Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Risk Management in the New Digitalisation Age - eSentinel™

Presentation slides from Webinar 11th Dec 2020 by Kenneth Wee, Commercial Director, Netpluz Asia Pte Ltd

  • Be the first to comment

  • Be the first to like this

Cyber Risk Management in the New Digitalisation Age - eSentinel™

  1. 1. Cyber Risk Management InThe New Digitalisation Age Presented by Kenneth Wee, Commercial Director 11 Dec 2020
  2. 2. CYBERATTACK RANSOMWARE Without you knowing, your business could have already been compromised DATA BREACH
  3. 3. Is it only IT’s issue?
  4. 4. Mindset Shift
  5. 5. NewWorking Normal
  6. 6. WFH Risks Exposure Home Network Unsecured FreeApplication Downloads Online Free CollaborationTools
  7. 7. IsYour Business At Risks? With the increased in Cyberattacks, Cybersecurity is not simply an IT issue but must be viewed as a Business Risk
  8. 8. Singapore Cyber Landscape Source: Singapore’s Safer Cyberspace Masterplan 2020 – CSA.gov.sg Singapore SME Cyber Preparedness Report 2019 by Chubb 40% of Cyberattacks in SG Target SMEs 65% of SMEs were victims of cyber incident in the past year 40% of all breaches involved customer records 53% of cyber incidents in the past 12 months were caused by employees
  9. 9. Cyber Headlines in RecentTimes
  10. 10. ➢ No ‘sunrise’ or transition period ➢ Stiffer penalty for data breaches PDPA (Amendment) Bill passed in Parliament 2 Nov 2020
  11. 11. CyberThreats
  12. 12. CyberThreats Source: Singapore Cyber Landscape Report 2019 by Cyber Security Agency of Singapore(CSA)
  13. 13. Hackers simply want to “Vandalise” your webpage?
  14. 14. Image source: Google Google Malaysia Thai Airways SMRT Website 13 Schools in Singapore Credit Bureau Singapore Trump Campaign Website VisualWeb Defacement
  15. 15. Case 1: British Airways (Sep 2018) - Website breach - Undetected for more than 2 months - Personal and payment information were compromised Source: ico.org.uk, www.cnet.com
  16. 16. Source: https://www.straitstimes.com/tech/love-bonito-customers-data-breached-credit-card-details-exposed-watchdog-investigating Case 2: Love Bonito (Dec 2019) - Website breach - Online users' data had been compromised - Some customers’ credit card information were exposed including expiry date and CVVs
  17. 17. Web Defacement Business Implications Revenue Loss Regulatory fines Legal fees Opportunity Cost Data Breach
  18. 18. SOCIAL ENGINEERING BEC PHISHING SPEAR WHALING BUSINESS EMAIL COMPROMISED CEO FRAUD PRETEXTING EMAIL ACCOUNT COMPROMISE BEC SMISHING SOCIAL ENGINEERING PHISHING SPEAR BUSINESS EMAIL COMPROMISE VISHING PHISHING WHALING
  19. 19. Phishing Threats • Open email attachment • Clicking a link • Transfer sensitive information • Transfer funds
  20. 20. Did you know…… Phish kits for sale on dark web From $20 per phish kit Image source: www.group-ib.com/media/how-much-is-the-phish/
  21. 21. Email Phishing Example Sender: sales.crm@abc.com Actual sender: ogtleg@www331b.sakura.ne.jp
  22. 22. Business Implications Monetary loss - Money transferred to Hackers’ account Ransomware - Busines disruption - Recovery cost Malware infecting network and servers - Affecting business operations and productivity
  23. 23. CHRONOLOGY OF DATA BREACH Personal Data 3rd Party Corporate Data Information Unauthorized Access/Disclosure/Use Theft / Loss Forensic Investigation Legal Review Notification Public Relations Legal Defence Costs Damages & Settlements Reputational Damage Business Income Loss DISCOVERY OF A DATA BREACH EVALUATIONOF THE DATA BREACH SHORT TERM RESPONSE LONGTERM CONSEQUENCES
  24. 24. Shared Responsibility Model? CUSTOMER RESPONSIBILITY FOR SECURITY “IN”THE CLOUD CLOUD SERVICE PROVIDER RESPONSIBILITY FOR SECURITY “OF”THE CLOUD CustomerApplications & Content Network Security Identity & Access Control Operating System / Platform Data Encryption Cloud Platform Physical Infrastructure Network Infrastructure Virtualization Layer
