SlideShare a Scribd company logo

U S Embassy Event - Today’S Cyber Threats

Narinrit Prem-apiwathanokul
Narinrit Prem-apiwathanokul

Presented on 3 Nov. 2010

1 of 29
Download to read offline
CHAIYAKORN APIWATHANOKUL CISSP, IRCA:ISMS, SANSGCFA Chief SecurityOfficer PTT ICT SolutionsCompany Limited Stay Ahead of CyberThreats CommitteeMemberof ThailandInformation SecurityAssociation
Speaker Profile Cyber Defense Initiative Confere nce 20102
 Current CyberThreats  CyberThreats Summary  ThreatConvergence ▪ Digital world and physical world is now homogeneous ▪ CCTV, Door AccessControl, ID Badge, HVAC, Medical Devices and other Automation System  Threat Summary of 2010  2011 Outlook
 Economic condition continue to fluctuate  More people is out of job  Criminal has more incentive  Budget is tighten  Technology makes things faster, smaller, better, cheaper and more available to those who never ever had accessibility before.  Technology is easier to user but much more sophisticated behind like an iceberg  New technology allows newer and innovative threats
Individual - Privacy - Life - Bank acc. Enterprise - Business espionage -Sabotage - Fraud - Financial loss - Reputation Industry - Specific industry sector damage i.e. telecom, healthcare, energy, financial Country -CyberWarfare - Sabotage -Criminal -Terrorism - National symbol Global -Criminal -Terrorism
Stolen Credit cards Botnets Exploits Spam Phishing& IdentityTheft Scam Websites Compromised E-Merchants CreditCard Fraud Hacked Databases Identities Underground Currency Credit Cards
 The threat is out there and more and more innocence users are getting on-board  More bandwidth (3G/4G)  More smarter devices  More users/subscribers  More innocence targets  More accessibility  More application (good & bad)
 Criminal utilizes leading-edge technology/methodology, while many people still:  Using password as “password” or “12345”  Password length not less than 8, fine, then “12345678”   Have to mix alphabet with number, ok, “password123”   Leave theirWiFi router/AP no password  Leave their ADSL router configuration as default
 Simple trick still work well  Win a Lotto  Celebs’ clip  Free ticket  FakeAntivirus  Malicious link  Bit.ly  Our_picture.zip
 (National) Cybersecurity Day  Security awareness medias and contents in local language  (National) Cybersecurity Awareness Program
 Keep the bad guy out (from outside)  What if the bad guy is inside?  Strong external security perimeter but weak internal control
From the response of over 10,000 executives around the globe  Organizations have more visibility on their environment as the number of “Don’t know” decreases
 The attacks aim more on the data  Network and system exploitations seem steady From the response of over 10,000 executives around the globe
 CEO’s or CFO’s may consider allocating budget not only for maintaining current security level but to advance security capability of the whole organization From the response of over 10,000 executives around the globe
 Board of directors need to hear from CISO  CISO and CIO has some contradict aspect of function (check and balance) From the response of over 10,000 executives around the globe
 Use custom software to infiltrate computers  Steal information  Steal credential  Steal intellectual property  Key logger  BotNet  Virus/worm  Rootkit
DEVICES  Network  Computer  Mobile phone  Home automation  IP camera  Access door  Building Automation System (BAS)  Medical device  Implantable device  Power grid, power substation  SCADA/DCS/Industrial Automation  Super car (Porsche 911)  Many many others COMMONATTACK SURFACE  Network (protocol)  Operating system  Application  Implementation
19
Cyber Defense Initiative Confere nce 201020
21
22
1. Attack to unpatched/outdated OS/service/software/application 2. Operator screen taken over 3. Attack to database or file server 4. Password brute force 5. Malware propagation 6. Eavesdrop (sniff) information from the network 7. Incomplete implementation ofTCP/IP 8. Denial of Service (DOS) 9. Embedded web interface in the device 10. Default authentication password or no password at all 23
1) More focus on Data Correlation 2)Threat intelligence analysis will become more important 3) Endpoint security becomes more important 4) Focusing in on proactive forensics instead of being reactive 5) Moving beyond signature detection 6) Users will continue to be the target of attack 7) Shifting from focusing on data encryption to key management 8) Cloud computing will continue regardless of the security concerns 9) New Internet protocols with increase exposure 10) Integrated/embedded security devices
 M&A in IT Security Industry  More targeted custom malware attacks  More on the “white-list” approach rather than “black- list”  More on hardware (design) security  Memory (RAM) attack (decrypted data, password, pin and etc.)  As a result from PCI, HIPAA,GLBA that asked for encrypting sensitive data at rest and in transit  Monitoring and AnalysisCapability will increase  Wireless in more other purposes  MoreCloud Computing Issues  Digital investigator job will be highly demanded
 Emerging of legislation compliance requirement  Royal Decree (ETA.C25) (announced inSep. 2010 and will be enforced after 180 days)  ISO27001  Critical Infrastructure Sectors  BusinessContinuity  BS 25999  Increase of infosec workforce in government, public sector and private sector  Raise awareness and inspiration in infosec career in academic institutes  Increase user awareness of Thailand citizen
U S Embassy Event - Today’S Cyber Threats

