staying ahead of evolving cyber threats_dr. amir

Copyright © 2015 CyberSecurity MalaysiaCopyright © 2015 CyberSecurity Malaysia

STAYING AHEAD OF EVOLVING CYBER THREATS IN THE BUSINESS SECTOR

Dr. Amirudin bin Abdul WahabChief Executive OfficerCyberSecurity Malaysia

7 September 2015

Copyright © 2015 CyberSecurity Malaysia

• INTRODUCTION

• CYBER THREATS IN THE BUSINESS SECTOR

• MALAYSIA ’ S INITIATIVES IN ADDRESSING CYBERSECURITY THREATS

• CONCLUSION ANDWAY FORWARD

2

SCOPE


§ With the increase in sophistication and proliferation of the threatlandscape, security challenges in the cyberspace have become morecomplexwhile security threats grow at an alarmingrate.

§ The constantly evolving nature of cyber threats and vulnerabilities areposing a persistent challenge to the business sector with the threat ofattack on the critical national information infrastructure.

§ The dynamic nature of the cyber risk environment requirescontinuous proactiveand innovative cyber-‐protection capability.

3

INTRODUCTION


WORLD INTERNET USERS

4

Copyright © 2015 CyberSecurity Malaysia 5

THE GLOBAL RISKS 2015 – THREATS IN THE CYBERSPACE


VISION 2020

Preservation and Enhancement of Unity in Diversity

1Malaysia

People First, Performance Now“Towards Digital

Economy”

Effective Delivery of Government services

Government Transformation

Programme (GTP)

“6 National Key Result Areas (NKRAs)”

New Economic Model: A high

Income, inclusive and sustainable nation

Economic Transformation

Programme (ETP)

“A High Income, Inclusive and Sustainable Nation”

Anchoring Growth

on People

11th Malaysia Plan

“The people economy will be given priority”

CyberSecurity & Economic Innovationare mutually reinforcing

Cyber Security Support Malaysia’s Transformation Programme That DriveWealth Creation And Enhance The Standard Of Living To Move Malaysia To ADeveloped Digital Economy By 2020.

MALAYSIA’S TRANSFORMATION TOWARDS A DIGITAL ECONOMY

6


CYBER THREATS IN THE BUSINESS SECTOR– Threat Of Cyber Attack On The Critical Information Infrastructure

7


“Cyber crime costs the global economy about $445 billion every year, with the damage to business from the theft of intellectual property exceeding the $160 billion loss to individuals from hacking………”

-‐ The Center for Strategic and International Studies, U.S.A 2014

“The growing menace of cybercrime is impacting the global economy significantly with estimated annual losses of up to USD 575 billion..”

-‐ McAfee 2014

COST OF CYBER CRIMES


CHANGES IN CYBER CRIME MEGATRENDS

Note: A negative percentage indicates that the security risk rating is expected to increase. A positive percentage indicates that risk is forecasted to decline.

Source: 2015 Global Megatrends in Cybersecurity, Ponemon Institute, February 2015


COST OF CYBERCRIME TO INDUSTRIES

Average annualized cost by industry sector: Cost expressed in US dollars (million)

Source: 2014 Global Report on the Cost of Cyber Crime


CYBER THREATS IN THE BUSINESS SECTOR– Financial Industry


CYBER THREATS IN THE BUSINESS SECTOR– Health Care Industry


CYBER THREATS IN THE BUSINESS SECTOR– Maritime Industry


CYBER THREATS IN THE BUSINESS SECTOR– Aviation Industry


July 9, 2015

CYBER THREATS IN THE BUSINESS SECTOR– Energy Industry


CYBER THREATS IN THE BUSINESS SECTOR– Insiders’ Threat


TARGETED MALWARE ON INDUSTRY

Southeast Asia’s financial sector faces a dual threat. First, standard cybercriminals are looking tosteal money from them. Second, advanced threat actors are seeking sensitive financial informationfor a business advantage.

