war games is not a move anymore · cybersecurity challenges: komitas stepanyan, phd, crisc, crma,...
TRANSCRIPT
Cybersecurity Challenges:
Komitas Stepanyan, PhD, CRISC, CRMA, CobitFDeputy Head of Internal Audit
Central Bank of Armenia
“WAR GAMES”IS NOT A MOVIE ANYMORE
AGENDA
Introduction
Recent Hot Issues
Challenges
Solutions
• The era of digital life
• Mobile technologies, BYOD, Public WiFi
• Social networks
• Sound IT/IT Security governance
• Right people at the right place
• Best in calls technical solutions
• Ransomware
STATISTICS
Over 169 million personal records were exposed in 2015, across the financial, business, education, government and healthcare sectors. In 2017 several BILION*.2
In 2015, there were 38 % more security incidents detected than in 2014. In 2017 223 % more than in 2016. 1
The median number of days that attackers stay dormant within a network before detection is over 200.4
In 2017, 24% of breaches affected financial organizations5
More than 70 percent of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim.3
Min: $400 billion
Max: $600 billion
How can we manage and mitigate
Cybersecurity risks
more effectively?
Cybersecurity losses - 2016
Good conditions for large-scale hacker attacks !
Cybersecurity losses - 2019
~ 2 trillion
The Internet of Things: From Fiction to Reality
400,000 drug pumps installed in hospitals around the world
․․․independent security researcher identified a critical
vulnerability in 2015 in popular drug infusion pumps that
hundreds of thousands of hospitals use.
Hackers could raise the dosage limit patients received,
allowing to remotely kill a victim in the hospital ․․․
RECENT HOT CASES
Bangladesh central bank hacked. Attackers
used a malware and steal $81 million.
February 2016
Second malware attack - Vietnamese commercial bank hacked
May 13, 2016
RECENT HOT CASES
2017 HOT CASES
Google and Facebook were victims of Business Email Compromise (BEC) or ‘CEO Fraud’
March 2017, 64 Cyberattacks
April 2017, 85 Cyberattacks
Malware Threat to ATMs
Homographic Phishing Attacks2017
The year of ransomware... Password security
January 2017, 89 Cyberattacks
1 Billion user accounts stolen from Chinese Internet Giants
Ransomware infected 70% of the storage devices that record data from D.C. police surveillance cameras, DC Police Department
52GB database was stolen containing information on 33.7 million people
May 2017, 67 Cyberattacks
WannaCry Ransomware
August 2017, 90 Cyberattacks
More than 700m email addresses, as well as a number of passwords has been stolen
September 2017, 41 Cyberattacks
143 million customers personal and financial information stolen from Equifax
AGENDA
Introduction
Recent Hot Issues
Challenges
Solutions
• The era of digital life
• Mobile technologies, BYOD, Public WiFi
• Social networks
• Sound IT/IT Security governance
• Right people at the right place
• Best in calls technical solutions
How to effectively mitigate cyber security challenges?
• Ransomware
ENCRYPTION AS A WEAPON - RANSOMWARE
What is ransomware?
sophisticated piece of malware that blocks
the victim’s access to his/her files.
The cyber security community agrees that this is the most
prominent and worrisome cyber threat of the moment.
FACTS
88% of breaches fall into the nine patterns that Data Breach
Investigations Report first identified back in 2014.
About 60% of cases, hackers are able to get results in minutes
23% of people receiving PHISHING letters, opens them and 11%
clicks on links or opens attached files
91% of successful data breaches started with a phishing attack
99.9% of exploited vulnerabilities were compromised more than a year
after details were published
SOCIAL ENGINEERING
https://www.youtube.com/watch?v=bjYhmX_OUQQ
https://www.youtube.com/watch?v=bjYhmX_OUQQ
USE OF CLOUD COMPUTING SERVICES, 2014 AND 2016 (% OF ENTERPRISES)
Source >>> http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises
USE OF CLOUD COMPUTING SERVICES IN ENTERPRISES, BY PURPOSE, 2014 AND 2016 (% )
Source >>> http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises
BYOD – BRING YOUR OWN DEVICE
Bring Your Own Everything… (BYOx)
2015 2016 2020. . . . .
+30%5.2
billion~ 7
billion20
billion
AGENDA
Introduction
Recent Hot Issues
Challenges
Solutions
• The era of digital life
• Mobile technologies, BYOD, Public WiFi
• Social networks
• Sound IT/IT Security governance
• Right people at the right place
• Best in calls technical solutions
How to effectively mitigate cyber security challenges?
• Ransomware
SUMMARY
Knowledge and informed people: the most efficient way to mitigate
cyber security risks today and tomorrow
SUMMARY
Don’t be lazy to cover cyber security basics…
Think Before You ClickUpdate Regularly
Use an Effective Password Policy
Be suspicious of warnings that pop up asking you to install
Guard Your Personal Data
Use SSL Correctly
Don’t be lazy to educate employees…
SOLUTIONS
• ISO 27001• COBIT• ITIL• NIST
• Hardened IT Infrastructure
• Effective monitoring tools
• Patch Management• Configuration
Management• Incident Management
Best in class
IT solutions
Sound IT and
IT Security
Governance
• Strong InfoSec• Strong IT Audit• Informed, aware
personnel
Right people
at the right place