DATA BREACH INCIDENTS ARE DEVASTATING … › images › SeminarKD › 2018 › Slide...WAN ZULHAMLI WAN ABDUL RAHMAN KETUA JABATAN KAJIAN STRATEGIK DAN NASIHAT, CYBERSECURITY MALAYSIA

Copyright © 2018 CyberSecurity Malaysia

DATA BREACH INCIDENTS ARE DEVASTATING

WAN ZULHAMLI WAN ABDUL RAHMANKETUA JABATAN KAJIAN STRATEGIK DAN NASIHAT,

CYBERSECURITY MALAYSIA

11 OCTOBER 2018

2

OUR CYBER WORLD TODAY

3

4.17B i l l i o nDigital citizens

worldwideby 2020

( e M a r k e t e r , 2 0 1 6 )

55%

Digital citizensin Asia

Source: Internet World Stats

(As of June 2018)

4 ,021,000,000

Source: We Are Social (A global agency that collects data from Google, Ericsson, Akamai, GlobalWebIndex & Stat counter)

Digital citizens worldwide( A s o f A p r i l 2 0 1 7 )

25,080,000Digital citizens

(As of January 2018)

Source: We Are Social , Hootsuite

in Malaysia

HIGHLY CONNECTEDT h e W o r l d To d a y i s

2,062,136,472

Presenter

Presentation Notes

32.4 juta rakyat malaysia = 78% is digitally connected 7.7 billion world population = 52% is digitally connected

EXPANSION OF NEW TECHNOLOGIES INTO CYBERSPACE- More Exposure to Growing Cyber Risks In Digital Environment

Presenter

Presentation Notes

Trend Micro Asia Pacific, Middle East and Africa Vice-President Dhanya Thakkar said Malaysia was still a long way of from being ready for the industrial revolution 4.0 (IR4.0) especially in terms of cyber security. Malaysia spends 0.08 per cent of its gross domestic product for cyber security purposes. This is still not enough compared with other countries

5

WE ARE MOVING INTO A MORE INTERCONNECTED CYBERSPACE

TOP 5 RISKS LIKELIHOOD IN 2018

Presenter

Presentation Notes

The Global Risks Report is based on the annual Global Risks Perception Survey (GRPS)1, completed by 900 members of the World Economic Forum’s global multi-stakeholder community. Respondents are drawn from business, academia, civil society and the public.

7

GLOBAL CYBER SECURITY LANDSCAPE

RISK OF ECONOMIC LOSS DUE TO CYBERCRIMES

9

RISING TREND OF CYBER ATTACKS ON CRITICAL SYSTEMS

RISING TREND ON CYBERCRIMES - REPLACING TRADITIONAL CRIMES

• Total financial losses could be as a high as $1 billion

• Spyware let the group learn how money was processed, sent and received – the spyware gave attackers the ability to gain remote control of the bank's computer.

12

RISING TREND OF DARKNET PLATFORM TO BUY AND SELL STOLEN DATA

- CHEAPER, EASIER & LESS RISK FOR THE CYBER CRIMINALS TO CONDUCT CRIME

Presenter

Presentation Notes

common social engineering attack examples were phone and messaging scams. “Scammers pretend to be someone calling or texting from the telco since they can prove they have the target’s personal details,” said Chow, who is with cybersecurity and malware protection company Fortinet. He added that the scammers would then try to trick the victim in various ways. These include transferring funds into their accounts and installing “telco applications” containing malware or spyware, which will be used to exploit the target in future. “The devices would likely not be hacked directly, but anyone with the data dump information and a little creativity may convince unsuspecting victims to install malware on their devices. “Users need to be alert when receiving calls and messages from strangers. Do not get tricked into sharing more personal details, transferring funds or installing apps,

13

RISING TREND ON ATTACK SOPHISTICATION- Cyber Attack Uses Structured Process

Source : http://amosval.com

Presenter

Presentation Notes

This slide explains about the current threat contributors consist of attack platform, types of threat actors, monetary factor and type of attack method To date, phishing is the most promising platform that lead to further cyber attack. RM4,500 per 10k data

GLOBALDATA BREACH SCENARIO

DATA BREACH IS A GLOBAL PROBLEM

Presenter

Presentation Notes

Equifax cyber attack = 147 juta americans dan berjumlah Singapore health attack =

Underpinning Data Breach Issue- Is Cyber Espionage

RISING TREND OF DATA BREACHES

https://breachlevelindex.com/

https://breachlevelindex.com/

Presenter

Presentation Notes

In 2013, the energy company BP said it experienced about 50,000 daily attempts at cyber intrusion, but that would represent a holiday at the Pentagon and National Nuclear Security Administration, which each sees 200 times as many online attacks.

