Year 2025world Internet usersof consumer electronics sold

in emerging economies

mobile Internet

subscriptions globally

data will move through

or be stored in the cloud

Security and privacy are a top leadership concern

3

Managing risk in an increasingly connected world

“This Nexus of Forces is impacting

security in terms of new vulnerabilities.

–Ruggero Contu, Christian Canales and Lawrence Pingree. Forecast Overview: Information Security, Worldwide, 2014 Update. Gartner, Inc. June 25, 2014.

Impact of cyber attacks could be

as much as $3 trillion in lost

productivity and growth

ImplicationsJob security Customer loyalty

Intellectual property

Legal liabilityBrand reputation

$ 3.5MAverage cost of

a data breach toa company

15 % increase YoY

median # of days attackers are

present on a victim network

before detection243

level issue

is a

CxO

Security

Verizon, “2014 Data Breach Investigations Report”

74.8%Percentage of total security

incidents in 2013 directed toward

public sector

Make no mistake…we are Under AttackPublic Sector, Retail, Financial Services &

SOE’s are the primary targets

Some More Details - Evolution to Targeted Threats

Indiscriminate Targeted

Consumer Enterprise Target

Single Vector Multi-vector

Manual Automated

Desktop Device and Cloud

Visible Concealed

Lone Agent Organised Ecosystem

Spam Information Theft

Information Theft Information Destruction

“The world is changing very fast. Big will not beat small anymore. It will be the fast

beating the slow.” Rupert Murdoch

Origin of Data Breaches

Who is behind data breaches? How do breaches occur?

98% stemmed from external agents (+6%)

4% implicated internal employees (-13%)

<1% committed by business partners (<>)

58% of all data theft tied to activist groups

81% utilized some form of hacking (+31%)

69% incorporated malware (+20%)

10% involved physical attacks (-19%)

7% employed social tactics (-4%)

5% resulted from privilege misuse (-12%)

Source: Verizon 2012 Data Breach investigations Report

We are not combating hackersWe are combating an ecosystem

Simplified diagram of the abuse supply chain

Coordination

CollaborationDisruption

set policies and principles

identify, block, sinkhole

Seize, prosecute, takedown

security by design

identify, block, partner

starve

Anti-malware and

security ecosystem

Large-scale Public Services

Cloud Providers, Telco’s

Government Ad Networks

Banks, Finance, Commerce

OEMs

Vendors

CERTs, ISPs &

Law Enforcement

How do we win?It will take a partnership

Microsoft Experience and Credentials

Dependable, available

Predictable, consistent,

responsive service

Maintainable

Resilient, easily restored

Proven, ready

Trustworthy ComputingWorking Toward a Safer, More Trusted Internet

Security Privacy Business PracticesReliability

Secures against attacks

Protects confidentiality,

integrity, and availability

of data and systems

Helps manage risk

Protects from unwanted

communication

User choice and control

Products, online services

adhere to fair information

principles

Commitment to

customer-centric

interoperability

Recognized industry

leader, world-class

partner

Open, transparent

Elements to a Resilient Infrastructure

Protect Detect

Threat Information

Management

Response

14

Resilience against modern

Cyberthreats

-

The Hockey Analogy

Placeholder for hockey player picture 😏

15

Coaching

Management

Build the Foundation for Success and Adapt to

Changes

16

Goalie

Protect

Patch, Deploy Newer Products, Apply the SDL

17

Awareness

Detect

Active Attacks

18

Defense

Response

Customer, CSS and Cybersecurity Team

Intelligence

Threat Information

20

Protect

Patch, Deploy Newer

Products, Apply the SDL

Detect

Active Attacks

Response

Customer, CSS and

Cybersecurity Incident

Response

Threat Information

Management

Overa

ll R

esi

lien

ce o

f an

Org

an

izati

on

s IT

Infr

ast

ruct

ure

Achieving Overall Resilience

Cloud Resilience

On-Premises Systems Resilience

We aggressively fight

cybercrime and advocate

extensively for enhancing

cybersecurity

We invest deeply in

building a trustworthy

computing platform

and security expertise

Microsoft is committed to protecting our customersand being a global cybersecurity advocate

We have strong

principles and policies

that empower you to be

in control of your

information

SecurityPrivacy

Compliance

Transparency

AdvocacyRisk management Governance

• Deeper source inspection

Achieving Overall Resilience

Cloud Security and Compliance

Trustworthy Cloud

Public Data Internal Data Confidential Data

Commitment to industry standards and organizational compliance

On personal devices

24 x 7 collaborationOn the road In the officeAt home

Through social media

Overa

ll R

esi

lien

ce o

f an

Org

an

izati

on

s IT

Infr

ast

ruct

ure

Wrapping Up: Overall Resilience

Use trustworthy cloud services to take advantage of the industry leading security processes, technology and skills deployed in Microsoft’s Cloud Services

Clo

ud

Resi

lien

ce

Stay Current (Upgrade) + Patch Management

Align Active Directory to Threat Environment

Assess Threats and Countermeasures

Implement Secure Development Practices

Use secured devices and enterprise mobility management to gain more control over information and apps in a BYOD as well as enterprise steered device strategy

Work with Microsoft’s Consulting Services to implement the security pillars Protect, Detect and Respond to achieve resilience in your on-premises infrastructure.O

n-P

rem

ises

Syst

em

s

Resi

lien

ce

36

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Reto HaeniChief Security Officer & AdvisorMicrosoft Western Europe HQreto.haeni@microsoft.comblog: www.retohaeni.net