Professional Documents
Culture Documents
Because Of :-
Anonymity
No Geographical Boundary
Computer’s Huge Storage Capacity
Weakness in Operating System
Lack of Cyber Security Awareness of End-Users
Perception Gap of Management in respect of Cyber
Risk in Business
5
Some Common Motives behind the Cyber Crime
1) Greed
2) Power
3) Publicity
4) Revenge / Vengeance
5) Adventure
6) Desire to access forbidden/Corporate information
7) Destructive mindset / Sabotage
8) Business Competitiveness & Company Reputation
9) Wants to sell new security services/solutions
(Blackmailing by Vendors)
10) Governmental/Political Conflict (Global Conflict/War)
6
Profile of Cyber Criminals
(For both Internal and External Cyber Threats /
Threat Creators)
7
Types of Hackers
Source: https://www.jigsawacademy.com/blogs/cyber-security/different-types-of-
hackers/
8
How North Korean hackers became the world’s greatest
bank robbers and they are preparing for cyber warfare
11
https://gramener.com/playground/blog/
5752 Cyber Criminals Arrested in India
12
https://gramener.com/playground/blog/
There are different types of security attacks which affect the
communication process in the network and they are as
follows:
attack on availability
Information Information
Source Destination (b) Interruption
(c) Interception
attack on confidentiality
(d) Modification
attack on integrity
(e) Fabrication
attack on authenticity 13
List of Cyber Crime
(This is not exhaustive list of cyber crime)
18
DBBL ATMs hacked by Ukrainian nationals: A total
of Tk 3 Lakh went missing (Fraud Case)
(Fraud Case)
Three ATM booths of Pubali Bank Limited in Chattogram and
Cumilla were tempered by fraudsters and Tk 9.60 lakh have
been stolen in two days of November 17 and 18, 2019.
(Source: The Daily Newspaper of BD, published on November 19 and 20, 2019)
(Fraud Case)
More than 45,000 attacks recorded in countries including the UK, Russia, India
and China may have originated with theft of ‘cyber weapons’ from the NSA
A ransomware cyber-attack that may have originated from the theft of “cyber
weapons” linked to the US government has hobbled hospitals in England and
spread to countries across the world.
Security researchers with Kaspersky Lab have recorded more than 45,000
attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy,
and Egypt. In Spain, major companies including telecommunications firm
Telefónica were infected.
By Friday evening, the ransomware had spread to the United States and South
America, though Europe and Russia remained the hardest hit, according to
security researchers Malware Hunter Team. The Russian interior ministry says
about 1,000 computers have been affected.
List of Top 20 Countries with the highest rate of
Cybercrime
(source: BusinessWeek/Symantec, June 2016)
Frauds in BD Banks (2013)
Banking Ap-
plication
Mobile Banking Software
25% 3% SWIFT and
Others
2%
1) Business
1) Healthcare 1) Healthcare 2) Healthcare/Medical
2) Manufacturing 2) Technology and Telecoms 3) Banking/Credit/Financial
3) Financial Services 3) Finance Services Industry 4) Government/Military
4) Government 4) Energy Industry 5) Education
5) Transportation 5) Construction Industry 6) Energy/Utilities
https://www.forbes.com/sites/stevemor https://www.securit.biz/en/blog/key- https://www.redteamsecure.com
gan/2016 industries-most-vulnerable-to-cyber-attacks
(IBM Research Report)
Threat List: $1.1M is Lost to Cybercrime Every
Minute of Every Day
Source: https://threatpost.com/threatlist-1-1m-is-lost-to-
cybercrime-every-minute-of-every-day/136871/
Cybercrime Damage and Cybersecurity Spending
https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
Cybercrime Damage and Cybersecurity Spending
In 2004, the global cybersecurity market was worth $3.5 billion — and
in 2017 it was worth more than $120 billion.
The cybersecurity market grew by roughly 35X during that 13-year
period — prior to the latest market sizing by Cybersecurity Ventures.
Global spending on cybersecurity products and services for defending
against cybercrime is projected to exceed $1 trillion cumulatively over
the five-year period from 2017 to 2021 (Cybersecurity Ventures
predicts).
“Most cybersecurity budgets at U.S. organizations are increasing
linearly or flat, but the cyberattacks are growing exponentially,” says
CSC’s Montgomery.
This simple observation should be a wake-up call for C-suite
executives.
https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
Big banks invest huge sums
in cyber security
The U.S. federal government, big banks, and big businesses are spending
big bucks in a war against hackers and cyber criminals.
HSBC Budgets $1 Billion for Cyber Security Improvements.