Source: Special Report -‐ Southeast Asia: An Evolving Cyber Threat LandscapeFireEye Threat Intelligence, March 2015


FINANCIAL MALWARE ATTACKS -‐ MALAYSIA

Geographical distribution of attacks with financial malware targeting users of Android-‐based devices in 2014

Source: Kaspersky Lab’s “Financial Cyber-‐threats in 2013”Report


MOBILE MALWARE ATTACKS -‐ MALAYSIA

The Geography Of Mobile Malware Infection Attempts In Q2 2015 (Percentage Of All Users Attacked)

Source: IT Threat Evolution in Q2 2015, Kapersky Lab, July 2015


CYBERCRIME LEADS TO INCREASE IN THE COST OF BUSINESSES


Cyber Incidents Referred to CyberSecurity Malaysia from 1997 – July 2015

Number of cyber security incidents referred to CyberSecurity Malaysia (excluding spams)

CYBER SECURITY INCIDENTS IN MALAYSIA

21


A HOLISTIC APPROACH– People, Process, Technology & Policy


2005

National Cyber Security Policy formulated by MOSTI

NCSP Adoption and Implementation20

06CyberSecurity Malaysia

launched byPrime Minister of Malaysia

on 20 August 2007

2007

The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security

controls over vital assets

NCSP Objectives

Address The Risks To The Critical National

Information Infrastructure

Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate

With The Risks

Develop And Establish A Comprehensive Programme And A

Series Of Frameworks

• Malaysia’s Ministry of Science, Technology & Innovation (MOSTI) carried out the study on the National Cyber Security Policy (NCSP) in 2005

• National IT Council (NITC) Meeting on 7 Apr 2006 agreed to implement NCSP and establishment of the Malaysia Cyber Security Centre to administer NCSP.

• NCSP was endorsed by the Cabinet in May 2006.

• CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007

MALAYSIA’S INITIATIVES-‐ National Cyber Security Policy


CYBERSECURITY MALAYSIA’S MANDATE

The Cabinet Meeting on 28 September 2005, through the Joint Cabinet Notes between Ministry of Finance (MOF) and Ministry of Science, Technology and Innovation (MOSTI) No. H609/2005 agreed to create the

National ICT Security and Emergency Response Centre (NISER), currently known as CyberSecurity Malaysia as a National Body to monitor the

National e-‐Security aspectseparated from MIMOS as an agency and established as a Company Limited-‐by-‐Guarantee under the

supervision of MOSTI

The Ministerial Functions Act 1969 and The Order of Federal Government Ministers 2013

Provide specialised services in cyber security and continuously identify areas that may be detrimental to public and national security

Order No.24 -‐ Policy and Mechanism for National Cyber Crisis Management by the National SecurityCouncil, Malaysia:

As a specialist agency, CyberSecurity Malaysia is required to support as well as providetechnical assistance and training services for national cyber crisismanagement.


Banking & Finance

Energy

Government Service

Transportation

Health Services

Food & Agriculture

Information & Communication

Defense & Security

WaterEmergency

Services

Critical National Information Infrastructure (CNII)

Thrust 1:

Effective Governance

Thrust 2:

Legislative & Regulatory Framework

Thrust 4:

Culture of Security & Capacity Building

Thrust 3:

Cyber Security Technology Framework

Thrust 7:

Cyber Security Emergency Readiness

Thrust 8:

International Cooperation

Thrust 6:

Compliance & Enforcement

Thrust 5:

R&D Towards Self Reliance

“Malaysia’s CNII shall be secure, resilient and self-‐reliant. Infused with a culture of security it will promote stability, social

well being and wealth creation”

NATIONAL CYBER SECURITY POLICY

25


• Reporting systems (infections), honeynet (malware forensics –static and dynamic analyses) & Microsoft

• Vendors (FireEye – IoC, threat level etc) & CERTs (info sharing) –Which malware is prevalent?

