NEW TECHNOLOGIES IN CYBER SECURITY - COMPETITIVE ADVANTAGE OR HIDDEN THREAT: MALAYSIA S EXPERIENCE by DATO DR. HAJI AMIRUDIN ABDUL WAHAB Chief Executive Officer 22 Sep 2017 Copyright 2017 2015 CyberSecurity Malaysia
DIGITAL ENVIRONMENT - Emerging Technologies
DIGITAL DISRUPTION Threat or Opportunity? It's great to be part of the disruptors, but scary when we are the one being disrupted 3
CURRENT DIGITAL LANDSCAPE DON T FEEL PREPARED NEED PROTECTION AGAINTS ATTACKS EXPECT RISKS & VULNERABILITIES TO INCREASE While IIoT may bring new challenges and risks, the fundamentals of security still apply. Organizations don t need to find new security controls, rather they need to figure out how to apply best practices in new environments - Tim Erlins, Director, Security & IT Risk Strategist, Tripwire EXPECT SECURITY ATTACKS TO INCREASE EXPECT IIOT DEPLOYMENT TO RISE Source: Dimensional Research for Tripwire (March 2017) (https://www.i-scoop.eu/internet-of-things-guide/industrial-internet-things-iiot-saving-costs-innovation/cybersecurity-industrialinternet-things/) 4
IoT - CAN TURN INTO INTERNET OF THREATS - More Devices With More Vulnerabilities, - James Bone, Cognitive Hack
CYBER SECURITY HAS BECOME A MAJOR SECURITY CONCERN & FACTS ABOUT THE FINANCIAL IMPACTS OF CYBER ATTACKS 1. Cyber crime damage costs to hit $6 trillion annually by 2021. 2. Cybersecurity spending to exceed $1 trillion from 2017 to 2021. 3. Cyber crime will more than triple the number of unfilled cyber security jobs, which is predicted to reach 3.5 million by 2021. 4. Human attack surface to reach 4 billion people by 2020. 5. Global ransomware damage costs are predicted to exceed $5 billion in 2017. http://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics-for-2017.html Copyright CyberSecurity Malaysia 6
Evolution of Cyber Attacks 7
UNDERSTANDING CYBER THREAT & POTENTIAL RISKS 8
9
CYBER SECURITY IS TOP MANAGEMENT ISSUE -Cyber Risks and Impacts of Cyber Attacks Brand impact Regulatory impact Sensitive media scrutiny Customer churn Loss of business due to critical intellectual asset loss Independent audits Regulatory fines Restriction on information sharing Implementation of comprehensive security solutions Financial impact Operational impact Detection and escalation Notification Lost business Response costs Competitive disadvantage Diversion of employees from strategic initiatives to work on damage control 10
RISKS OF CYBER ATTACKS - Financial Impacts 11
GLOBAL NEWS IN 2017 - Operational Impacts This growth in DDoS was bad news for UK businesses, which were the second most targeted during Q2 2017, suffering over 32.5 million attacks. The US took the unfortunate top spot, being subjected to over 122.4 million attacks in just three months. A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine s central bank, state telecom, municipal metro, and Kiev s Boryspil Airport. 12
CYBER ATTACKS IN ASIA PACIFIC - Operational Impacts Source : Cyber_Risk_In_Asia-Pacific_The_Case_For_Greater_Transparency by Oliver Wyman 13
RISKS OF CYBER ATTACKS - Impacts on Image and Branding
RISKS OF CYBER ATTACKS - Impacts on Image 15
RISKS OF CYBER ATTACKS - Regulatory and Legal Impacts The cord-blood bank agreed to settle Federal Trade Commission charges it failed to protect customer data due to inadequate security that exposed Social Security and credit-card information on 300,000 people. Source: https://www.google.com/#q=the+cord-blood+bank+agreed+to+settle+federal+trade+commission 16
THE IMPACTS OF EMERGING CYBER ATTACKS CAN BE MORE DAMAGING 17 17
MALAYSIA S DIGITAL LANDSCAPE 18
MALAYSIA IS TRANSFORMING ITSELF TO BECOME A DIGITAL NATION FinTech - technologies that are disrupting traditional financial services i.e. mobile payments, money transfers, loans.investment in Fintech around the world has increased dramatically from $930 million in 2008 to more than $12 billion by early 2015 - Accenture Source: https://www.forbes.com/sites/bernardmarr/2017/02/10/a-completebeginners-guide-to-fintech-in-2017/#2f6414393340. 19
CYBER ATTACKS - RISK OF HIGHEST CONCERN IN MALAYSIA 20
Malaysia s Top Security Concerns 2017 Personal safety 65 Financial obligations 68 Natural disasters 69 Online shopping 73 War/terrorism 73 Virus/hacking 77 ID theft 87 Bankcard Fraud 88 0 20 40 60 80 100 Source: 2017 UniSys Security Index 21
