SlideShare a Scribd company logo

IBM Security Services

Rainer Mueller, profile picture
Rainer Mueller

The document discusses cyber security threats facing the financial services industry based on data collected by IBM between 2012-2013. It finds that: 1) Financial services firms experience a high rate of cyber attacks and security incidents, with an average of over 111 million security events and 87 incidents annually requiring action. 2) The most common incidents are malicious code (42% of incidents) and sustained probes/scans (28%). Over half of attacks are carried out by a combination of insiders and outsiders. 3) Most attacks (49%) are opportunistic in nature. Preventable factors like misconfigured systems or end-user errors are the primary reasons for security breaches across industries.

Software
1 of 8
Download to read offline
1
2
3
4
5
6
7
8
IBM Global Technology Services Thought Leadership White Paper Financial services IBM Security Services cyber security intelligence index for financial services Financial services is one of the most attacked industries. Are you protected?
2 IBM Security Services cyber security intelligence index for financial services Contents 3 The cyber security landscape 5 How can you help keep your organization safe? 6 Let IBM help address your cyber security needs 7 Glossary About this report IBM Managed Security Services has developed this report to provide insights into the current threat landscape for the financial services industry and to offer solutions that can help you better protect your organization. Information is based on cyber security event data collected by IBM between 1 April 2012 and 31 March 2013 in the course of monitoring client security devices, as well as data derived from respond- ing to, and performing forensics on, cyber security incidents. Where noted, additional information comes from industry analysts and publicly available data. For a cross-industry overview of the threat landscape, please see the white paper, IBM Security Services Cyber Security Intelligence Index “A new class of high-bandwidth DDoS [distributed denial of service] attacks of up to 70 Gbps hit top U.S. banks in the second half of 2012, justifiably causing serious concerns among bank security staff, law enforcement and bank regulators.”1 —Gartner, Inc. “Banking executives are much more likely … to point to cybercrime than to systems fail- ures as the most important IT risk that threatens their company’s reputation.”2 —2012 IBM Global Reputational Risk and IT Study Cyber attacks against financial services firms have become more frequent and sophisticated. Companies within this industry have a complex back-office IT architecture, consisting of divers platforms and interfaces. They employ multiple front-office channels, including the Internet, mobile networks, automated teller machines (ATMs) and kiosks. At the same time, many financial services organizations rely on IT resources outside of their firewalls and distribute their applications and data across multiple devices. As a result, numerous vulnerable points exist that can lead to security breaches and data theft. Many of these attacks are designed to gain continuous access to critical information, to perpetrate fraud or to cause damage to critical infrastructures. In addition, hostile government and terrorist-sponsored attacks aimed at financial services are intended to cripple a country’s financial system. Such attacks can significantly impact financial services companies not only in terms of monetary losses but also in terms of credibility and reputation. In fact, most banking executives consider data breaches, data theft and cybercrime to be the most significant IT risk threatening their company’s reputation.3 e
3IBM Global Technology Services Case study: 21st century bank heist inflicts US$45 million in losses An international cybercrime organization used sophisticated intrusion techniques known as “unlimited operations” to hack into the systems of global financial institutions, steal prepaid debit card data and eliminate withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The operation spanned 26 countries. In a U.S. federal indictment announced in May 2013, eight defendants, who allegedly formed the New York-based cell of the organization, were charged variously with conspiracy to commit access device fraud, money-laundering conspiracy and money laundering. According to the indictment, the eight defendants, along with their co-conspirators, targeted New York City and withdrew approximately US$2.8 million in a matter of hours.4 The cyber security landscape By taking advantage of advanced analytics, IBM has been able to pore over and make sense of the massive amount of information that crosses platforms we monitor for our clients. This has allowed us to develop real insight into the kinds of attacks that are taking place, who may be launching them and how their techniques are evolving. Determining which security events require action Among financial services clients, IBM detects an average of more than 111 million security events annually, which is notably higher than for other industries. By implementing sophisticated correlation and analytic tools, we can determine which of those events are actual attacks—malicious activities attempting to collect, disrupt, deny, degrade or destroy information systems resources or the information itself. We then employ the work of security analysts, among others, who help further identify those attacks that qualify as security incidents and, therefore, should be further investigated. This process revealed that our financial ser- vices clients had an annual average of 87 incidents that required action. (See Figure 1.) Clients can significantly save time and resources by focusing only on those security incidents that require action rather than on all 111 million identified events. Not surprisingly, the incident rate within the financial services industry is one of the highest among all the industries we monitor. Attackers know that they stand to gain a significant potential payoff by breaching systems at these firms. Annual 111,268,300 Security events Security incidents Monthly 9,272,358 Weekly 2,139,775 Annual 87 Monthly 7 Weekly 1.67 Figure 1. Security intelligence allows IBM to identify which events are actual security incidents requiring action.
