NEW TECHNOLOGIES IN CYBER SECURITY - COMPETITIVE ADVANTAGE OR HIDDEN THREAT: MALAYSIA S EXPERIENCE

Similar documents
MALAYSIA S APPROACH IN CAPACITY BUILDING. Dr Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia 24 March 2017

Are Cyber Security Exercises Useful? The Malaysian Case Study. Adli Wahid Head of Malaysia CERT (MyCERT) Twitter: adliwahid

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

The UK s National Cyber Security Strategy

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Emerging Technologies The risks they pose to your organisations

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Are we breached? Deloitte's Cyber Threat Hunting

ENISA EU Threat Landscape

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

Cybersecurity Strategy of the Republic of Cyprus

Physical security advisory services Securing your organisation s future

Provisional Translation

European Union Agency for Network and Information Security

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

DETECTION, ERADICATION & FORENSIC: CYBER THREATS INTELLIGENCE MODEL FOR CNII ORGANIZATIONS

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Commonwealth Cyber Declaration

Bradford J. Willke. 19 September 2007

Gujarat Forensic Sciences University

Risk Advisory Academy Training Brochure

Promoting Global Cybersecurity

Business continuity management and cyber resiliency

CYBER CRIME LEGISLATION COURSE MALAYSIAN COMMUNCIATIONS AND MULTIMEDIA COMMISSION MALAYSIA

Security and resilience in Information Society: the European approach

Israel and ICS Cyber Security

Cyber Security Technologies

National Cybersecurity preparation to deal with Cyber Attacks

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cybersecurity, safety and resilience - Airline perspective

Defending Our Digital Density.

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Security in India: Enabling a New Connected Era

MANAGING SECURITY THREATS IN THE NEW CONNECTED WORLD THROUGH FORENSIC READINESS

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Cyber Security in Europe

G7 Bar Associations and Councils

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

THE POWER OF TECH-SAVVY BOARDS:

Cybersecurity for ALL

Cyber Security Roadmap

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

ISACA West Florida Chapter - Cybersecurity Event

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017

DIGITAL TRUST Making digital work by making digital secure

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Security by Default: Enabling Transformation Through Cyber Resilience

The State of Cybersecurity and Digital Trust 2016

Run the business. Not the risks.

CONE 2019 Project Proposal on Cybersecurity

Cyber Security: Threat and Prevention

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM

Cyber Security in Smart Commercial Buildings 2017 to 2021

Cybersecurity and Hospitals: A Board Perspective

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

Emerging Issues: Cybersecurity. Directors College 2015

RESOLUTION 130 (REV. BUSAN, 2014)

Security in Today s Insecure World for SecureTokyo

ITU-ACMA Asia Pacific Regulators Roundtable July 2014

Implementation Strategy for Cybersecurity Workshop ITU 2016

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Cybersecurity for Health Care Providers

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Cybersecurity in Higher Ed

Securing Digital Transformation

Challenges in Developing National Cyber Security Policy Frameworks

Cybersecurity and the Board of Directors

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

The commission communication "towards a general policy on the fight against cyber crime"

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Angela McKay Director, Government Security Policy and Strategy Microsoft

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

GUIDANCE NOTE ON CYBERSECURITY

Transcription:

NEW TECHNOLOGIES IN CYBER SECURITY - COMPETITIVE ADVANTAGE OR HIDDEN THREAT: MALAYSIA S EXPERIENCE by DATO DR. HAJI AMIRUDIN ABDUL WAHAB Chief Executive Officer 22 Sep 2017 Copyright 2017 2015 CyberSecurity Malaysia

DIGITAL ENVIRONMENT - Emerging Technologies

DIGITAL DISRUPTION Threat or Opportunity? It's great to be part of the disruptors, but scary when we are the one being disrupted 3

CURRENT DIGITAL LANDSCAPE DON T FEEL PREPARED NEED PROTECTION AGAINTS ATTACKS EXPECT RISKS & VULNERABILITIES TO INCREASE While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organizations don t need to find new security controls, rather they need to figure out how to apply best practices in new environments - Tim Erlins, Director, Security & IT Risk Strategist, Tripwire EXPECT SECURITY ATTACKS TO INCREASE EXPECT IIOT DEPLOYMENT TO RISE Source: Dimensional Research for Tripwire (March 2017) (https://www.i-scoop.eu/internet-of-things-guide/industrial-internet-things-iiot-saving-costs-innovation/cybersecurity-industrialinternet-things/) 4

