SlideShare ist ein Scribd-Unternehmen logo

06 網絡安全挑戰與防衛

E
eLearning Consortium 電子學習聯盟

The document discusses security challenges and prevention measures for schools. It summarizes findings from a UK cyber security audit of 432 schools, which found that 83% experienced cyber incidents. While most schools had antivirus and firewalls, only 45% included IT services in risk assessments. The document also outlines common attacks schools face like phishing, ransomware, and data breaches. It provides prevention tips and emphasizes the importance of a holistic security approach involving people, processes, and technology.

Bildung
1 von 37
Downloaden Sie, um offline zu lesen
All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Security Challenges & Prevention for Schools 網絡安全挑戰與防衛 Jan 2020
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 2 Agenda • About HKIRC • Company Mission • Security Challenges & Prevention • Phishing attack • Ransomware • Data Breaches • Security Measures • Conclusion
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 3 About HKIRC • Non-profit member-based organisation • Set up in December 2001 • Endorsed by the Government of the HKSAR • Oversee the administration and assignment of the country code top level Internet domain names ending with .hk and ..香港.
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 4 Company Mission Mission • Providing, and supervising the provision of .hk and .香港 Internet domain names registration, resolution and related services in an uninterrupted, effective, customer-centric and sustainable manner. • Promotes Hong Kong as an inclusive, secure, innovative and international city for the Internet and encourages the use of Internet and the related technologies.
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 5 Cyber Security Schools Audit 2019 in UK • LGfL (London Grid for Learning) & NCSC (National Cyber Security Centre, part of GCHQ) carried out a joint audit of cyber security in schools across the UK • The audit was open from 15 March – 20 April 2019 • 432 schools took part • Findings were discussed vastly in media • Issues highlighted in the report may also applicable in schools in HK
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 6 Highlight of Findings 83% of schools experienced different levels of cyber-incidents
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 7 Highlight of Findings (Cont’) • 98 and 99 percent of schools, respectively, had antivirus and firewall protections • 85 percent of schools had a cyber security policy or plan, but only 45 percent included core IT services in risk register & only 41 percent had a business continuity plan • Only around a third of schools (35 percent) train non-IT staff in cybersecurity • Less than half of schools (49 percent) were confident that they are adequately prepared in the event of a cyberattack • A focus on support for non-IT staff is a clear need, 92 percent of schools welcome more cybersecurity awareness training for staff
All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Common Attack in Schools All Right Reserved. Hong Kong Internet Registration Corporation Limited
All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Phishing Attack All Right Reserved. Hong Kong Internet Registration Corporation Limited
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Ransom E-mails
All Rights Reserved. Hong Kong Internet Registration Corporation Limited • Do not open suspicious links in E-mail & Web browser • Do not key-in user name and passwords from forms open by E-mails • Make sure system patches and anti-virus software are up-to-date • Enable Two Factor Authentication (2FA) function wherever it is provided Tackling Phishing Attack
All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Ransomware All Right Reserved. Hong Kong Internet Registration Corporation Limited
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 19 Ransomware Cybercriminals Email with malicious attachment Open the email and execute the attachment Bitcoin blackmail Ransomware is a serious security threat that limits victims to access their files or system functions. It has “data-kidnapping” capabilities. Cybercriminals tend to threaten victims to pay ransom (bitcoin) in order to regain access to their files or systems. 2016 Locky, Zepto, CryptXXX 2017 WannaCry, NotPetya 2018 GandCrab, SamSam 2019 LockerGoga, etc.
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Ransomware Evolution Crypto Ransomware • 2013 CryptoLocker (PC) • 2014 BitCrypt (PC) • 2014 CyptoDefense (PC) • 2014 Synolocker (NAS) • 2014 Simplocker (Mobile) • 2014 CryptoGraphic Locker • 2015 CyptoWall, TeslaCrypt, CTB-Locker • 2016 Locky, Zepto, CryptXXX • 2017 WannaCry, NotPetya • 2018 GandCrab, SamSam • 2019 LockerGoga, etc. Expect to continue …
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Newest Trend of Ransomware Cryptojacking - secret use of your computing device to mine cryptocurrency. CPU Surged During Cryptojacking
All Rights Reserved. Hong Kong Internet Registration Corporation Limited • Do not pay cyber criminals ransom • Do not open suspicious links in E-mail & Web browser • Make sure system patches and anti-virus software are up-to-date • Protect your data – backup your data regularly and put them offline Suggestions to Defense Against Ransomware
All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Data Breaches All Right Reserved. Hong Kong Internet Registration Corporation Limited
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 24 Data Breaches Cases Surged since 2018…
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 25 Data Breaches Cases Surged since 2018…
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 26 And Even in 2019…
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Data Breaches are result of: • Poor IT operational practices (e.g. late decommission of servers) • Application vulnerabilities • Advanced Persistent Threat (APT) • Deficiency in outsourcing management • Etc. Organizations need to have a holistic security strategy – combining people, process and technology to reduce exposure to current & future attacks Why Data Breaches?
All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Security Measures All Right Reserved. Hong Kong Internet Registration Corporation Limited
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Security Measures • Security Measures can be classified into 3 categories: Technology, Process and People Policy People Process Technology
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Information Security Protection via Technology Well planned security architecture needed: • Anti-malware • Firewall • Network Access Control • Encryption • Patches update • A lot more…
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Information Security Protection via Process Well planned processes and procedures needed: • IT and Security Policy • Information Classification • Risk Assessment • A lot more…
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Information Security Protection via People People is the weakest link in cybersecurity, need more emphasis: • Minimum Privilege and Accountability • Password Management • Security Awareness – avoid phishing & social engineering • A lot more…
All Rights Reserved. Hong Kong Internet Registration Corporation Limited Conclusion • Everyone relies on the cyber world to conduct business nowadays • However, the cyber world is full of cybersecurity challenges • We discussed some security challenges here: • Phishing Attack • Ransomware • Data Breaches • To deal with these challenges, we need a holistic security strategy combining people, process and technology. • Among these 3 aspects, people is the weakest link. More awareness effort needed.
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 34 Free In-Depth Website Security Scan • In-Depth Website Security Scan now open for application • All .hk users and HK SMEs can apply for the free service • HKIRC will provide: • Remote black-box vulnerability scan for web server • Organized report for identified issues & mitigation actions • A consultation session for briefing report • Referral to appropriate solution vendors if needed • Application form: https://www.hkirc.hk/upload/blog/6/self/5df2ebec9c9e7.pdf • Any inquiry, please call HKIRC hotline 2319 2030 or E-mail to sme-security-scan@hkirc.hk
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 35 In-depth Webscan for SME HKIRC .hk website Vulnerability scan Security scan report Attack
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 36 Sample Report
All Rights Reserved. Hong Kong Internet Registration Corporation Limited 37 Q & A All Right Reserved. Hong Kong Internet Registration Corporation Limited

