 Mil Pension $106 Oct 3 rd Former Equifax CEO Rick Smith Testifies Before Congress $111 May 9 th Equifax forwards the U.S. warning internally to its information security team and requests a fix within 48 hours, but the patch isn t installed $135 4 IBM Security July 29 th Sees suspicious network traffic Blocks $145 Aug 1 st & 2nd 3 Execs sell 1.8M stock (CFO) $146 Aug 22 nd Board of Dir is notified and remediation plan $140 BOOM Sept 7 th Sept 12th Equifax apologies in USA Today OpEd $115 Sept 14th FTC announces investigation Stock fell 5% to $94.19 Sept 21st Equifax admits it sent victims of the data breach to a bogus website $98 Oct 2 nd Mandiant Concludes Forensic Investigation $106

3 Security incidents have grown exponentially Security Incidents by Time, Impact and Attack Type Attack types: Undisclosed DDos SQL Injection Malware Phishing Misconfiguration 5 IBM Security Insiders and errors are just as responsible Root Cause of Data Breach System glitches 28% Human error 25% Malicious Attacks 47% *Ponemon Cost of Data Breach IBM Security

4 May WannaCry attack: Who s been hit May Why WannaCry Malware Caused Chaos for National Health Service in U.K. 7 IBM Security Equifax did not master the security fundamentals Basic logging Ignoring privilege Flat networks Default passwords Un-tuned firewalls Not identifying critical data Under-deployed tools No incident response plan

5 What are Financial Services firms security challenges Data overload 200 days to detect a breach, 20 B+ connected devices Lack of skills 1.5M unfilled jobs Tooling complexity 85 tools from 45 vendors Your security strategy? Security analytics Privileged user management Access management User behavior analytics Data access control Incident response Data protection Endpoint patching and management Fraud protection Identity governance and administration Network forensics and threat management Network visibility and segmentation Mainframe security Vulnerability management Firewalls security management IDaaS Device management Sandboxing Virtual patching Malware protection Transaction protection scanning Indicators of compromise Criminal detection Content security Endpoint detection and response Malware analysis Threat sharing Threat and anomaly detection Threat hunting and investigation 10 IBM Security

6 First, we need to treat security as an immune system Endpoint detection and response Endpoint patching and management Malware protection ENDPOINT Indicators of compromise Malware analysis Threat sharing THREAT INTEL Security analytics Vulnerability management Threat and anomaly detection NETWORK SECURITY ECOSYSTEM Network forensics and threat management Firewalls Sandboxing Virtual patching Network visibility and segmentation Transaction protection Device management Content security MOBILE SECURITY ORCHESTRATION & ANALYTICS ADVANCED FRAUD Fraud protection Criminal detection APPS scanning security management User behavior analytics Incident response Threat hunting and investigation DATA IDENTITY & ACCESS Privileged user management Identity governance and administration Access management IDaaS Mainframe security Data protection Data access control 11 IBM Security Next, there is an upcoming war Good A.I. vs. Bad A.I. 12 IBM Security

7 We need to change the game with AI X-Force Exchange Malware Analysis X-Force IRIS App Exchange Hybrid Cloud Security Services BigFix Managed Detection & Response QRadar Incident Forensics QRadar Network Insights Managed Network Security Secure SD-WAN MaaS360 Mobile Device Management Trusteer Financial Malware Research AppScan Security on Cloud X-Force Red SDLC Consulting QRadar Watson Resilient i2 Security Operations Consulting X-Force Command Centers X-Force IRIS Guardium Multi-cloud Encryption Key Manager Critical Data Protection Services Identity Governance and Access Cloud Identity zsecure Identity Management Services Products Services 13 IBM Security Three key pillars for response preparedness TECHNOLOGY Orchestration and Playbooks EXPERTISE Expertise to deal with Right of Boom PRACTICE Preparedness and Leadership Skills Single hub to orchestrate people, process, and technology IBM Resilient Platform Proven incident response thought leadership and expertise IBM X-Force IRIS & IBM Resiliency Prepare for incidents and test skills in the first commercial cyber range IBM X-Force Command Center 14 IBM Security

8 May WannaCry attack: Who s been hit May Why WannaCry Malware Caused Chaos for National Health Service in U.K. 1 Treat security as an Immune System 2 Change the game with AI 3 Prepare your Security Response 15 IBM Security THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com youtube/user/ibmsecuritysolutions Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.