4 IBM Security Services cyber security intelligence index for financial services Primary categories of incidents Our analysis shows that two types of incidents are most preva- lent among financial services companies. Together, malicious code and sustained probes or scans account for 70 percent of all incidents. (See Figure 2.) Figure 2. Malicious code and sustained probes or scans are the primary types of incidents affecting the financial services industry. 10% 12% Malicious code Sustained probe/scan Unauthorized access Suspicious activity Access or credentials abuse Denial of service 42% 28% 7% 1% Categories of incidents Figure 3. The vast majority of attacks are instigated by a combination of insiders and outsiders (multiple). Categories of attackers Outsiders 46.3% Multiple 52.7% Malicious insiders Inadvertent actors 0.8% 0.2% Who are these attackers, and why do they attack? Although this report is not focused on the perpetrators of attacks, it can provide some insight into the types of attackers responsible for them and their motivation. Insurance executives rank theft and cyber- crime as the leading IT risk factor with the potential to cause reputational damage.5 Outsiders are the primary culprits, with 46.3 percent of attacks (more than 40 of the 87 annual incidents) perpetrated entirely by outsiders and another 52.7 percent perpetrated by a combination of outsiders and insiders. (See Figure 3.) Attacks that are solely launched by malicious insiders or by inadvertent actors account for less than 1 percent of attackers, significantly lower than the 25 percent that IBM found across multiple industries.
5IBM Global Technology Services On the whole, sheer opportunity accounts for half of all attacks confronting IBM clients cross industry. (See Figure 4.) Because they typically lack sophistication, these attacks are relatively easy to detect. By reducing their number, a company can turn its time and resources to more sophisticated attacks. Figure 4. Opportunity is the primary motivator for attacks, and opportunistic attacks are generally easy to detect. Opportunistic 49% Industrial espionage, financial crime, terrorism, data theft 23% Other 6% Dissatisfaction with employer/ job 15% Attacker motivation Social activism, civil disobedience 7% How are these incidents possible? As shown in Figure 5, misconfigured systems or applications, along with end-user errors, are the primary reasons for security breaches, regardless of industry. By addressing these preventable factors and educating end users, organizations may be able to significantly reduce the number of attacks. How can you help keep your organization safe? Today’s technology has made cyber security more critical than ever and yet more challenging. Financial services organizations employ complex IT infrastructures consisting of systems that are connected to both internal and third-party networks. At the same time, customers access their accounts from a variety of devices, including laptop computers, mobile phones and tablets, which can also make systems more vulnerable to attacks. Striking a balance between security and accessibility is key to a successful cyber security approach. To address these cyber security challenges, financial services organizations must fundamentally change how they think about security. Updating technology and following best practices are not enough; combating attacks requires a more pragmatic approach that informs every decision and procedure. Figure 5. Cross industry, preventable factors are most often at the root of breaches, but oftentimes underlying factors cannot be identified. How breaches occur Misconfigured system or application End-user error Undetermined Vulnerable code Targeted attack, exploited 42% 31% 17% 5% 5%
6 IBM Security Services cyber security intelligence index for financial services Striking a balance between security and accessibility is key to a successful cyber security approach. To implement such an approach, your organization must: ●● Build a risk-aware culture. Because attacks can come from anywhere, it is crucial to determine your security risks and goals and then spread the word to everyone within the company. This must come from the top down, and tools should be implemented to track progress. ●● Automate security “hygiene.” A robust, security-rich system can help you keep track of every program that is running and make it possible to install updates and patches as they are released. This “hygiene” process should be routine and embedded in the foundation of your systems administration. ●● Manage incidents with intelligence. A company-wide effort to implement intelligent analytics and automated response capabilities is essential. Creating an automated and unified system that implements intelligent analytics can help you better monitor your operations and respond more quickly. Let IBM help address your cyber security needs It is easy to feel overwhelmed when you consider what it takes to protect your organization from sophisticated attacks. IBM Security Services consultants can help you plan, implement and manage virtually all aspects of your security strategy. Our senior security professionals have honed their skills in both the public and private sectors, working in corporate security leader- ship and consulting, investigative branches of government, law enforcement, and research and development. In addition to offering consulting services since 1995, IBM has helped to set the standard for accountability, reliability and protection in managed security services. IBM Managed Security Services can provide the security intelligence, expertise, tools and infrastructure you need to help secure your information assets from Internet attacks. We monitor and manage your security operations around the clock or as needed to help you enhance your information security posture, reduce your total cost of ownership and better address