NEW TECHNOLOGIES IN CYBER SECURITY - COMPETITIVE ADVANTAGE OR HIDDEN THREAT: MALAYSIA S EXPERIENCE

Transcription

1 NEW TECHNOLOGIES IN CYBER SECURITY - COMPETITIVE ADVANTAGE OR HIDDEN THREAT: MALAYSIA S EXPERIENCE by DATO DR. HAJI AMIRUDIN ABDUL WAHAB Chief Executive Officer 22 Sep 2017 Copyright CyberSecurity Malaysia

2 DIGITAL ENVIRONMENT - Emerging Technologies

3 DIGITAL DISRUPTION Threat or Opportunity? It's great to be part of the disruptors, but scary when we are the one being disrupted 3

4 CURRENT DIGITAL LANDSCAPE DON T FEEL PREPARED NEED PROTECTION AGAINTS ATTACKS EXPECT RISKS & VULNERABILITIES TO INCREASE While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organizations don t need to find new security controls, rather they need to figure out how to apply best practices in new environments - Tim Erlins, Director, Security & IT Risk Strategist, Tripwire EXPECT SECURITY ATTACKS TO INCREASE EXPECT IIOT DEPLOYMENT TO RISE Source: Dimensional Research for Tripwire (March 2017) ( 4

5 IoT - CAN TURN INTO INTERNET OF THREATS - More Devices With More Vulnerabilities, - James Bone, Cognitive Hack

6 CYBER SECURITY HAS BECOME A MAJOR SECURITY CONCERN & FACTS ABOUT THE FINANCIAL IMPACTS OF CYBER ATTACKS 1. Cyber crime damage costs to hit $6 trillion annually by Cybersecurity spending to exceed $1 trillion from 2017 to Cyber crime will more than triple the number of unfilled cyber security jobs, which is predicted to reach 3.5 million by Human attack surface to reach 4 billion people by Global ransomware damage costs are predicted to exceed $5 billion in Copyright CyberSecurity Malaysia 6

7 Evolution of Cyber Attacks 7

8 UNDERSTANDING CYBER THREAT & POTENTIAL RISKS 8

9 9

10 CYBER SECURITY IS TOP MANAGEMENT ISSUE -Cyber Risks and Impacts of Cyber Attacks Brand impact Regulatory impact Sensitive media scrutiny Customer churn Loss of business due to critical intellectual asset loss Independent audits Regulatory fines Restriction on information sharing Implementation of comprehensive security solutions Financial impact Operational impact Detection and escalation Notification Lost business Response costs Competitive disadvantage Diversion of employees from strategic initiatives to work on damage control 10

11 RISKS OF CYBER ATTACKS - Financial Impacts 11

12 GLOBAL NEWS IN Operational Impacts This growth in DDoS was bad news for UK businesses, which were the second most targeted during Q2 2017, suffering over 32.5 million attacks. The US took the unfortunate top spot, being subjected to over million attacks in just three months. A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine s central bank, state telecom, municipal metro, and Kiev s Boryspil Airport. 12

13 CYBER ATTACKS IN ASIA PACIFIC - Operational Impacts Source : Cyber_Risk_In_Asia-Pacific_The_Case_For_Greater_Transparency by Oliver Wyman 13

14 RISKS OF CYBER ATTACKS - Impacts on Image and Branding

15 RISKS OF CYBER ATTACKS - Impacts on Image 15

16 RISKS OF CYBER ATTACKS - Regulatory and Legal Impacts The cord-blood bank agreed to settle Federal Trade Commission charges it failed to protect customer data due to inadequate security that exposed Social Security and credit-card information on 300,000 people. Source: 16

17 THE IMPACTS OF EMERGING CYBER ATTACKS CAN BE MORE DAMAGING 17 17

18 MALAYSIA S DIGITAL LANDSCAPE 18

19 MALAYSIA IS TRANSFORMING ITSELF TO BECOME A DIGITAL NATION FinTech - technologies that are disrupting traditional financial services i.e. mobile payments, money transfers, loans.investment in Fintech around the world has increased dramatically from $930 million in 2008 to more than $12 billion by early Accenture Source: 19

20 CYBER ATTACKS - RISK OF HIGHEST CONCERN IN MALAYSIA 20

21 Malaysia s Top Security Concerns 2017 Personal safety 65 Financial obligations 68 Natural disasters 69 Online shopping 73 War/terrorism 73 Virus/hacking 77 ID theft 87 Bankcard Fraud Source: 2017 UniSys Security Index 21

