staying ahead of evolving cyber threats_dr. amir
DESCRIPTION
Staying Ahead of Evolving Cyber Threats By Dr. Amir of MOSTI, MalaysiaTRANSCRIPT
Copyright © 2015 CyberSecurity MalaysiaCopyright © 2015 CyberSecurity Malaysia
STAYING AHEAD OF EVOLVING CYBER THREATS IN THE BUSINESS SECTOR
Dr. Amirudin bin Abdul WahabChief Executive OfficerCyberSecurity Malaysia
7 September 2015
Copyright © 2015 CyberSecurity Malaysia
• INTRODUCTION
• CYBER THREATS IN THE BUSINESS SECTOR
• MALAYSIA ’ S INITIATIVES IN ADDRESSING CYBERSECURITY THREATS
• CONCLUSION ANDWAY FORWARD
2
SCOPE
Copyright © 2015 CyberSecurity Malaysia
§ With the increase in sophistication and proliferation of the threatlandscape, security challenges in the cyberspace have become morecomplexwhile security threats grow at an alarmingrate.
§ The constantly evolving nature of cyber threats and vulnerabilities areposing a persistent challenge to the business sector with the threat ofattack on the critical national information infrastructure.
§ The dynamic nature of the cyber risk environment requirescontinuous proactiveand innovative cyber-‐protection capability.
3
INTRODUCTION
Copyright © 2015 CyberSecurity Malaysia
WORLD INTERNET USERS
4
Copyright © 2015 CyberSecurity Malaysia 5
THE GLOBAL RISKS 2015 – THREATS IN THE CYBERSPACE
Copyright © 2015 CyberSecurity Malaysia
VISION 2020
Preservation and Enhancement of Unity in Diversity
1Malaysia
People First, Performance Now“Towards Digital
Economy”
Effective Delivery of Government services
Government Transformation
Programme (GTP)
“6 National Key Result Areas (NKRAs)”
New Economic Model: A high
Income, inclusive and sustainable nation
Economic Transformation
Programme (ETP)
“A High Income, Inclusive and Sustainable Nation”
Anchoring Growth
on People
11th Malaysia Plan
“The people economy will be given priority”
CyberSecurity & Economic Innovationare mutually reinforcing
Cyber Security Support Malaysia’s Transformation Programme That DriveWealth Creation And Enhance The Standard Of Living To Move Malaysia To ADeveloped Digital Economy By 2020.
MALAYSIA’S TRANSFORMATION TOWARDS A DIGITAL ECONOMY
6
Copyright © 2015 CyberSecurity Malaysia
CYBER THREATS IN THE BUSINESS SECTOR– Threat Of Cyber Attack On The Critical Information Infrastructure
7
Copyright © 2015 CyberSecurity Malaysia 8
“Cyber crime costs the global economy about $445 billion every year, with the damage to business from the theft of intellectual property exceeding the $160 billion loss to individuals from hacking………”
-‐ The Center for Strategic and International Studies, U.S.A 2014
“The growing menace of cybercrime is impacting the global economy significantly with estimated annual losses of up to USD 575 billion..”
-‐ McAfee 2014
COST OF CYBER CRIMES
Copyright © 2015 CyberSecurity Malaysia 9
CHANGES IN CYBER CRIME MEGATRENDS
Note: A negative percentage indicates that the security risk rating is expected to increase. A positive percentage indicates that risk is forecasted to decline.
Source: 2015 Global Megatrends in Cybersecurity, Ponemon Institute, February 2015
Copyright © 2015 CyberSecurity Malaysia 10
COST OF CYBERCRIME TO INDUSTRIES
Average annualized cost by industry sector: Cost expressed in US dollars (million)
Source: 2014 Global Report on the Cost of Cyber Crime
Copyright © 2015 CyberSecurity Malaysia 11
CYBER THREATS IN THE BUSINESS SECTOR– Financial Industry
Copyright © 2015 CyberSecurity Malaysia 12
CYBER THREATS IN THE BUSINESS SECTOR– Health Care Industry
Copyright © 2015 CyberSecurity Malaysia 13
CYBER THREATS IN THE BUSINESS SECTOR– Maritime Industry
Copyright © 2015 CyberSecurity Malaysia 14
CYBER THREATS IN THE BUSINESS SECTOR– Aviation Industry
Copyright © 2015 CyberSecurity Malaysia 15
July 9, 2015
CYBER THREATS IN THE BUSINESS SECTOR– Energy Industry
Copyright © 2015 CyberSecurity Malaysia 16
CYBER THREATS IN THE BUSINESS SECTOR– Insiders’ Threat
Copyright © 2015 CyberSecurity Malaysia 17
TARGETED MALWARE ON INDUSTRY
Southeast Asia’s financial sector faces a dual threat. First, standard cybercriminals are looking tosteal money from them. Second, advanced threat actors are seeking sensitive financial informationfor a business advantage.
