1. © 2015 IBM Corporation IBM Security 1 © 2015 IBM Corporation Protecting your executives’ cyber DNA Executive protection from IBM an IBM alliance with Social SafeGuard Overview Client Deck IBM Security Services June 8, 2016 SEP03319-USEN-01

2. © 2015 IBM Corporation IBM Security 2 Even a whale can get phished Whaling is the practice of pursuing upper management and their access to sensitive data whaling [hwey-ling, wey-] what who how Whaling is another evolution of phishing attacks that uses sophisticated social engineering techniques to steal confidential information, personal data, access credentials to restricted services/resources, and specifically information with relevant value from an economic and commercial perspective Target: the big fish (the whale) – relevant executives of private business and government agencies Spear phishing attacks, but the scam email is designed to masquerade as a critical business email sent from a legitimate authority, typically from other relevant executives why A successful attack can yield executive passwords and other account details that can open up corporate hard drives, networks, and even bank accounts

3. © 2015 IBM Corporation IBM Security 3 Executives have a social presence, but the risks are real and must be mitigated Personal damage Personal damage Reputation damage Loss of security Loss of security Spam and phishing Corporate espionage Identity theft Financial loss Social account takeover Privacy invasion Your cyber DNA is likely exposed Where do you live, work and travel? Where are you right now? What are your interests and hobbies? Who are your friends and family? Where do your kids go to school? How and where do you spend your time? What is your profession and career? What are your skills and reputation? What were your recent financial transactions? What kind of artwork do you have at your vacation home? Where is your boat? A large amount of information about you is likely already public and can be easily gathered with no hacking or illegal means necessary You may be a potential victim Much could be at risk Regulatory compliance

4. © 2015 IBM Corporation IBM Security 4 Your social data – your cyber DNA – can be used against you Source: InfoWorld, “How to stop your executives from being harpooned”, May 23, 2011, http://www.infoworld.com/article/2621583/phishing/how-to- stop-your-executives-from-being-harpooned.htmlhttp://www.infoworld.com/article/2621583/phishing/how-to- stop-your-executives-from-being-harpooned.html Real world example: business data leveraged Social data leveraged Company, title, work email address Target Senior executive of customer satisfaction Method Whaling email titled “customer complaint” Content Appeared to be sent from Better Business Bureau Action Outcome Executive clicked on link to see details of the “complaint” Embedded malware Social data leveraged Personal background and email address Target Systems administrator with 5 children Method Whaling email about premium health plan Content Details on premium health care plan for families of 4 or more Action Outcome Administrator opened the attached form Malware, compromising company network and sensitive data Real world example: personal data leveraged

5. © 2015 IBM Corporation IBM Security 5 Executive protection from IBM: stay social, while keeping your cyber DNA protected “Did I say something risky publicly? What have others said about me that I should be concerned about?” View high-level and detailed risk and threat insights into social content by you, and about you “Did I say something risky publicly? What have others said about me that I should be concerned about?” View high-level and detailed risk and threat insights into social content by you, and about you “This could impact my organization’s and my brand and reputation. Could I be out of compliance?” Help better manage regulatory compliance by retaining your social activity and related documentation “This could impact my organization’s and my brand and reputation. Could I be out of compliance?” Help better manage regulatory compliance by retaining your social activity and related documentation “I am a busy executive and need to be able to maintain a safe social presence while I’m on the go.” Get mobile, easy-to-view access of your risk dashboard and details, and view recommendations “I am a busy executive and need to be able to maintain a safe social presence while I’m on the go.” Get mobile, easy-to-view access of your risk dashboard and details, and view recommendations Executive protection from IBM: key benefits Know your social risksHelp stay compliant Stay protected on the go Social media is a powerful marketing and communications tool, however it carries inherent legal and regulatory risks

6. © 2015 IBM Corporation IBM Security 6 Designed specifically for executives, it can help you assess your social risks z Retain Retain social activity for future reference or discovery z Monitor Monitor social content to help identify risks and review emerging threat data Authorize Enable the application to access the social accounts you select Assess View recommendations on threats, potential risks or emerging security trends Executive protection from IBM – an IBM alliance with Social SafeGuard Gain the confidence that you’re covered and can take action, with a single end-to-end platform for your personal risk management and remediation Gather intelligence and start protecting yourself today Get on-the-go access with our mobile application, designed for ease of use, to help protect you against cyber threats and risks Obtain visibility and awareness with our real-time risk engine, assessing executive risk exposure through social media Help better manage regulatory compliance through retention of social activity in the event of a future audit or request for documentation

7. © 2015 IBM Corporation IBM Security 7 Risk dashboard: know your social risk at a glance Executive protection from IBM – risk dashboard Quickly view your current overall risk level View the detailed risks identified for a given social network Multidimensional risk engine assesses risk levels to determine severity of threats to privacy, security and reputation Powered by Social SafeGuard an industry-leading 1 social risk management platform 1 http://socialsafeguard.com/press/openq-rated-as-a-leader-in-independent-analysis-of-social-risk-and-compliance-solutions/

8. © 2015 IBM Corporation IBM Security 8 Risk details: drill down to review details and recommendations Executive protection from IBM – risk details View the detailed risks identified for a given social network and recommendations for identified social risks or threats Opt in to any or all of key supported social networks – Facebook, LinkedIn and Twitter Monitoring of content posted by you, as well as your friends and connections, for potential risk, including: Private business information leaks Inappropriate language Personal information leaks Potential identity theft Malware received and sent Monitoring of content posted by you, as well as your friends and connections, for potential risk, including: Private business information leaks Inappropriate language Personal information leaks Potential identity theft Malware received and sent

9. © 2015 IBM Corporation IBM Security 9 Mobile access: get your risk data on the go Executive protection from IBM – mobile views Available: In iOS and Android for mobile devices For both phone and tablet Via Apple App Store and GooglePlay Available: In iOS and Android for mobile devices For both phone and tablet Via Apple App Store and GooglePlay Quick and easy access from the web, tablet, phone or any mobile device Includes offline access on your mobile device and push notifications to alert you of any changes in your social risk level

10. © 2015 IBM Corporation IBM Security 10 How it works: a few simple steps Register, receive an invitation, and authorize executive protection from IBM 1 Access your mobile device to review threats when you’re on the go 4 Review overview of threats and risk levels, over a selected period of time 2 Review specific risk and mention details, as well as recommendations 3

11. © 2015 IBM Corporation IBM Security 11 Learn more about IBM Security Visit our website IBM Security Website IBM Security Website Watch our videos IBM Security YouTube Channel IBM Security YouTube Channel Read new blog posts SecurityIntelligence.com SecurityIntelligence.com Follow us on Twitter @ibmsecurity @ibmsecurity IBM Security Intelligence. Integration. Expertise.

12. © 2015 IBM Corporation IBM Security 12 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY