ISACA Kenya Annual Conference - Secure Kenya II. Data Protection, Privacy and Cyber Security. SONY ANTHONY RISK CONSULTING July 2015

Transcription

1 ISACA Kenya Annual Conference - Secure Kenya II Data Protection, Privacy and Cyber Security SONY ANTHONY RISK CONSULTING July 2015

2 Cyber Security and Technology How many of you Bank Online? How many of you receive Banking Statements on ? What file format do you Most Trust? (EXE, PDF, JPG, Doc, JPG) 1

3 Central Bank of India.Sending me an .Wow. 2

4 A little digging.banker, Professor, Therapist..? 3

5 Initiate a Scan and a Pop-Up for Credentials Appear But No RISK 4

6 Maybe my Antivirus is old, Lets Update Still No Risk (Properties) 5

7 Lets focus on the Properties. 6

8 Cyber Security and Technology At this Point My Gut feel: I am hacked..!! My Latest Updated Antivirus Says : I am Safe..!! What do you think?? 7

9 Digging further The Front end Unsuspecting Word Document. The Back end Embedded evil code that will steal all data from the victim 8

10 An EXE that copies, multiplies and renames itself.aaaarrrggghhh Code Stored Location at victim computer Evil code disguised and executed by word macro. 9

11 Cyber Security and Technology Status: Victim has been completely compromised by just opening a word document. And is under complete control of the attacker. 10

12 On the Attacker Screen Multiple people like me across geographies. BOTS waiting for Commands and you are one of them Attacker sees what users are currently doing on their systems 11

13 Cyber Security and Technology Attacker obtains access to all shares of the victim s computer. 12

14 Cyber Security and Technology Attacker is able to search for files on victim s computer remotely.. 13

15 Smile Please.and Clear your Voice.Your on Stage Attacker is able to take control of victim s camera and view the victim without his/her knowledge Attacker is able to listen and record all voice calls (Skype) from the victim s mic or sound card. 14

16 Cyber Security and Technology Attacker is able to extract all passwords stored in browser and cookie files. Attacker is able to install key loggers for all or transactions, chats, s, document or xls edits. 15

17 Cyber Security and Technology Attacker is able take control of the victim s screen when victim is not in front of the computer. 16

18 Cyber Security and Technology Attacker is able to attack other systems on the network. Attacker is able to extract network shares and compromise other machines via the Victim computer. 17

19 Cyber Security and Technology Attacker is able to shutdown and conduct other maintenance activity on the victim computer. Attacker is able to remotely update and upgrade the evil code for continuous and undetected access. 18

20 Malware detected (Day 1 and Day 30) The CRYPTER: Crypters can be used to encrypt viruses, RAT,key loggers, spywares etc to make them undetectable from antiviruses. When these exe files are encrypted with Fud crypters they become undetectable with antiviruses 19

21 The Service on the Internet are Growing and So are Hack Attacks 20

22 The Service on the Internet are Growing and So are Hack Attacks 21

23 The Service on the Internet are Growing and So are Hack Attacks It is a media library that processes several popular media formats. Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification (and that can be masked too,if required) 22

24 The Service on the Internet are Growing and So are Hack Attacks 23

25 The Service on the Internet are Growing and So are Hack Attacks 24

26 Cyber Security and Technology 25

27 Cyber Security - Leader Ship Brewery Case study 26

28 Cyber Security - Human Resourcing Banking Case study. 27

29 Cyber Security - Third Party / Suppliers Retail Case study. 28

30 Cyber Security - Business Continuity & Management Product Case Product Release delayed!!! 29

31 Cyber Security - Operations and Technology Telecom Customer Data Network Rogue Website Detection Identify Rogue Websites such as Phishing sites, scam sites, etc. Cybersquatting domains and websites detection Site takedown App Store Monitoring Monitoring of various App stores for detection of counterfeit software / scam apps hampering the brand. Use of unauthorized brand name and or logos, company goodwill, reputation. Social Media Listening / Monitoring Detection of Private, confidential or any secret information shared over social media platform Sharing of threats against facilities, employees or any information leading to corporate security compromise Anti-counterfeit Monitoring of products and brand in various marketplace including but not limited to gray market, unauthorized product distribution channels. Maintain compliance and trust with distribution partners IPR / Informational Asset Leakage Detection Detect IPR Data and Documents shared over public domains and sharing sites. Detection of Unauthorized sharing of confidential information by vendors and or employees over public domains Detection of leakage Informational assets such as Financial details, Network diagrams, Technological data, etc. 30

32 Cyber Security - Regulations/ Compliance Sony executives bowed in apology today for a security breach in the company's PlayStation Network that caused the loss of personal data of some 77 million accounts on the online service. 31

33 Cyber Security How KPMG can Assist? We believe Cyber Security should be about What you can do not what you can t Principles of our Approach 1. Driven by Business Aspirations 2. Razor Sharp Insight 3. Shoulder to Shoulder Boards today are required to have enhanced roles and responsibilities that focus on (a) providing confidence to investors (b) adhering to regulators (c) working with insurers and (d) working towards minimizing potential litigants 32