regulations, regardless of device type or vendor. To better understand how IBM can help you improve your business environment, talk to your IBM client representative to schedule a detailed session. Case study: A bank engages IBM to identify vulnerabilities and help strengthen its security posture The need With security a top priority, this Kuwaiti commercial and investment bank wanted to test and evaluate its public-facing and internal systems for possible threats and cyber attacks. The company sought an external service provider to deliver thorough and cost-effective security testing and evaluation. The IBM solution The bank engaged IBM Security Services to test and evaluate its network and application security. The IBM team conducted penetration testing to demonstrate how attackers could significantly affect the business. It also assessed designated web-based and nonmainframe-type applications and documented security risks while recommending corrective actions. As a result, the bank was able to gain a better view of its security posture and a “hacker’s eye view” into its network. IBM delivered a more accurate list of security vulnerabilities and an action plan, along with recommendation on how the bank could move forward with its security planning. This helped reduce potential attacks that might target the vulnerabilities in the network.
7IBM Global Technology Services Term Definition Access or credentials abuse Activity detected that violates the known use policy of that network or falls outside of what is considered typical usage. Attacks Security events that have been identified by correlation and analytics tools as malicious activity attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security events such as SQL injection, URL tampering, denial of service and spear phishing fall into this category. Breach or compromise An incident that has successfully defeated security measures and accomplished its designated task. Denial of Attempts to flood a server or network with such a service large amount of traffic or malicious traffic that it renders the device unable to perform its designed functions. Droppers Malicious software designed to install other malicious software on a target. Event An event is an observable occurrence in a system or network. Inadvertent Any attack or suspicious activity coming from an actor IP address inside a customer network that is allegedly being executed without the knowledge of the user. Incidents Attacks or security events that have been reviewed by human security analysts and have been deemed a security incident worthy of deeper investigation. Keyloggers Software designed to record the keystrokes typed on a keyboard. This malicious software is primarily used to steal passwords. Malicious A term used to describe software created for code malicious use. It is usually designed to disrupt systems, gain unauthorized access or gather information about the system or user being attacked. Third-party software, Trojan software, keyloggers and droppers can fall into this category. Term Definition Outsiders Any attacks that come from an IP address external to a customer’s network. Phishing A term used to describe when a user is tricked into browsing a malicious URL designed to pose as a website they trust, thus tricking them into providing information that can then be used to compromise their system or accounts and steal their identity. Security Any device or software designed specifically to device detect or protect a host or network from malicious activity. Such network-based devices are often referred to as intrusion detection and prevention systems (IDS, IPS or IDPS), while the host-based versions are often referred to as host-based intrusion detection or prevention systems (HIDS or HIPS). Security An event on a system or network detected by event a security device or application. Spear phishing Phishing attempts with specific targets. These targets are usually chosen strategically in order to gain access to very specific devices or victims. SQL injection An attack used that attempts to pass SQL com- mands through a website in order to elicit a desired response that the website is not designed to provide. Suspicious activity These are lower-priority attacks or instances of suspicious traffic that could not be classified into one single category. They are usually detected over time by analyzing data collected over an extended period. Sustained probe/scan Reconnaissance activity usually designed to gather information about the targeted systems, such as operating systems, open ports and running services. Trojan Malicious software hidden inside another software software package that appears safe. Unauthorized This usually denotes suspicious activity on a system access or failed attempts to access a system by a user who does not have access. Wiper Malicious software designed to erase data and destroy the capability to restore it.
For more information To learn more about how IBM can help you protect your organization from cyber threats and strengthen your IT security, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/services/security Follow us on Twitter@ibmSecurity Additionally, IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize an IT financing solution to suit your business goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing © Copyright IBM Corporation 2013 IBM Corporation IBM Global Technology Services Route 100 Somers, NY 10589 Produced in the United States of America August 2013 IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 Gartner, Inc., “Arming financial and e-commerce services against top 2013 cyber threats,” Report #G00237376, 29 January 2013. 2 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 3 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 4 U.S. Department of Justice, “Eight members of New York cell of cybercrime organization indicted in $45 million cybercrime campaign,” 9 May 2013, http://www.justice.gov/usao/nye/pr/2013/2013may09.html 5 IBM, “Reputational risk and IT in the insurance industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” November 2012. SEW03034-USEN-01 Please Recycle