TRENDS OF CYBER THREATS IN MALAYSIA

19

20

MALAYSIA IS DRIVEN BY DIGITAL TECHNOLOGY- Bringing Along New Technologies That Come With New Security Issues

FinTech - technologies that are disrupting traditional financial services i.e. mobile payments, money transfers, loans“….investment in Fintech around the world has increased dramatically from $930 million in 2008 to more than $12 billion by early 2015” - Accenture Source: https://www.forbes.com/sites/bernardmarr/2017/02/10/a-complete-

beginners-guide-to-fintech-in-2017/#2f6414393340.

MALAYSIANS ARE STILL VULNERABLE TO CYBER FRAUDS

3358

NEW TARGET OF CYBER CRIMINALS -DATA MEANS MONEY

KNOWN MALAYSIA DATA BREACH IN NUMBERS

46.2 Million

Malaysia Telco

10.5 Million

Ministry of Education

220,000

Malaysian organ donors and their next-of-kin

110,000

Astro

81,309

Malaysia Medical Association and Malaysia Dental Association

3.88 Million

Jobstreet

Presenter

Presentation Notes

Astro 60k data being sold at RM4,500 for 10,000 records, or RM0.45 per record. + 50k RM3,000 for 10,000 records MMA = 20K, MMC 62K Telco = details are believed to be updated from 2012 to 2015 Total = almost 61 million data��MOE Data = what the vulnerable system was, how to exploit the vulnerability and finally (and most importantly!) a link to a Google Drive folder containing Gigabytes of data.

JOBSTREET DATA BREACH

MALAYSIA MEDICAL ASSOCIATION DATA BREACH

TELCO DATA BREACH

SAMPLE OF THE SELLING THREAD

• Diversion of employees from strategic initiatives to work on damage control

• Cybersecurity improvement

• Operational Disruption

• Diversion of employees from strategic initiatives to work on damage control

• Post-Breach customer protection

• Detection and escalation• Notification• Lost business / contract• Response costs• Competitive

disadvantage• Insurance premium cost

• Sensitive media scrutiny

• Public Relation• Loss of intellectual

Property / Asset

Brand Financial

OperationalRegulatory

28

INSECURITY CAUSES DEVASTATING IMPACTS - Cyber Risks and Impacts of Data Breach

Approach

Data loss prevention should not be an afterthought.

Data breaches can result in:

Loss or compromise of Personally Identifiable Information (PII)records;

Theft of classified information, valuable intellectual property andtrade secrets(financial impact); and

Compromise of critical information infrastructure that canthreaten national security and societal well-being.

Pro-active and comprehensive approach is necessary for:

Early detection and prevention of cyber incidents; Stringent Access Control Policy Data classification Mitigation of the risks of cyber incident. Incident Management including Breach Notification

30

Key Take Away ;

Presenter

Presentation Notes

Loss of IP happened to one of the university in USA. CII info such as energy sector, communication sector and public services

PROPOSED WAY FORWARD

31

Adopting innovative measures to address evolving cyberthreats;

o Assess your internal risk culture - reveal how well an

organization and its leaders support a cyber risk culture

o Prioritise targeted training - to tailor ongoing training

initiatives to different employee groups.

o Rethink your skills strategies - assess skills gaps at regular

intervals and determine how to best fill those gaps

Copyright © 2017 CyberSecurity Malaysia

Documents

DATA BREACH INCIDENTS ARE DEVASTATING … › images › SeminarKD › 2018 › Slide...WAN ZULHAMLI WAN ABDUL RAHMAN KETUA JABATAN KAJIAN STRATEGIK DAN NASIHAT, CYBERSECURITY MALAYSIA