Cyber security trends & strategy for business (digital?) Presentation by Anwer Yusoff Head, Industry & Business Development C y b e r S e c u r i t y M a l a y s i a NATIONAL CYBERSECURITY TECHNICAL SPECIALIST AGENCY 16 th June 2015 1
About us CyberSecurity Malaysia 1997 1998-2005 CyberSecurity Malaysia was launched by the Prime Minister of Malaysia on 20 Aug 2007 30 Mar 07 : NISER officially registered as March 2006 NITC Meeting on 7 Apr 2006 agreed to implement NCSP and establishment of the Malaysia Cyber Security Centre to administer NCSP. NCSP was endorsed by the Cabinet in May 2006. NISER was tasked to be the Malaysia Cyber Security Centre.
TREND OF MALAYSIA CYBER SECURITY THREATS IN 2015 CYBER SPACE 4,581 Reported Case on General Incident Classification CYBER HARASSMENT 889,469 Reported Case of Malware & Botnet Drones Infection Info: www.mycert.my 156,357 Reported Spam Emails FRAUD! 3
Cyber Security Incidents (1997-2015) Managed more than 66,000 incidents 16,000 14,000 12,000 10,000 8,000 6,000 Type of incidents: 1. Intrusion 2. Intrusion Attempt 3. Denial of Service Attack (DOS) 4. Fraud 5. Cyber Harassment 6. Spam 7. Content Related 8. Vulnerabilities Report 9. Malicious Codes 8,090 15,218 9,986 As of 31 st May 2015 10636 11918 4581 4,000 2,000-81 196 527 347 860 625 912 915 754 1,372 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Number of cyber security incidents referred to CyberSecurity Malaysia (excluding spams) 1,038 2,123 3,566 4
ISSUES & CHALLENGES - Malaysia Ranked 9th In Malware Attacks Top 15 countries with highest numbers of users attacked between April 2013 and July 2014. Malaysia: 1.97% out of 3,408,112 malware attacks Source: Mobile Cyber Threats. Kaspersky Lab & INTERPOL Joint Report, October 2014 5
ISSUES & CHALLENGES - Online Banking Malware Attacks Source: TREND MICRO TrendLabs 2Q 2014 Security Roundup 6
What steps are taken by the Malaysian Government to keep cyber threats under control? One of the most important step is creating : National Cyber Security Policy (NCSP) Establishing CyberSecurity Malaysia to implement NCSP
The National Cyber Security Policy Objectives: The National Cyber Security Policy formulated by MOSTI NCSP Adoption and Implementation Address The Risks To The Critical National Information Infrastructure The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets To Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate With The Risks To Develop And Establish A Comprehensive Program And A Series Of Frameworks 8
CNII SECTOR Transportation Government Energy Water Health Services Defence & Security Banking & Finance Information & Communications Emergency Services Food & Agriculture NCSP THRUST NATIONAL CYBER SECURITY POLICY VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of security, it will promote stability, social well being and wealth creation. T1 NSC Effective Governance Establishment of a national info security coordination centre, effective institutional arrangements & Public Private Cooperation T5 MOSTI R & D Towards Self Reliance Acceptance & utilization of locally developed info security products AGC Legislation & Regulatory Framework Reduction of cybercrime & increased success in the prosecution in cyber crime T2 MICC Compliance & Enforcement Strengthen or include infosec enforcement role in all CNII regulators T6 T3 MOSTI Cyber Security Technology Framework Expansion of national certification scheme for InfoSec management & assurance MOSTI Culture Of Security & Capacity Building Reduced no. of InfoSec incidents through improved awareness & skill level T4 T7 NSC Cyber Security Emergency Readiness CNII resilience against cyber crime, terrorism, info warfare MICC International Cooperation International cooperation & branding on CNII protection with improved awareness & skill level T8 CNII Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on: National Defense & Security National Economic Strength National Image Government capability to function Public Health & Safety
1. ISMS Certification to preserve confidentiality, integrity and availability of information assets 2. Malaysia Trustmark for secure e-business websites 3. ICT products evaluation and certification under the Common Criteria ISO/IEC 15408 10
To minimise risks 1. Rethink approach to IT security Proactive senior management involvement IT security = business enabler, not infrastructure cost Align IT security strategy to corporate risk management objectives 2. Update security policies Organisations need to handle new trends like BYOD and cloud 3. Adopt intelligent multi-layer defence Application security is important in a Web-centric world 4. Maintain up-to-date systems (e.g. patches) 5. Educate users on security best practices 11
