KEEPING ALERT WITH CYBER

THREATS

By Ighoakpo A. EdujeCISO – Heritage Bank Plc

Outline

2

Introduction

Security Breach Statistics – 2018

A Peep on Recent Breaches

Data Breach & Most Frequent Sources

Improving Cyber Resilience

Collaboration & Team Work

On the spot assessment

Hacked

Not Hacked

Cannot Say

Improving

Cyber Attack Ready/

Resilient

Where is your organization?

Introduction

With increased cyber threats to businesses,and the trends within the last few years thefollowing is clear;

• Organisations are striving to improve their

security posture, attackers are also

innovating in their evils.

• Cyber-attacks and data breaches can

paralyse organisations on a national and

international scale.

• Financial loss and shutdown of essential

services and data loss due to cyber attacks

is no longer strange news.

• Cyber-attacks are not “likely to go away

soon” how organisations plan for them, is

what makes the difference.

PDCA

Data Breaches by the

NumbersCybersecurity Costs

WannaCry

ROGUE MOBILE

APPS

CYBERCRIME

PROJECTION

RANSOMWARE

DAMAGE COSTS

INFORMATION

THEFTTROJAN HORSE

VIRUS

SYSTEM

VULNERABILITIES

CYBER COST

TREND

FINANCIAL

INDUSTRY CYBER

COSTS

MALWARE & WEB

BASED CYBER

COSTS

IoT ATTACKS

RANSOMWARE

VULNERABILITIES

There are around 24,000 malicious mobile apps blocked every day. (Symantec)

Damage related to cybercrime is projected to hit $6 trillion annually by 2021. (Cybersecurity

Ventures)

The most expensive component of a cyber attack is information loss, which represents 43% of costs. (Accenture)

Malware and web-based attacks are the two most costly attack types —companies spent an average of US $2.4 million in defense. (Accenture)

1 2 3 4 5 6

Microsoft Office formats such as Word, PowerPoint and Excel make up the most prevalent group of malicious file extensions at 38% of the total. (Cisco)

Ransomware damage costs will rise to $11.5 billion in 2019 and a business will fall victim to a ransomware attack every 14 seconds at that time. (Cybersecurity

Ventures)

In 2017, cyber crime costs accelerated with organizations spending nearly 23% more than 2016 — on average about $11.7 million. (Accenture)

Ransomware damage costs exceed $5 billion in 2017, 15 times the cost in 2015. (CSO

Online)

The financial services industry takes in the highest cost from cyber crime at an average of $18.3m per company surveyed. (Accenture)

In 2017 there was a 13% overall increase in reported system vulnerabilities. (Symantec)

69 percent of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. Ponemon

Institute’s 2017

Cost of Data

Breach Study

Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53 percent of attacks. (Cisco)

IoT attacks were up 600 percent in 2017. (Symantec)

In 2017, 5.4 billion attacks by the WannaCry virus were blocked. (Symantec)

Cyber RisksCybersecurity Facts &

Figures

YAHOO HACKED

UBER HACKED

In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers. (Uber)

In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time. (Oath.com)

MALICIOUS FILE

EXTENSIONANTI-VIRUS

CAPABILITY

Security Breach Statistics - 2018

• Cyber-attacks are not “likely to go away soon”

• How organisations plan and manage them, is what will make the difference.

Recent Published Security Breaches/Incidents Ransomware Attack on Campbell

County Health in Gillette, US

On September 21, 2019, Campbell

County Health in Gillette, Wyoming fell

victim to a ransomware attack that

disrupted the hospital operations.

Outpatient and inpatient labs were

closed, and surgeries cancelled.

Root Cause:

It wasn't immediately clear what the

hackers were seeking from Campbell

County Health.

However in a ransomware attack,

hackers typically take a computer

system hostage and demand money in

exchange for restoring access.

Such attacks have been around

since the 1980s, but they've

become increasingly frequent with

the rise of cryptocurrency that

makes it easier for hackers to

receive and spend the ransoms.

Update

Campbell County Health officials were

working with FBI, Department of

Homeland Security, state and local

authorities to regain access to its

systems after the ransomware attack

took its computers hostage on Friday.

https://www.infosecurity-magazine.com/news/ransomware-attack-wyoming-health/

Unsecured Microsoft Azure Blob Exposes

Millions of Automatic Number Plate

Recognition Images at Tesco Car Parks

On September 23, 2019, Tesco said that its

parking web app exposed millions of automatic

number plate recognition.

The breach uncovered an unsecured Microsoft

Azure Blob belonging to Tesco’s parking web

app. The unprotected Microsoft Azure

Blurb were managed by a third-party

vendor named ‘Ranger Services’.

