Cybersecurity – State of the World

Pierre Noel

Asia Chief Security Officer

Deep understanding of today’s threats

Microsoft Security Intelligence Report, Vol. 16

In-depth analysis of the

threat landscape of exploits,

vulnerabilities, and malware

computers worldwide

providing data from

Internet services

computers using the

Malicious Software

Removal Tool monthly

Web-page scans per

month from Bing

Security and privacy should be a top leadership concern

5

Managing risk in an increasingly connected world

“This Nexus of Forces is impacting

security in terms of new vulnerabilities.

–Ruggero Contu, Christian Canales and Lawrence Pingree. Forecast Overview: Information Security, Worldwide, 2014 Update. Gartner, Inc. June 25, 2014.

Impact of cyber attacks could be

as much as $3 trillion in lost

productivity and growth

Implications Job security Customer loyalty

Intellectual property

Legal liability Brand reputation

$ 3.5M Average cost of a data breach to a company

15 % increase YoY

median # of days attackers are

present on a victim network

before detection 243

level issue

is a

CEO

Security

>50% of enterprise

network attacks will use encrypted traffic to bypass controls by 2017

WW spending

on cybersecurity

to reach

$76.9B in

2015, up 8.2%

from 20141

Statistics from the front lines

>30% of SMB

security controls

will be cloud-

based by 20151

40% of security

controls in

enterprise data

centers will be

virtualized by

20162

75% of mobile

apps will fail

basic security

tests by 20151

Gartner Security & Risk Management Summit

Top Security Trends for 2014-2015

Responding to New SSL Threats

Belgian telecom

compromised in alleged cyber

espionage campaign

Data of 20

million Chinese

hotel guests

leaked

2013 headlines from around the world

105 million

South Korean

accounts

exposed in

credit card

security breach

Blackhole

Exploit Kit takes

advantage of

financial crisis in

Cyprus

DDoS attacks hit

Reddit and

European

banks

Symantec Internet Security Threat Report

Employee failure to follow cyber hygiene policies is #1 security concern

Source: Survey of 200 U.S. federal IT decision-makers, commissioned by the Fort Meade Alliance

Implementation of

technical/system safeguards

Employee training

Policy/procedure

implementation or changes

52% 42% 47% 42%

39%

66%

61%

57%

$5.6B estimated cost to

healthcare industry from

security breaches1

90% of surveyed

healthcare

organizations

have had at least

one data breach

in the past 2

years. 1

2014: statistics from the front lines

Stolen health

credentials

worth 10-20x

the value of a

U.S. credit card

number2

Healthcare

industry had

highest per

capita cost from

security incidents

in 2013 global

survey3

65% of surveyed

healthcare providers say

negligent insiders are biggest

security concern4

Ponemon Institute, Benchmark Study on Patient Privacy and Data Security, 3-12-2014 Ponemon Institute, 2014 Cost of Data Breach Study: Global Analysis

SANS Institute, Inaugural Health Care Survey

25 zero-day

vulnerabilities found in SCADA

software from 20

suppliers1

Statistics from the front lines

Wired

New York Times

Cybercrime

accounts for

95% of

losses incurred

by Brazilian

banks2

25 zero-day

vulnerabilities found in SCADA

software from 20

suppliers1

52%

increase in EU

critical

infrastructure

attacks from

2011-20124

300 attacks against oil &

energy companies

in Norway in

2014

3 Fox News

European Union Agency for Network and Information Security (ENISA) Threat Landscape Report

Who are the

BAD

GUYS?

Encountered Malware by Region – 4Q14 source: Security Intelligence Report (www.microsoft.com/sir)

Infection trends Hong Kong S.A.R.

Metric 3Q13 4Q13 1Q14 2Q14

Encounter rate, Hong Kong S.A.R. 15.7% 12.0% 13.4% 11.6%

Worldwide encounter rate 24.0% 21.4% 21.3% 19.1%

CCM, Hong Kong S.A.R. 3.2 5.9 4.7 4.5

Worldwide CCM 7.5 9.7 10.8 7.2

Infection and encounter statistics do not include Brantall, Filcout, and Rotbrow

Malware encounters and infections Hong Kong S.A.R.

0%

5%

10%

15%

20%

25%

30%

3Q13 4Q13 1Q14 2Q14

Encounter rate

0

2

4

6

8

10

12

3Q13 4Q13 1Q14 2Q14

Infection rate

Hong Kong S.A.R. Worldwide

Threat categories Hong Kong S.A.R.

