U S Embassy Event - Today’S Cyber Threats

679 views

Published on

Presented on 3 Nov. 2010

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
679
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

U S Embassy Event - Today’S Cyber Threats

  1. 1. CHAIYAKORN APIWATHANOKUL CISSP, IRCA:ISMS, SANSGCFA Chief SecurityOfficer PTT ICT SolutionsCompany Limited Stay Ahead of CyberThreats CommitteeMemberof ThailandInformation SecurityAssociation
  2. 2. Speaker Profile Cyber Defense Initiative Confere nce 20102
  3. 3.  Current CyberThreats  CyberThreats Summary  ThreatConvergence ▪ Digital world and physical world is now homogeneous ▪ CCTV, Door AccessControl, ID Badge, HVAC, Medical Devices and other Automation System  Threat Summary of 2010  2011 Outlook
  4. 4.  Economic condition continue to fluctuate  More people is out of job  Criminal has more incentive  Budget is tighten  Technology makes things faster, smaller, better, cheaper and more available to those who never ever had accessibility before.  Technology is easier to user but much more sophisticated behind like an iceberg  New technology allows newer and innovative threats
  5. 5. Individual - Privacy - Life - Bank acc. Enterprise - Business espionage -Sabotage - Fraud - Financial loss - Reputation Industry - Specific industry sector damage i.e. telecom, healthcare, energy, financial Country -CyberWarfare - Sabotage -Criminal -Terrorism - National symbol Global -Criminal -Terrorism
  6. 6. Stolen Credit cards Botnets Exploits Spam Phishing& IdentityTheft Scam Websites Compromised E-Merchants CreditCard Fraud Hacked Databases Identities Underground Currency Credit Cards
  7. 7.  The threat is out there and more and more innocence users are getting on-board  More bandwidth (3G/4G)  More smarter devices  More users/subscribers  More innocence targets  More accessibility  More application (good & bad)
  8. 8.  Criminal utilizes leading-edge technology/methodology, while many people still:  Using password as “password” or “12345”  Password length not less than 8, fine, then “12345678”   Have to mix alphabet with number, ok, “password123”   Leave theirWiFi router/AP no password  Leave their ADSL router configuration as default
  9. 9.  Simple trick still work well  Win a Lotto  Celebs’ clip  Free ticket  FakeAntivirus  Malicious link  Bit.ly  Our_picture.zip
  10. 10.  (National) Cybersecurity Day  Security awareness medias and contents in local language  (National) Cybersecurity Awareness Program
  11. 11.  Keep the bad guy out (from outside)  What if the bad guy is inside?  Strong external security perimeter but weak internal control
  12. 12. From the response of over 10,000 executives around the globe  Organizations have more visibility on their environment as the number of “Don’t know” decreases
  13. 13.  The attacks aim more on the data  Network and system exploitations seem steady From the response of over 10,000 executives around the globe
  14. 14.  CEO’s or CFO’s may consider allocating budget not only for maintaining current security level but to advance security capability of the whole organization From the response of over 10,000 executives around the globe
  15. 15.  Board of directors need to hear from CISO  CISO and CIO has some contradict aspect of function (check and balance) From the response of over 10,000 executives around the globe
  16. 16.  Use custom software to infiltrate computers  Steal information  Steal credential  Steal intellectual property  Key logger  BotNet  Virus/worm  Rootkit
  17. 17. DEVICES  Network  Computer  Mobile phone  Home automation  IP camera  Access door  Building Automation System (BAS)  Medical device  Implantable device  Power grid, power substation  SCADA/DCS/Industrial Automation  Super car (Porsche 911)  Many many others COMMONATTACK SURFACE  Network (protocol)  Operating system  Application  Implementation
  18. 18. 19
  19. 19. Cyber Defense Initiative Confere nce 201020
  20. 20. 21
  21. 21. 22
  22. 22. 1. Attack to unpatched/outdated OS/service/software/application 2. Operator screen taken over 3. Attack to database or file server 4. Password brute force 5. Malware propagation 6. Eavesdrop (sniff) information from the network 7. Incomplete implementation ofTCP/IP 8. Denial of Service (DOS) 9. Embedded web interface in the device 10. Default authentication password or no password at all 23
  23. 23. 1) More focus on Data Correlation 2)Threat intelligence analysis will become more important 3) Endpoint security becomes more important 4) Focusing in on proactive forensics instead of being reactive 5) Moving beyond signature detection 6) Users will continue to be the target of attack 7) Shifting from focusing on data encryption to key management 8) Cloud computing will continue regardless of the security concerns 9) New Internet protocols with increase exposure 10) Integrated/embedded security devices
  24. 24.  M&A in IT Security Industry  More targeted custom malware attacks  More on the “white-list” approach rather than “black- list”  More on hardware (design) security  Memory (RAM) attack (decrypted data, password, pin and etc.)  As a result from PCI, HIPAA,GLBA that asked for encrypting sensitive data at rest and in transit  Monitoring and AnalysisCapability will increase  Wireless in more other purposes  MoreCloud Computing Issues  Digital investigator job will be highly demanded
  25. 25.  Emerging of legislation compliance requirement  Royal Decree (ETA.C25) (announced inSep. 2010 and will be enforced after 180 days)  ISO27001  Critical Infrastructure Sectors  BusinessContinuity  BS 25999  Increase of infosec workforce in government, public sector and private sector  Raise awareness and inspiration in infosec career in academic institutes  Increase user awareness of Thailand citizen

×