KEEPING ALERT WITH CYBER
THREATS
By Ighoakpo A. EdujeCISO – Heritage Bank Plc
Outline
2
Introduction
Security Breach Statistics – 2018
A Peep on Recent Breaches
Data Breach & Most Frequent Sources
Improving Cyber Resilience
Collaboration & Team Work
On the spot assessment
Hacked
Not Hacked
Cannot Say
Improving
Cyber Attack Ready/
Resilient
Where is your organization?
Introduction
With increased cyber threats to businesses,and the trends within the last few years thefollowing is clear;
• Organisations are striving to improve their
security posture, attackers are also
innovating in their evils.
• Cyber-attacks and data breaches can
paralyse organisations on a national and
international scale.
• Financial loss and shutdown of essential
services and data loss due to cyber attacks
is no longer strange news.
• Cyber-attacks are not “likely to go away
soon” how organisations plan for them, is
what makes the difference.
PDCA
Data Breaches by the
NumbersCybersecurity Costs
WannaCry
ROGUE MOBILE
APPS
CYBERCRIME
PROJECTION
RANSOMWARE
DAMAGE COSTS
INFORMATION
THEFTTROJAN HORSE
VIRUS
SYSTEM
VULNERABILITIES
CYBER COST
TREND
FINANCIAL
INDUSTRY CYBER
COSTS
MALWARE & WEB
BASED CYBER
COSTS
IoT ATTACKS
RANSOMWARE
VULNERABILITIES
There are around 24,000 malicious mobile apps blocked every day. (Symantec)
Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity
Ventures)
The most expensive component of a cyber attack is information loss, which represents 43% of costs. (Accenture)
Malware and web-based attacks are the two most costly attack types —companies spent an average of US $2.4 million in defense. (Accenture)
1 2 3 4 5 6
Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38% of the total. (Cisco)
Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity
Ventures)
In 2017, cyber crime costs accelerated with organizations spending nearly 23% more than 2016 — on average about $11.7 million. (Accenture)
Ransomware damage costs exceed $5 billion in 2017, 15 times the cost in 2015. (CSO
Online)
The financial services industry takes in the highest cost from cyber crime at an average of $18.3m per company surveyed. (Accenture)
In 2017 there was a 13% overall increase in reported system vulnerabilities. (Symantec)
69 percent of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. Ponemon
Institute’s 2017
Cost of Data
Breach Study
Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53 percent of attacks. (Cisco)
IoT attacks were up 600 percent in 2017. (Symantec)
In 2017, 5.4 billion attacks by the WannaCry virus were blocked. (Symantec)
Cyber RisksCybersecurity Facts &
Figures
YAHOO HACKED
UBER HACKED
In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)
In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time. (Oath.com)
MALICIOUS FILE
EXTENSIONANTI-VIRUS
CAPABILITY
Security Breach Statistics - 2018
• Cyber-attacks are not “likely to go away soon”
• How organisations plan and manage them, is what will make the difference.
Recent Published Security Breaches/Incidents Ransomware Attack on Campbell
County Health in Gillette, US
On September 21, 2019, Campbell
County Health in Gillette, Wyoming fell
victim to a ransomware attack that
disrupted the hospital operations.
Outpatient and inpatient labs were
closed, and surgeries cancelled.
Root Cause:
It wasn't immediately clear what the
hackers were seeking from Campbell
County Health.
However in a ransomware attack,
hackers typically take a computer
system hostage and demand money in
exchange for restoring access.
Such attacks have been around
since the 1980s, but they've
become increasingly frequent with
the rise of cryptocurrency that
makes it easier for hackers to
receive and spend the ransoms.
Update
Campbell County Health officials were
working with FBI, Department of
Homeland Security, state and local
authorities to regain access to its
systems after the ransomware attack
took its computers hostage on Friday.
https://www.infosecurity-magazine.com/news/ransomware-attack-wyoming-health/
Unsecured Microsoft Azure Blob Exposes
Millions of Automatic Number Plate
Recognition Images at Tesco Car Parks
On September 23, 2019, Tesco said that its
parking web app exposed millions of automatic
number plate recognition.
The breach uncovered an unsecured Microsoft
Azure Blob belonging to Tesco’s parking web
app. The unprotected Microsoft Azure
Blurb were managed by a third-party
vendor named ‘Ranger Services’.
Root Cause:
The supermarket giant noted that access to the
Azure Blob was opened during a planned data
migration exercise to an AWS data lake.
However, access to the Blob has now been
disabled.