More Related Content

PDF
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
PDF
The challenges of Retail Security
IBM Software India
 
PDF
Cyber Security index
sukiennong.vn
 
PPT
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
PDF
Effects of IT Governance Measures on Cyber-attack Incidents
The International Journal of Business Management and Technology
 
PDF
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
SafeNet
 
PDF
Cyber Crime is Wreaking Havoc
Hewlett Packard Enterprise Business Value Exchange
 
PDF
2018 State of Cyber Resilience for Insurance
Accenture Insurance
 
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
The challenges of Retail Security
IBM Software India
 
Cyber Security index
sukiennong.vn
 
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
Effects of IT Governance Measures on Cyber-attack Incidents
The International Journal of Business Management and Technology
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
SafeNet
 
Cyber Crime is Wreaking Havoc
Hewlett Packard Enterprise Business Value Exchange
 
2018 State of Cyber Resilience for Insurance
Accenture Insurance
 

What's hot (19)

PDF
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
PDF
Combating Cybersecurity Challenges with Advanced Analytics
Cognizant
 
PDF
Whitepaper 2015 industry_drilldown_finance_en
Bankir_Ru
 
PPT
Cyber Insurance Temp
Rohan Sehgal
 
PPTX
Banks and cybersecurity v2
Semir Ibrahimovic
 
PDF
Proactive Log Management in Insurance by Van Symons
Clear Technologies
 
PDF
Heidi
kategat
 
PDF
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
CSCJournals
 
PDF
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
PDF
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
PDF
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
PPT
Managing Mobile Menaces
Nalneesh Gaur
 
PDF
The digital economy and cybersecurity
Mark Albala
 
PDF
Cyber Security Tips and Resources for Financial Institutions
Colleen Beck-Domanico
 
PDF
idg_secops-solutions
Jonny Nässlander
 
PDF
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
PDF
2017 global-cyber-risk-transfer-report-final
Δρ. Γιώργος K. Κασάπης
 
ODP
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
PPTX
220715_Cybersecurity: What's at stake?
Spire Research and Consulting
 
Top Solutions and Tools to Prevent Devastating Malware White Paper
NetIQ
 
Combating Cybersecurity Challenges with Advanced Analytics
Cognizant
 
Whitepaper 2015 industry_drilldown_finance_en
Bankir_Ru
 
Cyber Insurance Temp
Rohan Sehgal
 
Banks and cybersecurity v2
Semir Ibrahimovic
 
Proactive Log Management in Insurance by Van Symons
Clear Technologies
 
Heidi
kategat
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
CSCJournals
 
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
Managing Mobile Menaces
Nalneesh Gaur
 
The digital economy and cybersecurity
Mark Albala
 
Cyber Security Tips and Resources for Financial Institutions
Colleen Beck-Domanico
 
idg_secops-solutions
Jonny Nässlander
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
2017 global-cyber-risk-transfer-report-final
Δρ. Γιώργος K. Κασάπης
 
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
220715_Cybersecurity: What's at stake?
Spire Research and Consulting
 
Ad

Viewers also liked (10)

PPTX
Are you putting your organization at risk?
Panaya
 
PPTX
Smarter cyber security v8
John Palfreyman
 
PPT
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
Accenture Technology
 
PPTX
Security Technology Vision 2016
Accenture Technology
 
PDF
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
PDF
Cyber security threats for 2017
Ramiro Cid
 
