What has been the cost to the Malaysian financial sector of cyber crime? Could you detail the type of incidents and any interesting correlations?
The cumulative cost of security incidents, privacy breaches and business disruption in Malaysia is estimated to have surpassed the RM3 billion [US$0.95 billion] mark over the last five years. Numerous banks in the region have issued security alerts regarding persistent malware such as newer Zeus variants, and Spyeye. A number of cyber crime attacks on financial institutions in the region have been attributed to Trojans.
In addition, we are beginning to see fake mobile banking applications that can bypass certain application store security checks and are listed for free download. These applications can attempt to compromise banking information stored on the device in order to commit bank/credit card fraud.
Attackers go to great lengths to remain undetected, using technologies and methods that result in nearly imperceptible indicators of compromise. They have the resources, expertise and persistence to compromise any organisation, at any time; attackers fundamentally understand the nature of classic security technologies and their applications and exploit the gaps between them.
They relentlessly drive their attacks home, frequently using tools that have been developed specifically to circumvent the target's chosen security infrastructure. Once they penetrate the network they go to great lengths to remain undetected, using technologies and methods that result in nearly imperceptible indicators of compromise to accomplish their mission.
This has severe implications for banks and all other institutions, which now require much stronger security measures to prevent and ward off attacks. As financial institutions continue to turn to technology to enable more efficient and convenient services for customers, what is increasingly apparent is that we now need to look at security in a different way. To effectively defend against these attacks, IT security professionals need to adopt a new approach and start thinking like attackers.
How are security and other information and communications technology (ICT) vendors cooperating with enforcement and government agencies to tackle the breaches at different level? Could you also detail what technical solutions can address these threats?
Security and ICT vendors frequently collaborate with law enforcement agencies to ensure they are equipped with the right operational tools and security intelligence to address key issues and curb cyber crime. We believe this collaboration can help to detect threats and solve cybercrimes targeted at the private and public sectors.
Many banking organisations today count the number of attacks they face in the tens of thousands every week or month. Given this landscape, and the seeming inevitability of getting hit, what is important today is how quickly you are aware you have a problem, then being able to measure how serious that problem is and how quickly you stop it from spreading around your organisation to limit the damage done.
Organisations can strengthen defences and protect against attacks by gaining the following three capabilities:
Visibility: Seek out technologies that not only provide visibility but also offer contextual awareness by correlating extensive amounts of data related to your specific environment to enable more informed security decisions.
Automation: You need to take advantage of technologies that combine contextual awareness with automation to optimise defences and resolve security events more quickly. Policy and rules updates, enforcement and tuning are just a few examples of processes that can be intelligently automated to deliver real-time protection in dynamic threat and IT environments.
Intelligence: Attackers are conducting extensive reconnaissance before launching attacks, security intelligence is critical to defeat attacks. Technologies that tap into the power of the cloud and big data analytics deliver the security intelligence you need, continuously tracking and storing information about unknown and suspicious files across a widespread community and applying big data analytics to identify, understand, and stop the latest threats. Not only can you apply this intelligence to retrospectively secure your environment, mitigating damage from threats that evade initial detection, but you can also update protections for more effective security.
In addition to technical solutions, what other processes need to be put into place?
Given today's landscape, and the seeming inevitability of getting hit, it is time to look at security in a different way. Increasingly, it is about looking at security from a defender's perspective, mapping an attack to a continuum consisting of three phases: before the attack, during an attack and after an attack.
We also recommend the following three courses of action:
Understand the current face of threats - It is critical to focus on the shifting nature of attacks themselves. Given the rise and severity of attacks around the worlds, organisations should be most concerned with the changing nature of threats and approaches attackers are adopting today.
Adopt a threat-centric approach to security - Attackers don't discriminate and will take advantage of any gap in protection to reach their end goal. Rather than rely on disparate 'silver bullet' technologies that don't and can't work together, organisations need solutions that address the extended network - protecting endpoints, mobile and virtual environments as well. They must share intelligence in a continuous fashion and they must span the full attack continuum-before, during and after an attack. Look for technologies that go beyond point-in-time detection and blocking to include a continuous capability, always watching and never forgetting, so you can mitigate damage once an attacker gets in.
Educate users and IT staff on the latest threats. Educating users so that they are wise to common attack techniques and putting policies in place to restrict user behaviour can go a long way toward preventing malicious attacks that rely on relatively simple methods.
Organisations must also be committed to keeping their staff highly trained on the current threat landscape. Ongoing professional development with a specific focus on being able to identify an incident, know how to classify it and how to contain and eliminate it will help keep security teams apprised of the latest techniques used by attackers to disguise threats, exfiltration of data and establish beachheads for future attacks.
While it's important to continue to bolster defences, increasing resiliency in the face of relentless attacks is also crucial. A comprehensive approach includes technologies, processes and people so that organisations can take the right action quickly when an attack happens.
Sign up for CIO Asia eNewsletters.