Risk:
A technical issue with a parking app meant that
for a short period historic images and times of
cars entering and exiting the car parks were
accessible.
The company have now disabled the app as they
work with their service provider to ensure it
doesn’t happen again.
https://www.techradar.com/uk/news/tesco-shutters-parking-app-following-license-plate-image-leak
Sensitive Data Including Source
Code and Credentials Belonging
to Scotiabank Exposed via Github
Repositories
On September 20, 2019, Scotiabank’s
source code and other sensitive data
such as credentials were found on
publicly available GitHub repositories.
The repositories contained hundreds
of files of documentation and code.
They were found to contain access
keys for a foreign exchange system,
login credentials for services, keys to
access the bank’s backend systems and
services in different parts of the world,
and software blueprints among others.
Source code for integrating the bank’s
systems with payment services was
also observed to be in the
repositories.
Action Taken:
Scotiabank immediately took down the
repositories that appear to be
misconfigured.
The bank’s technical teams are
working to remove the information
from GitHub.https://www.scmagazine.com/home/security-news/data-breach/report-scotiabank-exposed-source-code-and-credentials-on-github-repositories/
Oklahoma Department of Securities: 1m data
The Oklahoma Department of Securities
recently dealt with a breach of millions of files,
some of which were involved with FBI
investigations. UpGuard data breach
research says a storage server – with records
dating as far back as 1986 – says it is unclear
how long the records were publicly accessible,
but an IP address search engine first
registered it in November of 2018
The data was exposed via an unsecured
rsync service at an IP address registered to
the Oklahoma Office of Management and
Enterprise Services, allowing any user from
any IP address to download all the files stored
on the server,”
UpGuard classified the Securities Commission
website as having “severe risk of breach,” due
in part to its use of a web server which
reached end-of-life in 2015 (IIS 6.0). This
means no updates were made to address new
vulnerabilities in the last few years.https://www.upguard.com/breaches/rsync-oklahoma-securities-commission
First American Corporation: ~885,000,000
Topping the list of biggest data breaches and hacks in 2019
so far is this hack of the American real estate title insurer,
First American Corporation’s website. Security
reporter KrebsOnSecurity says the company’s website leaked
over three quarters of a billion mortgage deal
documents, including bank account numbers, tax records,
Social Security numbers, wire transaction receipts, and
driver’s license images.
Krebs says it was tipped off by a real estate developer who
“said anyone who knew the URL for a valid document at the
Web site could view other documents just by modifying a
single digit in the link,” according to KrebsOnSecurity. The
885,000,000 files, which date as far back as 16 years,
were available to view without authentication
requirements.
if First America used a serialization Content Management
System (CMS) – such a simple plug- may have helped to
Prevent Direct Access to customer’s data.
A more expensive option for securely cataloguing the data –
rather than hosting it online at all – might have been more
appropriate for such sensitive informationhttps://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/
Recent Security Breaches/Incidents
Approximately
24,000MaliciousMobile apps are
blocked every day 600%IN 2017
IoT attacks were up
PERCENT ANNUALLY
Ransomwares are
growing more than
DATA BREACHES BY THE NUMBERS
WHERE DO CYBER ATTACKS MOSTLY COME FROM
Microsoft Office formats such as
Words, PowerPoint and Excel
make up
About 38%
MALICIOUS FILE EXTENSION
China
USA
Russia
Sources of Cyber Attacks in 2017
71%
of cyber attacks begin with
spear-phishing emails
Data Breach & Most Frequent Sources
C
Y
B
E
Corporate
Strategic
Ownership &
Governance
Your Insider
& External
Threat
Business
Continuity
Effective
Reporting
Board & Management Commitment
Staff & Customer Behavioral & Pattern Analysis
Know your environment
Metrics, Monitoring & Reporting
Resourcing• Proactive Tools• Man Power• Cyber Skills
Cyber Threat Intelligence Internal, External &
Darkweb
Alerts and Dashboards
Improvement• Continuous Training• Customer Awareness
Artificial Intelligence• Fraud & AML
Monitoring• In-depth forensic skills
Compliance with Statutory & Regulatory Requirements
RDetermining the Current Cybersecurity Profile (“present state”)
Establishing a Target Cyber Profile (“desired state”)
Reporting Cybersecurity Self-Assessment(“current/future”)
Identify your critical information assets
Resilience
Assessment
Improving Cyber Resilience
Enhance Cybersecurity Resilience
Collaboration& TEAM WORK
Industrywide, Local and International
Collaboration is still a veritable frontier
for the fight against cybercrime,
provided each stakeholder stays alert
in securing their assets.
Thank You