PPTX
The Promise of Artificial Intelligence: Redefining management in the workforc...
accenture
 
PPT
The Coming of Age for Artificial Intelligence
Accenture Technology
 
PPTX
AI and the Future of Growth
Accenture Technology
 
PDF
Technology Vision 2017 - Overview
Accenture Technology
 
Are you putting your organization at risk?
Panaya
 
Smarter cyber security v8
John Palfreyman
 
For the CISO: Continuous Cyber Attacks - Achieving Operational Excellence for...
Accenture Technology
 
Security Technology Vision 2016
Accenture Technology
 
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Cyber security threats for 2017
Ramiro Cid
 
The Promise of Artificial Intelligence: Redefining management in the workforc...
accenture
 
The Coming of Age for Artificial Intelligence
Accenture Technology
 
AI and the Future of Growth
Accenture Technology
 
Technology Vision 2017 - Overview
Accenture Technology
 
Ad

Similar to IBM Security Services (20)

PDF
Sel03129 usen
Andrey Apuhtin
 
PDF
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
PDF
IBM 2015 Cyber Security Intelligence Index
Andreanne Clarke
 
PDF
SecurityScorecard_2016_Financial_Report
Alex Himmelberg
 
PDF
2016 Finance industry cybersecurity report
Owen Bartolome
 
PPTX
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
PPTX
Data Breaches: Is IBM i Really at Risk?
HelpSystems
 
PPTX
Cybersecurity Threats in Financial Services Protection.pptx
Lumiverse Solutions Pvt Ltd
 
PDF
IBM Security Services Overview
Casey Lucas
 
PDF
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
PPTX
Take your SOC Beyond SIEM
Thomas Springer
 
PDF
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 
PDF
Presentation defend your company against cyber threats with security solutions
xKinAnx
 
PPTX
Securing Fintech: Threats, Challenges & Best Practices
Ulf Mattsson
 
PDF
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
PDF
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
 
PPT
Presentación AMIB Los Cabos
Juan Carlos Carrillo
 
PPTX
Assess risks to IT security.pptx
lochanrajdahal
 
PPTX
Introduction to Risk Management Fundamentals
Toño Herrera
 
PDF
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Sel03129 usen
Andrey Apuhtin
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
- Mark - Fullbright
 
IBM 2015 Cyber Security Intelligence Index
Andreanne Clarke
 
SecurityScorecard_2016_Financial_Report
Alex Himmelberg
 
2016 Finance industry cybersecurity report
Owen Bartolome
 
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Data Breaches: Is IBM i Really at Risk?
HelpSystems
 
Cybersecurity Threats in Financial Services Protection.pptx
Lumiverse Solutions Pvt Ltd
 
IBM Security Services Overview
Casey Lucas
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
Take your SOC Beyond SIEM
Thomas Springer
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Dalia Reda
 
Presentation defend your company against cyber threats with security solutions
xKinAnx
 
Securing Fintech: Threats, Challenges & Best Practices
Ulf Mattsson
 
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IBM Switzerland
 
Presentación AMIB Los Cabos
Juan Carlos Carrillo
 
Assess risks to IT security.pptx
lochanrajdahal
 
Introduction to Risk Management Fundamentals
Toño Herrera
 
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 

Recently uploaded (20)

PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
EN-Survey-Report-SAP-LeanIX-EA-Insights-2025.pdf
deepakkhaitan3
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Introduction to Artificial Intelligence
lohedi9363
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
AI in Product Development-omnex systems
omnex systems
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 