22 CYBER INCIDENTS REFERRED TO CYBERSECURITY MALAYSIA ( AUGUST 2017) Type of incidents: (Excluding Spam) 1. Intrusion Intrusion Attempt Denial Intrusion of Service Attempt Attack (DOS) Fraud Denial of Service Attack (DOS) Cyber Fraud Harassment Spam Cyber Harassment Content Spam Related Vulnerabilities Content Related Report Malicious Vulnerabilities Codes Report 9. Malicious Codes As of 31 Aug

23 Cyber Security Incident (1 Jan -31 Aug 2017) Cyber Security Incident Jan Feb Mar Apr May June Jul Aug Total Fraud Intrusion Malicious Code Cyber Harassment Content Related Intrusion Attempt Spam DDoS Vulberabilities Total

24 MALAYSIA S REGIONAL APPROACH & ENGAGEMENT WITH PROFESSIONAL COMMUNITY - Turning the risks into opportunities 24

25 Adoption of HOLISTIC APPROACH that identifies potential threats to CNII organization and impacts to the national security & public well-being AND; to develop the nation to become cyber resilience having the capability to safeguard the interests of its stakeholders, reputation, brand and value creating activities 25

26 RISK MANAGEMENT THROUGH TECHNOLOGY (LEVERAGING NEW TECHNOLOGIES TO STAY AHEAD OF EMERGING THREATS) 26

27 TRADITIONAL CYBER SECURITY APPROACH - Important but not sufficient Leaves significant gaps in cyber defence Most APT malware lies dormant and remains undetected A new approach is required to address APT and new breed of cyber attacks Malware is racing ahead and existing security tools can not keep up...intelligent & automated threat detection and response is absolutely critical moving forward 27

28 A Time of Great Risk: The Time Between Compromise and Mitigation Source: ciosummits.com 28

29 SECURITY INNOVATION NEED TO EVOLVE WITH TECHNOLOGY ADVANCEMENT 29

30 ENSURING CONTINUITY OF BUSINESS OPERATION via ADAPTIVE SECURITY To be more proactive, dynamic and integrated in cyber security approach 30

31 User and Entity Behaviour Analytics (UEBA) Source:sqrrl.com 31

32 NEW TECHNOLOGIES AS NEW CYBER TOOLS SECURITY INTELLIGENT Building Security Descriptive, Predictive and Prescriptive Analytics Capabilities innovative data scientists and architects already realize that semantics is the key to delivering meaning and context to information. Adaptive Learning Algorithms can detect the step-by-step penetration of APT malware (Phishing, Trojans, Adware, Botnets...) 32

33 Way Forward - Key Questions to CISO Source:ibm.com 33

34 RISK MANAGEMENT THROUGH PROCESS (POLICY FRAMEWORK, LEGAL & GOVERNANCE, QUALITY MANAGEMENT & BEST PRACTICES AND DOMESTIC & INTERNATIONAL COOPERATION) 34

35 Cyber Security Eco System in Malaysia POLICY Formulating & Coordinating Policy NATIONAL SECURITY COUNCIL NATIONAL CYBER SECURITY AGENCY (NACSA) NATIONAL CYBER SECURITY POLICY Government Agencies Critical Information Infrastructure Internet Service Providers Industry Academia Cyber Security Professionals Public LAW ENFORCEMENT AGENCIES & REGULATORS Preventing & Combating Terrorism through Law Enforcement ROYAL MALAYSIAN POLICE BANK NEGARA MALAYSIA MALAYSIAN COMMUNICATION & MULTIMEDIA COMMISSION TECHNICAL SUPPORT Providing Technical Supports & Services CYBERSECURITY MALAYSIA

36 NATIONAL CYBER SECURITY POLICY VISION Thrust 1: Effective Governance Thrust 2: Legislative & Regulatory Framework Malaysia s CNII shall be secure, resilient and self-reliant. Infused with a culture of security it will promote stability, social well being and wealth creation Energy Banking & Finance Thrust 5: R&D Towards Self Reliance Thrust 6: Compliance & Enforcement Thrust 3: Cyber Security Technology Framework Government Service Emergency Services Water Health Service s Defense & Security Food & Agriculture Thrust 7: Cyber Security Emergency Readiness Thrust 4: Culture of Security & Capacity Building Transportation Information & Communication Critical National Information Infrastructure (CNII) Thrust 8: International Cooperation

37 MALAYSIA S CYBER SECURITY SERVICES - via Proactive and Responsive Services 37

38 RESPONSIVE AND MITIGATIVE ACTIONS - Minimize Impacts of Cyber Attacks via Cyber Crisis Management X-MAYA - National Cyber Crisis Exercise (Cyber Drill) conducted by CyberSecurity Malaysia in collaboration with the National Security Council. The X-MAYA - to assess and improve the National Cyber Crisis Management Plan together with CNII's readiness against the threat of cyber attacks.

