MANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS

Transcription

1 MANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS Mohamad Firham Efendy Bin Md Senan Specialist, Digital Forensics Department CyberSecurity Malaysia

2 Definition: Security and Cyber Security Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. Security (including physical security) applied to computing devices such as computers, smartphones as well as to both private and public computer networks including the whole Internet 2

3 Cyber security Incidents: Hacktivism 3

4 Cyber security Incidents: Hacktivism 4

5 Cyber security Incidents: Cyber espionage 5

6 McAfee Lab 2015 threats predictions 1) Cyber espionage Cybercriminal will continue to increase in frequency with better methods and more sophisticated stealth technologies to collect data that they can either sell or use at a later date 2) Internet of Things The hypergrowth in the number of connected objects, poor security hygiene and the high value of data on those devices 3) Privacy Data privacy will remain under threat as governments and business grapple with what is fair and authorized access to personal information * The report can be downloaded at 6

7 McAfee Lab 2015 threats predictions 4) Ransomware Ransomware will evolve its methods of propagation, encryption, and the target it seeks 5) Mobile Mobile attacks will grow rapidly as new mobile technologies expand the attack surface and little is done to stop app store abuse 6) Malware beyond Windows The Shellshock vulnerability will fuel non- Windows malware attack * The report can be downloaded at 7

8 Malaysia success story The Global Cybersecurity Index and Cyberwelness profile Report presents the 2014 results of the GCI and the Cyberwellness country profiles for Member states It includes regional rankings, a selected set of good practices and the way forward for the next iteration * The report can be downloaded at 8

9 Malaysia National Cyber Security Policy National Cyber Security Policy has been designed to facilitate Malaysia's move towards a knowledge based economy (K-economy) The Policy was formulated based on a National Cyber Security Framework that comprises legislation and regulatory, technology, public-private cooperation, institutional, and international aspects 9

10 Malaysia National Cyber Security Policy * The policy brochure can be downloaded at Policy2.pdf 10

11 Secure your organization through: Information Security Guidelines for SMEs 1) Practicing information security 2) Information security governance and processes 3) Integrating People, Process and Technology 4) Implement information security based on the identified risks 5) Appoint a dedicated team of staff 6) Continuous awareness on information security * The guideline can be downloaded at 11

12 Secure your organization through: Information Security Management System Audit and Certification (CSM27001) Scheme Established in 2011 To support the pillar of 'National Security and Public Safety' under the Economic Transformation Program by way of building resiliency in both the Critical National Information Infrastructure (CNII) and the industry To support the pillar of 'Catalyst of growth for Industry' by providing MS ISO/IEC certified organization a benchmark to compete effectively against similar organizations on a global scale 12

13 Achieving cyber security readiness Cyber security readiness can be achieved through testing Testing techniques need to emulate attacks that address all aspects of cyber security Test tools must have sufficient capacity to determine network behavior under an avalanche of attempted breaches Testing methodology needs to get more sophisticated and agile 13

14 Achieving forensic readiness Forensic readiness definition: The ability of an organization to maximize its potential to use digital evidence whilst minimizing the costs of an investigation -A Ten Step Process for Forensic Readiness, International Journal of Digital Forensics, Volume 2, Issue 3, Winter

15 Forensic readiness: The importance of digital evidence Information security programmes often focus on the measures of prevention and detection perspective and there is only a little need for digital evidence But from the business perspective, there is a requirement for digital evidence to be available (recorded) before an incident occurs 15

16 Information security and forensic readiness symbiosis relation Incident response - Concerns itself with ensuring that the business utility of information systems is maintained Incident anticipation - Concerns itself with enabling the business requirement to use digital evidence 16

17 Forensic readiness: The importance of digital evidence Digital evidence can: Help manage impact of some important business risks. Support a legal process / defence. Verify the terms of commercial transaction. Lend support to internal disciplinary actions. 17

18 Forensic readiness: The importance of digital evidence Being prepared to gather and use evidence is beneficial to the organization especially as deterrent to the insider threat 18

19 Forensic readiness: Regulatory and legislative requirement 1) Any computer data may become used in a formal process and may need to be subject to forensic practices 2) The ability of an organization to exploit this data is the focus of forensic readiness 3) To collect admissible evidence, the organization needs to review the legality of its monitoring activity as the digital evidence must be obtained in a lawful manner 19

20 Forensic readiness: Preparation for wider range of threats Forensic readiness can extend the target of information security to the wider range of threats from cyber crime such as cyber espionage, intellectual property protection, fraud or extortion, violation of organization policy and etc 20

21 Forensic readiness: The importance of digital evidence Any computer data may become used in a formal process and may need to be subject to forensic practices The ability of an organization to exploit this data is the focus of forensic readiness To collect admissible evidence, the organization needs to review the legality of its monitoring activity as the digital evidence must be obtain in a lawful manner Forensic readiness can extend the target of information security to the wider threat from cyber crime such as intellectual property protection, fraud or extortion, violation of organization policy and etc 21

22 Forensic readiness: Forensic ready organization 22

23 Forensic readiness: Forensic ready organization 23

24 Forensic readiness: Implementing forensic readiness 24

25 Botnet threat in Malaysia 25

26 Coordinated Malware Eradication: The need to create an antimalware ecosystem 26

27 The way forward: CyberDEF services launched on May 2015 A comprehensive solution for cyber threats detection, eradication and forensic by CyberSecurity Malaysia 27

28 The way forward: CyberDEF services 28

29 The way forward: CyberDEF services Step 1: DETECTION Identify any loopholes, vulnerabilities and existing threats Step 2: ERADICATION Close loopholes, patch vulnerabilities and neutralize existing threats Perform cyber threats exercise or drill to test the feasibility and resiliency of the new defense/prevention system 29

30 The way forward: CyberDEF services Step 3: FORENSIC Recover loss data, repair and restore them Analyze weaknesses and strengthen them Set up a resilient defense system to prevent future incidents / attacks Facilitate legal action with the authorities 30

31 Reference: McAfee Labs Threats Report, November Information Security Guidelines for SMEshttp:// MEs.pdf A Ten Step Process for Forensic Readiness, International Journal of Digital Forensics, Volume 2, Issue 3, Winter 2004http:// B4E0-1F6A-156F501C49CF5F51.pdf Global Cybersecurity Index and Cyberwelness profile Report Coordinated Malware Eradication 31

32 What do you see? Apple vs Xioami Range Rover Evoque vs Land Wind X7 32

33 33