cybersecurity as a business enabler · 2020. 1. 22. · cybersecurity as a business enabler...
TRANSCRIPT
Cybersecurity as a Business Enabler
ビジネスを推進するための
サイバーセキュリティ
Jarad Carleton
Global Program Leader, Cybersecurity
January, 2020
2
Source: Frost & Sullivan
1 Petro China
2 Exxon Mobil
3 Microsoft
4 ICBC
5 Wal-Mart
Microsoft
Amazon
Apple
Alphabet
2009 2019
データは、世界で最も価値のあるコモディティである。 世界の公開企業Top 5、2009 vs. 2019
Moderate 11%
Stong 50%
Customer Trust
61%
Moderate 13%
Strong 47%
Business Results
60% n=154
Small 39%
Moderate 11%
Stong 50%
Customer Trust
n=154
Small 40%
Moderate 13%
Strong 47%
Business Results
3
Source: Frost & Sullivan N=154. Line of Business Executives at companies with publicly disclosed data breaches.
情報漏洩の長期的なマイナス影響
48%
Consumer Churn
n=990
48%
Consumer Churn
n=990
4
N=990. Consumers in 10 nations around the world (Western Hemisphere, Europe, and APAC)
情報漏洩後の消費者の反応
Source: Frost & Sullivan
Half of consumers across 10 nations claim
to have ended their business relationship
with an organization after they learned
about a data breach that affected their data
Consumers that ended business
relationships in APAC after a data breach:
• 36% – Australia
• 48% – Japan
• 52% – India
• 77% – China
5
Source: Yahoo Finance
Data breach
announcement
情報漏洩後の投資家の反応 Capital OneのNYSE株価: July 22, 2019 – August 17, 2019
6
32
70 95
300 300
Altran Norsk Hydro Demant Maersk FedEx
2019年の被害の大きかった攻撃 ランサムウェア攻撃による推定初期被害額 (百万US$)
Source: Frost & Sullivan
7
Headquarted in Oslo, Norway
o Operating in 40 countries
o 35,000 employees
o 30,000+ enterprise customers globally
Present in all market segments of the
aluminium industry value chain
o Rolled, extruded products, & recycling
o Extracts bauxite
o Refines alumina
o Generates energy
Norsk Hydro 企業概要
Source: Norsk Hydro, Frost & Sullivan
8
Norsk Hydro 事件概要
Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan
1. SPEAR PHISHING
2. MALWARE INJECTION
o One person opened a legitimate email communication from a trusted customer
o Hackers had covertly weaponized a file the customer sent as an email attachment
o Norsk Hydro antivirus discovered the trojan within days, but it was too late
MALWARE
INJECTION
PHISHING
9
Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan
3. RECONNAISSANCE
4. CREDENTIAL THEFT
o Cyber adversaries had established a foothold in the network
o Leveraged toolkits such as MimiKatz, Metasploit, or Cobalt Strike to gain access to privileged user
accounts in Active Directory
MALWARE
INJECTION
PHISHING RECONN-AISSANCE
CREDENTIAL THEFT
Norsk Hydro 事件概要
10
Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan
5. EXPLOITATION
6. PRIVILEGE ESCALATION
o Using domain administrator credentials, cyber adversaries accessed Active Directory to plant
ransomware
o Used administrator credentials to disable cyber defence mechanisms in place
MALWARE
INJECTION
PHISHING RECONN-AISSANCE
CREDENTIAL THEFT
EXPLOITATION PRIVILEGE ESCALATION
Norsk Hydro 事件概要
11
Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan
o With cyber defences disabled Active Directory was used to distribute the LockerGaga ransomware
across the network infrastructure
7. LATERAL MOVEMENT
MALWARE
INJECTION
PHISHING RECONN-AISSANCE
CREDENTIAL THEFT
EXPLOITATION PRIVILEGE ESCALATION
LATERAL MOVEMENT
Norsk Hydro 事件概要
o Ransomware was activated, 22,000+ computers and servers were affected
o All 35,000 employees were impacted
o Norsk Hydro refused to pay and used analogue processes to operate machinery
o Attack cost over $70 million USD, cyber insurance policy only paid $3.6 million USD
12
Sources: Bankinfosecurity, Threat Post, Microsoft, and Frost & Sullivan
8. PERSISTENCE
MALWARE
INJECTION
PHISHING RECONN-AISSANCE
CREDENTIAL THEFT
EXPLOITATION PRIVILEGE ESCALATION
LATERAL MOVEMENT
PERSISTENCE
Norsk Hydro 事件概要
13
Under-
prepared
• Low or non-existent levels of staffing charged with information security responsibilities
• Few formal security guidelines outside of the IT department.