CYBER INCIDENTS REFERRED TO CYBERSECURITY MALAYSIA (1998 31 AUGUST 2017) 16000 15218 14000 12000 10000 8000 Type of incidents: (Excluding Spam) 1. Intrusion 2. 1. Intrusion Attempt 3. 2. Denial Intrusion of Service Attempt Attack (DOS) 4. 3. Fraud Denial of Service Attack (DOS) 5. 4. Cyber Fraud Harassment 6. 5. Spam Cyber Harassment 7. 6. Content Spam Related 8. 7. Vulnerabilities Content Related Report 9. 8. Malicious Vulnerabilities Codes Report 9. Malicious Codes 8090 9986 10636 10636 11918 8334 As of 31 Aug 2017 6000 5484 4000 3566 2000 0 2123 1372 860 912 915 1038 527 625 754 196 347 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 22
Cyber Security Incident (1 Jan -31 Aug 2017) Cyber Security Incident Jan Feb Mar Apr May June Jul Aug Total Fraud 296 233 274 265 346 298 329 382 2423 Intrusion 98 201 148 101 138 284 146 363 1479 Malicious Code 94 68 65 62 92 71 62 56 570 Cyber Harassment 41 45 64 71 119 39 27 25 431 Content Related 2 5 9 2 9 2 1 4 34 Intrusion Attempt 39 19 32 41 22 8 37 31 229 Spam 26 38 24 30 31 32 36 30 247 DDoS 11 0 3 3 1 3 8 6 35 Vulberabilities 5 2 8 3 1 4 2 11 36 Total 612 611 627 578 759 741 648 908 5484
MALAYSIA S REGIONAL APPROACH & ENGAGEMENT WITH PROFESSIONAL COMMUNITY - Turning the risks into opportunities 24
Adoption of HOLISTIC APPROACH that identifies potential threats to CNII organization and impacts to the national security & public well-being AND; to develop the nation to become cyber resilience having the capability to safeguard the interests of its stakeholders, reputation, brand and value creating activities 25
RISK MANAGEMENT THROUGH TECHNOLOGY (LEVERAGING NEW TECHNOLOGIES TO STAY AHEAD OF EMERGING THREATS) 26
TRADITIONAL CYBER SECURITY APPROACH - Important but not sufficient Leaves significant gaps in cyber defence Most APT malware lies dormant and remains undetected A new approach is required to address APT and new breed of cyber attacks Malware is racing ahead and existing security tools can not keep up...intelligent & automated threat detection and response is absolutely critical moving forward 27
A Time of Great Risk: The Time Between Compromise and Mitigation Source: ciosummits.com 28
SECURITY INNOVATION NEED TO EVOLVE WITH TECHNOLOGY ADVANCEMENT 29
ENSURING CONTINUITY OF BUSINESS OPERATION via ADAPTIVE SECURITY To be more proactive, dynamic and integrated in cyber security approach 30
User and Entity Behaviour Analytics (UEBA) Source:sqrrl.com 31
NEW TECHNOLOGIES AS NEW CYBER TOOLS SECURITY INTELLIGENT Building Security Descriptive, Predictive and Prescriptive Analytics Capabilities innovative data scientists and architects already realize that semantics is the key to delivering meaning and context to information. Adaptive Learning Algorithms can detect the step-by-step penetration of APT malware (Phishing, Trojans, Adware, Botnets...) 32
Way Forward - Key Questions to CISO Source:ibm.com 33
RISK MANAGEMENT THROUGH PROCESS (POLICY FRAMEWORK, LEGAL & GOVERNANCE, QUALITY MANAGEMENT & BEST PRACTICES AND DOMESTIC & INTERNATIONAL COOPERATION) 34
Cyber Security Eco System in Malaysia POLICY Formulating & Coordinating Policy NATIONAL SECURITY COUNCIL NATIONAL CYBER SECURITY AGENCY (NACSA) NATIONAL CYBER SECURITY POLICY Government Agencies Critical Information Infrastructure Internet Service Providers Industry Academia Cyber Security Professionals Public LAW ENFORCEMENT AGENCIES & REGULATORS Preventing & Combating Terrorism through Law Enforcement ROYAL MALAYSIAN POLICE BANK NEGARA MALAYSIA MALAYSIAN COMMUNICATION & MULTIMEDIA COMMISSION TECHNICAL SUPPORT Providing Technical Supports & Services CYBERSECURITY MALAYSIA
NATIONAL CYBER SECURITY POLICY VISION Thrust 1: Effective Governance Thrust 2: Legislative & Regulatory Framework Malaysia s CNII shall be secure, resilient and self-reliant. Infused with a culture of security it will promote stability, social well being and wealth creation Energy Banking & Finance Thrust 5: R&D Towards Self Reliance Thrust 6: Compliance & Enforcement Thrust 3: Cyber Security Technology Framework Government Service Emergency Services Water Health Service s Defense & Security Food & Agriculture Thrust 7: Cyber Security Emergency Readiness Thrust 4: Culture of Security & Capacity Building Transportation Information & Communication Critical National Information Infrastructure (CNII) Thrust 8: International Cooperation
MALAYSIA S CYBER SECURITY SERVICES - via Proactive and Responsive Services 37
RESPONSIVE AND MITIGATIVE ACTIONS - Minimize Impacts of Cyber Attacks via Cyber Crisis Management X-MAYA - National Cyber Crisis Exercise (Cyber Drill) conducted by CyberSecurity Malaysia in collaboration with the National Security Council. The X-MAYA - to assess and improve the National Cyber Crisis Management Plan together with CNII's readiness against the threat of cyber attacks.