Top 5 Internet Security Threats for 2015
More Insider Breaches
Top Offenders of Insider Crimes 2014 35% are current employees 30% were former employees 18% are current service providers/consultants/contractors 15% were current service providers/consultants/contractors 13% are suppliers and business partners 11% are customers Source: PwC
Social Engineering Attacks Will Increase
Social Engineer Hackers Also Use Open Source Intelligence (OSINT) Tools Creepy is a creepy tool that targets victim geolocation information through social networking platforms and image hosting services. Maltego is an intelligence and forensics app and is useful to map an organization s employees and relationships. FoxOne Scanner is a webserver reconnaissance scanner that is non-invasive and non-detectable. Stalker reconstructs all captured traffic from both wired and wireless networks and builds a complete profile of the target. Spiderfoot is a footprinting tools that targets a domain name, IP address [netblock], or hostname, using 40 OSINT data sources to provide data on the target. These are just a fraction of the OSINT tools that can be used to gather information on a target
Healthcare data will become increasingly valuable to hackers
Personally Identifiable Information [PII] will be hot mama in 2015 Data security has never been a top priority for many healthcare organizations, and IT budgets are low in comparison to other industries. Healthcare records hold a mother lode of PII data that can be used for resale in the black market. Healthcare records contain vital data on the identity of the individual and are often linked to financial information. Healthcare workers often share passwords and workstations. Websense observed a 600 percent increase in attacks on hospitals during a 10 month period [from October 2013-August 2014]. Cyber-criminals will increase cyber-attacks on hospital networks in 2015. Source:s MIT Technology Review Security Week
Many of the stories regarding healthcare information security breaches have been due to the negligence of staff. Dell, SecureWorks
More Reputation Sabotage
Reputation will become the new target for cyber attacks in 2015 Employee badmouthing has never been easier. A disgruntled employee can become your worst nightmare on social media or in the press. Negative reviews can pop up on high traffic sites such as City search, Glassdoor, Google reviews, Ripoffreport.com and Yelp to name a few. Hacked emails and the high-jacking of corporate social media accounts will increase. Commercial reputation is important in light of social media buzz. Brand maintenance will be integral in 2015. Insider activists will continue to leak company information, and hacktivist collectives will gain more ground in 2015. Companies should carefully monitor their online reputation and have a strategic plan in place that can address reputation sabotage.
"More insiders will emerge as more people place their own ethics and perspectives above those of their employers. Criticism will go viral and those that come from credible insiders will spread faster." --Information on Security Forum (ISF)
More Crime as a Service (CaaS)
Criminals value your information CaaS attacks will become more innovative and sophisticated. Unemployed and disgruntled employees will form a talent pool for criminal groups to gather information needed for these attacks. Organizational profiles will include details about vulnerabilities or knowledge of business operations. Criminals will get better at combining OSINT tools with information obtained from intrusion and data leaks. New attacks, both physical and virtual, will target individuals based on their ability to provide access and information about their organization to the bad guys. Cyber-criminals are highly motivate d to obtain company information, or to utilize data leaks. Source: Information Security Forum: Threat Horizon 2015
Most services offered in the underground are characterized by their ease of use and a strong customer orientation. They typically have a user-friendly administration console and dashboard for the control of profits. --Infosec Institute
What is your prediction for the top 2015 IT security threats?
In conclusion More 2 billion people are connected to the Internet. Cellular phone subscriptions passing the 5 billion mark at the end of 2010. More than 50 billion objects are expected to be digitally connected by 2020, including cars, appliances and cameras. The amount of digital information created and replicated in the world will grow to a staggering amount of 35 trillion gigabytes by 2020. About $ 8 trillion traded thru e-commerce last year 27
28