IBM Security Services

  • 1. IBM Global Technology Services Thought Leadership White Paper Financial services IBM Security Services cyber security intelligence index for financial services Financial services is one of the most attacked industries. Are you protected?
  • 2. 2 IBM Security Services cyber security intelligence index for financial services Contents 3 The cyber security landscape 5 How can you help keep your organization safe? 6 Let IBM help address your cyber security needs 7 Glossary About this report IBM Managed Security Services has developed this report to provide insights into the current threat landscape for the financial services industry and to offer solutions that can help you better protect your organization. Information is based on cyber security event data collected by IBM between 1 April 2012 and 31 March 2013 in the course of monitoring client security devices, as well as data derived from respond- ing to, and performing forensics on, cyber security incidents. Where noted, additional information comes from industry analysts and publicly available data. For a cross-industry overview of the threat landscape, please see the white paper, IBM Security Services Cyber Security Intelligence Index “A new class of high-bandwidth DDoS [distributed denial of service] attacks of up to 70 Gbps hit top U.S. banks in the second half of 2012, justifiably causing serious concerns among bank security staff, law enforcement and bank regulators.”1 —Gartner, Inc. “Banking executives are much more likely … to point to cybercrime than to systems fail- ures as the most important IT risk that threatens their company’s reputation.”2 —2012 IBM Global Reputational Risk and IT Study Cyber attacks against financial services firms have become more frequent and sophisticated. Companies within this industry have a complex back-office IT architecture, consisting of divers platforms and interfaces. They employ multiple front-office channels, including the Internet, mobile networks, automated teller machines (ATMs) and kiosks. At the same time, many financial services organizations rely on IT resources outside of their firewalls and distribute their applications and data across multiple devices. As a result, numerous vulnerable points exist that can lead to security breaches and data theft. Many of these attacks are designed to gain continuous access to critical information, to perpetrate fraud or to cause damage to critical infrastructures. In addition, hostile government and terrorist-sponsored attacks aimed at financial services are intended to cripple a country’s financial system. Such attacks can significantly impact financial services companies not only in terms of monetary losses but also in terms of credibility and reputation. In fact, most banking executives consider data breaches, data theft and cybercrime to be the most significant IT risk threatening their company’s reputation.3 e
  • 3. 3IBM Global Technology Services Case study: 21st century bank heist inflicts US$45 million in losses An international cybercrime organization used sophisticated intrusion techniques known as “unlimited operations” to hack into the systems of global financial institutions, steal prepaid debit card data and eliminate withdrawal limits. The stolen card data was then disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The operation spanned 26 countries. In a U.S. federal indictment announced in May 2013, eight defendants, who allegedly formed the New York-based cell of the organization, were charged variously with conspiracy to commit access device fraud, money-laundering conspiracy and money laundering. According to the indictment, the eight defendants, along with their co-conspirators, targeted New York City and withdrew approximately US$2.8 million in a matter of hours.4 The cyber security landscape By taking advantage of advanced analytics, IBM has been able to pore over and make sense of the massive amount of information that crosses platforms we monitor for our clients. This has allowed us to develop real insight into the kinds of attacks that are taking place, who may be launching them and how their techniques are evolving. Determining which security events require action Among financial services clients, IBM detects an average of more than 111 million security events annually, which is notably higher than for other industries. By implementing sophisticated correlation and analytic tools, we can determine which of those events are actual attacks—malicious activities attempting to collect, disrupt, deny, degrade or destroy information systems resources or the information itself. We then employ the work of security analysts, among others, who help further identify those attacks that qualify as security incidents and, therefore, should be further investigated. This process revealed that our financial ser- vices clients had an annual average of 87 incidents that required action. (See Figure 1.) Clients can significantly save time and resources by focusing only on those security incidents that require action rather than on all 111 million identified events. Not surprisingly, the incident rate within the financial services industry is one of the highest among all the industries we monitor. Attackers know that they stand to gain a significant potential payoff by breaching systems at these firms. Annual 111,268,300 Security events Security incidents Monthly 9,272,358 Weekly 2,139,775 Annual 87 Monthly 7 Weekly 1.67 Figure 1. Security intelligence allows IBM to identify which events are actual security incidents requiring action.
