• Save
New Challenges in Data Privacy - Cybercrime and Cybersecurity Forum 2013, Sofia BG
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

New Challenges in Data Privacy - Cybercrime and Cybersecurity Forum 2013, Sofia BG

  • 650 views
Uploaded on

A brief overview of the cyber crime phenomenon, the internet threat landscape, lessons learned and what we can do about it.

A brief overview of the cyber crime phenomenon, the internet threat landscape, lessons learned and what we can do about it.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
650
On Slideshare
648
From Embeds
2
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 2

http://www.linkedin.com 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • The Third South East European Regional Forum on Cybersecurity and Cybercrime will take place in Sofia, Bulgaria, at Sofia Hilton Hotel from Monday 11 to Wednesday 13 of November 2013. The event will bring together representatives of leading ICT, energy, utility and pharmaceutical companies, financial institutions, banks, non-governmental organizations and high-level officials from law enforcement agencies.http://cybercrimeforum.bg/?lang=en
  • The rate of growth of the information society, the sophistication of threats targeting users, and the potential consequences of consumer devices being directed towards critical infrastructures requires new thinking and new collective action by the Internet community. We cannot expect consumers to become security experts, but if we think about how the public health model helps consumers to understand when they are ill and when they should get treated, we can come up with relevant concepts that are applicable to Internet security. The public health model is not perfect, nor does it need to be—where there are differences there may also be useful insights. For example, the medical model is massively distributed and has far more endpoints (doctors, nurses and pharmacists) than the computer model (there are fewer access providers than medical professionals), so IT professionals may identify critical trends more quickly. And while computer viruses may spread faster than human viruses, automation may permit devices to be vaccinated more quickly than people. Governments and industry, by focusing on the similarities and differences between the physical and the IT world can construct IT response mechanisms far more effective than what exists today.
  • CHALLENGES:- It can prove difficult to automate investigation processes.Because of this the increasing number of Internet users causes difficulties for the law-enforcement agencies. As opposed to, offenders can use automation to scale up their activities. This affects developing countries in particular.- Growing relianceon ICTs makes systems and services more vulnerable to attacks against critical infrastructures. Evenshort interruptions to services could cause huge financial damages to e-commerce businesses.- Criminals can commit serious computer crimes with only cheap or second-hand computer technology – knowledge counts for far more than equipment. This Internet data and fast search technology can be used for both legitimate and criminal purposes. Criminals can also use search engines to analyse targets.- The Internet’s network infrastructure is resistant to external attempts at control. It was not originally designed to facilitate criminal investigations or to prevent attacks from inside the network. The absence of control instruments makes cybercrime investigations very difficult.- Cybercrime investigations need the support and involvement of authorities in all countries involved. The harmonization of cybercrime-related laws and international cooperation would help. Over recent years, botnets have become a serious risk for cybersecurity. Increasing network capacities is also a major issue. The gap between the capacities of investigating authorities and those under control of criminals is getting wider. Another challenge is the use of wireless access points. The expansion of wireless Internet access in developing countries is an opportunity, as well as a challenge. Another factor that can complicate the investigation of cybercrime is encryption technology. Techniques can also be combined. Using software tools, offenders can encrypt messages and exchange them in pictures or images.WHAT WE CAN DO:- Strategies must be formulated to prevent attacks and develop countermeasures, including thedevelopment and promotion of technical means of protection. It is vital not only to educate the people involved in the fight against cybercrime, but also to draft adequate and effective legislation.
  • For enterprises, it is clear that typical perimeter defenses such as firewalls and IPS are not effective when dealing with DDoS attacks, as each technology inline to the target is actually a potential bottleneck. These devices can be an important part of a layered defense strategy but they were built for problems far different than today’s complex DDoS threat. Given the complexity of today’s threat landscape, and the nature of application layer attacks, it is increasingly clear that enterprises need better visibility and control over their networks which require a purpose built, on-premise DDoS mitigation solution. This could sound self-serving, however, visibility into a DDoS attack needs to be far better than the first report of your Website or critical business asset going down. Without real-time knowledge of the attack, defense and recovery becomes increasingly difficult.
  • In order to defend networks today, enterprises need to deploy DDoS security in multiple layers, from the perimeter of their network to the provider cloud, and ensure that on-premise equipment can work in harmony with provider networks for effective and robust attack mitigation…
  • The motivation of modern attackers can be singular, but…