Recommended

Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Research On Global Markets
 

Recommended

Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Mukesh Chinta
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Cisco cybersecurity essentials chapter 3
Cisco cybersecurity essentials chapter 3Mukesh Chinta
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Government-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefGovernment-ForeScout-Solution-Brief
Government-ForeScout-Solution-BriefJonathan Reyes
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Research On Global Markets
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2FitCEO, Inc. (FCI)
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForescout Technologies Inc
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Omar Khawaja
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Vp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentVp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentAudianDunahm
 
Chaiyakorn
ChaiyakornChaiyakorn
ChaiyakornNarinrit Prem-apiwathanokul
 
SecurityExchange2009-Key Note
SecurityExchange2009-Key NoteSecurityExchange2009-Key Note
SecurityExchange2009-Key NoteNarinrit Prem-apiwathanokul
 

More Related Content

What's hot

IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresUITSEC Teknoloji A.Ş.
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2FitCEO, Inc. (FCI)
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]Sharpe Smith
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - CybersecurityAbhilashYadav14
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Omar Khawaja
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentationJamesDempsey1
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security BreachSeculert
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 

What's hot (19)

IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructures
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of Things
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
 
Security 2 Q 07[1]
Security 2 Q 07[1]Security 2 Q 07[1]
Security 2 Q 07[1]
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
Is6120 data security presentation
Is6120 data security presentationIs6120 data security presentation
Is6120 data security presentation
 
5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach5 Critical Steps to Handling a Security Breach
5 Critical Steps to Handling a Security Breach
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 

Viewers also liked

Vp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentVp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentAudianDunahm
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applicationscmstiernberg
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...Shawn Tuma
 
What Every CISO Needs to Know About Cyber Insurance
What Every CISO Needs to Know About Cyber InsuranceWhat Every CISO Needs to Know About Cyber Insurance
What Every CISO Needs to Know About Cyber InsuranceSymantec
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
ATCA Aircraft Cyber Security Article 10-13
ATCA Aircraft Cyber Security Article 10-13ATCA Aircraft Cyber Security Article 10-13
ATCA Aircraft Cyber Security Article 10-13Eric Jacobs
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability InsuranceGraeme Newman
 
Managing and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspectiveManaging and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspectiveIISPEastMids
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 

Viewers also liked (20)

Vp Leadership And Organizational Development
Vp Leadership And Organizational DevelopmentVp Leadership And Organizational Development
Vp Leadership And Organizational Development
 
Chaiyakorn
ChaiyakornChaiyakorn
Chaiyakorn
 
SecurityExchange2009-Key Note
SecurityExchange2009-Key NoteSecurityExchange2009-Key Note
SecurityExchange2009-Key Note
 
Introduction to INFOSEC Professional
Introduction to INFOSEC ProfessionalIntroduction to INFOSEC Professional
Introduction to INFOSEC Professional
 
IT Security EBK2008 Summary
IT Security EBK2008 SummaryIT Security EBK2008 Summary
IT Security EBK2008 Summary
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
IMC: risk base security
IMC: risk base securityIMC: risk base security
IMC: risk base security
 
Cloud Security by CK
Cloud Security by CKCloud Security by CK
Cloud Security by CK
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ck
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
Provisions in Cyber Insurance Policies - State Bar of Texas Annual Meeting 20...
 
What Every CISO Needs to Know About Cyber Insurance
What Every CISO Needs to Know About Cyber InsuranceWhat Every CISO Needs to Know About Cyber Insurance
What Every CISO Needs to Know About Cyber Insurance
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
Bad Faith Litigation
Bad Faith Litigation Bad Faith Litigation
Bad Faith Litigation
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
ATCA Aircraft Cyber Security Article 10-13
ATCA Aircraft Cyber Security Article 10-13ATCA Aircraft Cyber Security Article 10-13
ATCA Aircraft Cyber Security Article 10-13
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability Insurance
 
Managing and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspectiveManaging and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspective
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRC
 

Similar to U S Embassy Event - Today’S Cyber Threats

IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdfonline Marketing
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Andris Soroka
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 

Similar to U S Embassy Event - Today’S Cyber Threats (20)

IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Sophos
SophosSophos
Sophos
 
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
12 IoT Cyber Security Threats to Avoid - CyberHive.pdf
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
 
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuani...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
188
188188
188
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 

More from Narinrit Prem-apiwathanokul

Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandNarinrit Prem-apiwathanokul
 

More from Narinrit Prem-apiwathanokul (7)

How to address C-Level properly?
How to address C-Level properly?How to address C-Level properly?
How to address C-Level properly?
 
Infosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For ThailandInfosec Workforce Development Framework For Thailand
Infosec Workforce Development Framework For Thailand
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
Addressing CIP
Addressing CIPAddressing CIP
Addressing CIP
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
CCA Preparation for Organization
CCA Preparation for OrganizationCCA Preparation for Organization
CCA Preparation for Organization
 

U S Embassy Event - Today’S Cyber Threats

  • 1. CHAIYAKORN APIWATHANOKUL CISSP, IRCA:ISMS, SANSGCFA Chief SecurityOfficer PTT ICT SolutionsCompany Limited Stay Ahead of CyberThreats CommitteeMemberof ThailandInformation SecurityAssociation
  • 3.  Current CyberThreats  CyberThreats Summary  ThreatConvergence ▪ Digital world and physical world is now homogeneous ▪ CCTV, Door AccessControl, ID Badge, HVAC, Medical Devices and other Automation System  Threat Summary of 2010  2011 Outlook
  • 4.  Economic condition continue to fluctuate  More people is out of job  Criminal has more incentive  Budget is tighten  Technology makes things faster, smaller, better, cheaper and more available to those who never ever had accessibility before.  Technology is easier to user but much more sophisticated behind like an iceberg  New technology allows newer and innovative threats
  • 5. Individual - Privacy - Life - Bank acc. Enterprise - Business espionage -Sabotage - Fraud - Financial loss - Reputation Industry - Specific industry sector damage i.e. telecom, healthcare, energy, financial Country -CyberWarfare - Sabotage -Criminal -Terrorism - National symbol Global -Criminal -Terrorism
  • 6. Stolen Credit cards Botnets Exploits Spam Phishing& IdentityTheft Scam Websites Compromised E-Merchants CreditCard Fraud Hacked Databases Identities Underground Currency Credit Cards
  • 7.  The threat is out there and more and more innocence users are getting on-board  More bandwidth (3G/4G)  More smarter devices  More users/subscribers  More innocence targets  More accessibility  More application (good & bad)
  • 8.  Criminal utilizes leading-edge technology/methodology, while many people still:  Using password as “password” or “12345”  Password length not less than 8, fine, then “12345678”   Have to mix alphabet with number, ok, “password123”   Leave theirWiFi router/AP no password  Leave their ADSL router configuration as default
  • 9.  Simple trick still work well  Win a Lotto  Celebs’ clip  Free ticket  FakeAntivirus  Malicious link  Bit.ly  Our_picture.zip
  • 10.  (National) Cybersecurity Day  Security awareness medias and contents in local language  (National) Cybersecurity Awareness Program
  • 11.  Keep the bad guy out (from outside)  What if the bad guy is inside?  Strong external security perimeter but weak internal control
  • 12. From the response of over 10,000 executives around the globe  Organizations have more visibility on their environment as the number of “Don’t know” decreases
  • 13.  The attacks aim more on the data  Network and system exploitations seem steady From the response of over 10,000 executives around the globe
  • 14.  CEO’s or CFO’s may consider allocating budget not only for maintaining current security level but to advance security capability of the whole organization From the response of over 10,000 executives around the globe
  • 15.  Board of directors need to hear from CISO  CISO and CIO has some contradict aspect of function (check and balance) From the response of over 10,000 executives around the globe
  • 16.  Use custom software to infiltrate computers  Steal information  Steal credential  Steal intellectual property  Key logger  BotNet  Virus/worm  Rootkit
  • 17.
  • 18. DEVICES  Network  Computer  Mobile phone  Home automation  IP camera  Access door  Building Automation System (BAS)  Medical device  Implantable device  Power grid, power substation  SCADA/DCS/Industrial Automation  Super car (Porsche 911)  Many many others COMMONATTACK SURFACE  Network (protocol)  Operating system  Application  Implementation
  • 19. 19
  • 21. 21
  • 22. 22
  • 23. 1. Attack to unpatched/outdated OS/service/software/application 2. Operator screen taken over 3. Attack to database or file server 4. Password brute force 5. Malware propagation 6. Eavesdrop (sniff) information from the network 7. Incomplete implementation ofTCP/IP 8. Denial of Service (DOS) 9. Embedded web interface in the device 10. Default authentication password or no password at all 23
  • 24. 1) More focus on Data Correlation 2)Threat intelligence analysis will become more important 3) Endpoint security becomes more important 4) Focusing in on proactive forensics instead of being reactive 5) Moving beyond signature detection 6) Users will continue to be the target of attack 7) Shifting from focusing on data encryption to key management 8) Cloud computing will continue regardless of the security concerns 9) New Internet protocols with increase exposure 10) Integrated/embedded security devices
  • 25.
  • 26.
  • 27.  M&A in IT Security Industry  More targeted custom malware attacks  More on the “white-list” approach rather than “black- list”  More on hardware (design) security  Memory (RAM) attack (decrypted data, password, pin and etc.)  As a result from PCI, HIPAA,GLBA that asked for encrypting sensitive data at rest and in transit  Monitoring and AnalysisCapability will increase  Wireless in more other purposes  MoreCloud Computing Issues  Digital investigator job will be highly demanded
  • 28.  Emerging of legislation compliance requirement  Royal Decree (ETA.C25) (announced inSep. 2010 and will be enforced after 180 days)  ISO27001  Critical Infrastructure Sectors  BusinessContinuity  BS 25999  Increase of infosec workforce in government, public sector and private sector  Raise awareness and inspiration in infosec career in academic institutes  Increase user awareness of Thailand citizen