  • 4. 4 IBM Security Services cyber security intelligence index for financial services Primary categories of incidents Our analysis shows that two types of incidents are most preva- lent among financial services companies. Together, malicious code and sustained probes or scans account for 70 percent of all incidents. (See Figure 2.) Figure 2. Malicious code and sustained probes or scans are the primary types of incidents affecting the financial services industry. 10% 12% Malicious code Sustained probe/scan Unauthorized access Suspicious activity Access or credentials abuse Denial of service 42% 28% 7% 1% Categories of incidents Figure 3. The vast majority of attacks are instigated by a combination of insiders and outsiders (multiple). Categories of attackers Outsiders 46.3% Multiple 52.7% Malicious insiders Inadvertent actors 0.8% 0.2% Who are these attackers, and why do they attack? Although this report is not focused on the perpetrators of attacks, it can provide some insight into the types of attackers responsible for them and their motivation. Insurance executives rank theft and cyber- crime as the leading IT risk factor with the potential to cause reputational damage.5 Outsiders are the primary culprits, with 46.3 percent of attacks (more than 40 of the 87 annual incidents) perpetrated entirely by outsiders and another 52.7 percent perpetrated by a combination of outsiders and insiders. (See Figure 3.) Attacks that are solely launched by malicious insiders or by inadvertent actors account for less than 1 percent of attackers, significantly lower than the 25 percent that IBM found across multiple industries.
  • 5. 5IBM Global Technology Services On the whole, sheer opportunity accounts for half of all attacks confronting IBM clients cross industry. (See Figure 4.) Because they typically lack sophistication, these attacks are relatively easy to detect. By reducing their number, a company can turn its time and resources to more sophisticated attacks. Figure 4. Opportunity is the primary motivator for attacks, and opportunistic attacks are generally easy to detect. Opportunistic 49% Industrial espionage, financial crime, terrorism, data theft 23% Other 6% Dissatisfaction with employer/ job 15% Attacker motivation Social activism, civil disobedience 7% How are these incidents possible? As shown in Figure 5, misconfigured systems or applications, along with end-user errors, are the primary reasons for security breaches, regardless of industry. By addressing these preventable factors and educating end users, organizations may be able to significantly reduce the number of attacks. How can you help keep your organization safe? Today’s technology has made cyber security more critical than ever and yet more challenging. Financial services organizations employ complex IT infrastructures consisting of systems that are connected to both internal and third-party networks. At the same time, customers access their accounts from a variety of devices, including laptop computers, mobile phones and tablets, which can also make systems more vulnerable to attacks. Striking a balance between security and accessibility is key to a successful cyber security approach. To address these cyber security challenges, financial services organizations must fundamentally change how they think about security. Updating technology and following best practices are not enough; combating attacks requires a more pragmatic approach that informs every decision and procedure. Figure 5. Cross industry, preventable factors are most often at the root of breaches, but oftentimes underlying factors cannot be identified. How breaches occur Misconfigured system or application End-user error Undetermined Vulnerable code Targeted attack, exploited 42% 31% 17% 5% 5%
  • 6. 6 IBM Security Services cyber security intelligence index for financial services Striking a balance between security and accessibility is key to a successful cyber security approach. To implement such an approach, your organization must: ●● Build a risk-aware culture. Because attacks can come from anywhere, it is crucial to determine your security risks and goals and then spread the word to everyone within the company. This must come from the top down, and tools should be implemented to track progress. ●● Automate security “hygiene.” A robust, security-rich system can help you keep track of every program that is running and make it possible to install updates and patches as they are released. This “hygiene” process should be routine and embedded in the foundation of your systems administration. ●● Manage incidents with intelligence. A company-wide effort to implement intelligent analytics and automated response capabilities is essential. Creating an automated and unified system that implements intelligent analytics can help you better monitor your operations and respond more quickly. Let IBM help address your cyber security needs It is easy to feel overwhelmed when you consider what it takes to protect your organization from sophisticated attacks. IBM Security Services consultants can help you plan, implement and manage virtually all aspects of your security strategy. Our senior security professionals have honed their skills in both the public and private sectors, working in corporate security leader- ship and consulting, investigative branches of government, law enforcement, and research and development. In addition to offering consulting services since 1995, IBM has helped to set the standard for accountability, reliability and protection in managed security services. IBM Managed Security Services can provide the security intelligence, expertise, tools and infrastructure you need to help secure your information assets from Internet attacks. We monitor and manage your security operations around the clock or as needed to help you enhance your information security posture, reduce your total cost of ownership and better address regulations, regardless of device type or vendor. To better understand how IBM can help you improve your business environment, talk to your IBM client representative to schedule a detailed session. Case study: A bank engages IBM to identify vulnerabilities and help strengthen its security posture The need With security a top priority, this Kuwaiti commercial and investment bank wanted to test and evaluate its public-facing and internal systems for possible threats and cyber attacks. The company sought an external service provider to deliver thorough and cost-effective security testing and evaluation. The IBM solution The bank engaged IBM Security Services to test and evaluate its network and application security. The IBM team conducted penetration testing to demonstrate how attackers could significantly affect the business. It also assessed designated web-based and nonmainframe-type applications and documented security risks while recommending corrective actions. As a result, the bank was able to gain a better view of its security posture and a “hacker’s eye view” into its network. IBM delivered a more accurate list of security vulnerabilities and an action plan, along with recommendation on how the bank could move forward with its security planning. This helped reduce potential attacks that might target the vulnerabilities in the network.