Empfohlen

Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
Cyber Security Conference 2017
Cyber Security Conference 2017Cyber Security Conference 2017
Cyber Security Conference 2017Norfolk Chamber of Commerce
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Yugo Neumorni - prezentare - Cyber Security Trends 2020
Yugo Neumorni - prezentare - Cyber Security Trends 2020Yugo Neumorni - prezentare - Cyber Security Trends 2020
Yugo Neumorni - prezentare - Cyber Security Trends 2020Business Days
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 

Empfohlen

Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
Cyber Security Conference 2017
Cyber Security Conference 2017Cyber Security Conference 2017
Cyber Security Conference 2017Norfolk Chamber of Commerce
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Yugo Neumorni - prezentare - Cyber Security Trends 2020
Yugo Neumorni - prezentare - Cyber Security Trends 2020Yugo Neumorni - prezentare - Cyber Security Trends 2020
Yugo Neumorni - prezentare - Cyber Security Trends 2020Business Days
 
106 Threat defense and information security development trends
106 Threat defense and information security development trends106 Threat defense and information security development trends
106 Threat defense and information security development trendsSsendiSamuel
 
101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information securitySsendiSamuel
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 
Data security
Data securityData security
Data securityHitesh Kumar
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
AITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAPNIC
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11Skillspire LLC
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Bangladesh Network Operators Group
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptxNOUREDDINEOUNINISSE
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 

Weitere ähnliche Inhalte

Was ist angesagt?

gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1Anne Starr
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
AITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAPNIC
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threatsSsendiSamuel
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 

Was ist angesagt? (20)

gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
Data security
Data securityData security
Data security
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
AITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformation
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Hacking3e ppt ch11
Hacking3e ppt ch11Hacking3e ppt ch11
Hacking3e ppt ch11
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & security
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
 

Ähnlich wie 06 網絡安全挑戰與防衛

Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Sean Bradley
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkinslthawkins
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingJoe Nathans
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxprtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessImran Khan
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...FinTech Belgium
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 

Ähnlich wie 06 網絡安全挑戰與防衛 (20)

Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Cyber security
Cyber securityCyber security
Cyber security
 
E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and Challenges
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
U nit 4
U nit 4U nit 4
U nit 4
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 

Mehr von eLearning Consortium 電子學習聯盟

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位eLearning Consortium 電子學習聯盟
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?eLearning Consortium 電子學習聯盟
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and PrinterseLearning Consortium 電子學習聯盟
 

Mehr von eLearning Consortium 電子學習聯盟 (20)

AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
AI生成工具的新衝擊 - MS Bing & Google Bard 能否挑戰ChatGPT-4領導地位
 
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
ChatGPT 顛覆傳統的科技創新 - 不僅文字工作者會被AI取代?
 
