Protect the Unexpected
Download as PPTX, PDF3 likes688 views
Cybersecurity threats are increasing in complexity and frequency. High profile cyber attacks have compromised sensitive personal and government information. Common cyber attack methods include remote access trojans, malware, ransomware, distributed denial-of-service attacks, and hacktivism. Emerging risks come from the Internet of Things, rogue insiders, outdated software, and big data breaches. While tougher cybersecurity laws aim to increase information sharing and government power, they may compromise privacy and restrict internet freedom. Striking the right balance between privacy and security remains an important issue, especially in Hong Kong.
Protect the Unexpected
- 1. Protect the Unexpected – A policy prospective Charles Mok Legislative Councillor (Information Technology) #CLOUDSEC
- 2. 2 Big data is everywhere ICT runs financial system IoT creates new loopholes Threat environment more complex with innovations
- 3. 3 Cyber security incidents more frequent Hong Kong 3443security incidents reported in 2014 116%increase from 2013 Source: Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
- 4. 4 High profile cyber attacks threatens governments, enterprises and consumers
- 5. 5 High profile cases - Germany steel mill hacked (spear-phishing attack, causing destruction of equipment) - U.S. Office of Personnel Management breach (sensitive personal info of 21.5m people compromised, inside and outside of govt) - French TV network TV5monde disabled by hackers from Islamist group (took over broadcast, email, social media) - Germany parliament Bundestag hacked (sensitive materials stolen from 15 computers)
- 6. 6 Credit card details of 100 million customers stolen, US$148 million breach-related costs more than 47,000 US Social Security number (celebrities, freelancers, and current and former Sony employees) stolen Names, credit card info and other private details of 37 million users stolen
- 7. 7 5 common weapons of cyber attacks
- 8. 8 1. Remote Access Trojan (RAT) perform unauthorized operations and hide their presence key logging, screen and camera capture, file access, code execution, registry management, password sniffing
- 9. 9 2. Malware and spear phishing Estimated in 90% of cyber attacks (Trend Micro) malicious links/attachments Information gathering: to be used later in further scams/attacks to victim Spreading malware to target computers
- 10. 10 3. Cyrptolocker ransomware Encrypts victim’s computer system with key Requires victim to pay ransom by bitcoin within given time
- 11. 11 4. Distributed Denial-of-Service Attacks temporarily interrupting or suspending the services of web servers
- 12. 12 5. Hacktivism & Cybergraffiti web defacement, social media hijacking to grab headline, spread a cause or bring embarrassment to victim Recent cases: Taiwan govt and Hong Kong political party
- 13. 13 Sources of threats and emerging risks… Internet of things & embedded devices Rogue insiders Legacy softwares Big data breaches Outdated software and OS-based attacks Mobile devices Attacks on Cloud storage providers
- 14. 14 Unexpected source… Law enforcement using spyware to hack the public?
- 15. <insert speaker organization logo> 15www.cloudsec.com | #CLOUDSEC MITIGATION: Risk Management Or Law Enforcement?
- 16. 16 Security Privacy Big tussle in the post-Snowden era: Are tougher cybersecurity laws the solution or the source of more problems?
- 17. 17 Trends in cyber-security legislations Requires sharing of cyber threat information among private and public entities = permission more data collection from users?
- 18. 18 • More govt power to obtain records • Right to restrict internet access • Impose responsibilities on ISPs • Require real names log-in • Security requirements for "critical industries" • Data localisation • Network equipment to be ‘reviewed’ before sales • Block illegal information from overseas Some countries go further on cybersecurity… with chilling implications
- 19. 19 Hong Kong: how to respect users’ privacy and freedom while fighting cyber threats remains important issue
- 20. 20 Protect consumers More clarity to industry Hold government accountable Sharing best practices Partnership and coordination on breach notification and response Privacy and security both matter: How to strike the right balance?
- 21. #CLOUDSEC Charles Mok Legislative Councillor (Information Technology) charlesmok@charlesmok.hk Follow me on: Facebook: Charles Mok 莫乃光 Twitter: @charlesmok
Editor's Notes
- #2: Today we are seeing more efforts by cybercriminals in targeting businesses in order to gain financially by attacking individuals and corporate data for profit. From targeted phishing attacks to stealing banking information, businesses both small and large are increasingly being targeted by these criminals due to the higher profits obtained in these activities. Charles will divulge the latest attacks and tools used by cybercriminals and how the legislations can protect the users.
- #4: Threat environment Cyber attack and crime on the rise, Consumers and enterprises vulnerable Incidents reported to HKCERT and police figures of tech crime rising in HK grown in intensity and frequency - Big impact to financial hub like HK (stock exchange, banks and finance companies)
- #7: 2013 Target customers credit card of 100M customers stolen, spending $148M on breach related costs 2014 Sony motion picture data hacked, revealing the US Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees 2015 dating site Ashley Madison hacked, leaking names, credit card info and other private details of 37m users
- #8: Cyber intrusions internet of things and electronic health records
- #9: Remote access tools
- #10: Spear phishing
- #11: Malware Ransomware
- #12: DDoS
- #13: Hacktivism Cyber graffiti
- #16: Mitigation: risk management or law enforcement?
- #17: Global trend: laws to tackle cyber threats? Tussle between security and privacy Edward Snowden revelations about NSA surveillance Germany, Netherland, EU General Data Protection Regulation Russia’s tough new cybersecurity law (web companies to set up data centers in the country so that any personal data obtained in Russia on its citizens stays in Russia.) US trying to pass through Senate China has issued draft cybersecurity law
- #18: Germany, Netherland, EU General Data Protection Regulation Russia’s tough new cybersecurity law (web companies to set up data centers in the country so that any personal data obtained in Russia on its citizens stays in Russia.) US trying to pass through Senate China has issued draft cybersecurity law USA: towards facilitate greater sharing of cyber threat information among appropriate private and government entities improve our mutual efforts to better detect and respond to emerging cyber threats?? Cybersecurity Information Sharing Act (Cisa) grants broad latitude to tech companies, data brokers and anyone with a web-based data collection to mine user information and then share it with “appropriate Federal entities”, which themselves then have permission to share it throughout the government.
- #20: HK context: s161 1. Society call for tougher cyber laws need for digital security overtaken privacy as a leading priority for legislators? Should we follow other countries? give govt more power to collect data and control ISPs? Need to be careful… 2. s33 internet control and censorship
- #21: Striking the right balance between the two will require partnership, coordination, and the sharing of best practices between policymakers, businesses, and citizens protect consumers, provide clarity to industry, and require the government to hold itself accountable