  • 7. 7IBM Global Technology Services Term Definition Access or credentials abuse Activity detected that violates the known use policy of that network or falls outside of what is considered typical usage. Attacks Security events that have been identified by correlation and analytics tools as malicious activity attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security events such as SQL injection, URL tampering, denial of service and spear phishing fall into this category. Breach or compromise An incident that has successfully defeated security measures and accomplished its designated task. Denial of Attempts to flood a server or network with such a service large amount of traffic or malicious traffic that it renders the device unable to perform its designed functions. Droppers Malicious software designed to install other malicious software on a target. Event An event is an observable occurrence in a system or network. Inadvertent Any attack or suspicious activity coming from an actor IP address inside a customer network that is allegedly being executed without the knowledge of the user. Incidents Attacks or security events that have been reviewed by human security analysts and have been deemed a security incident worthy of deeper investigation. Keyloggers Software designed to record the keystrokes typed on a keyboard. This malicious software is primarily used to steal passwords. Malicious A term used to describe software created for code malicious use. It is usually designed to disrupt systems, gain unauthorized access or gather information about the system or user being attacked. Third-party software, Trojan software, keyloggers and droppers can fall into this category. Term Definition Outsiders Any attacks that come from an IP address external to a customer’s network. Phishing A term used to describe when a user is tricked into browsing a malicious URL designed to pose as a website they trust, thus tricking them into providing information that can then be used to compromise their system or accounts and steal their identity. Security Any device or software designed specifically to device detect or protect a host or network from malicious activity. Such network-based devices are often referred to as intrusion detection and prevention systems (IDS, IPS or IDPS), while the host-based versions are often referred to as host-based intrusion detection or prevention systems (HIDS or HIPS). Security An event on a system or network detected by event a security device or application. Spear phishing Phishing attempts with specific targets. These targets are usually chosen strategically in order to gain access to very specific devices or victims. SQL injection An attack used that attempts to pass SQL com- mands through a website in order to elicit a desired response that the website is not designed to provide. Suspicious activity These are lower-priority attacks or instances of suspicious traffic that could not be classified into one single category. They are usually detected over time by analyzing data collected over an extended period. Sustained probe/scan Reconnaissance activity usually designed to gather information about the targeted systems, such as operating systems, open ports and running services. Trojan Malicious software hidden inside another software software package that appears safe. Unauthorized This usually denotes suspicious activity on a system access or failed attempts to access a system by a user who does not have access. Wiper Malicious software designed to erase data and destroy the capability to restore it.
  • 8. For more information To learn more about how IBM can help you protect your organization from cyber threats and strengthen your IT security, please contact your IBM representative or IBM Business Partner, or visit the following website: ibm.com/services/security Follow us on Twitter@ibmSecurity Additionally, IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We’ll partner with credit-qualified clients to customize an IT financing solution to suit your business goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing © Copyright IBM Corporation 2013 IBM Corporation IBM Global Technology Services Route 100 Somers, NY 10589 Produced in the United States of America August 2013 IBM, the IBM logo, and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. 1 Gartner, Inc., “Arming financial and e-commerce services against top 2013 cyber threats,” Report #G00237376, 29 January 2013. 2 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 3 IBM, “Reputational risk and IT in the banking industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” October 2012. 4 U.S. Department of Justice, “Eight members of New York cell of cybercrime organization indicted in $45 million cybercrime campaign,” 9 May 2013, http://www.justice.gov/usao/nye/pr/2013/2013may09.html 5 IBM, “Reputational risk and IT in the insurance industry: How security and business continuity can shape the reputation and value of your company: Findings from the 2012 IBM Global Reputational Risk and IT Study,” November 2012. SEW03034-USEN-01 Please Recycle