(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
New Challenges in Data Privacy - Cybercrime and Cybersecurity Forum 2013, Sofia BG
1. New challenges in Data privacy.
Zdravko Stoychev, CISM CRISC
Information Security Officer
Alpha Bank Bulgaria branch
South East European Regional Forum on Cybersecurity
and Cybercrime, 2013
11-13 Nov 2013
Sofia
1
2. CYBERCRIME FORUM
Alpha Bank
Founded in 1879.
The Bank grew considerably in the last decades,
developed into a major Group offering a wide range of
financial services.
In 1999 the bank acquired 51% of the shares of the
Ionian Bank. The name of the enlarged, new Bank,
resulting from this merger is ALPHA BANK.
On February 1, 2013 the entire share capital of
Emporiki Bank S.A. has been transferred to ALPHA
BANK.
ALPHA BANK is one of the largest banks in Greece.
The Bank's activities cover the entire range of
financial services.
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
2
3. CYBERCRIME FORUM
Agenda
Current landscape
Trends & Statistics
The Internet Security
Posed challenge
Fighting Cybercrime
Home vs. Enterprise
Global vs. Country
Lessons Learned
Factors That Contribute
What Can We Do
Summary
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
3
4. CYBERCRIME FORUM
Threat Landscape
Internet – a global shared domain
“The scale of DDoS attacks continue to expand”
“Web sites of security companies hacked by Anonymous”
“The damage done by cybercrime increased by 50%”
“Barely 4% of (UK) companies trust their IT security”
“The yearly average cybercrime cost per company in USA
increased by 78% in the past 4 years”
“The goals under attacks of this week [Dec 2012]:
U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC
Financial Services Group, SunTrust Banks, Inc.”
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
4
5. CYBERCRIME FORUM
Down to Rabbit-Hole
The DDoS attacks achieved traffic per second
60%
50%
40%
30%
2013
2012
20%
10%
0%
~1Gb
2-10Gb
Source: Arbor Networks
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
5
6. CYBERCRIME FORUM
Down to Rabbit-Hole
Attacks with duration under a hour:
87%
Average time to mitigate the attack is on:
130% increase
Less victims reported but the cost is on:
50% increase
where
BYOD users constantly online:
49%
Smartphones and tables w/o unlock PIN:
48%
Source: Arbor Networks , Ponemon Institute, Symantec
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
6
7. CYBERCRIME FORUM
Internet Security Threats
Cyber threats and Internet attacks are difficult to characterize and
respond to for a number of reasons:
There are many different malicious actors.
These actors have many different motives.
The attacks look similar, so the nature of the attack does not always
help to identify the actor and the motive.
Incident Handling Team will be required in place to manage the
attacks on per case basis.
The speed of attack may overwhelm response methods that require
human interaction.
The potential consequences of an attack can be hard to predict.
The worst-case scenarios are alarming.
Source: Collective Defense Applying Public Health Models to the Internet
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
7
8. CYBERCRIME FORUM
The Posed Challenge
Cyber crime is a fast-emerging threat and cyber attacks are being
recognised as a threat to national security.
The most commonly reported crime is the theft of financial login
credentials, i.e. Web and mobile banking.
The biggest and most common motivation is the financial gain.
It drives a range of criminal activities, including phishing, pharming,
malware distribution and the hacking of corporate databases.
Cyber crime is a truly global criminal phenomenon which does not
respond to single jurisdiction approaches to policing.
Cyber crime is forcing us to rethink the basic skills needed for the job,
i.e. we need more Forensic Investigation specialists.
Organisations need to assess the likelihood of being the target and
then defend against the techniques the most commonly use.
Source: Infosecurity Europe 2013, Global Economic Symposium
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
8
9. CYBERCRIME FORUM
Home and Enterprise Threats
Source: Microsoft
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
9
10. CYBERCRIME FORUM
Lowest Infection Rates Trends
Source: Microsoft
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
10
11. CYBERCRIME FORUM
Where Are We as a Country
Source: Microsoft
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
11
12. CYBERCRIME FORUM
Lessons from Least Infected Countries/regions
Factors that contribute to consistently low infection rates:
Strong public–private partnerships exist that enable proactive and
response capabilities.
Computer emergency response teams (CERTs), Internet service providers
(ISPs), and others who actively monitor for threats enable rapid response
to emerging threats.
Enforcement policies and active remediation of threats via quarantining
infected systems on networks in the country/region is effective.
An IT culture in which system administrators respond rapidly to reports of
system infections or abuse is helpful.
Educational campaigns and media attention that help improve the public’s
awareness of security issues can pay dividends.
Low software piracy rates and widespread usage of OS Update/Update
has helped keep infection rates relatively low.
