Lien vers la présentation
© 2015 IBM Corporation
Les données massives et l’analytique au service de la sécurité
David Henrad, CISM, CRISC.
Directeur sécurité et protection de la vie privée / Information Security & Privacy Director
Jocelyn Gascon-Giroux, ing., M.Sc.
Architecte Analytique
76M Households
and 7M SMBs
Compromised
60M Credit Card
Numbers Stolen
Hack Costs Add
Up to $148M
(350M in total)
Hack Most Serious
Cyberattack Yet
on U.S. Interests
© 2015 IBM Corporation
3
Cyber attacks prompt U.S.
to beef up Pentagon
security. U.S. military
Cyber Command to grow
five-fold over the next few
years, from 900 employees
presently to nearly 5,000.
Chinese hackers believed to
have government links have
been conducting wide-
ranging electronic
surveillance of media
companies including The
Wall Street Journal.
Le Président Obama à
déclaré: “cyber threat is
one of the most serious
economic and national
security challenges we
face as a nation.”
Former NSA director tells the
Financial Times that a cyber
attack could cripple the
nation's banking system,
power grid, and other
essential infrastructure.
Les cyber menaces présentent des enjeux économique et de sécurité nationale
importants
Hackers orchestrated
multiple breaches of Sony's
PlayStation Network
knocking it offline for 24 days
and costing the company
an estimated $171 million.
Activists unleashed the
biggest DDoD attack to
date in support of web
hosting company
Cyberbunker, after it was
blacklisted by anti-spam
website Spamhaus.
© 2015 IBM Corporation
4
En 2015, les entreprises vont dépenser plus de $75,4 milliards en
sécurité informatique et systèmes de surveillance (50 milliards en 2012)
Mais elles se
sentent
toujours
menacée!
Pourquoi?
© 2015 IBM Corporation
5
Infiltrating a trusted partner and then loading
malware onto the target’s network
Creating designer malware tailored to only infect
the target organization, preventing identification
by security vendors
Using social networking and social engineering to
perform reconnaissance on spear-phishing
targets, leading to compromised hosts and
accounts
Exploiting zero-day vulnerabilities to gain access
to data, applications, systems, and endpoints
Communicating over accepted channels such as
port 80 to exfiltrate data from the organization
Des attaquants bien organisés et des internes malveillants
contournent avec succès les défenses de sécurité
Concepteur de logiciels
malveillants Porte dérobée
Harponnage Persistance
Escalade des motifs et de la
sophistication
Espionnage et activisme
Acteurs États-Nation
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
1
/
24
100%