Transcript

  • 1. New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013 Sofia 1
  • 2. CYBERCRIME FORUM Alpha Bank  Founded in 1879.  The Bank grew considerably in the last decades, developed into a major Group offering a wide range of financial services.  In 1999 the bank acquired 51% of the shares of the Ionian Bank. The name of the enlarged, new Bank, resulting from this merger is ALPHA BANK.  On February 1, 2013 the entire share capital of Emporiki Bank S.A. has been transferred to ALPHA BANK.  ALPHA BANK is one of the largest banks in Greece. The Bank's activities cover the entire range of financial services. South East European Regional Forum on Cybersecurity and Cybercrime, 2013 2
  • 3. CYBERCRIME FORUM Agenda  Current landscape   Trends & Statistics The Internet Security  Posed challenge    Fighting Cybercrime Home vs. Enterprise Global vs. Country  Lessons Learned   Factors That Contribute What Can We Do  Summary South East European Regional Forum on Cybersecurity and Cybercrime, 2013 3
  • 4. CYBERCRIME FORUM Threat Landscape Internet – a global shared domain “The scale of DDoS attacks continue to expand” “Web sites of security companies hacked by Anonymous” “The damage done by cybercrime increased by 50%” “Barely 4% of (UK) companies trust their IT security” “The yearly average cybercrime cost per company in USA increased by 78% in the past 4 years” “The goals under attacks of this week [Dec 2012]: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Services Group, SunTrust Banks, Inc.” South East European Regional Forum on Cybersecurity and Cybercrime, 2013 4
  • 5. CYBERCRIME FORUM Down to Rabbit-Hole The DDoS attacks achieved traffic per second 60% 50% 40% 30% 2013 2012 20% 10% 0% ~1Gb 2-10Gb Source: Arbor Networks South East European Regional Forum on Cybersecurity and Cybercrime, 2013 5
  • 6. CYBERCRIME FORUM Down to Rabbit-Hole  Attacks with duration under a hour: 87%  Average time to mitigate the attack is on: 130% increase  Less victims reported but the cost is on: 50% increase where  BYOD users constantly online: 49%  Smartphones and tables w/o unlock PIN: 48% Source: Arbor Networks , Ponemon Institute, Symantec South East European Regional Forum on Cybersecurity and Cybercrime, 2013 6
  • 7. CYBERCRIME FORUM Internet Security Threats Cyber threats and Internet attacks are difficult to characterize and respond to for a number of reasons:  There are many different malicious actors.  These actors have many different motives.  The attacks look similar, so the nature of the attack does not always help to identify the actor and the motive.  Incident Handling Team will be required in place to manage the attacks on per case basis.  The speed of attack may overwhelm response methods that require human interaction.  The potential consequences of an attack can be hard to predict.  The worst-case scenarios are alarming. Source: Collective Defense Applying Public Health Models to the Internet South East European Regional Forum on Cybersecurity and Cybercrime, 2013 7
  • 8. CYBERCRIME FORUM The Posed Challenge  Cyber crime is a fast-emerging threat and cyber attacks are being recognised as a threat to national security.  The most commonly reported crime is the theft of financial login credentials, i.e. Web and mobile banking.  The biggest and most common motivation is the financial gain.  It drives a range of criminal activities, including phishing, pharming, malware distribution and the hacking of corporate databases.  Cyber crime is a truly global criminal phenomenon which does not respond to single jurisdiction approaches to policing.  Cyber crime is forcing us to rethink the basic skills needed for the job, i.e. we need more Forensic Investigation specialists.  Organisations need to assess the likelihood of being the target and then defend against the techniques the most commonly use. Source: Infosecurity Europe 2013, Global Economic Symposium South East European Regional Forum on Cybersecurity and Cybercrime, 2013 8
  • 9. CYBERCRIME FORUM Home and Enterprise Threats Source: Microsoft South East European Regional Forum on Cybersecurity and Cybercrime, 2013 9
  • 10. CYBERCRIME FORUM Lowest Infection Rates Trends Source: Microsoft South East European Regional Forum on Cybersecurity and Cybercrime, 2013 10
  • 11. CYBERCRIME FORUM Where Are We as a Country Source: Microsoft South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11
  • 12. CYBERCRIME FORUM Lessons from Least Infected Countries/regions Factors that contribute to consistently low infection rates:  Strong public–private partnerships exist that enable proactive and response capabilities.  Computer emergency response teams (CERTs), Internet service providers (ISPs), and others who actively monitor for threats enable rapid response to emerging threats.  Enforcement policies and active remediation of threats via quarantining infected systems on networks in the country/region is effective.  An IT culture in which system administrators respond rapidly to reports of system infections or abuse is helpful.  Educational campaigns and media attention that help improve the public’s awareness of security issues can pay dividends.  Low software piracy rates and widespread usage of OS Update/Update has helped keep infection rates relatively low. Source: Microsoft South East European Regional Forum on Cybersecurity and Cybercrime, 2013 12
  • 13. CYBERCRIME FORUM What Can We Do About It  Deploy security in multiple layers  Collaborate with CERTs, ISPs and others  Seek public–private partnerships  Ensure enforcement of security policies  Run corporate educational programs  Raise public’s awareness of security issues  Well-known security tools may be outdated  Utilize security analysis on network-level e.g. BigData processing for trends detection, etc. Source: Arbor Networks, Ponemon Institute South East European Regional Forum on Cybersecurity and Cybercrime, 2013 13
  • 14. CYBERCRIME FORUM Summary  The threat landscape continues to become more complex and mixes various threats to increase the likelihood of success.  Awareness can secure humans by changing behaviors.  Re-tool and incorporate next-generation technology.  Collaboration, public-private relationships, early-warning systems and real-time knowledge are needed.  Security, thus data privacy, is everybody`s business. South East European Regional Forum on Cybersecurity and Cybercrime, 2013 14
  • 15. Questions? Thank you! Zdravko Stoychev, CISM CRISC Company Information Security Officer Alpha Bank Bulgaria branch Email: zstoychev@alphabank.bg Twitter: @zdravkos 15