0%

1%

2%

3%

4%

5%

6%

7%

8%

En

cou

nte

r ra

te (

perc

en

t o

f all r

ep

ort

ing

com

pu

ters

)

Hong Kong S.A.R. Worldwide

Ransomware by country or region 2H14

30,000 computers

down for two

weeks

“If you protect your paper clips and

diamond with equal vigor, you will

soon have more paper clips and fewer

diamonds”

It all starts with

Data Classification

Classification

• HBI information is usually labeled

Confidential or HBI.

• Unauthorized disclosure of HBI

would cause severe or catastrophic

material loss.

• Examples of common forms of

sensitive information include

(without limitation)

• social security numbers,

• credit card numbers,

• username and password

combinations.

• In many cases this data is

encrypted.

• MBI information is usually labeled

Confidential or MBI.

• Only specific groups of employees,

or approved non-employees with a

legitimate corporate business need,

have access to MBI content.

• Unauthorized disclosure may cause

• serious material loss due to

identity or brand damage,

• operational disruption,

• damage to corporations

reputation,

• legal or regulatory liability.

• LBI information carries no or little

risk of impact to the corporation if

lost or stolen.

• Released financials, Public

Relations campaigns and released

product information are examples

of LBI.

26

Domain Joined Non Domain Joined

MSIT Standards PC with TPM PC w/o TPM PC MS Phone Non-PC Device

Enterprise Class PCs

with TPM

MSIT Recommended:

Consumer PC with

TPM

Consumer PCs MSIT Standards Windows Mobile 8

Sony, ASUS…Acer Enterprise Class and

Consumer PCs

Android and Future

Chrome OS devices

Apple Mac with

Bootcamp

Apple Mac with

Bootcamp

Apple Mac with Mac

OS X

iPhone & iPad

MSIT Services

Helpdesk Hardware Support Yes Best Effort Best Effort Maybe No No

Helpdesk Software Support Yes Yes Yes Yes Yes

LOB Applications Yes Yes Yes Yes Yes No

Patching Yes Yes Yes No No No

Driver support in MSIT Images Yes Yes No Maybe No No

BitLocker Yes Yes No * No No No *

Direct Access Yes Yes No No No No

VPN with Smartcard Yes Yes Yes Yes No No

WIFI Yes Yes Yes Yes Yes Yes

Exchange Yes Yes Yes Yes Yes Yes

Corporate Access (i.e. Applications,

Print, File Shares & SharePoint) Yes Yes Yes Limited Limited Limited

Lync / UC Yes Yes Yes Yes No No

* Concerns with PII / HBI data loss

Resilience “The bamboo

that bends is

than the oak that resists.” ~ Japanese proverb

stronger

Defining Resilience Profіlіng a Resіlіent Іnformatіon System

% Degradation of

Operational Effectiveness

Attacker Work Factor

Detection

Penetration

Recovery

Initiated

Recon Escalation Recovery

Making it

Resilient

The Impact of Security Standards

30

Case Study:

Australia

Collaboration between Microsoft and the Australian government resulted in a series of

implementations across local government agencies to provide better resilience to cyber

incidents.

Patch & update to current applications

Patch & update to current operating systems

Use application whitelisting

Host based intrusion detection & prevention

Host inspection of Microsoft Office Files

Patch & update to current operating systems

Inbound Host-based Firewall Randomise Local Administrator Passphrases

Use gateway and desktop antivirus

Lock down operating environments

Social engineering education

Enforce strong passphrases

Restrict administrative privileges

Use multi-factor authentication

Implement data execution prevention

Harden server applications

Disable LanMan

Filterweb content

Whitelist web domains

Whitelist HTTP/SSL connections

Enforced border gateway Firewall

Force domain IP lookup

Blacklist domains at the border gateway

Filter email content by whitelist

Force domain IP lookup

Implement TLS between email servers

Capture All Network Traffic

Monitor Traffic with Network IDPS

Restrict NetBIOS

Centralise network logging

Network Segmentation & Segregation

Centralise host logging

Non-persistent virtualised operating system

Monitor System Infra-

structure

Educate Users

Monitor the

Network

Protect Email

Defend the Web

Protect the

Endpoint

Harden Web & Server Apps

Strong Authenti-

cations

Resilience as a Strategic Priority Microsoft + Australia

Australia’s Top 4

Patching

applications and

using the latest

version of an

application

Patching

operating

systems

Keeping admin

right under strict

control (and forbidding the

use of administrative

accounts for email

and browsing)

Whitelisting

applications

Cybersecurity – State of the World

Pierre Noel

Asia Chief Security Officer

http://aka.ms/WCP235

Session Evaluation