1) Forensic Analysis

• C&C, botnets, APT• Malware configuration (type)

2) Threat Coverage

• Physical takedown (local & foreign), sinkhole, blacklist• Patches and bug fixes

3) Preventive Measure

• End user, organisation (CNII or corporation), ISP (Jaring)• Governance/Management, legal, budget, time • Campaign, awareness, training, national/international

4) Target Audience

• Detection and removal tool development for automation• Technical write up, advisory and signature

5) Forensic Response

• Observation/monitoring, reinfections, challenges• Feedbacks and continuous campaign/awareness• Total eradication if not back to Step 1

6) Total Eradication

CYBERSECURITY MALAYSIA -‐ Coordinated Malware Eradication & Remediation Project (CMERP) Framework


PreventiveRisk Assessment

Implementation of Information Security

Controls

Adherence to Policies and Procedures

Employee Competency & Information Security

Awareness Programme

Business Continuity Management

DetectiveVulnerability Assessment &

Penetration Testing

ICT Product & System Evaluation

Incident Response Team

Data Breach Protection Tool

Corrective

Management Review

Regular Monitoring

Periodical Internal Audit

ACTIONS

Top Management Involvement

BEST PRACTICES FOR CYBER SECURITY PREPAREDNESS

28


MS ISO/IEC 27001:2007

29

Comprehensive Scope

•Internal and external issues that are relevant to organisational purpose;;

• Interested parties and their requirements that are relevant to the ISMS;;

•interfaces and dependencies of both internal and external activities

STRENGTHENING INFORMATION SECURITY


CERTIFICATE AUTHORISING PARTICIPANTS

CERTIFICATE CONSUMING PARTICIPANTS

MALAYSIA QUALIFIES TO BE AUTHORIZING PARTICIPANT BY SEPTEMBER 2011

• Participants that represent a compliant Certification Body

• Mutually recognises certified products/systems produced by the Certificate Authorising Participants based on ISO/IEC 15408

Participants that have a national interest in recognising CC certificates produced by the Certificate Authorising Participants based on ISO/IEC 15408

Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme

MISSION “to increase Malaysia’s competitiveness in quality assurance of information security based on the Common Criteria (CC) standard and to build consumers’ confidence towards Malaysian information security products”

AS OF SEPT. 2011

30

ADOPTION OF THE COMMON CRITERIA STANDARD


Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme provides a systematic process for evaluating and certifying the security functionality of ICT

products & systems against defined criteria or requirements of ISO/IEC 15408 Common Criteria standard

ICT PRODUCTS AND SYSTEMS EVALUATION

31


Collaboration between CyberSecurity Malaysia and

Institute of Higher Learning (IHL) in various comprehensive cyber

security modules

Develops curriculum in cyber security for colleges, polytechnics and universities to build expertise

in cyber security with MOE

Provides competency and professional

Training programmes

32

ENHANCEMENT OF COMPETENCY AND CAPACITY BUILDING


33

Other industry partners

International CERT

CommunitiesWeb Poster

Publication

Competition

Video clips

TV ad

Target Audience

Children / students

Parents / home users

Organisations

Content Localization & Packaging

Content Channels

Content Partners

www.cybersafe.my

33

AWARENESS PROGRAMMES – ADDRESSING THE PEOPLE


Strengthening Domestic Security

Cooperation at the Regional & Global Level

MITIGATING CYBER ATTACKS REQUIRES DOMESTIC & INTERNATIONAL COLLABORATION


CONCLUSION AND WAY FORWARD

35

• Need to foster greater collaborative engagement amongpublic and private-‐sector partners to enhance thesecurity and resilience of the critical national informationinfrastructure;

• Adopt a coherent cyber security approach by takingresponsive and proactive measures in staying ahead ofevolvingcyber threats;

• Strengthen strategic alliance and enhance internationalcooperation in addressing emerging cross-‐border cyberthreats.

staying ahead of evolving cyber threats_dr. amir

Documents

cybersecurity malaysiastaying

cybersecurity malaysiavision

evolving cyber threats

cost of cyber crimecopyright

cost of cyber crimescopyright

global economy

cyber crime megatrendsnote

business sector health