34 KPMG Global Cyber Maturity Framework Cyber Security SIX Domains Within this Cyber Maturity framework, a strong communication plan is focussed on the details and complexity of ongoing communication and directions between the board and the management. This helps achieve a reliable flow of information among a broad mix of stakeholders. It is not only the frequency of communication that needs to be reassessed, but also, improving the appropriate and efficient quality of communication when addressing risks. This framework keeps in mind that security is as strongly as your weakest link and the weakest link most often is people, whether due to someone on the inside, human error, or another human factor. Our transformative framework, with a proactive approach, helps shape proper dialogue and overall, improves the information flow to become more transparent and sustainable thus, closing the loop. 33

35 Cyber Security Transformation Overview Overview of Our Cyber Transformation Approach Prepare Help clients understand their vulnerabilities and improve their preparedness against cyber attack. Protect Help clients design and implement their cyber defense infrastructure. Integrate Embed cyber security in the culture and decision making of client organizations THREAT INTELLIGENCE Cyber Transformation Help clients design and deliver a wholesale program of change to improve cyber security capability. Threat Intelligence Help clients implement and use intelligence as a springboard for delivering effective cyber security. Detect & Respond Help clients respond to and investigate cyber attacks. 34

36 Cyber Security Transformation Our Core Service Offerings Within Each Phase 1 Prepare THREAT INTELLIGEN CE Help clients understand their vulnerabilities and improve their preparedness against cyber attack. Understanding the value of critical assets, cyber maturity and setting the cyber security strategy Cyber Maturity Assessment rapid assessment of your organization s readiness to prevent, detect, contain and respond to cyber threats Cyber Security Strategy assist in designing and implementing cyber security strategies and aid Governance, Risk and Compliance 35

37 Cyber Security Transformation Our Core Service Offerings Within Each Phase 2 Protect THREAT INTELLIGEN CE Help clients understand their vulnerabilities and improve their preparedness against cyber attack. Understanding the value of critical assets, cyber maturity and setting the cyber security strategy Security and technology assessments test and improve all elements of security and technology infrastructure including penetration and vulnerability testing Application security assurance understand, assess and address the critical application risks Information Management and Privacy - rapid assessment of your current privacy and records management practices to identify / address issues that may result in non-compliance Certification services certification against international information security standards (ISO27x, NIST) Identity and access management enterprise system access is aligned to roles / privileges 36

38 Cyber Security Transformation Our Core Service Offerings Within Each Phase THREAT INTELLIGEN CE 3Detect and Respond Help clients respond to and investigate cyber attacks. Understanding the value of critical assets, cyber maturity and setting the cyber security strategy Cyber attack detection assist in deployment of monitoring and sophisticated data analytics on client s networks Rapid response teams assist to contain, manage and recover from current cyber attacks Forensic evidence recovery and investigation provide advanced digital forensics capability to gather, preserve and interpret large data sets, deleted or ephemeral data in order to prove a chain of events Advanced training and cyber response capability development 37

39 Cyber Security Transformation Our Core Service Offerings Within Each Phase 4 Integrate THREAT INTELLIGEN CE Embed cyber security in the culture and decision making of client organizations Integrating cyber into the enterprise risk framework and wider business operations. Board training awareness and scenario based training Enterprise risk management policy - design and implementation Business continuity planning reduce exposure, build plans, build capability Behavioral change management 38

40 Cyber Security Transformation Our Core Service Offerings Within Each Phase THREAT INTELLIGEN CE 5 6 Threat Cyber Intelligence Transformation Help clients implement and use intelligence as a springboard for delivering effective cyber security. Help clients design and deliver a wholesale program of change to improve cyber security capability. Build capability to make intelligence-based decisions and deploy organization-wide cyber security Threat intelligence operating models Assist in development and implementation of threat models across people, process and technology required to make intelligence-led decisions Cyber security transformation programs assist in design and delivery of organization-wide cyber security transformation programs Security Operations Centers Assist in design and implementation 39

41 Cyber Security Threats/ Events in the Region Cyber Security Realities in the Region Uganda annual Police crime and traffic report Mobile money and Automated Teller Machine (ATM) fraud was responsible for the loss of about USH 1.5 billion* Kenya Cyber Security Report 2014 Ranked Kenya among the top countries for most incidents of cybercrime, alongside the United States (US), Brazil, China and South Korea Ministry of Information Communication and Technology Government of Kenya developed Cyber security Strategy Feb 2014 Bank of Tanzania (BoT) statistics TZS 1.3bn has been stolen across the country through cyber fraud* The African Union (AU) has adopted the African Union Convention on Cyberspace Security and Protection of Personal Data in July, 2014 Kenya is drafting Cyber-Crime and Computer Related Offences Bill to tackle cyber crime and data breaches Cybercrime is said to have cost nearly KES 2 billion (USD 23 million) to the Kenyan economy in 2013** The Northern Corridor Integration Project member states (the Republics of Kenya Rwanda, South Sudan and Uganda) have developed a Memorandum of Understanding on Cyber Security Framework for cooperation and corroboration in prevention and responding to evolving cyber security threats. (The memorandum is scheduled for signing in mid May 2015 during the next Northern Corridor Integration Summit in Kampala) Source : * Kenya Cyber Security Report 2014 ** 40