Root Cause:

The supermarket giant noted that access to the

Azure Blob was opened during a planned data

migration exercise to an AWS data lake.

However, access to the Blob has now been

disabled.

Risk:

A technical issue with a parking app meant that

for a short period historic images and times of

cars entering and exiting the car parks were

accessible.

The company have now disabled the app as they

work with their service provider to ensure it

doesn’t happen again.

https://www.techradar.com/uk/news/tesco-shutters-parking-app-following-license-plate-image-leak

Sensitive Data Including Source

Code and Credentials Belonging

to Scotiabank Exposed via Github

Repositories

On September 20, 2019, Scotiabank’s

source code and other sensitive data

such as credentials were found on

publicly available GitHub repositories.

The repositories contained hundreds

of files of documentation and code.

They were found to contain access

keys for a foreign exchange system,

login credentials for services, keys to

access the bank’s backend systems and

services in different parts of the world,

and software blueprints among others.

Source code for integrating the bank’s

systems with payment services was

also observed to be in the

repositories.

Action Taken:

Scotiabank immediately took down the

repositories that appear to be

misconfigured.

The bank’s technical teams are

working to remove the information

from GitHub.https://www.scmagazine.com/home/security-news/data-breach/report-scotiabank-exposed-source-code-and-credentials-on-github-repositories/

Oklahoma Department of Securities: 1m data

The Oklahoma Department of Securities

recently dealt with a breach of millions of files,

some of which were involved with FBI

investigations. UpGuard data breach

research says a storage server – with records

dating as far back as 1986 – says it is unclear

how long the records were publicly accessible,

but an IP address search engine first

registered it in November of 2018

The data was exposed via an unsecured

rsync service at an IP address registered to

the Oklahoma Office of Management and

Enterprise Services, allowing any user from

any IP address to download all the files stored

on the server,”

UpGuard classified the Securities Commission

website as having “severe risk of breach,” due

in part to its use of a web server which

reached end-of-life in 2015 (IIS 6.0). This

means no updates were made to address new

vulnerabilities in the last few years.https://www.upguard.com/breaches/rsync-oklahoma-securities-commission

First American Corporation: ~885,000,000

Topping the list of biggest data breaches and hacks in 2019

so far is this hack of the American real estate title insurer,

First American Corporation’s website. Security

reporter KrebsOnSecurity says the company’s website leaked

over three quarters of a billion mortgage deal

documents, including bank account numbers, tax records,

Social Security numbers, wire transaction receipts, and

driver’s license images.

Krebs says it was tipped off by a real estate developer who

“said anyone who knew the URL for a valid document at the

Web site could view other documents just by modifying a

single digit in the link,” according to KrebsOnSecurity. The

885,000,000 files, which date as far back as 16 years,

were available to view without authentication

requirements.

if First America used a serialization Content Management

System (CMS) – such a simple plug- may have helped to

Prevent Direct Access to customer’s data.

A more expensive option for securely cataloguing the data –

rather than hosting it online at all – might have been more

appropriate for such sensitive informationhttps://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/

Recent Security Breaches/Incidents

Approximately

24,000MaliciousMobile apps are

blocked every day 600%IN 2017

IoT attacks were up

PERCENT ANNUALLY

Ransomwares are

growing more than

DATA BREACHES BY THE NUMBERS

WHERE DO CYBER ATTACKS MOSTLY COME FROM

Microsoft Office formats such as

Words, PowerPoint and Excel

make up

About 38%

MALICIOUS FILE EXTENSION

China

USA

Russia

Sources of Cyber Attacks in 2017

71%

of cyber attacks begin with

spear-phishing emails

Data Breach & Most Frequent Sources

C

Y

B

E

Corporate

Strategic

Ownership &

Governance

Your Insider

& External

Threat

Business

Continuity

Effective

Reporting

Board & Management Commitment

Staff & Customer Behavioral & Pattern Analysis

Know your environment

Metrics, Monitoring & Reporting

Resourcing• Proactive Tools• Man Power• Cyber Skills

Cyber Threat Intelligence Internal, External &

Darkweb

Alerts and Dashboards

Improvement• Continuous Training• Customer Awareness

Artificial Intelligence• Fraud & AML

Monitoring• In-depth forensic skills

Compliance with Statutory & Regulatory Requirements

RDetermining the Current Cybersecurity Profile (“present state”)

Establishing a Target Cyber Profile (“desired state”)

Reporting Cybersecurity Self-Assessment(“current/future”)

Identify your critical information assets

Resilience

Assessment

Improving Cyber Resilience

Enhance Cybersecurity Resilience

Collaboration& TEAM WORK

Industrywide, Local and International

Collaboration is still a veritable frontier

for the fight against cybercrime,

provided each stakeholder stays alert

in securing their assets.

Thank You