JP Morgan Chase Doubles Cybersecurity Spending. In 2014, the
company spent $250 million on cybersecurity; it plans to spend no less
than $500 million by the close of 2015.
Bank of America Corp. CEO Brian Moynihan said the nation’s second
largest lender would spend $400 million on cybersecurity in 2015. The
cybersecurity team/unit has blank check and can spend as much as needed
to protect the firm and its customers from cyber attack.
33
Top Cyber Threats and Top Five Tools
Ransomware
Cryptojacking
Internet of Things (IoT) device threats (IoT botnet
DDoS attacks)
Data breaches
Mobile malware
Phishing attacks
Software update supply chain attacks
Advanced Persistent Threat (APT)
Cyber Security 2019:
Top Five Threats, Top Five Tools
Top Five Tools
The cybersecurity industry is actively trying to combat cyberthreats, which leads to the
development of many emerging cybersecurity technologies.
1)Deep Learning: DL, a subset of AI, is widely used for a variety of fields including
cybersecurity. Many security tools, such as Security, Orchestration, Automation, and
Response (SOAR) make use of DL to enhance their capabilities. Deep learning can help
cybersecurity teams identify and deal with many advanced threats such as APT attacks.
2)Advanced Authentication: With all the advances in cybercrime techniques and
technologies, the most common way to execute cyber attacks is by leveraging insecure
usernames and passwords. Nowadays, many companies are finding more secure ways
for users to log-in without requiring to type in passwords. For example, Google started
to use fingerprint authentication for their accounts. Intel has also found another way,
using hardware authentication, to test several hardware factors, which they bake directly
into computer hardware to validate user identities.
Cyber Security 2019:
Top Five Threats, Top Five Tools
38
Information Security Measures/Management
Confidentiality
Integrity
Availability
Authenticity
Accountability
Non-repudiation
High availability system
CIA Triad of Info Security
40
[https://en.wikipedia.org/wiki/Information_security]
A number of extensions to the CIA Triad Model
41
[http://geraintw.blogspot.com/2012/09/cia-infosec.html]
The Information Assurance model is a tool that is
dedicated to defend three key elements which are People,
Process and Technology.
42
[https://cybersecnugget.wordpress.com/author/yannial2/]
Logical vs. Physical Security in E-Banking
What
Project Steering Project Steering Project Steering Who
Committee Committee Committee
When Operational
Where
How
Members:
Head – Integrated Risk Management (/ CRO) – Convener
Chief Information Officer (CIO)
Head - Audit
Head - Compliance
Head - Human Resource
Head - Business Operations
Head - Administration
Head - IT Assurance
Chief Information Security Officer (CISO)
Head - Physical Security
An Organization Structure for Effective ITG
Board
MD
Head Head - Business IT Head - IT Head - IT Head - IT Head - IT Head - IT CISO IS Auditors
Technology Development O perations Services Mngt Assurance Supplier &
Resource Mngt
Proposed Global ICT related Standards/Framework
for different Working/Functional Areas of Banks/FIs
Areas Standards
Strategic IT Alignment COBIT
IT Governance COBIT, ISO 38500
Architecture & Information
ISO 20022, TOGAF
Management
CMMI, ISO 15504, PRINCE 2, PMBOK,
Service Delivery
ITIL
ITIL, ISO 20000, OHSAS 18001, ISO
Service Management
22304
ISO 27001, PCI DSS, NIST, SOX, ISF
Information Security
SOGP
Workshop & Resource
SFIA
Management
VAL IT, Risk IT, ISO 31000, IEC 31010,
IT Risk Assessment/ Management
COSO-ERM
BB Policy Guidelines Related to
E-Banking (Regulatory
Compliance)
Why Information/Cyber Security Awareness is
Important?
Internal threats is a big challenge !
It's widely known that internal staff are the biggest threat to IT
security.
Research conducted by the US CERT estimates that almost 40
percent of IT security breaches are perpetrated by people inside
the company. [http://www.zdnet.com/article]
Many organizations focus primarily on protecting themselves
against hackers and other external threats.
A recent Forrester report (2016) found that most data security
breaches happen because of employees, i.e. most data security
threats are internal. [http://blog.trendmicro.com]
Nearly 90% of IT professionals believe the ‘insider threat’ is not a
technology issue. The vast majority (86%) of IT professionals
consider insider threats to be a purely cultural issue, and are not
aware that technology can help them address internal security
issues. [https://www.isdecisions.com/blog/]
Why Information/Cyber Security
Awareness is Important?
“The threat is advancing quicker than we can keep up with it. The threat changes
faster than our idea of the risk. It is no longer possible to write a large white paper
about the risk to a particular system. You would be rewriting the white paper
constantly…”
59
THANKS ALL
Q&A