42 KPMG Global Cyber Maturity Framework Board Oversight and Engagement I. LEADERSHIP AND GOVERNANCE II. HUMAN FACTORS III. INFORMATION RISK MANAGEMENT Management demonstrating due diligence, ownership and effective management of risk How should boards engage? Understand governance structure and have open dialogue with executive leadership team Review output of capability assessment Review and approve of strategy and funding requests Participate in general board education Request periodic updates of program Communication Define ownership and governance structure Identify sensitive data assets and critical infrastructure Inventory third party supplier relationships Perform assessment of current capabilities Define a strategy and approach Direction Educate the board and executive management What should management do? The level and integration of security culture that empowers and helps to ensure the right people, skills, culture and knowledge How should boards engage? Set the tone for the culture Review patterns/ trends of personal issues Understand training and awareness protocols Communication Direction Define culture and expectations Implement general training and awareness programs Implement personal security measures Define talent management and career architecture Develop specific learning paths for key personnel What should management do? The approach to achieve thorough and effective risk management of information throughout the organization and its delivery and supply partners How should boards engage? Understand risk management approach and linkage to enterprise risk Review and approve risk tolerance Understand third party supplier program Review and question program metrics Communication Develop risk management approach and policies Identify risk tolerance and communicate Link risks to sensitive data assets Perform risk assessments and measures Perform third-party supplier accreditation Report relevant metrics What should management do? Direction 41

43 KPMG Global Cyber Maturity Framework Board Oversight and Engagement IV. BUSINESS CONTINUITY AND CRISIS MANAGEMENT Preparation for a security event and ability to prevent or reduce the impact through successful crisis and stakeholder management How should boards engage? Understand current responses capability Review status of overall plan maturity Meet with communication personnel Participate in table-top exercises Communication Assess current ability to manage cyber events Perform analysis of risks and financial requirements Develop robust plans Assign resources and develop training Integrate with corporate communications Perform testing of plans Direction What should management do? V. OPERATIONS AND TECHNOLOGY The level of control measures implemented to address identified risks and reduce the impact of compromise How should boards engage? Understand current maturity of control structure Review relevancy of selected control framework Review relevant incident trend metrics Meet with CIO or equivalent to understand integration of cyber and information technology trends Communication Direction Understand current maturity of control structure Review relevancy of selected control framework Review relevant incident trend metrics Meet with CIO or equivalent to understand integration of cyber and information technology trends What should management do? VI. LEGAL AND COMPLAINCE Regulatory and international certification standards as relevant How should boards engage? Understand the regulatory landscape impacting the organization Clarify audit committee requirements for Cyber Review litigating inventory trends Review and approve cyber insurance funding (if relevant) Communication Direction Catalog all relevant compliance metrics Link compliance requirements to control framework Formalize the role of the audit committee Identify risk tolerance and communicate Develop litigation inventory and trending Analyze and recommend need for cyber insurance What should management do? 42

44 KPMG Global Cyber Maturity Framework KPMG Cyber Security Maturity Assessment Maturity Levels KPMG will compile a report that provides a breakdown of maturity against the six key dimensions. Client Maturity Level Description Cyber Security Requirements INITIAL Ad-hoc, unpredictable, poorly controlled, reactive REPEATABLE Basic processes management, repeatable tasks DEFINED Defined & documented processes, proactive MANAGED Processes integrated, measured and controlled OPTIMISED Continual improvement, organisational alignment No clear understanding and ownership of the cyber risks within the leadership team. Cyber security approach is not risk based and very ad-hoc in nature Basic technical capability: perimeter security like firewalls, and endpoint security like antivirus The leadership team has an understanding of how the cyber risks can impact their business and Risk appetite is defined. Enterprise wide, co-ordinated approach to security. Mid tier technical capability: Operating system hardening, application hardening and other relevant preventive controls. The leadership team has directed and resourced work needed to address cyber security risks. A well defined security architecture that meets the business needs. Effective information risk management processes in place. Enhanced technical capability: Defence in depth architecture with logging enabled. Governance framework to monitor the embedding information security within the culture of the organisation. Security controls are implemented in a co-ordinated manner to ensure compliance with the defined security architecture. Extended technical capability: Capability of correlating events to identify and preempt malicious activities. The need to protect information assets owned by both the internal and external stakeholders of an organisation as key business assets is embedded within the culture of the organisation. The information and cyber security program is subject to a continuous improvement regime. Leading edge security solutions: Big data based security analytics The Client Overall Maturity Rating Recommended Maturity Rating for The Client Financial Services Sector Average Maturity Rating Insurance Sector Average Maturity Rating 43

45 Thank You 2015 KPMG India, a Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International Cooperative ("KPMG International"). Sony Anthony Director KPMG India santhony@kpmg.com