Tony's presentation at our 7th BankTech Asia 2015 - Series 1

1. Tony Chew
Managing Director
Regional Head of Information Security, Asia Pacific
Global Head of Cyber Security Regulatory Strategy
Cyber security threat landscape and systems resiliency
Challenges and priorities for 2015
Kuala Lumpur, Malaysia
17 March 2015

2. 2014 was the year of cyber hacking.
Would 2015 be worse?

3. TOP CYBER SECURITY THREATS
2
Methods

4. 2014 Significant Attacks
3

5. Source
What lessons can we learn from the recent hacking
and data breach incidents?

9. LESSONS LEARNT FROM HACKING AND DATA LEAKAGE INCIDENTS
1. STRENGTHEN ACCESS CONTROLS AND TIGHTEN ACCESS ENTITLEMENTS
> IMPLEMENT TWO FACTOR AUTHENTICATION FOR ALL ACCESS TO CRITICAL SYSTEMS <
4. BLOCK DATA EXFILTRATION BY MALWARE
> INTERCEPT MALWARE COMMUNICATION WITH C2 <
2. KEEP SYSTEM PATCHING UP TO DATE
3. ENHANCE DETECTION OF MALWARE ATTACKS AND INFILTRATIONS
5. VERIFY VENDOR CONTROLS FOR CUSTOMER DATA PROTECTION

12. CYBER SECURITY COUNTERMEASURES
1. What is defense-in-depth?
2. How does it work?
3. What are the technologies, tools and processes?

13. BOTNET
ZERO DAY
APT
MITM
CYBER SECURITY LANDSCAPE
EMAIL
PHISHING
THIRD PARTY (OUTSOURCING)
Cyber Attack Scenarios

14. CYBER SECURITY COUNTERMEASURES
1. DEFENSE-IN-DEPTH / SECURITY OPERATIONS CENTRE
2. PREVENTION, PRE-EMPTION, DETECTION, RESPONSE
3. INTELLIGENCE SHARING, CYBER WAR GAMES

15. AVAILABILITY TIERS - THE NINES
1. 99% >>>>> 3.6 DAYS
2. 99.9% >>>>> 8.8 HOURS
3. 99.95% >>>>> 4.4 HOURS
4. 99.99% >>>>> 53 MINUTES
5. 99.999% >>>>> 5.3 MINUTES

16. New York Times
20 November 2014

18. DESIGNING AND ARCHITECTING RESILIENCE
1. RESILIENT OPERATIONS, PROCESSES AND SYSTEMS
2. PROTECTION OF FACILITIES, SYSTEMS AND DATA
3. BUILT TO SURVIVE FAILURE AND ATTACK
4. ABILITY TO FAIL-OVER WITH RAPID RECOVERABILITY

19. end