IoT - CAN TURN INTO INTERNET OF THREATS - More Devices With More Vulnerabilities, - James Bone, Cognitive Hack

CYBER SECURITY HAS BECOME A MAJOR SECURITY CONCERN & FACTS ABOUT THE FINANCIAL IMPACTS OF CYBER ATTACKS 1. Cyber crime damage costs to hit $6 trillion annually by 2021. 2. Cybersecurity spending to exceed $1 trillion from 2017 to 2021. 3. Cyber crime will more than triple the number of unfilled cyber security jobs, which is predicted to reach 3.5 million by 2021. 4. Human attack surface to reach 4 billion people by 2020. 5. Global ransomware damage costs are predicted to exceed $5 billion in 2017. http://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics-for-2017.html Copyright CyberSecurity Malaysia 6

Evolution of Cyber Attacks 7

UNDERSTANDING CYBER THREAT & POTENTIAL RISKS 8

9

CYBER SECURITY IS TOP MANAGEMENT ISSUE -Cyber Risks and Impacts of Cyber Attacks Brand impact Regulatory impact Sensitive media scrutiny Customer churn Loss of business due to critical intellectual asset loss Independent audits Regulatory fines Restriction on information sharing Implementation of comprehensive security solutions Financial impact Operational impact Detection and escalation Notification Lost business Response costs Competitive disadvantage Diversion of employees from strategic initiatives to work on damage control 10

RISKS OF CYBER ATTACKS - Financial Impacts 11

GLOBAL NEWS IN 2017 - Operational Impacts This growth in DDoS was bad news for UK businesses, which were the second most targeted during Q2 2017, suffering over 32.5 million attacks. The US took the unfortunate top spot, being subjected to over 122.4 million attacks in just three months. A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine s central bank, state telecom, municipal metro, and Kiev s Boryspil Airport. 12

CYBER ATTACKS IN ASIA PACIFIC - Operational Impacts Source : Cyber_Risk_In_Asia-Pacific_The_Case_For_Greater_Transparency by Oliver Wyman 13

RISKS OF CYBER ATTACKS - Impacts on Image and Branding

RISKS OF CYBER ATTACKS - Impacts on Image 15

RISKS OF CYBER ATTACKS - Regulatory and Legal Impacts The cord-blood bank agreed to settle Federal Trade Commission charges it failed to protect customer data due to inadequate security that exposed Social Security and credit-card information on 300,000 people. Source: https://www.google.com/#q=the+cord-blood+bank+agreed+to+settle+federal+trade+commission 16

THE IMPACTS OF EMERGING CYBER ATTACKS CAN BE MORE DAMAGING 17 17

MALAYSIA S DIGITAL LANDSCAPE 18

MALAYSIA IS TRANSFORMING ITSELF TO BECOME A DIGITAL NATION FinTech - technologies that are disrupting traditional financial services i.e. mobile payments, money transfers, loans.investment in Fintech around the world has increased dramatically from $930 million in 2008 to more than $12 billion by early 2015 - Accenture Source: https://www.forbes.com/sites/bernardmarr/2017/02/10/a-completebeginners-guide-to-fintech-in-2017/#2f6414393340. 19

CYBER ATTACKS - RISK OF HIGHEST CONCERN IN MALAYSIA 20

Malaysia s Top Security Concerns 2017 Personal safety 65 Financial obligations 68 Natural disasters 69 Online shopping 73 War/terrorism 73 Virus/hacking 77 ID theft 87 Bankcard Fraud 88 0 20 40 60 80 100 Source: 2017 UniSys Security Index 21

CYBER INCIDENTS REFERRED TO CYBERSECURITY MALAYSIA (1998 31 AUGUST 2017) 16000 15218 14000 12000 10000 8000 Type of incidents: (Excluding Spam) 1. Intrusion 2. 1. Intrusion Attempt 3. 2. Denial Intrusion of Service Attempt Attack (DOS) 4. 3. Fraud Denial of Service Attack (DOS) 5. 4. Cyber Fraud Harassment 6. 5. Spam Cyber Harassment 7. 6. Content Spam Related 8. 7. Vulnerabilities Content Related Report 9. 8. Malicious Vulnerabilities Codes Report 9. Malicious Codes 8090 9986 10636 10636 11918 8334 As of 31 Aug 2017 6000 5484 4000 3566 2000 0 2123 1372 860 912 915 1038 527 625 754 196 347 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 22

