IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation
IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to: X-Force Research 14B 40M 54K analyzed Web pages & images spam & phishing attacks documented vulnerabilities 13 billion security events monitored daily Research and evaluate threat and protection issues Deliver security protection for today s security problems Develop new technology for tomorrow s security challenges Educate the media and user communities Provides Specific Analysis of: Vulnerabilities & exploits Malicious/Unwanted websites Spam and phishing Malware Other emerging trends 2
To find out how forward thinkers are harnessing all this data, we asked 138 security leaders in seven counties across a wide range of industries 3
With explosive growth in connectivity and collaboration, information security is becoming increasingly complex and difficult to manage In 2011, the corporate world experienced the second highest data loss total since 2004 The number of mobile workers is expected to reach 1.3 billion by 2015 At the same time, mobile security threats are increasing up almost 20 percent in 2011 Sources: 4 Verizon 2012 Data Breach Investigations Report; IDC
2011: Year of the Security Breach 5
Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 6
Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 7
SQL Injection Attacks against Web Servers 8
Shell Command Injection Attacks 9
SSH Brute Force Activity 10
Phishing based malware distribution and click fraud 11
Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 12
Public Exploit Disclosures Fewer exploits released so far this year since 2006 Down as a percentage of vulnerabilities as well 13
Public Exploits 14
Decline in web application vulnerabilities in 2011 In 2010 49% of security vulnerabilities affected web applications. In 2011 41% affected web applications. Big decline in SQL Injection 15
Better Patching 16
Key Findings from the 2011 Trend Report New Attack Activity Rise in Shell Command Injection attacks Spikes in SSH Brute Forcing Rise in Click Fraud related Phishing Progress in Internet Security Fewer exploit releases Fewer web application vulnerabilities Better patching The Challenge of Mobile and the Cloud Mobile exploit disclosures up Cloud requires new thinking 17
Mobile OS Vulnerabilities and Exploits Continued interest in Mobile vulnerabilities as enterprise users bring smartphones and tablets into the work place Attackers finally warming to the opportunities these devices represent 18
The Challenges of Cloud Security In 2011, there were many high profile cloud breaches, affecting wellknown organizations and large populations of their customers. Cloud Security Requires: A cloud-appropriate workload Effective due diligence on the part of the customer Flexibility on the part of the cloud provider Cloud customers should take a lifecycle view of the cloud deployment, including what the exit strategy should be if things don't work out. 19
The security landscape is changing 20 Source: IBM Center for Applied Insights
One-quarter of security leaders believe their organizations are mature and are confident in their ability to respond to a breach or incident Self-assessed maturity and preparedness 21 Source: IBM Center for Applied Insights
In this new normal, organizations need an intelligent view of their security posture Basic Organizations employ perimeter protection, which regulates access and feeds manual reporting Auto omated Manual Reactive Proactive Optimized Organizations use predictive and automated security analytics to drive toward security intelligence Proficient Security is layered into the IT fabric and business operations 22
Influencers vs. Responders 2xmore likely to have a dedicated CISO 2.5x more likely to have a security or risk committee 3xmore likely to have information security as a board topic 2xmore likely to use a standard set of security metrics to track their progress 4xmore likely to be focused on improving enterprise wide communication and collaboration over the next two years 2xmore likely to be focused on providing education and security awareness over the next two years 23
Influencers are more likely to measure progress through a wider variety of metrics and devote more attention to systemic change Importance of Metrics 24 Source: IBM Center for Applied Insights
Security leaders should construct an action plan based on their current capabilities and most pressing needs Responders can move beyond their tactical focus by: Establishing a dedicated security leadership role (like a CISO), assembling a security and risk committee, and measuring progress Automating routine security processes to devote more time and resources to security innovation Protectors can make security more of a strategic priority by: Investing more of their budgets on reducing future risks Aligning information security initiatives to broader enterprise priorities Learning from and collaborating with a network of security peers Influencers can continue to innovate and advance their security approaches by: Strengthening communication, education and business leadership skills to cultivate a more risk-aware culture Using insights from metrics and data analysis to identify high-value improvement areas 25
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Only vendor in the market with end-toend coverage of the security foundation 6K+ security engineers and consultants Award-winning X-Force research Largest vulnerability database in the industry Intelligence Integration Expertise 26
Intelligence: Leading products and services in every segment 27
Get Engaged with IBM X-Force Research and Development Follow us at @ibmsecurity and @ibmxforce Download X-Force security trend & risk reports http://www- 935.ibm.com/services/us/iss/xforce/ Subscribe to X-Force alerts at http://iss.net/rss.php or Frequency X at http://blogs.iss.net/rss.php Attend in-person events http://www.ibm.com/events/cale ndar/ Join the Institute for Advanced Security www.instituteforadvancedsecurity.com Subscribe to the security channel for latest security videos www.youtube.com/ibmsecuritysolutions 28