Cybersecurity as a Business Enabler

ビジネスを推進するための

サイバーセキュリティ

Jarad Carleton

Global Program Leader, Cybersecurity

January, 2020

2

Source: Frost & Sullivan

1 Petro China

2 Exxon Mobil

3 Microsoft

4 ICBC

5 Wal-Mart

Microsoft

Amazon

Apple

Alphabet

Facebook

2009 2019

データは、世界で最も価値のあるコモディティである。 世界の公開企業Top 5、2009 vs. 2019

Moderate 11%

Stong 50%

Customer Trust

61%

Moderate 13%

Strong 47%

Business Results

60% n=154

Small 39%

Moderate 11%

Stong 50%

Customer Trust

n=154

Small 40%

Moderate 13%

Strong 47%

Business Results

3

Source: Frost & Sullivan N=154. Line of Business Executives at companies with publicly disclosed data breaches.

情報漏洩の長期的なマイナス影響

48%

Consumer Churn

n=990

48%

Consumer Churn

n=990

4

N=990. Consumers in 10 nations around the world (Western Hemisphere, Europe, and APAC)

情報漏洩後の消費者の反応

Source: Frost & Sullivan

Half of consumers across 10 nations claim

to have ended their business relationship

with an organization after they learned

about a data breach that affected their data

Consumers that ended business

relationships in APAC after a data breach:

• 36% – Australia

• 48% – Japan

• 52% – India

• 77% – China

5

Source: Yahoo Finance

Data breach

announcement

情報漏洩後の投資家の反応 Capital OneのNYSE株価: July 22, 2019 – August 17, 2019

6

32

70 95

300 300

Altran Norsk Hydro Demant Maersk FedEx

2019年の被害の大きかった攻撃 ランサムウェア攻撃による推定初期被害額 (百万US$)

Source: Frost & Sullivan

7

Headquarted in Oslo, Norway

o Operating in 40 countries

o 35,000 employees

o 30,000+ enterprise customers globally

Present in all market segments of the

aluminium industry value chain

o Rolled, extruded products, & recycling

o Extracts bauxite

o Refines alumina

o Generates energy

Norsk Hydro 企業概要

Source: Norsk Hydro, Frost & Sullivan

8

Norsk Hydro 事件概要

Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan

1. SPEAR PHISHING

2. MALWARE INJECTION

o One person opened a legitimate email communication from a trusted customer

o Hackers had covertly weaponized a file the customer sent as an email attachment

o Norsk Hydro antivirus discovered the trojan within days, but it was too late

MALWARE

INJECTION

PHISHING

9

Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan

3. RECONNAISSANCE

4. CREDENTIAL THEFT

o Cyber adversaries had established a foothold in the network

o Leveraged toolkits such as MimiKatz, Metasploit, or Cobalt Strike to gain access to privileged user

accounts in Active Directory

MALWARE

INJECTION

PHISHING RECONN-AISSANCE

CREDENTIAL THEFT

Norsk Hydro 事件概要

10

Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan

5. EXPLOITATION

6. PRIVILEGE ESCALATION

o Using domain administrator credentials, cyber adversaries accessed Active Directory to plant

ransomware

o Used administrator credentials to disable cyber defence mechanisms in place

MALWARE

INJECTION

PHISHING RECONN-AISSANCE

CREDENTIAL THEFT

EXPLOITATION PRIVILEGE ESCALATION

Norsk Hydro 事件概要

11

Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan

o With cyber defences disabled Active Directory was used to distribute the LockerGaga ransomware

across the network infrastructure

7. LATERAL MOVEMENT

MALWARE

INJECTION

PHISHING RECONN-AISSANCE

CREDENTIAL THEFT

EXPLOITATION PRIVILEGE ESCALATION

LATERAL MOVEMENT

Norsk Hydro 事件概要

o Ransomware was activated, 22,000+ computers and servers were affected

o All 35,000 employees were impacted

o Norsk Hydro refused to pay and used analogue processes to operate machinery

o Attack cost over $70 million USD, cyber insurance policy only paid $3.6 million USD

12

Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan

8. PERSISTENCE

MALWARE

INJECTION

PHISHING RECONN-AISSANCE

CREDENTIAL THEFT

EXPLOITATION PRIVILEGE ESCALATION

LATERAL MOVEMENT

PERSISTENCE

Norsk Hydro 事件概要

13

Under-

prepared

• Low or non-existent levels of staffing charged with information security responsibilities

• Few formal security guidelines outside of the IT department.

