Copyright © 2018 CyberSecurity Malaysia
DATA BREACH INCIDENTS ARE DEVASTATING
WAN ZULHAMLI WAN ABDUL RAHMANKETUA JABATAN KAJIAN STRATEGIK DAN NASIHAT,
CYBERSECURITY MALAYSIA
11 OCTOBER 2018
2
OUR CYBER WORLD TODAY
3
4.17B i l l i o nDigital citizens
worldwideby 2020
( e M a r k e t e r , 2 0 1 6 )
55%
Digital citizensin Asia
Source: Internet World Stats
(As of June 2018)
4 ,021,000,000
Source: We Are Social (A global agency that collects data from Google, Ericsson, Akamai, GlobalWebIndex & Stat counter)
Digital citizens worldwide( A s o f A p r i l 2 0 1 7 )
25,080,000Digital citizens
(As of January 2018)
Source: We Are Social , Hootsuite
in Malaysia
HIGHLY CONNECTEDT h e W o r l d To d a y i s
2,062,136,472
EXPANSION OF NEW TECHNOLOGIES INTO CYBERSPACE- More Exposure to Growing Cyber Risks In Digital Environment
5
WE ARE MOVING INTO A MORE INTERCONNECTED CYBERSPACE
TOP 5 RISKS LIKELIHOOD IN 2018
7
GLOBAL CYBER SECURITY LANDSCAPE
RISK OF ECONOMIC LOSS DUE TO CYBERCRIMES
9
RISING TREND OF CYBER ATTACKS ON CRITICAL SYSTEMS
RISING TREND ON CYBERCRIMES - REPLACING TRADITIONAL CRIMES
• Total financial losses could be as a high as $1 billion
• Spyware let the group learn how money was processed, sent and received – the spyware gave attackers the ability to gain remote control of the bank's computer.
12
RISING TREND OF DARKNET PLATFORM TO BUY AND SELL STOLEN DATA
- CHEAPER, EASIER & LESS RISK FOR THE CYBER CRIMINALS TO CONDUCT CRIME
13
RISING TREND ON ATTACK SOPHISTICATION- Cyber Attack Uses Structured Process
Source : http://amosval.com
GLOBALDATA BREACH SCENARIO
DATA BREACH IS A GLOBAL PROBLEM
Underpinning Data Breach Issue- Is Cyber Espionage
RISING TREND OF DATA BREACHES
https://breachlevelindex.com/
https://breachlevelindex.com/
TRENDS OF CYBER THREATS IN MALAYSIA
19
20
MALAYSIA IS DRIVEN BY DIGITAL TECHNOLOGY- Bringing Along New Technologies That Come With New Security Issues
FinTech - technologies that are disrupting traditional financial services i.e. mobile payments, money transfers, loans“….investment in Fintech around the world has increased dramatically from $930 million in 2008 to more than $12 billion by early 2015” - Accenture Source: https://www.forbes.com/sites/bernardmarr/2017/02/10/a-complete-
beginners-guide-to-fintech-in-2017/#2f6414393340.
MALAYSIANS ARE STILL VULNERABLE TO CYBER FRAUDS
3358
NEW TARGET OF CYBER CRIMINALS -DATA MEANS MONEY
KNOWN MALAYSIA DATA BREACH IN NUMBERS
46.2 Million
Malaysia Telco
10.5 Million
Ministry of Education
220,000
Malaysian organ donors and their next-of-kin
110,000
Astro
81,309
Malaysia Medical Association and Malaysia Dental Association
3.88 Million
Jobstreet
JOBSTREET DATA BREACH
MALAYSIA MEDICAL ASSOCIATION DATA BREACH
TELCO DATA BREACH
SAMPLE OF THE SELLING THREAD
• Diversion of employees from strategic initiatives to work on damage control
• Cybersecurity improvement
• Operational Disruption
• Diversion of employees from strategic initiatives to work on damage control
• Post-Breach customer protection
• Detection and escalation• Notification• Lost business / contract• Response costs• Competitive
disadvantage• Insurance premium cost
• Sensitive media scrutiny
• Public Relation• Loss of intellectual
Property / Asset
Brand Financial
OperationalRegulatory
28
INSECURITY CAUSES DEVASTATING IMPACTS - Cyber Risks and Impacts of Data Breach
Approach
Data loss prevention should not be an afterthought.
Data breaches can result in:
Loss or compromise of Personally Identifiable Information (PII)records;
Theft of classified information, valuable intellectual property andtrade secrets(financial impact); and
Compromise of critical information infrastructure that canthreaten national security and societal well-being.
Pro-active and comprehensive approach is necessary for:
Early detection and prevention of cyber incidents; Stringent Access Control Policy Data classification Mitigation of the risks of cyber incident. Incident Management including Breach Notification
30
Key Take Away ;
PROPOSED WAY FORWARD
31
Adopting innovative measures to address evolving cyberthreats;
o Assess your internal risk culture - reveal how well an
organization and its leaders support a cyber risk culture
o Prioritise targeted training - to tailor ongoing training
initiatives to different employee groups.
o Rethink your skills strategies - assess skills gaps at regular
intervals and determine how to best fill those gaps
Copyright © 2017 CyberSecurity Malaysia
Recommended