Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - Tony Chew

Tony Chew

Managing Director

Regional Head of Information Security, Asia Pacific

Global Head of Cyber Security Regulatory Strategy

Cyber security threat landscape and systems resiliency

Challenges and priorities for 2015

Kuala Lumpur, Malaysia17 March 2015

2014 was the year of cyber hacking.

Would 2015 be worse?

TOP CYBER SECURITY THREATS

2

Methods

2014 Significant Attacks

3

Source

What lessons can we learn from the recent hacking

and data breach incidents?

LESSONS LEARNT FROM HACKING AND DATA LEAKAGE INCIDENTS

1. STRENGTHEN ACCESS CONTROLS AND TIGHTEN ACCESS ENTITLEMENTS> IMPLEMENT TWO FACTOR AUTHENTICATION FOR ALL ACCESS TO CRITICAL SYSTEMS <

4. BLOCK DATA EXFILTRATION BY MALWARE> INTERCEPT MALWARE COMMUNICATION WITH C2 <

2. KEEP SYSTEM PATCHING UP TO DATE

3. ENHANCE DETECTION OF MALWARE ATTACKS AND INFILTRATIONS

5. VERIFY VENDOR CONTROLS FOR CUSTOMER DATA PROTECTION

CYBER SECURITY COUNTERMEASURES

1. What is defense-in-depth?

2. How does it work?

3. What are the technologies, tools and processes?

BOTNET

ZERO DAY

APT

MITM

CYBER SECURITY LANDSCAPE

EMAIL

PHISHING

THIRD PARTY (OUTSOURCING)

Cyber Attack Scenarios

CYBER SECURITY COUNTERMEASURES

1. DEFENSE-IN-DEPTH / SECURITY OPERATIONS CENTRE

2. PREVENTION, PRE-EMPTION, DETECTION, RESPONSE

3. INTELLIGENCE SHARING, CYBER WAR GAMES

AVAILABILITY TIERS - THE NINES

1. 99% >>>>> 3.6 DAYS

2. 99.9% >>>>> 8.8 HOURS

3. 99.95% >>>>> 4.4 HOURS

4. 99.99% >>>>> 53 MINUTES

5. 99.999% >>>>> 5.3 MINUTES

New York Times20 November 2014

DESIGNING AND ARCHITECTING RESILIENCE

1. RESILIENT OPERATIONS, PROCESSES AND SYSTEMS

2. PROTECTION OF FACILITIES, SYSTEMS AND DATA

3. BUILT TO SURVIVE FAILURE AND ATTACK

4. ABILITY TO FAIL-OVER WITH RAPID RECOVERABILITY

end