• Lower adoption rates of security tools and controls.

In

Transition

• Understanding of need for personnel charged with information security

• Some have implemented formal guidelines for all departments and

some have not

• Most have not yet implemented the tools, controls, and operational

procedures to provide top tier protection

Security

Leaders

• Have implemented best practices for organisational

preparedness, have fully briefed all employees on

security protocols and incident response action plan

• Security architecture continuously tested to ensure

maximum functionality

セキュリティ成熟度評価の基準 セキュリティ成熟度評価に基づき組織をグループ化する。

Sources: Frost & Sullivan

14

N=881. An eight nation study

Underprepared In-Transition Security Leaders

Primary Security Concern Targeted Phishing Attacks System vulnerabilities Advanced Persistent Threats

Primary Technology Focus

At least 65% of companies

indicated that the technology

is in use today

• Firewall/UTM/NGFW

• Endpoint protection

• Secure Email Gateway

• Wi-Fi Security

• Managed Threat Detection

& Response

• DNS Firewall

• Employee Security

Training & Education

• Vulnerability Assessments

• Identity Management

• Cloud Access Security Broker

(CASB)

• IoT Device Security

Monitoring

• Security Orchestration

Automation & Response

• Mobile Threat Defence (MTD)

• Advanced Malware

Protection (Sandboxing)

• Software Defined Wide Area

Network (SD-WAN)

• Security Operations Centre

as a Service (SOCaaS)

• Security Information and

Event Management (SIEM)

• Multi-Factor Authentication

(MFA)

Sources: Frost & Sullivan

セキュリティ成熟度、 懸念、注目のテクノロジー 中～大企業－セキュリティ成熟度の軸となるテクノロジーのみを注視している。

15

40%

25%

44% 32%

43% 36%

50% 40%

27% 55% 24%

30%

29% 38% 22%

22%

33% 19%

32% 38% 27% 25% 28%

38%

USA

n=129

Mexico

n=103

UK

n=106

Germany

n=119

France

n=106

Italy

n=110

Japan

n=103

Australia

n=105

Security Leaders In-Transition Under Prepared

Sources: Frost & Sullivan N=881. An eight nation study

セキュリティ成熟度、 懸念、注目のテクノロジー 中～大企業－セキュリティ成熟度の軸となるテクノロジーのみを注視している。

16

N=881. An eight nation study

29%

30%

41%

<$100 mln USD n=295

40%

33%

28%

$100-499 mln USD

n=220

45%

33%

22%

>$500 mln USD n=251

61% are in

transition

Or are under

prepared

55% are in

transition

Or are under

prepared

Sources: Frost & Sullivan

セキュリティ成熟度及び予算 予算の規模はセキュリティの成熟を達成する決定要因にはならない。

Security Leaders In-Transition Under Prepared

17

3 – Security Operations

4 – People

2 – Technology Tools & Controls

Sources: Frost & Sullivan

セキュリティ成熟度の評価 5つの評価軸をベースに分析

1 – Organisation Culture

5 – Cloud Adoption

Employ true CISO who will develop and coordinate security strategy

organisation wide

Use threat intelligence and operationalise it with automated security processes

whenever possible

Establish formal security processes, guidelines, and training – For all

departments!

Implement defined incident response procedures

– Share those procedures across all departments!

Conduct periodic reviews 2-4 times per year to fine tune your security

operations

18

Sources: Frost & Sullivan

サイバー攻撃に対する回復力を強化するために サイバー攻撃に対する回復力はビジネスの回復力

19

Sources: Frost & Sullivan

Online digital trust

Customer churn

Infrastructure damage

Production & productivity

Intellectual Property (IP) theft

Revenues and other financial impacts

More effective at mitigating the negative impact of cyber attacks

on the following areas:

サイバー攻撃に対する回復力を強化するために サイバー攻撃に対する回復力はビジネスの回復力

Contact Information

20

ASIA PACIFIC

Toshio Ogane | +81 3 4550 2210 | toshio.ogane@frost.com

EUROPE

Jarad Carleton | +44 (0)20 7193 0986 | jcarleton@frost.com

AMERICAS

Francisco Tossi | +1 (650)475-4516 | ftossi@frost.com

FROST & SULLIVAN CYBERSECURITY PRACTICE

https://frost.turtl.co/story/global-cybersecurity-practice-overview/