Post on 27-Jun-2020
1
2012 雲端資安報告
1
黃建榮 資深顧問 - Verizon Taiwan
August 2012
2
It’s All About Security Protecting assets from threats that could impact
the business
Protecting Assets . . .
• Stationary data
• Data in transit
• Software
• Hardware
• Physical infrastructure
… From Threat Agents . . .
• External - outside the organization
• Partner – a business relationship
• Internal – employees
…Taking Threat Actions . . .
• Hacking
• Malware
• Physical attacks
• Misuse
• Social tactics
… To Prevent Harm to the Business
• Exposure of intellectual property
• Exposure of employees’ and/or customers’ personal/private information
• Exposure of private business transactions
• Business slow-down or interruption from damage to hardware or software
• Fines or other actions by agencies that regulate the business
• Harm to the brand reputation
3
Hold on… Wha??? Why is telecom company investigating
breaches?
4
Enterprise Solutions to Meet
Business Imperatives
IT Services Security Services Communications
Services
Networking
Services Mobility
• Cloud-based Services
• Data Center Services
• Managed Applications
• Managed IT
• Equipment and
Services
• Professional Services
• Government, Risk and
Compliance
• Identity and Access
Management
• Managed Security
• Equipment and
Services
• ICSA Labs
• Professional Services
• Contact Center
Services
• Unified
Communications
• Video, Web and Audio
Conferencing
• Traditional Voice
• Emergency
Communications
Services
• Equipment and
Services
• Professional Services
• Internet
• Private WAN
• Private Point to Point
• Access Services
• Managed Networks
• Equipment and
Services
• Professional Services
• Advanced
Communications
• Applications and
Content
• Global
Communications
• Hardware
• Mobile Data
• Voice and Messaging
• Professional Services
RISK Team
falls here
5
What is the Data Breach Investigations
Report? (DBIR)
• Verizon’s Data Breach Investigations Report (DBIR) is an ongoing, unbiased study into the world of cybercrime.
– Analyzes forensic evidence of data breaches
– Uncovers how sensitive data is stolen from organizations, who’s doing it, why they’re doing it, and, what might be done to prevent it.
6
Why We Do It
• Studying security breaches helps Verizon and the Customer understand how they occur.
• Real science – measures what happened across thousands of instances, and converts that data into better decisions, more effective security.
• The better we understand them, the better we can prepare for and prevent them.
7
When there’s a Breach call the
Investigative Response (IR) Team!
• The Investigative Response Team:
– Experience & Expertise
– Detect / Prevent / Respond
– 24 x 7 hotline / Onsite support within 24 hours
– Digital forensics / investigation
– Computer incident response
– Fraud analytics
– Electronic data recovery
– Electronic crimes counter-surveillance
– Protocols for containment
– Transition of evidence to law enforcement for prosecution
• The expansive data set generated through these activities offers an interesting glimpse into the trends surrounding computer crime and data compromise, which is detailed in the Data Breach Investigation Reports.
8
2012 Data Breach Investigations Report
9
2012 Data Breach Investigations
Report – Global Study
澳洲聯邦警察 荷蘭高科技罪案組 愛爾蘭報告與資訊安全服務
英國警察中央電子犯罪部門
美國秘勤局
10
Data Collection and Analysis
Methodology - VERIS
Data Sample
• 855 data breaches
• 174 million stolen records in combined
dataset
Collection and Analysis
• VERIS (Verizon Enterprise Risk and Incident Sharing)
framework used to collect data after investigation
• VERIS provides a common language for describing
security incidents (or threats) in a structured and
repeatable manner
• Case data anonymized and aggregated
• RISK Intelligence team provides analytics
VERIS: https://verisframework.wiki.zoho.com/
11 11
The Threat Environment 2012 DBIR Key Findings: Threat Agents
Threat Agents are the source of a breach
98% of all data breaches stemmed from external agents (+6%)
4% implicated internal employees (-13%)
<1% committed by business partners
58% of all data theft tied to activist groups
12
External Threat Agents on the rise…
13 13
The Threat Environment 2012 DBIR Key Findings: Threat Actions
• 81% utilized some form of hacking (+31%)
• 69% incorporated malware (+20%)
• 10% involved physical attacks (-19%)
• 7% employed social tactics (-4%)
• 5% resulted from privilege misuse (-12%)
Threat Actions are what Threat Agents did to gain access a protected system or device
14
Top Ten Threat Actions for Larger
Organizations
15
Compromised Assets
16
Most Compromised Assets
17
Compromised Data
18
The 3-Day Workweek
19
Time Span of Events
20
Breach Discovery
21 21
The Threat Environment 2012 DBIR Key Findings: Commonalities
• 79% of victims were targets of opportunity (-4%)
• 96% of attacks were not highly difficult (+4%)
• 94% of all data compromised involved servers (+18%)
• 85% of breaches took weeks or more to discover (+6%)
• 92% of incidents were discovered by a third party (+6%)
• 97% of breaches were avoidable through simple or intermediate controls (+1%)
• 96% of victims subject to PCI DSS had NOT achieved compliance (+7%)
22
Recommendations: Smaller Orgs
23
Recommendations: Larger Orgs
24
Verizon Enterprise Security Solutions
Can Help
29
• Manage millions of identities for governments of 25+ countries Identity Mgmt
• Delivered 1000+ vulnerability mgmt engagements in 2010 and 2011 Application Security
• Delivered 1000+ GRC engagements in 2010 and 2011 Assurance
• More PCI QSAs than any other firm in the world Compliance
• 7 SOCs track & manage >5 Billion security events & alarms monthly Log Mgmt
• Scanned >100 Million files; discovered >1 Billion sensitive data elements Data Discovery
• Led one of the world’s largest DLP deployments (400,000+ seats ) Data Protection
• Manage security of 250,000+ mobile devices Mobility Security
• Largest & highest rated MSSP in the world (Gartner, Forrester, etc) Threat Mgmt (MSS)
• Delivered 1000+ vulnerability mgmt engagements in 2010 and 2011 Vulnerability Mgmt
• Analyzed 2000+ data breaches involving 1 Billion records Breach Prevention
The Verizon Advantage We are serious about security…
30
Thank you!