Source: Special Report -‐ Southeast Asia: An Evolving Cyber Threat LandscapeFireEye Threat Intelligence, March 2015
Copyright © 2015 CyberSecurity Malaysia 18
FINANCIAL MALWARE ATTACKS -‐ MALAYSIA
Geographical distribution of attacks with financial malware targeting users of Android-‐based devices in 2014
Source: Kaspersky Lab’s “Financial Cyber-‐threats in 2013”Report
Copyright © 2015 CyberSecurity Malaysia 19
MOBILE MALWARE ATTACKS -‐ MALAYSIA
The Geography Of Mobile Malware Infection Attempts In Q2 2015 (Percentage Of All Users Attacked)
Source: IT Threat Evolution in Q2 2015, Kapersky Lab, July 2015
Copyright © 2015 CyberSecurity Malaysia 20
CYBERCRIME LEADS TO INCREASE IN THE COST OF BUSINESSES
Copyright © 2015 CyberSecurity Malaysia
Cyber Incidents Referred to CyberSecurity Malaysia from 1997 – July 2015
Number of cyber security incidents referred to CyberSecurity Malaysia (excluding spams)
CYBER SECURITY INCIDENTS IN MALAYSIA
21
Copyright © 2015 CyberSecurity Malaysia 22
A HOLISTIC APPROACH– People, Process, Technology & Policy
Copyright © 2015 CyberSecurity Malaysia 23
2005
National Cyber Security Policy formulated by MOSTI
NCSP Adoption and Implementation20
06CyberSecurity Malaysia
launched byPrime Minister of Malaysia
on 20 August 2007
2007
The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security
controls over vital assets
NCSP Objectives
Address The Risks To The Critical National
Information Infrastructure
Ensure That Critical Infrastructure Are Protected To A Level That Is Commensurate
With The Risks
Develop And Establish A Comprehensive Programme And A
Series Of Frameworks
• Malaysia’s Ministry of Science, Technology & Innovation (MOSTI) carried out the study on the National Cyber Security Policy (NCSP) in 2005
• National IT Council (NITC) Meeting on 7 Apr 2006 agreed to implement NCSP and establishment of the Malaysia Cyber Security Centre to administer NCSP.
• NCSP was endorsed by the Cabinet in May 2006.
• CyberSecurity Malaysia launched by Prime Minister of Malaysia on 20 Aug 2007
MALAYSIA’S INITIATIVES-‐ National Cyber Security Policy
Copyright © 2015 CyberSecurity Malaysia 24
CYBERSECURITY MALAYSIA’S MANDATE
The Cabinet Meeting on 28 September 2005, through the Joint Cabinet Notes between Ministry of Finance (MOF) and Ministry of Science, Technology and Innovation (MOSTI) No. H609/2005 agreed to create the
National ICT Security and Emergency Response Centre (NISER), currently known as CyberSecurity Malaysia as a National Body to monitor the
National e-‐Security aspectseparated from MIMOS as an agency and established as a Company Limited-‐by-‐Guarantee under the
supervision of MOSTI
The Ministerial Functions Act 1969 and The Order of Federal Government Ministers 2013
Provide specialised services in cyber security and continuously identify areas that may be detrimental to public and national security
Order No.24 -‐ Policy and Mechanism for National Cyber Crisis Management by the National SecurityCouncil, Malaysia:
As a specialist agency, CyberSecurity Malaysia is required to support as well as providetechnical assistance and training services for national cyber crisismanagement.
Copyright © 2015 CyberSecurity Malaysia
Banking & Finance
Energy
Government Service
Transportation
Health Services
Food & Agriculture
Information & Communication
Defense & Security
WaterEmergency
Services
Critical National Information Infrastructure (CNII)
Thrust 1:
Effective Governance
Thrust 2:
Legislative & Regulatory Framework
Thrust 4:
Culture of Security & Capacity Building
Thrust 3:
Cyber Security Technology Framework
Thrust 7:
Cyber Security Emergency Readiness
Thrust 8:
International Cooperation
Thrust 6:
Compliance & Enforcement
Thrust 5:
R&D Towards Self Reliance
“Malaysia’s CNII shall be secure, resilient and self-‐reliant. Infused with a culture of security it will promote stability, social
well being and wealth creation”
NATIONAL CYBER SECURITY POLICY
25
Copyright © 2015 CyberSecurity Malaysia26
MALAYSIA’S CYBER SECURITY SERVICES
26
Copyright © 2015 CyberSecurity Malaysia 27
• Reporting systems (infections), honeynet (malware forensics –static and dynamic analyses) & Microsoft
• Vendors (FireEye – IoC, threat level etc) & CERTs (info sharing) –Which malware is prevalent?
1) Forensic Analysis
• C&C, botnets, APT• Malware configuration (type)
2) Threat Coverage
• Physical takedown (local & foreign), sinkhole, blacklist• Patches and bug fixes
3) Preventive Measure
• End user, organisation (CNII or corporation), ISP (Jaring)• Governance/Management, legal, budget, time • Campaign, awareness, training, national/international
4) Target Audience
• Detection and removal tool development for automation• Technical write up, advisory and signature
5) Forensic Response
• Observation/monitoring, reinfections, challenges• Feedbacks and continuous campaign/awareness• Total eradication if not back to Step 1
6) Total Eradication
CYBERSECURITY MALAYSIA -‐ Coordinated Malware Eradication & Remediation Project (CMERP) Framework
Copyright © 2015 CyberSecurity Malaysia
PreventiveRisk Assessment
Implementation of Information Security
Controls
Adherence to Policies and Procedures
Employee Competency & Information Security
Awareness Programme
Business Continuity Management
DetectiveVulnerability Assessment &
Penetration Testing
ICT Product & System Evaluation
Incident Response Team
Data Breach Protection Tool
Corrective
Management Review
Regular Monitoring
Periodical Internal Audit
ACTIONS
Top Management Involvement
BEST PRACTICES FOR CYBER SECURITY PREPAREDNESS
28
Copyright © 2015 CyberSecurity Malaysia
MS ISO/IEC 27001:2007
29
Comprehensive Scope
•Internal and external issues that are relevant to organisational purpose;;
• Interested parties and their requirements that are relevant to the ISMS;;
•interfaces and dependencies of both internal and external activities
STRENGTHENING INFORMATION SECURITY
Copyright © 2015 CyberSecurity Malaysia
CERTIFICATE AUTHORISING PARTICIPANTS
CERTIFICATE CONSUMING PARTICIPANTS
MALAYSIA QUALIFIES TO BE AUTHORIZING PARTICIPANT BY SEPTEMBER 2011
• Participants that represent a compliant Certification Body
• Mutually recognises certified products/systems produced by the Certificate Authorising Participants based on ISO/IEC 15408
Participants that have a national interest in recognising CC certificates produced by the Certificate Authorising Participants based on ISO/IEC 15408
Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme
MISSION “to increase Malaysia’s competitiveness in quality assurance of information security based on the Common Criteria (CC) standard and to build consumers’ confidence towards Malaysian information security products”
AS OF SEPT. 2011
30
ADOPTION OF THE COMMON CRITERIA STANDARD
Copyright © 2015 CyberSecurity Malaysia
Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme provides a systematic process for evaluating and certifying the security functionality of ICT
products & systems against defined criteria or requirements of ISO/IEC 15408 Common Criteria standard
ICT PRODUCTS AND SYSTEMS EVALUATION
31
Copyright © 2015 CyberSecurity Malaysia
Collaboration between CyberSecurity Malaysia and
Institute of Higher Learning (IHL) in various comprehensive cyber
security modules
Develops curriculum in cyber security for colleges, polytechnics and universities to build expertise
in cyber security with MOE
Provides competency and professional
Training programmes
32
ENHANCEMENT OF COMPETENCY AND CAPACITY BUILDING
Copyright © 2015 CyberSecurity Malaysia
33
Other industry partners
International CERT
CommunitiesWeb Poster
Publication
Competition
Video clips
TV ad
Target Audience
Children / students
Parents / home users
Organisations
Content Localization & Packaging
Content Channels
Content Partners
www.cybersafe.my
33
AWARENESS PROGRAMMES – ADDRESSING THE PEOPLE
Copyright © 2015 CyberSecurity Malaysia 34
Strengthening Domestic Security
Cooperation at the Regional & Global Level
MITIGATING CYBER ATTACKS REQUIRES DOMESTIC & INTERNATIONAL COLLABORATION
Copyright © 2015 CyberSecurity Malaysia
CONCLUSION AND WAY FORWARD
35
• Need to foster greater collaborative engagement amongpublic and private-‐sector partners to enhance thesecurity and resilience of the critical national informationinfrastructure;
• Adopt a coherent cyber security approach by takingresponsive and proactive measures in staying ahead ofevolvingcyber threats;
• Strengthen strategic alliance and enhance internationalcooperation in addressing emerging cross-‐border cyberthreats.
Copyright © 2015 CyberSecurity MalaysiaCopyright © 2015 CyberSecurity Malaysia 36