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
2. How Data Analytics Transforming Digital Marketing - Ralph Szeto.pdf
 
1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung1. How Data Analytics Transforming Digital Marketing - Saron Leung
1. How Data Analytics Transforming Digital Marketing - Saron Leung
 
HKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce IndustryHKTVMall: Leading Technology Evolution for eCommerce Industry
HKTVMall: Leading Technology Evolution for eCommerce Industry
 
How Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdfHow Blockchain affecting us - Dr Sin.pdf
How Blockchain affecting us - Dr Sin.pdf
 
5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf5-Hot-Chain Bento.pdf
5-Hot-Chain Bento.pdf
 
4-Herbal ID.pdf
4-Herbal ID.pdf4-Herbal ID.pdf
4-Herbal ID.pdf
 
3-VisualSonic.pdf
3-VisualSonic.pdf3-VisualSonic.pdf
3-VisualSonic.pdf
 
2-kNOw Touch.pdf
2-kNOw Touch.pdf2-kNOw Touch.pdf
2-kNOw Touch.pdf
 
1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf1-C-POLAR Air Filter.pdf
1-C-POLAR Air Filter.pdf
 
3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf3 - Interaction between Cyber Security and School IT Policy .pdf
3 - Interaction between Cyber Security and School IT Policy .pdf
 
2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf2 - ELC學校網絡安全與防護.pdf
2 - ELC學校網絡安全與防護.pdf
 
1 - HKT Reporting.pdf
1 - HKT Reporting.pdf1 - HKT Reporting.pdf
1 - HKT Reporting.pdf
 
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
02 學校網絡安全漏洞的評估分享, 管理挑戰及趨勢。
 
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
08 Transform Endpoint Security with the World’s Most Secure PCs and Printers
 
07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士07 2020 網絡安全趨勢和安全小貼士
07 2020 網絡安全趨勢和安全小貼士
 
04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件04 提升網絡安全 - 為電子學習打造先決條件
04 提升網絡安全 - 為電子學習打造先決條件
 
03 學校網絡安全與防衛
03 學校網絡安全與防衛03 學校網絡安全與防衛
03 學校網絡安全與防衛
 
Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)Experience Sharing on School Pentest Project (Updated)
Experience Sharing on School Pentest Project (Updated)
 

Kürzlich hochgeladen

Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 

Kürzlich hochgeladen (20)

Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 

06 網絡安全挑戰與防衛

  • 1. All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Security Challenges & Prevention for Schools 網絡安全挑戰與防衛 Jan 2020
  • 2. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 2 Agenda • About HKIRC • Company Mission • Security Challenges & Prevention • Phishing attack • Ransomware • Data Breaches • Security Measures • Conclusion
  • 3. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 3 About HKIRC • Non-profit member-based organisation • Set up in December 2001 • Endorsed by the Government of the HKSAR • Oversee the administration and assignment of the country code top level Internet domain names ending with .hk and ..香港.
  • 4. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 4 Company Mission Mission • Providing, and supervising the provision of .hk and .香港 Internet domain names registration, resolution and related services in an uninterrupted, effective, customer-centric and sustainable manner. • Promotes Hong Kong as an inclusive, secure, innovative and international city for the Internet and encourages the use of Internet and the related technologies.
  • 5. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 5 Cyber Security Schools Audit 2019 in UK • LGfL (London Grid for Learning) & NCSC (National Cyber Security Centre, part of GCHQ) carried out a joint audit of cyber security in schools across the UK • The audit was open from 15 March – 20 April 2019 • 432 schools took part • Findings were discussed vastly in media • Issues highlighted in the report may also applicable in schools in HK
  • 6. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 6 Highlight of Findings 83% of schools experienced different levels of cyber-incidents
  • 7. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 7 Highlight of Findings (Cont’) • 98 and 99 percent of schools, respectively, had antivirus and firewall protections • 85 percent of schools had a cyber security policy or plan, but only 45 percent included core IT services in risk register & only 41 percent had a business continuity plan • Only around a third of schools (35 percent) train non-IT staff in cybersecurity • Less than half of schools (49 percent) were confident that they are adequately prepared in the event of a cyberattack • A focus on support for non-IT staff is a clear need, 92 percent of schools welcome more cybersecurity awareness training for staff
  • 8. All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Common Attack in Schools All Right Reserved. Hong Kong Internet Registration Corporation Limited
  • 9. All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Phishing Attack All Right Reserved. Hong Kong Internet Registration Corporation Limited
  • 10. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks
  • 11. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
  • 12. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
  • 13. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
  • 14. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
  • 15. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Recent Phishing Attacks (Cont’)
  • 16. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Ransom E-mails
  • 17. All Rights Reserved. Hong Kong Internet Registration Corporation Limited • Do not open suspicious links in E-mail & Web browser • Do not key-in user name and passwords from forms open by E-mails • Make sure system patches and anti-virus software are up-to-date • Enable Two Factor Authentication (2FA) function wherever it is provided Tackling Phishing Attack
  • 18. All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Ransomware All Right Reserved. Hong Kong Internet Registration Corporation Limited
  • 19. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 19 Ransomware Cybercriminals Email with malicious attachment Open the email and execute the attachment Bitcoin blackmail Ransomware is a serious security threat that limits victims to access their files or system functions. It has “data-kidnapping” capabilities. Cybercriminals tend to threaten victims to pay ransom (bitcoin) in order to regain access to their files or systems. 2016 Locky, Zepto, CryptXXX 2017 WannaCry, NotPetya 2018 GandCrab, SamSam 2019 LockerGoga, etc.
  • 20. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Ransomware Evolution Crypto Ransomware • 2013 CryptoLocker (PC) • 2014 BitCrypt (PC) • 2014 CyptoDefense (PC) • 2014 Synolocker (NAS) • 2014 Simplocker (Mobile) • 2014 CryptoGraphic Locker • 2015 CyptoWall, TeslaCrypt, CTB-Locker • 2016 Locky, Zepto, CryptXXX • 2017 WannaCry, NotPetya • 2018 GandCrab, SamSam • 2019 LockerGoga, etc. Expect to continue …
  • 21. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Newest Trend of Ransomware Cryptojacking - secret use of your computing device to mine cryptocurrency. CPU Surged During Cryptojacking
  • 22. All Rights Reserved. Hong Kong Internet Registration Corporation Limited • Do not pay cyber criminals ransom • Do not open suspicious links in E-mail & Web browser • Make sure system patches and anti-virus software are up-to-date • Protect your data – backup your data regularly and put them offline Suggestions to Defense Against Ransomware
  • 23. All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Data Breaches All Right Reserved. Hong Kong Internet Registration Corporation Limited
  • 24. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 24 Data Breaches Cases Surged since 2018…
  • 25. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 25 Data Breaches Cases Surged since 2018…
  • 26. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 26 And Even in 2019…
  • 27. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Data Breaches are result of: • Poor IT operational practices (e.g. late decommission of servers) • Application vulnerabilities • Advanced Persistent Threat (APT) • Deficiency in outsourcing management • Etc. Organizations need to have a holistic security strategy – combining people, process and technology to reduce exposure to current & future attacks Why Data Breaches?
  • 28. All Rights Reserved. Hong Kong Internet Registration Corporation Limited All Rights Reserved. Hong Kong Internet Registration Corporation Limited Security Measures All Right Reserved. Hong Kong Internet Registration Corporation Limited
  • 29. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Security Measures • Security Measures can be classified into 3 categories: Technology, Process and People Policy People Process Technology
  • 30. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Information Security Protection via Technology Well planned security architecture needed: • Anti-malware • Firewall • Network Access Control • Encryption • Patches update • A lot more…
  • 31. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Information Security Protection via Process Well planned processes and procedures needed: • IT and Security Policy • Information Classification • Risk Assessment • A lot more…
  • 32. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Information Security Protection via People People is the weakest link in cybersecurity, need more emphasis: • Minimum Privilege and Accountability • Password Management • Security Awareness – avoid phishing & social engineering • A lot more…
  • 33. All Rights Reserved. Hong Kong Internet Registration Corporation Limited Conclusion • Everyone relies on the cyber world to conduct business nowadays • However, the cyber world is full of cybersecurity challenges • We discussed some security challenges here: • Phishing Attack • Ransomware • Data Breaches • To deal with these challenges, we need a holistic security strategy combining people, process and technology. • Among these 3 aspects, people is the weakest link. More awareness effort needed.
  • 34. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 34 Free In-Depth Website Security Scan • In-Depth Website Security Scan now open for application • All .hk users and HK SMEs can apply for the free service • HKIRC will provide: • Remote black-box vulnerability scan for web server • Organized report for identified issues & mitigation actions • A consultation session for briefing report • Referral to appropriate solution vendors if needed • Application form: https://www.hkirc.hk/upload/blog/6/self/5df2ebec9c9e7.pdf • Any inquiry, please call HKIRC hotline 2319 2030 or E-mail to sme-security-scan@hkirc.hk
  • 35. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 35 In-depth Webscan for SME HKIRC .hk website Vulnerability scan Security scan report Attack
  • 36. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 36 Sample Report
  • 37. All Rights Reserved. Hong Kong Internet Registration Corporation Limited 37 Q & A All Right Reserved. Hong Kong Internet Registration Corporation Limited