• Lower adoption rates of security tools and controls.
In
Transition
• Understanding of need for personnel charged with information security
• Some have implemented formal guidelines for all departments and
some have not
• Most have not yet implemented the tools, controls, and operational
procedures to provide top tier protection
Security
Leaders
• Have implemented best practices for organisational
preparedness, have fully briefed all employees on
security protocols and incident response action plan
• Security architecture continuously tested to ensure
maximum functionality
セキュリティ成熟度評価の基準 セキュリティ成熟度評価に基づき組織をグループ化する。
Sources: Frost & Sullivan
14
N=881. An eight nation study
Underprepared In-Transition Security Leaders
Primary Security Concern Targeted Phishing Attacks System vulnerabilities Advanced Persistent Threats
Primary Technology Focus
At least 65% of companies
indicated that the technology
is in use today
• Firewall/UTM/NGFW
• Endpoint protection
• Secure Email Gateway
• Wi-Fi Security
• Managed Threat Detection
& Response
• DNS Firewall
• Employee Security
Training & Education
• Vulnerability Assessments
• Identity Management
• Cloud Access Security Broker
(CASB)
• IoT Device Security
Monitoring
• Security Orchestration
Automation & Response
• Mobile Threat Defence (MTD)
• Advanced Malware
Protection (Sandboxing)
• Software Defined Wide Area
Network (SD-WAN)
• Security Operations Centre
as a Service (SOCaaS)
• Security Information and
Event Management (SIEM)
• Multi-Factor Authentication
(MFA)
Sources: Frost & Sullivan
セキュリティ成熟度、 懸念、注目のテクノロジー 中~大企業-セキュリティ成熟度の軸となるテクノロジーのみを注視している。
15
40%
25%
44% 32%
43% 36%
50% 40%
27% 55% 24%
30%
29% 38% 22%
22%
33% 19%
32% 38% 27% 25% 28%
38%
USA
n=129
Mexico
n=103
UK
n=106
Germany
n=119
France
n=106
Italy
n=110
Japan
n=103
Australia
n=105
Security Leaders In-Transition Under Prepared
Sources: Frost & Sullivan N=881. An eight nation study
セキュリティ成熟度、 懸念、注目のテクノロジー 中~大企業-セキュリティ成熟度の軸となるテクノロジーのみを注視している。
16
N=881. An eight nation study
29%
30%
41%
<$100 mln USD n=295
40%
33%
28%
$100-499 mln USD
n=220
45%
33%
22%
>$500 mln USD n=251
61% are in
transition
Or are under
prepared
55% are in
transition
Or are under
prepared
Sources: Frost & Sullivan
セキュリティ成熟度及び予算 予算の規模はセキュリティの成熟を達成する決定要因にはならない。
Security Leaders In-Transition Under Prepared
17
3 – Security Operations
4 – People
2 – Technology Tools & Controls
Sources: Frost & Sullivan
セキュリティ成熟度の評価 5つの評価軸をベースに分析
1 – Organisation Culture
5 – Cloud Adoption
Employ true CISO who will develop and coordinate security strategy
organisation wide
Use threat intelligence and operationalise it with automated security processes
whenever possible
Establish formal security processes, guidelines, and training – For all
departments!
Implement defined incident response procedures
– Share those procedures across all departments!
Conduct periodic reviews 2-4 times per year to fine tune your security
operations
18
Sources: Frost & Sullivan
サイバー攻撃に対する回復力を強化するために サイバー攻撃に対する回復力はビジネスの回復力
19
Sources: Frost & Sullivan
Online digital trust
Customer churn
Infrastructure damage
Production & productivity
Intellectual Property (IP) theft
Revenues and other financial impacts
More effective at mitigating the negative impact of cyber attacks
on the following areas:
サイバー攻撃に対する回復力を強化するために サイバー攻撃に対する回復力はビジネスの回復力
Contact Information
20
ASIA PACIFIC
Toshio Ogane | +81 3 4550 2210 | [email protected]
EUROPE
Jarad Carleton | +44 (0)20 7193 0986 | [email protected]
AMERICAS
Francisco Tossi | +1 (650)475-4516 | [email protected]
FROST & SULLIVAN CYBERSECURITY PRACTICE
https://frost.turtl.co/story/global-cybersecurity-practice-overview/