Cyber Security Incident (1 Jan -31 Aug 2017) Cyber Security Incident Jan Feb Mar Apr May June Jul Aug Total Fraud 296 233 274 265 346 298 329 382 2423 Intrusion 98 201 148 101 138 284 146 363 1479 Malicious Code 94 68 65 62 92 71 62 56 570 Cyber Harassment 41 45 64 71 119 39 27 25 431 Content Related 2 5 9 2 9 2 1 4 34 Intrusion Attempt 39 19 32 41 22 8 37 31 229 Spam 26 38 24 30 31 32 36 30 247 DDoS 11 0 3 3 1 3 8 6 35 Vulberabilities 5 2 8 3 1 4 2 11 36 Total 612 611 627 578 759 741 648 908 5484

MALAYSIA S REGIONAL APPROACH & ENGAGEMENT WITH PROFESSIONAL COMMUNITY - Turning the risks into opportunities 24

Adoption of HOLISTIC APPROACH that identifies potential threats to CNII organization and impacts to the national security & public well-being AND; to develop the nation to become cyber resilience having the capability to safeguard the interests of its stakeholders, reputation, brand and value creating activities 25

RISK MANAGEMENT THROUGH TECHNOLOGY (LEVERAGING NEW TECHNOLOGIES TO STAY AHEAD OF EMERGING THREATS) 26

TRADITIONAL CYBER SECURITY APPROACH - Important but not sufficient Leaves significant gaps in cyber defence Most APT malware lies dormant and remains undetected A new approach is required to address APT and new breed of cyber attacks Malware is racing ahead and existing security tools can not keep up...intelligent & automated threat detection and response is absolutely critical moving forward 27

A Time of Great Risk: The Time Between Compromise and Mitigation Source: ciosummits.com 28

SECURITY INNOVATION NEED TO EVOLVE WITH TECHNOLOGY ADVANCEMENT 29

ENSURING CONTINUITY OF BUSINESS OPERATION via ADAPTIVE SECURITY To be more proactive, dynamic and integrated in cyber security approach 30

User and Entity Behaviour Analytics (UEBA) Source:sqrrl.com 31

NEW TECHNOLOGIES AS NEW CYBER TOOLS SECURITY INTELLIGENT Building Security Descriptive, Predictive and Prescriptive Analytics Capabilities innovative data scientists and architects already realize that semantics is the key to delivering meaning and context to information. Adaptive Learning Algorithms can detect the step-by-step penetration of APT malware (Phishing, Trojans, Adware, Botnets...) 32

Way Forward - Key Questions to CISO Source:ibm.com 33

RISK MANAGEMENT THROUGH PROCESS (POLICY FRAMEWORK, LEGAL & GOVERNANCE, QUALITY MANAGEMENT & BEST PRACTICES AND DOMESTIC & INTERNATIONAL COOPERATION) 34

Cyber Security Eco System in Malaysia POLICY Formulating & Coordinating Policy NATIONAL SECURITY COUNCIL NATIONAL CYBER SECURITY AGENCY (NACSA) NATIONAL CYBER SECURITY POLICY Government Agencies Critical Information Infrastructure Internet Service Providers Industry Academia Cyber Security Professionals Public LAW ENFORCEMENT AGENCIES & REGULATORS Preventing & Combating Terrorism through Law Enforcement ROYAL MALAYSIAN POLICE BANK NEGARA MALAYSIA MALAYSIAN COMMUNICATION & MULTIMEDIA COMMISSION TECHNICAL SUPPORT Providing Technical Supports & Services CYBERSECURITY MALAYSIA

NATIONAL CYBER SECURITY POLICY VISION Thrust 1: Effective Governance Thrust 2: Legislative & Regulatory Framework Malaysia s CNII shall be secure, resilient and self-reliant. Infused with a culture of security it will promote stability, social well being and wealth creation Energy Banking & Finance Thrust 5: R&D Towards Self Reliance Thrust 6: Compliance & Enforcement Thrust 3: Cyber Security Technology Framework Government Service Emergency Services Water Health Service s Defense & Security Food & Agriculture Thrust 7: Cyber Security Emergency Readiness Thrust 4: Culture of Security & Capacity Building Transportation Information & Communication Critical National Information Infrastructure (CNII) Thrust 8: International Cooperation

MALAYSIA S CYBER SECURITY SERVICES - via Proactive and Responsive Services 37

RESPONSIVE AND MITIGATIVE ACTIONS - Minimize Impacts of Cyber Attacks via Cyber Crisis Management X-MAYA - National Cyber Crisis Exercise (Cyber Drill) conducted by CyberSecurity Malaysia in collaboration with the National Security Council. The X-MAYA - to assess and improve the National Cyber Crisis Management Plan together with CNII's readiness against the threat of cyber attacks.

