cyber security landscape and systems resiliency – challenges & priorities - tony chew
TRANSCRIPT
Tony Chew
Managing Director
Regional Head of Information Security, Asia Pacific
Global Head of Cyber Security Regulatory Strategy
Cyber security threat landscape and systems resiliency
Challenges and priorities for 2015
Kuala Lumpur, Malaysia17 March 2015
LESSONS LEARNT FROM HACKING AND DATA LEAKAGE INCIDENTS
1. STRENGTHEN ACCESS CONTROLS AND TIGHTEN ACCESS ENTITLEMENTS> IMPLEMENT TWO FACTOR AUTHENTICATION FOR ALL ACCESS TO CRITICAL SYSTEMS <
4. BLOCK DATA EXFILTRATION BY MALWARE> INTERCEPT MALWARE COMMUNICATION WITH C2 <
2. KEEP SYSTEM PATCHING UP TO DATE
3. ENHANCE DETECTION OF MALWARE ATTACKS AND INFILTRATIONS
5. VERIFY VENDOR CONTROLS FOR CUSTOMER DATA PROTECTION
CYBER SECURITY COUNTERMEASURES
1. What is defense-in-depth?
2. How does it work?
3. What are the technologies, tools and processes?
BOTNET
ZERO DAY
APT
MITM
CYBER SECURITY LANDSCAPE
PHISHING
THIRD PARTY (OUTSOURCING)
Cyber Attack Scenarios
CYBER SECURITY COUNTERMEASURES
1. DEFENSE-IN-DEPTH / SECURITY OPERATIONS CENTRE
2. PREVENTION, PRE-EMPTION, DETECTION, RESPONSE
3. INTELLIGENCE SHARING, CYBER WAR GAMES
AVAILABILITY TIERS - THE NINES
1. 99% >>>>> 3.6 DAYS
2. 99.9% >>>>> 8.8 HOURS
3. 99.95% >>>>> 4.4 HOURS
4. 99.99% >>>>> 53 MINUTES
5. 99.999% >>>>> 5.3 MINUTES
DESIGNING AND ARCHITECTING RESILIENCE
1. RESILIENT OPERATIONS, PROCESSES AND SYSTEMS
2. PROTECTION OF FACILITIES, SYSTEMS AND DATA
3. BUILT TO SURVIVE FAILURE AND ATTACK
4. ABILITY TO FAIL-OVER WITH RAPID RECOVERABILITY