Risk Management in Global Operating Industry

Transcription

1 Risk Management in Global Operating Industry World Financial Symposium 2015

2 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015

3 Cyber Attack! - Beyond Firewalls Moderator: Saleema Brohi, Aviation Legal Expert Panelists: James Hatch, Director, Cyber Services, BAE Systems Applied Intelligence Elizabeth Petrie, Director Strategic Intelligence Analysis, Citi - Information Protection Directorate Philipp Amann, Senior Strategic Analyst, Cyber-crime Unit, Europol Kristian Gjerding, CEO, CellPoint Mobile Jeffrey Sirr, Head of CIP North America, Munich Reinsurance Session Sponsor World Financial Symposium 2015

4 Cyber Attack! Beyond Firewalls James Hatch Director, Cyber Services BAE Systems Applied Intelligence Session Sponsor World Financial Symposium 2015

5 Applied Intelligence BAE SYSTEMS BUSINESSES Defence platforms and services Cyber and intelligence Electronic systems Copyright 2015 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems Plc 5

6 Internet Applied Intelligence RISKS TO REVENUE AND DATA SYSTEMS Back office Suppliers Travel providers Public Ticketing Reservation Ground Systems Airplanes Attackers: Make money Promote a cause Disrupt a country Business interruption Financial fraud Loss of data Operational impacts Lost revenue Liability costs Reputation Remediation Copyright 2015 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems Plc 6

7 Applied Intelligence CHALLENGES TO ACHIEVING CYBER SECURITY Labour intensive Scarce resources BEING EFFICIENT Swamped in data Automation and integration Asymmetric threat Situational awareness EFFECTIVE AGAINST REAL THREATS Changing threat Compliance is not security Trap of risk acceptance Achieving coverage IMPLEMENTING CONTROLS Funding and prioritisation Project execution Suppliers and processors Legacy systems and data KNOWING YOUR ESTATE Shadow IT and BYOD Weak architecture and change Copyright 2015 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems Plc 7

8 Applied Intelligence ORGANISATIONS NEED TO SHOW THAT THEY Are clear who is responsible Understand their cyber risk Make active decisions on risk Business interruption Financial fraud Loss of data Operational impacts How big is our risk? What type is it? Do we care? Plan for resilience Support strategic priorities Avoid Reduce Share inc insurance Retain Copyright 2015 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems Plc 8

9 Cyber Attack! Beyond Firewalls Elizabeth Petrie Director Strategic Intelligence Analysis Citi - Information Protection Directorate Session Sponsor World Financial Symposium 2015

10 16 September 2015 CYBER THREAT LANDSCAPE: A FINANCIAL INSTITUTION S PERSPECTIVE 2015 IATA World Financial Symposium

11

12 The Changing Information Security Threat Landscape The cyber threat landscape continues to evolve as better organized and more sophisticated attackers have emerged. Increasing Sophistication Individual players Opportunistic and casual Driven by desire to prove they can Organized collectives, criminal enterprises, and nation states Typically coordinated and well funded Driven by the opportunity for geopolitical and financial gain Typically still individual players Adversaries increasingly focused on disruption and Premeditated and planned actions destruction Driven by desire for financial gain Evolving Threats An Illustration of the Information Security Challenge Speed of Attack Target of Attack Value of Information Complexity of Business Model Sophistication of Techniques Availability of Tools Past Non real-time theft of passwords and confidential information Typically targets of opportunity Very variable -hard to monetize without exposing the malicious actor Workforce primarily based in same geography as business and on payroll Moderately sophisticated adversaries seeking to exploit well known vulnerabilities Custom tools created by knowledgeable individuals to perform a specific attack Present Real time compromises of computers, servers, mobile devices and their associated communication channels Highly-targeted victims for their access to the most sensitive information Readily monetized in a sophisticated, secure, and anonymous underground economy Complex underground marketplace with sophisticated specialists; overlap of actors and infrastructure Highly sophisticated supply chain to create or detect vulnerabilities and exploit tools Malicious tools are commodity items readily available on the black market; overlap of tool usage among actors