  25. 25. Recognise your weakest link
  26. 26. Mitigate Cyber Risks
  27. 27. DDoS Mitigation Firewall Network Monitoring Web Protection Skilled Professionals ASAV Malware Ransomware Vendor A Vendor B Vendor C Vendor D Vendor E Cyber Protection in Silo
  28. 28. Redefining Your First Layer Cyber Defense
  29. 29. eSentinel™ 360 Managed Cybersecurity Integrated Platform
  30. 30. eSentinel™ – 360 Defence
  31. 31. Security Assessment Asset Scanning & Monitoring Vulnerability Assessment 24x7 SNOC SIEM Log Analyzer Threat Detection Attack Prevention DDoS Protection Next-Gen Firewall IPS ASAV eSentinel™ eSentinel™ Internet Customer B Customer A 1st Layer Defense At ISP level 2nd Layer Protection At Customer Level Cyber Attack
  32. 32. Managed Security Information Event Management (SIEM) • Single all-in-one security monitoring solution (Asset discovery, vulnerability assessment) • Monitors cloud and on-premises infrastructure from one platform • Provides comprehensive threat detection and actionable incident response directives
  33. 33. Security Network Operation Centre (SNOC) • 24 x 7 SNOC • Proactive Monitoring • Alerts & Notification
  34. 34. Vulnerability Assessment (VA) Asset Scanning & Monitoring Security Assessment • Periodic Scanning • Report Card Identify Gaps CRITICAL MEDIUM HIGH LOW
  35. 35. ➢ Insights ➢ Agility ➢ Alerts ➢ Notification ➢ Customizable policies ➢ Monthly Report Visibility with Single Pane of Glass
  36. 36. Netpluz Cybersecurity Partners
  37. 37. Web Defacement Protection
  38. 38. Web Defacement Solution Image Analytics Content Analytics Automated Integrity Analytics
  39. 39. High Level Network Architecture -WebOrion® Monitor (SaaS)
  40. 40. Web Defacement Solution
  41. 41. Email Protection
  42. 42. Comprehensive Email Security Solution Inbound Mail Flow
  43. 43. Email Protection & Isolation
  44. 44. Endpoint Protection Firewall
  45. 45. Sophos Intercept X ANTI-EXPLOIT MACHINE LEARNING ANTI-RANSOMWARE MALWARE REMOVAL ROOT CAUSE ANALYSIS STOP UNKNOWN THREATS PREVENT RANSOMWARE DENY THE ATTACKER
  46. 46. ManagedThreat Response (MTR)
  47. 47. A completely new approach to Endpoint Security Synchronized Security Intercept
  48. 48. Cross-Estate Communication Sophos Endpoint shares infection status with the security system, triggering automatic responses 21 Malware Detection Sophos Endpoint detects a malware attack Device Isolation XG Firewall instantly isolates the computer, preventing the attack from spreading, and communication with C2 servers. 3 Clean-up Sophos Endpoint automatically cleans up the infection. Once the malware is removed, Sophos Endpoint shares this update with the cybersecurity system 4 Security Heartbeat™ Access Restored XG Firewall restores network access. Root Cause Analysis provides detailed view of what happened. 5 Respond Respond automatically to incidentsSynchronized Security Heartbeat
  49. 49. Educate Staff
  50. 50. Increase Resiliency with Email Phishing Simulation &Training
  51. 51. Management Reporting Dashboard
  52. 52. Managing Cyber Breach
  53. 53. Sophos Rapid Response
  54. 54. Containment & Neutralization MTR Advanced 24/7 Monitoring, Detection, and Response Threat Summary Deployment Triage & Analysis Kick-off Call Within 48 hours or less Sophos Rapid Response
  55. 55. What is IT Managed Service?
  56. 56. Challenges in Implementing Cybersecurity
  57. 57. ➢ Extension toYour IT Dept ➢ OPEX Model Available ➢ 24/7 Support Helpdesk ➢ 24/7 Monitoring ➢ Alert Notification ➢ Monthly Reporting Managed Service Network Cybersecurity System BUSINESS FOCUS not technology
  58. 58. Thank you Kenneth Wee Commercial Director 97826791 kenneth.wee@netpluz.asia

×