The Digitisation of Banking: Threats and Opportunities …aitri.org/2017aitri/docs/Session7.pdf ·...

transcript

The Digitisationof Banking:Threats andOpportunities

Tony Jarvis

Chief Strategist, Threat Prevention

History of Online Banking

First Internet service using

television

1983 1994

First online banking website

Eight US banks have at least 1 million

users each

PayPal reinvents online payments

iPhone redefines smartphones

forever

400 million people are banking online

Facebook targets financial services

FinTech

Threat or opportunity?

Usage and growth

Obstacles

Blockchain

Infinite possibilities

Attacks have already begun

Adoption in the planning phase

Challenges

ATM Attacks

• Attacks making headlines

• ATM fraud on the rise

• Chip-enabled machines should help

• Credit cards leading debit cards

Chip Surge

Percentage of MasterCard-branded cards with security chip

Threats have evolved from

phishing, to spear-phishing, to whaling

AFGlobal Corporation tricked out of

$480,000, attackers tried for an

additional $18 million

Costs $2.3 billion, 17,642 victims

Whaling – A Growing Threat

Dridex

Began as a Banking Trojan

Developed it’s own Botnet

Also used for Locky

Dridex creators behind Locky?

Flash Banker

EXISTING THREATS AND NEW ENTRANTS

MALWARE RANSOMWARE

Cryptowall

Nemucod

Cerber

Top Ransomware Families – End Q4 2016

[Restricted] ONLY for designated groups and individuals

Locky is a ransomware Trojan that targets the Windows platform. This malware sends out system information to a remote server and receives an encryption key to encrypt files on the infected system. The malware demands that the payment to be made in the form of Bitcoins digital currency.

Why Ransomware?

Easier

• Social engineering

• Exploit kits

• Broad audience

Profit

• Faster payment

• Bitcoin benefits

Obstacles

• Simple attacks

• Onus on victim

WHAT ARE THE IMPLICATIONS?

Budgets on the Rise

Getting customers on board with good

cyber security hygiene

Defining an acceptable level of risk

Attracting and retaining the right talent

The more I build, the more holes I discover

Lack of understanding

among stakeholders

Threats from malicious insiders

Time spent remediating things

not done properly in the past

“Blame the victim”

mentality

Lack of consensus from regulators

Cost over Time:

Act OnRecon Weapon Deliver Exploit Install C&C

T I M E

h Direct loss: $162,000,000

Estimated indirect loss: >$1 Billion

Weeks After Infection

POS Infection

Contractor Infection

Initial Target Infection

The financial impact GROWS dramatically with TIME

From advisory to:

Projects Product development Thought leadership

Supply & Demand

ScopeFrom individual function to enterprise-wide role

Evolution of Role

High demand, short supply

Compliance

Opportunities and Threats

Payments IOT DDoS Whaling

Big data and analytics

Actionable Intelligence

Innovation

Field trips, labs, fusion centres

Training

War-gaming, red-teaming

Where to Invest?

Opportunities Are Everywhere

AUSTRALIA

2016 Cyber Security Strategy

2016 National Innovation and Science Agenda

2016 FinTech Committee

2014 The Entrepreneurs’ Programme

SINGAPORE

2016 MAS working with Polytechnics

2016 SMART Nation Platform

2015 The FinTech and Innovation Group (FIG)

2015 Financial Sector Technology and Innovation

HONG KONG

2015 FinTech Steering Group

2015 Injection into Innovation and Technology Fund

2014 FinTech HK

2013 The Bitcoin Association Hong Kong

SRI LANKAPHILIPPINES

Bangladesh Central Bank

It Takes More Than Technology

People

Processes

Technology

Identify the target and exploitable weaknesses

Create/select attack vector

Deliver the malicious payload to the victim

Gain execution privileges

Install the malware on infected host

Establish a channel of communication

T h e C y b e r K i l l C h a i n

Data collection or corruption, Lateral movement and exfiltration

Reconnaissance Weaponization Delivery Exploitation InstallationCommand &

ControlAct on

Objectives

IS IT POSSIBLE?

PREVENTION

[Protected] Non-confidential content

WHATABOUT

INCIDENT RESPONSE?

[Protected] Non-confidential content

WHAT ABOUT…

OFFENSIVE SECURITY?

Have a Plan

“Malcolm Turnbull launches $230m cyber security strategy”

– Australia, 21st April 2016

“Public servants’ computers to have no Net access”

– Singapore, 8th June 2016

“CyberSecurity Malaysia to continue emergency response role in Asia Pacific” – Malaysia, 31st October 2016

Others Have Responded

Three annexes

• Baseline requirements

• Running a SOC

• Reporting incidents

Key takeaways• Involve the board

• Risk management approach

• Emphasises prevention

G7 sets forth guidelines

Encourages• Risk management framework

• Assess and update defences

Goals• Common approach, language

• Disclosure and sharing

DLPThreat Intelligence

Firewall Anti-Virus Anti-Bot Anti-Bot IPS

Firewall

Document Security

Anti-Spam

URL Filtering

Threat Emulation

Threat Extraction

Mobile Threat Prevention

Threat Emulation

Endpoint Security

Forensics

Mobile Threat Prevention

Document Security

Firewall

Multi-Layered Security

Pre-Compromise Compromise Post-Compromise

ReconnaissanceWeaponizati

onDelivery Exploitation Installation

Command & Control

Act on Objectives

BETTER SECURITY, TOGETHER

You Have the Advantage

AND REAP THE BENEFITS

USE IT

Recommendations for theROAD AHEAD

Solutions to proactively address

adversaries

Real-time monitoring

systems

ESTABLISH

Processes toaddress technology

challenges

AUTOMATE

Awareness andencourageeducation

CREATE

Security a boardroom

agenda

Let’s stay in touch

THANK YOUPlease contact me directly with

any questions or comments

tjarvis@checkpoint.com

+65 9724 6221

The Digitisation of Banking: Threats and Opportunities …aitri.org/2017aitri/docs/Session7.pdf ·...

Documents