39 CYBER SECURITY EMERGENCY READINESS

40 RESPONSIVE AND RECOVERY ACTIONS - Minimizing and recovering from losses CyberD.E.F Detection Eradication Forensic 40

41 HANDLING OF RANSOMWARE CASES - Post-event Crisis Management [TRANSLATION OF THE NEWS HEADLINES: MYCERT DEFEATED RANSOMWARE] 41

42 RISK-BASED CYBER SECURITY via DOMESTIC & INTERNATIONAL COLLABORATION - ASEAN CERT ITU CSCAP ARF OIC CERT FIRST APCERT SOVEREIGN STATES VIA BILATERAL/MULTIL ATERAL ENGAGEMENT Regional and Global Cyber Security Cooperation INTERNATIONAL SECURITY Protecting Common Interests Confidence Building Measures DOMESTIC SECURITY Protecting National Security, Prosperity and Public Safety Legal and Policy Framework Public Private Partnership

43 INFORMATION SHARING IN COMBATING CYBER CRIME - Minimizing Risks of Cyber Attacks

44 RISK MANAMENT THROUGH PEOPLE (THE WEAKEST LINK HUMAN) 44

45 NATIONAL STRATEGY FOR CYBER SECURITY ACCULTURATION & CAPACITY BUILDING PROGRAM The study was completed in November 2010 The capacity building programs are targeted towards Critical National Information Infrastructure (CNII) Focusing on efforts to increase the knowledge and skill sets on the information security workforce Aimed at creating a quality and well-equipped information security workforce and promoting recognition of the Information Security profession. 45

46 MALAYSIA S APPROACH IN CAPACITY BUILDING THROUGH BILATERAL & MULTI LATERAL PARTNERSHIP As cyber threats become more diverse, persistent and sophisticated; there is a need for bi-lateral & multistakeholders partnership in cyber security capacity building to formulate a framework for the creation of a competent cybersecurity workforce both at national and regional levels 4

47 PARTNERSHIP TO DEVELOP MORE CYBER SECURITY PROFESSIONALS 47 47

48 PARTNERSHIP IN PRODUCING MORE CYBER SECURITY TALENTS WITH THE LOCAL UNIVERSITIES Universities & Higher Learning Institutions The National University of Malaysia Ministry of Education Department of Polytechnic Education Department Of Community College Education International Islamic University Malaysia (IIUM) Universiti Tunku Abdul Rahman (UTAR) University of Kuala Lumpur (UniKL) University Putra Malaysia (UPM) Multimedia University (MMU) University Teknikal Malaysia Melaka (UTeM) etc 48

49 PARTNERSHIP IN CYBERSECURITY R&D ACTIVITIES Staying Ahead Through Innovative & Effective R&D Capacity Building Programs To Identify Technologies That Are Relevant and Desirable by the CNII To Promote Collaboration with International Centres of Excellence To Provide Domain Competency Development 49

50 OUR ACHIEVEMENTS SO FAR The Global Cybersecurity Index (GCI) is a survey that measure the commitment of Member States to cyber security The assessment were weighted based on the five pillars of the GCI below: 1. Legal: Measured based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime. 2. Technical: Measured based on the existence of technical institutions and frameworks dealing with cybersecurity. 3. Organizational: Measured based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level. 4. Capacity Building: Measured based on the existence of research and development, education and training programmes; certified professionals and public sector agencies fostering capacity building. 5. Cooperation: Measured based on the existence of partnerships, cooperative frameworks and information sharing networks. 50

51 ITU GLOBAL CYBER SECURITY INDEX Malaysia is 3rd in Global Ranking COUNTRY GCI SCORE LEGAL TECHNICAL ORGANIZATIONAL CAPACITY BUILDING COOPERATION 51

52 The Global Cybersecurity Index (GCI) Top three countries in Asia and the Pacific region 52

53 CONCLUSION AND WAY FORWARD Our approach to cope with emerging new technologies should be equally intelligent by adopting holistic strategy and through the use of new cyber tools To effectively apply cyber security fundamentals with innovative features and techniques Strengthening Public-Private-Partnership and International Collaboration To evolve in parallel with technology by enhancing: Sharing of Information amongst relevant parties Cyber Incidents Response and Coordination Innovative & Collaborative Research Capacity Building Cyber Security Awareness and Education 53

54