Anne Frank A Beacon of Hope amidst darkness ppt.pptx
ASEAN Cyber Security Outlook
1. Outlook Briefing 2016:
Cyber Security
Charles Lim
Senior Industry Analyst, Cyber Security - Digital Transformation Practice
Frost & Sullivan Asia Pacific
Charles.Lim@frost.com
3. Proliferation of Cyber Attacks in 2015 targeted popular services
Data is the new gold, inability to secure them leads to distrust in services
3
Uber accounts have been
hacked and are being used to
secure rides in China without
their consent or knowledge
Apple had to remove more than
300 apps from its app store
infected by xCodeGhost malware,
affecting 500 million users
In the week of Black Friday,
Amazon has reportedly begun
forcibly resetting some users’
passwords over concerns
about a major breach.
54% of security professionals view
social engineering attacks through
phishing emails as the top threat
technique that they have encountered
Over one thousand email
addresses and passwords from
Spotify were possibly leaked
LinkedIn encountered a major breach of its
password database - a file containing passwords
using “linkedin” appeared in an online forum
A security researcher discovered a way to
perform remote code execution and retrieve
confidential data from Instagram and Facebook
Twitter emailed more than 20 users,
warning them they may have been
targeted by hackers ‘possibly
associated with a government’
A Vine star who makes
£2,000 per second from
his posts claims he has
been hacked, with all of his
videos deleted from his
account
Google Malaysia’s site
was hacked; visitors
were re-directed to a
hacker’s webpage
Hackers claiming to be
working on behalf of ISIS took
over the Twitter and
YouTube accounts of the
United States Central
Command
All of these attacks occurred in 2015
Compromised Skype users reported
that malicious links and messages were
sent to their contact list
4. Cyber attacks – fueling the international crime scene, online
100MMore than 100 million
health care records
compromised in 2015.
Medical records are worth
10 times more than credit
card information in the
dark web.
5. Cyber attacks – the channel for making a statement
602GbpsOn 31st Dec 2015, BBC received a
602Gbps Distributed Denial of Service
(DDoS) attack, the highest ever
recorded in history.
New World Hacking, who claimed
responsibility announced that it was a
test of their power. Their main target
are ISIS websites.
25GB LEAKEDThe Impact Team stole more than 25GB user data
from adultery website, Ashley Madison and released
the information on 18th August 2015.
The original intention was to force Avid Life Media to
shut down the website, and stop online adultery.
6. “Indonesia experiences around 50,000 cyber attacks every day. That makes
it the second-most targeted country for cyber attack after Vietnam.”
- Yono Reksoprodj, advisor to Minister for Political, Legal and Security Affairs Tedjo Edhy Purdijatno
Speaking on Indonesia’s National Cyber Agency 8th Jun 2015
>50,000 ATTACKS
7. “We don’t believe any cyberdefense is fail proof. But a strong, well
thought out strategy, coupled with a rapid ability for a bank to understand
when its systems have been maliciously penetrated and swiftly take the
necessary actions, such as isolating the attack, is key to a successful
cybersecurity strategy.”
- Stuart Plesser, Standard & Poor’s
Press statement pertaining to possible downgrade of banks’ ratings,
if it is believed to be ill-prepared to withstand cyber attacks.
7
8. The need to focus on Industrial Control Systems Security as priority
8
Security Challenges within Internet of Things
Source: Frost & Sullivan
Connected cars has been
proven to be hacked in
recent times, however the
actual impact is to the
driver’s safety and are at a
very nascent stage of
security that is acted now by
automobile manufacturers.
Connected homes, which
are developed with the
use of smart consumer
appliances such as
wireless fridges, lighting,
and thermostats have
limited impacts and are
not desirable targets.
Industrial Control Systems, which
automates most critical infrastructures
are now going through an active
transformation to connect to the Internet,
and have been victims of attacks,
extortion where any successful attack
will cause a severe impact to citizens
nationwide.
9. Cyber Attacks Shift Towards Physical Systems
Industrial Control Systems in operational technology creating new points of vulnerabilities
9
97%
3%
Number of Internet-connected ICS devices,
August 2015, Asia Pacific
Connected Devices
Vulnerable Devices
Source: Asia-Pacific Industrial Control Systems Security Report, Frost & Sullivan
N=3087
BLACKOUTto thousands of homes in Western Ukraine,
using the BlackEnergy malware to attack
electric substations. it was reportedly
developed by Moscow-backed group,
Sandworm on 23rd Dec 2015.
Subsequently, its Kiev Airport was attacked
by the same malware during Jan 2016.
Investigations are ongoing.
10. Case analysis – Industrial Control Systems Security
The need to protect SCADA (Supervisory Control and Data Acquisition) systems beyond
the “air gap” concept has been elevated since the 2011 Stuxnet APT attack. Critical
infrastructures using ICS systems and needs to raise the awareness and knowhow of how
to protect these systems as a priority when these systems get connected to the Internet.
Present:
“Air Gap”
Future:
The Internet
Human Machine Interface (HMI)
SCADA,
PLCS
Speed: 500 r/min
Business networks,
connected to the Internet
Industrial networks that runs on
local area networks separated
from the Internet, however still
vulnerable to attacks
Stuxnet malware
installed in USB
drive
External
contractors’
laptop
Information Technology Operational Technology
Graphic source: Vector Open Stock 10Source: Frost & Sullivan
11. Operationalizing the 3C’s for Cyber Security
Cyber Resilience
Risks & Business
Impacts
Cyber Intelligence
Knowledge and correlation of all
threats in the organization
Cyber Protection
Building the right prevention base
“Security by Design”
11Source: Frost & Sullivan
12. Threat Response Adaptive Core Ecosystem (TRACE): Identifying the essentials
Frost & Sullivan believes that adopting a platform approach can operationalize
the vision of a holistic security strategy, comprising the right balance between
security mindsets, tools and skill sets.
Access Management Endpoints Web Assets Cloud App
Security
Content
Integrated Security
Appliances
Advanced Threat
Prevention
Human Factor
Mitigation
Vulnerability
Management
Security
Analytics
T R A C E
12
Source: Frost & Sullivan
13. Projected growth of security solutions in ASEAN, CY2015 (CAGR=20.8%)
Managed Security Services Market Forecast Analysis
-
5.0
10.0
15.0
20.0
25.0
30.0
0.0
100.0
200.0
300.0
400.0
500.0
600.0
2014 2015 2016 2017 2018 2019 2020
Revenue($Million)
GrowthRate(%)
Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan analysis.
14. Projected growth of security solutions in Indonesia, CY2015 (CAGR=27.1%)
Managed Security Services Market Forecast Analysis
-
5.0
10.0
15.0
20.0
25.0
30.0
35.0
40.0
0.0
10.0
20.0
30.0
40.0
50.0
60.0
70.0
2014 2015 2016 2017 2018 2019 2020
Revenue($Million)
GrowthRate(%)
Note: All figures are rounded. The base year is 2013. Source: Frost & Sullivan analysis.
15. Network security adoption in Southeast Asia
0.0 20.0 40.0 60.0 80.0 100.0 120.0
Rest of
ASEAN
Philippines
Vietnam
Thailand
Indonesia
Malaysia
Singapore
CY2015 Q3 YTD
CY2014 Total
Network Security Tracker, 2015 QTD Market Size (US$, M)
Indonesia achieved one of the highest growth rates at 30% YoY (Q3 QTD)
Indonesia
Network Security, Indonesia (US$, M)
2014 Q3 QTD 2015 Q3 QTD
16. N = 13,930 qualified information security professionals globally. 10% of
respondents are Asia Pacific
44%
49%
52%
72%
75%
Automated identity management
software
Web security applications
Policy management and audit tools
Improved intrusion detection and
prevention technologies
Network monitoring and intelligence
Top 5 Technologies that Significantly Improve Security
(Percent of Survey Respondents)
18%
23%
35%
Use of Advanced Analytics for
Detection of Advanced Malware
(Percent of Survey
Respondents)
No Plans
Evaluating or Selecting a Solution(s)
Implemented or Implementing
2015 (ISC)2 Global information Security Workforce Study
by Frost & Sullivan
17. 17
“How do you really handle all these… big data?”
- VP for Security Infrastructure, leading telco provider, Indonesia
“We have figured out using using our own designed algorithms across
collected logs, to decipher insider threats”
- Chief Security Officer, leading technology vendor
Opinions from the ground
18. Observation of trends in Security Analytics market
Observations in the security analytics players in APAC
Sold off their IPS offerings, may focus
in other enterprise security products
such as SIEM tools
Integration with endpoint security,
correlation of packets and logs
Launch of X-force exchange,
integration of product and services
business units
19. Observation of trends in Security Analytics market
Observations in the security analytics / threat intelligence players in APAC
Focus on forensics and incident
response capabilities
User behavior analytics using
machine learning systems and
algorithms to identify fraud
Correlation of business and
security intelligence. Position to
block against APT attacks
20. Empowering the cyber defenses in Indonesia
Frost & Sullivan’s End User Research and Advisory Practice
Circular, 4G LTE Vulnerability
Research papers – Frost
Industry Quotient (FIQ) and
Market insights
Threat Intelligence AlertsCyber Security Threats and
Solutions Briefings
21. Cyber Security Outlook for 2016
Building the required capabilities for Cyber Resiliency
21
Improve Cyber
Defense in Critical
Infrastructures
1
Human expertise
and foster
collaboration
2
• Increase of Cyber Security Operation Centers in
the Critical infrastructures.
• Compliance guidelines to ensure cyber resiliency
in both business (IT) and operations (OT)
3
How companies are respondingHow companies are responding
• Cyber security training
• Sharing of intelligence amongst industries
• Setting up cyber security committees
Build a holistic
defense beyond the
organization
• Vendors/contractors to meet security
standards in the process of mitigating chain-
of-trust attacks.
22. Cyber Security Outlook for 2016
Building the required capabilities for Cyber Resiliency
22
Investments into
analytics to improve
accuracy and speed
4
5
• Big data analytics for multiple sources of threat
feeds will become the common concern and
more accurate judgment through automated
algorithms will be needed.
6
How companies are respondingHow companies are responding
• Enterprises will switch from ‘adopting cyber
security for their cloud setup’ to ‘adopting
cloud as part of their cyber security strategy’.
Convergence
security concepts to
be introduced
• Convergence of threats & detection of fraud
between physical and cyber systems
• Developments of convergence security in
smart cities.
Adopting cloud
security as a
strategy
23. Frost & Sullivan, the Growth Partnership Company, works in collaboration with
clients to leverage visionary innovation that addresses the global challenges and
related growth opportunities that will make or break today’s market participants.
For more than 50 years, we have been developing growth strategies for the
Global 1000, emerging businesses, the public sector and the investment
community. Is your organization prepared for the next profound wave of industry
convergence, disruptive technologies, increasing competitive intensity, Mega
Trends, breakthrough best practices, changing customer dynamics and emerging
economies?
www.frost.com