CYBER SECURITY EMERGENCY READINESS
RESPONSIVE AND RECOVERY ACTIONS - Minimizing and recovering from losses CyberD.E.F Detection Eradication Forensic 40
HANDLING OF RANSOMWARE CASES - Post-event Crisis Management [TRANSLATION OF THE NEWS HEADLINES: MYCERT DEFEATED RANSOMWARE] 41
RISK-BASED CYBER SECURITY via DOMESTIC & INTERNATIONAL COLLABORATION - ASEAN CERT ITU CSCAP ARF OIC CERT FIRST APCERT SOVEREIGN STATES VIA BILATERAL/MULTIL ATERAL ENGAGEMENT Regional and Global Cyber Security Cooperation INTERNATIONAL SECURITY Protecting Common Interests Confidence Building Measures DOMESTIC SECURITY Protecting National Security, Prosperity and Public Safety Legal and Policy Framework Public Private Partnership
INFORMATION SHARING IN COMBATING CYBER CRIME - Minimizing Risks of Cyber Attacks
RISK MANAMENT THROUGH PEOPLE (THE WEAKEST LINK HUMAN) 44
NATIONAL STRATEGY FOR CYBER SECURITY ACCULTURATION & CAPACITY BUILDING PROGRAM The study was completed in November 2010 The capacity building programs are targeted towards Critical National Information Infrastructure (CNII) Focusing on efforts to increase the knowledge and skill sets on the information security workforce Aimed at creating a quality and well-equipped information security workforce and promoting recognition of the Information Security profession. 45
MALAYSIA S APPROACH IN CAPACITY BUILDING THROUGH BILATERAL & MULTI LATERAL PARTNERSHIP As cyber threats become more diverse, persistent and sophisticated; there is a need for bi-lateral & multistakeholders partnership in cyber security capacity building to formulate a framework for the creation of a competent cybersecurity workforce both at national and regional levels 4
PARTNERSHIP TO DEVELOP MORE CYBER SECURITY PROFESSIONALS 47 47
PARTNERSHIP IN PRODUCING MORE CYBER SECURITY TALENTS WITH THE LOCAL UNIVERSITIES Universities & Higher Learning Institutions The National University of Malaysia Ministry of Education Department of Polytechnic Education Department Of Community College Education International Islamic University Malaysia (IIUM) Universiti Tunku Abdul Rahman (UTAR) University of Kuala Lumpur (UniKL) University Putra Malaysia (UPM) Multimedia University (MMU) University Teknikal Malaysia Melaka (UTeM) etc 48
PARTNERSHIP IN CYBERSECURITY R&D ACTIVITIES Staying Ahead Through Innovative & Effective R&D Capacity Building Programs To Identify Technologies That Are Relevant and Desirable by the CNII To Promote Collaboration with International Centres of Excellence To Provide Domain Competency Development 49
OUR ACHIEVEMENTS SO FAR The Global Cybersecurity Index (GCI) is a survey that measure the commitment of Member States to cyber security The assessment were weighted based on the five pillars of the GCI below: 1. Legal: Measured based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime. 2. Technical: Measured based on the existence of technical institutions and frameworks dealing with cybersecurity. 3. Organizational: Measured based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level. 4. Capacity Building: Measured based on the existence of research and development, education and training programmes; certified professionals and public sector agencies fostering capacity building. 5. Cooperation: Measured based on the existence of partnerships, cooperative frameworks and information sharing networks. 50
ITU GLOBAL CYBER SECURITY INDEX 2017 - Malaysia is 3rd in Global Ranking COUNTRY GCI SCORE LEGAL TECHNICAL ORGANIZATIONAL CAPACITY BUILDING COOPERATION 51
The Global Cybersecurity Index (GCI) Top three countries in Asia and the Pacific region 52
CONCLUSION AND WAY FORWARD Our approach to cope with emerging new technologies should be equally intelligent by adopting holistic strategy and through the use of new cyber tools To effectively apply cyber security fundamentals with innovative features and techniques Strengthening Public-Private-Partnership and International Collaboration To evolve in parallel with technology by enhancing: Sharing of Information amongst relevant parties Cyber Incidents Response and Coordination Innovative & Collaborative Research Capacity Building Cyber Security Awareness and Education 53