Source: Microsoft
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
12
13. CYBERCRIME FORUM
What Can We Do About It
Deploy security in multiple layers
Collaborate with CERTs, ISPs and others
Seek public–private partnerships
Ensure enforcement of security policies
Run corporate educational programs
Raise public’s awareness of security issues
Well-known security tools may be outdated
Utilize security analysis on network-level
e.g. BigData processing for trends detection, etc.
Source: Arbor Networks, Ponemon Institute
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
13
14. CYBERCRIME FORUM
Summary
The threat landscape continues to become more complex and
mixes various threats to increase the likelihood of success.
Awareness can secure humans by changing behaviors.
Re-tool and incorporate next-generation technology.
Collaboration, public-private relationships, early-warning
systems and real-time knowledge are needed.
Security, thus data privacy, is everybody`s business.
South East European Regional Forum on Cybersecurity and Cybercrime, 2013
14
15. Questions?
Thank you!
Zdravko Stoychev, CISM CRISC
Company Information Security Officer
Alpha Bank Bulgaria branch
Email: zstoychev@alphabank.bg
Twitter: @zdravkos
15
Hinweis der Redaktion
The Third South East European Regional Forum on Cybersecurity and Cybercrime will take place in Sofia, Bulgaria, at Sofia Hilton Hotel from Monday 11 to Wednesday 13 of November 2013. The event will bring together representatives of leading ICT, energy, utility and pharmaceutical companies, financial institutions, banks, non-governmental organizations and high-level officials from law enforcement agencies.http://cybercrimeforum.bg/?lang=en
The rate of growth of the information society, the sophistication of threats targeting users, and the potential consequences of consumer devices being directed towards critical infrastructures requires new thinking and new collective action by the Internet community. We cannot expect consumers to become security experts, but if we think about how the public health model helps consumers to understand when they are ill and when they should get treated, we can come up with relevant concepts that are applicable to Internet security. The public health model is not perfect, nor does it need to be—where there are differences there may also be useful insights. For example, the medical model is massively distributed and has far more endpoints (doctors, nurses and pharmacists) than the computer model (there are fewer access providers than medical professionals), so IT professionals may identify critical trends more quickly. And while computer viruses may spread faster than human viruses, automation may permit devices to be vaccinated more quickly than people. Governments and industry, by focusing on the similarities and differences between the physical and the IT world can construct IT response mechanisms far more effective than what exists today.
CHALLENGES:- It can prove difficult to automate investigation processes.Because of this the increasing number of Internet users causes difficulties for the law-enforcement agencies. As opposed to, offenders can use automation to scale up their activities. This affects developing countries in particular.- Growing relianceon ICTs makes systems and services more vulnerable to attacks against critical infrastructures. Evenshort interruptions to services could cause huge financial damages to e-commerce businesses.- Criminals can commit serious computer crimes with only cheap or second-hand computer technology – knowledge counts for far more than equipment. This Internet data and fast search technology can be used for both legitimate and criminal purposes. Criminals can also use search engines to analyse targets.- The Internet’s network infrastructure is resistant to external attempts at control. It was not originally designed to facilitate criminal investigations or to prevent attacks from inside the network. The absence of control instruments makes cybercrime investigations very difficult.- Cybercrime investigations need the support and involvement of authorities in all countries involved. The harmonization of cybercrime-related laws and international cooperation would help. Over recent years, botnets have become a serious risk for cybersecurity. Increasing network capacities is also a major issue. The gap between the capacities of investigating authorities and those under control of criminals is getting wider. Another challenge is the use of wireless access points. The expansion of wireless Internet access in developing countries is an opportunity, as well as a challenge. Another factor that can complicate the investigation of cybercrime is encryption technology. Techniques can also be combined. Using software tools, offenders can encrypt messages and exchange them in pictures or images.WHAT WE CAN DO:- Strategies must be formulated to prevent attacks and develop countermeasures, including thedevelopment and promotion of technical means of protection. It is vital not only to educate the people involved in the fight against cybercrime, but also to draft adequate and effective legislation.
For enterprises, it is clear that typical perimeter defenses such as firewalls and IPS are not effective when dealing with DDoS attacks, as each technology inline to the target is actually a potential bottleneck. These devices can be an important part of a layered defense strategy but they were built for problems far different than today’s complex DDoS threat. Given the complexity of today’s threat landscape, and the nature of application layer attacks, it is increasingly clear that enterprises need better visibility and control over their networks which require a purpose built, on-premise DDoS mitigation solution. This could sound self-serving, however, visibility into a DDoS attack needs to be far better than the first report of your Website or critical business asset going down. Without real-time knowledge of the attack, defense and recovery becomes increasingly difficult.
In order to defend networks today, enterprises need to deploy DDoS security in multiple layers, from the perimeter of their network to the provider cloud, and ensure that on-premise equipment can work in harmony with provider networks for effective and robust attack mitigation…
The motivation of modern attackers can be singular, but…