CYBER SECURITY EMERGENCY READINESS

RESPONSIVE AND RECOVERY ACTIONS - Minimizing and recovering from losses CyberD.E.F Detection Eradication Forensic 40

HANDLING OF RANSOMWARE CASES - Post-event Crisis Management [TRANSLATION OF THE NEWS HEADLINES: MYCERT DEFEATED RANSOMWARE] 41

RISK-BASED CYBER SECURITY via DOMESTIC & INTERNATIONAL COLLABORATION - ASEAN CERT ITU CSCAP ARF OIC CERT FIRST APCERT SOVEREIGN STATES VIA BILATERAL/MULTIL ATERAL ENGAGEMENT Regional and Global Cyber Security Cooperation INTERNATIONAL SECURITY Protecting Common Interests Confidence Building Measures DOMESTIC SECURITY Protecting National Security, Prosperity and Public Safety Legal and Policy Framework Public Private Partnership

INFORMATION SHARING IN COMBATING CYBER CRIME - Minimizing Risks of Cyber Attacks

RISK MANAMENT THROUGH PEOPLE (THE WEAKEST LINK HUMAN) 44

NATIONAL STRATEGY FOR CYBER SECURITY ACCULTURATION & CAPACITY BUILDING PROGRAM The study was completed in November 2010 The capacity building programs are targeted towards Critical National Information Infrastructure (CNII) Focusing on efforts to increase the knowledge and skill sets on the information security workforce Aimed at creating a quality and well-equipped information security workforce and promoting recognition of the Information Security profession. 45

MALAYSIA S APPROACH IN CAPACITY BUILDING THROUGH BILATERAL & MULTI LATERAL PARTNERSHIP As cyber threats become more diverse, persistent and sophisticated; there is a need for bi-lateral & multistakeholders partnership in cyber security capacity building to formulate a framework for the creation of a competent cybersecurity workforce both at national and regional levels 4

PARTNERSHIP TO DEVELOP MORE CYBER SECURITY PROFESSIONALS 47 47

PARTNERSHIP IN PRODUCING MORE CYBER SECURITY TALENTS WITH THE LOCAL UNIVERSITIES Universities & Higher Learning Institutions The National University of Malaysia Ministry of Education Department of Polytechnic Education Department Of Community College Education International Islamic University Malaysia (IIUM) Universiti Tunku Abdul Rahman (UTAR) University of Kuala Lumpur (UniKL) University Putra Malaysia (UPM) Multimedia University (MMU) University Teknikal Malaysia Melaka (UTeM) etc 48

PARTNERSHIP IN CYBERSECURITY R&D ACTIVITIES Staying Ahead Through Innovative & Effective R&D Capacity Building Programs To Identify Technologies That Are Relevant and Desirable by the CNII To Promote Collaboration with International Centres of Excellence To Provide Domain Competency Development 49

OUR ACHIEVEMENTS SO FAR The Global Cybersecurity Index (GCI) is a survey that measure the commitment of Member States to cyber security The assessment were weighted based on the five pillars of the GCI below: 1. Legal: Measured based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime. 2. Technical: Measured based on the existence of technical institutions and frameworks dealing with cybersecurity. 3. Organizational: Measured based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level. 4. Capacity Building: Measured based on the existence of research and development, education and training programmes; certified professionals and public sector agencies fostering capacity building. 5. Cooperation: Measured based on the existence of partnerships, cooperative frameworks and information sharing networks. 50

ITU GLOBAL CYBER SECURITY INDEX 2017 - Malaysia is 3rd in Global Ranking COUNTRY GCI SCORE LEGAL TECHNICAL ORGANIZATIONAL CAPACITY BUILDING COOPERATION 51

The Global Cybersecurity Index (GCI) Top three countries in Asia and the Pacific region 52

CONCLUSION AND WAY FORWARD Our approach to cope with emerging new technologies should be equally intelligent by adopting holistic strategy and through the use of new cyber tools To effectively apply cyber security fundamentals with innovative features and techniques Strengthening Public-Private-Partnership and International Collaboration To evolve in parallel with technology by enhancing: Sharing of Information amongst relevant parties Cyber Incidents Response and Coordination Innovative & Collaborative Research Capacity Building Cyber Security Awareness and Education 53

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback