Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
1. ADDRESSING CYBER THREATS IN
THE BANKING SECTOR
by
Lt Col Sazali Sukardi (Retired)
Vice President
Strategic Research
CyberSecurity Malaysia
7TH
Annual
Series
BankTechAsia
‘15
17
March
2015
2. 2
CYBERSECURITY MALAYSIA S MANDATE
The
Cabinet
Mee=ng
on
28
September
2005,
through
the
Joint
Cabinet
Notes
between
Ministry
of
Finance
(MOF)
and
Ministry
of
Science,
Technology
and
Innova=on
(MOSTI)
No.
H609/2005
agreed
to
create
the
Na=onal
ICT
Security
and
Emergency
Response
Centre
(NISER),
currently
known
as
CyberSecurity
Malaysia
as
a
Na=onal
Body
to
monitor
the
Na=onal
e-‐Security
aspect
separated
from
MIMOS
as
an
agency
and
established
as
a
Company
Limited-‐by-‐Guarantee
under
the
supervision
of
MOSTI
The
Ministerial
Func=ons
Act
1969
and
The
Order
of
Federal
Government
Ministers
2013
Provide
specialized
services
in
cyber
security
and
con=nuously
iden=fy
areas
that
may
be
detrimental
to
public
and
na=onal
security
Arahan No.24 Dasar dan Mekanisme Pengurusan Krisis Siber Negara
- Majlis Keselamatan Negara:
CyberSecurity Malaysia merupakan agensi pakar dalam memberi
sokongan dan bantuan teknikal serta menyediakan perkhidmatan latihan
dalam pengurusan krisis siber Negara.
4. • unregulated: no country rules and owns Internet
• convenient services: Internet offers numerous services connectivity
• less risk: no fear of making mistakes getting caught
• asymmetric force: weapon for the weak
Why cyber space is attractive
5. 5
“Cyber
crime
costs
the
global
economy
about
$445
billion
every
year,
with
the
damage
to
business
from
the
the7
of
intellectual
property
exceeding
the
$160
billion
loss
to
individuals
from
hacking………”
-‐
The
Center
for
Strategic
and
Interna@onal
Studies,
U.S.A
2014
“The
growing
menace
of
cybercrime
is
impac@ng
the
global
economy
significantly
with
es@mated
annual
losses
of
up
to
USD
575
billion..”
-‐
McAfee
2014
COST OF CYBER CRIMES
6. 6
Cyber Crimes and Underground Economy
The modern thief can steal more
with a computer than with a gun….
Computers at Risk, National Research Council, 1991
Cyber crimes targeting economic sectors are on the rise replacing
traditional crimes - Symantec 2010 State of Enterprise Security Survey
7. 7
Number
and
severity
of
cyber-‐crimes
conAnues
to
grow,
it's
important
to
understand:
• the
steps
cyber-‐criminals
take
to
aGack
our
network
•
the
types
of
malware
they
use,
and
the
tools
we
need
to
stop
them.
The
basic
steps
of
a
cyber
aGack
include
• reconnaissance
(finding
vulnerabiliAes);
• intrusion
(actual
penetraAon
of
the
network);
• malware
inserAon
(secretly
leaving
code
behind);
and
• cleanup
(covering
tracks).
CYBER ATTACKS
- How Much We How How They Happen
8. Cyber
Incidents
Referred
to
CyberSecurity
Malaysia
from
1997
–
2014
Number
of
cyber
security
incidents
referred
to
CyberSecurity
Malaysia
(excluding
spams)
Cyber
Security
Incidents
In
Malaysia
8
17. During
cyber
aGacks
on
South
Korea
in
2013,
the
loss
combined
damage
was
$800m.
MALWARE GIVES THE ATTACKER THE
KEY TO FINANCIAL NETWORKS
18. 18
Cyber Security Concerns
- Ransomware
“In
the
beginning
of
2014
Svpeng
Ransomware
was
detected
-‐
the
malware
aGempted
to
block
the
user’s
phone
and
display
a
message
demanding
payment
of
a
US$500
‘fee’
for
alleged
criminal
acAvity.”
23. INTERNET OF THINGS (IoT)
Interconnec=on
of
uniquely
iden=fiable
devices,
systems,
and
services
into
Internet
Infrastructure
“There
will
be
nearly
26
billion
devices
on
the
Internet
of
Things
by
2020”
–
Gartner
“More
than
30
billion
devices
will
be
wirelessly
connected
to
the
Internet
of
Things
(Internet
of
Everything)
by
2020”
-‐
ABI
Research,
24. 24
• Mobile
users
now
overtake
PC
users
• More
than
50%
mobile
user
doesn’t
enable
lock
screen
protecAon
•
About
70
million
gadget
lost/stolen
per
year
•
Only
about
57%
mobile
users
worry
about
losing
data
• Only
about
43%
mobile
users
worry
about
losing
the
device
itself
•
About
81%
mobile
users
use
their
device
for
business
use
•
About
48%
of
mobile
user
use
unsecured
public
WiFi
network
MOBILE COMPUTING
- Risks of the trends’ combination
26. 26
EMERGING CYBER ATTACKS ON MOBILE DEVICES
PayPal Survey:
73% of Malaysian adults shopped online at
least once a month. Doing so with mobile
devices such as smartphones or tables is
becoming the preferred way.
30.
NATIONAL
CYBER
SECURITY
POLICY
POLICY
Formula=ng
Coordina=ng
Policy
NATIONAL
SECURITY
COUNCIL
LAW
ENFORCEMENT
AGENCIES
REGULATORS
Preven=ng
Comba=ng
Terrorism
through
Law
Enforcement
§
ROYAL
MALAYSIAN
POLICE
§
BANK
NEGARA
MALAYSIA
§
MALAYSIAN
COMMUNICATION
MULTIMEDIA
COMMISSION
TECHNICAL
SUPPORT
Providing
Technical
Supports
Services
CYBERSECURITY
MALAYSIA
Strengthening Cyber Security Eco System
§ Government Agencies
§ Critical Information Infrastructure
§ Internet Service Providers
§ Industry
§ Academia
§ Cyber Security Professionals
§ Public