13 Cyber Attacks Common Tactics and Impacts on Business Cyber Attack is an attempt by online criminals to access or damage a computer network/system often stealing data or money, and using both technical and non-technical methods. Common Attack Methods Impact on Business Human Effect Social Engineering Relying on human interaction to trick people into breaking security procedures and sharing useful information for exploit efforts Technology Malware Software tools that enable an unauthorized user to gain control of a computer system and gather sensitive information US $116BN $445 Billion Estimated global cost of cybercrime as of February $242 Billion Combined cost to top four global economies 2 China $71BN Japan $0.93BN Germany $54BN Cyber Masquerading Taking over executive account to conduct cyber espionage or complete financial transaction Human + Technology Phishing s or online posts that masquerade as a trustworthy party in an attempt to trick the target into divulging information or downloading malware United States Germany Russia All others $203BN Average annualized cost of cybercrime to companies in $1.8 M $6.8 M $12.7 M 1. Computer Weekly; Cyber crime is a threat to global economy, says researcher ; February McAfee; Net Losses: Estimating the Global Cost of Cybercrime ; June Ponemon Institute; 2014 Global Report on the Cost of Cyber crime ; October

14 Cyber Threat Trends Against Treasury Functions and Assets Cyber attackers are increasingly targeting financial functions to steal money and sensitive data. The biggest threat is the combined type of attacks using various tactics. Trends in Cyber Crime Multi-vector attacks Targeted victims Sophisticated tools Common Manifestation against Financial Centers Attacks against treasurers are delivered in multiple phases, Using , Social Media, unsecure Mobile/Personal devices to log into corporate assets. Caller pretends to be bank s fraud team or Microsoft Help. Victim reveals sensitive information or even allows screen sharing on their machine leading to exploitation and fraud. New malware programmers are using sophisticated methods that evade Anti- Virus solutions. Banking malware now features file stealing capabilities. Indirect attacks Attacker targets third-party vendors in order to access sensitive financial center data/systems and steal data/money. New players: Organized Crime Blackmail and Extortion schemes, Data stealing, and even Drug and Human Smuggling is being aided by cyber crime services. Persistence and long-term outlook Advanced tools are added to infected machines to steal valuable intellectual property.

15 Why is Cybersecurity Important to Financial Treasury Functions? is at the nexus of a company s financial flows. Key Risk Areas Suppliers Information Security and Technology Internal Interactions Banks Financial Centers and Flows Vendor performing Financial Outsource Function Other Parts of the Corporation Human Factors Insider Fraud Access to sensitive data Changing bank details Technology/Process Factors Data privacy and sensitive data restrictions Connectivity interacting with banking system Exploitation of security weaknesses in other areas

16 Understanding the Anatomy of a Cyber Attack Attackers use a wide variety of tactics, techniques, and procedures to accomplish successful cyber attacks. Targeting and Compromi se Lateral Movement s Persistenc e Exploratio n Exfiltration Cover Tracks Examples Hacker targets Treasurer based on the LinkedIn update and then compromises the LinkedIn account via password guessing Hacker conducts reconnaissance and makes connections with all associates holding a Treasurer title linked to that account By using malware to compromise accounts, the Hacker ensures that they have a foothold into the victim, even if the LinkedIn compromise is discovered Attacker conducts lengthy research of the victim network, including decryption of data throughout the compromised networks Attacker removes data from the victim network (e.g. using of encryption) to make it difficult for stolen data to be identified Attacker destroys artifacts and evidence of their intrusion All cyber actors do not fully complete the entire Anatomy of a Cyber Attack, as their objective may be achieved early in the attack process.

17 A Multi-Layered and Comprehensive Approach to Security Treasurers may further enhance cybersecurity programs by leveraging bank best practices for internal and external interactions. Risk Mitigation Suppliers Banks Financial Centers and Flows 2 Vendor performing Treasury Outsource Function 5 1. Data Protection: Sensitive information must always be protected 2. Third-Party Information Security Assessment: Ensure third-party vendors have the appropriate security controls in place when handling sensitive data 3. Privileged User Managed Access: Implement controls around access to production environments, networks and other environments with sensitive data 4. Security Incident Management: Know what to do in the event of an actual or potential compromise Information Security and Technology 5 4 Other Parts of the Corporation Vulnerability Assessment: Perform tests on applications and infrastructure assets to proactively identify and remediate potential weaknesses 6. Global ID Administration: Manage identification administration (e.g. ID creation, modification, and deletion, password resets) to help mitigate access management risks Internal Interactions 7. Big Data: Leverage data trends to monitor transactions

18 Role and Importance of Intelligence Intelligence must be an integral part of the decision making process. Intelligence is having the right information, at the right time, and in the hands of the right people. Intelligence Cycle Dissemination Requirements Analysis and Production Active Collaboration Planning and Direction Processing and Exploitation Collection Output/Deliverables Inform operational planning and strategic decision-making Inventory of intelligence resources Identification of resource gaps, recommendations for remediation Centralized mechanism for ad hoc intelligence data Regular, frequent updates to senior management and key business stakeholders (e.g. dashboard-type, high-level briefing report) Intelligence is embedded in the day-to-day work, from the establishment of a customer relationship to the execution of any service. Capturing and understanding the knowledge of employees is the foundation of a successful Intelligence Program Intelligence-sharing and knowledge-sharing (lessons learned, etc.)

19 Intelligence Involves Forward-Looking Insights To defeat the adversary we must network as strong as the adversary. Client Customer Trends Technology Evolution Threat Landscape Intelligence Government Regulatory Industry Trends Third-party Risk Intelligence is built from a mosaic cutting across various views to help identify emerging trends, make informed decisions and predict the next event. Intelligence has a short half-life. Security Activity + Intelligence Context = Defense Situational Awareness

20 IRS Circular 230 Disclosure: Citigroup Inc. and its affiliates do not provide tax or legal advise. Any discussion of tax matters in these materials (i) is not intended or written to be used, and cannot be used or relied upon, by you for the purpose of avoiding any tax penalties and (ii) may have been written in connection with the promotion or marketing of any transaction contemplated hereby ( Transaction ). Accordingly, you should seek advice based on your particular circumstances from an independent tax advisor. Any terms set forth herein are intended for discussion purposes only and are subject to the final terms as set forth in separate definitive written agreements. This presentation is not a commitment or firm offer and does not obligate us to enter into such a commitment, nor are we acting as a fiduciary to you. By accepting this presentation, subject to applicable law or regulation, you agree to keep confidential the information contained herein and the existence of and proposed terms for any Transaction. We are required to obtain, verify and record certain information that identifies each entity that enters into a formal business relationship with us. We will ask for your complete name, street address, and taxpayer ID number. We may also request corporate formation documents, or other forms of identification, to verify information provided Citibank, N.A. All rights reserved. Citi and Citi and Arc Design are trademarks and service marks of Citigroup Inc. or its affiliates and are used and registered throughout the world.

21 Cyber Attack! - Beyond Firewalls Moderator: Saleema Brohi, Aviation Legal Expert Panelists: James Hatch, Director, Cyber Services, BAE Systems Applied Intelligence Elizabeth Petrie, Director Strategic Intelligence Analysis, Citi - Information Protection Directorate Philipp Amann, Senior Strategic Analyst, Cyber-crime Unit, Europol Kristian Gjerding, CEO, CellPoint Mobile Jeffrey Sirr, Head of CIP North America, Munich Reinsurance Session Sponsor World Financial Symposium 2015

22 Do you think Aviation is a risky business? IATA s Risk Management helps you control the risks and lets you sleep at night! > Visit the IATA Booth to learn more World Financial Symposium 2015

23 Networking Break World Financial Symposium 2015