cybersecurity malaysia

Copyright © 2016 CyberSecurity Malaysia 1

Anwer Yusoff

Head, Industry & Business Development Department

CyberSecurity Malaysia

23rd September 2016

CYBER SECURITY RISK MANAGEMENT

&

PERSONAL DATA PROTECTION

Copyright © 2016 CyberSecurity Malaysia

Program Agenda

9:30 – 10:30 Session 1 - Cyber Security Fundamentals & Overview

10:30 – 11:00 Session 2 – Data Leakage Prevention • Mr Jimmy Liew, MD Evault Technologies Sdn Bhd (CCP-Technical)

11:00 – 11:15 Bio-Break

11:15 – 12:00 Session 3 – IT Security Demonstration

• Mr Clement Arul, CEO Kaapagam Technologies Sdn Bhd (CCP-Technical)

12:00 – 12:30 Session 4 – Introduction to Internet of Things • Mr Saurabh Sarawat, CEO Across Verticals Sdn Bhd (CCP-Technical)

12:30 – 1:00 Re-cap & Questions


Suspicion in Iran that Stuxnet caused Revolutionary Guards base explosions

debkafile's military and Iranian sources disclose three pieces of information coming out of

the early IRGC probe:

1. Maj. Gen. Moghaddam had gathered Iran's top missile experts around the Sejil 2 to

show them a new type of warhead which could also carry a nuclear payload. No

experiment was planned. The experts were shown the new device and asked for their

comments.

2. Moghaddam presented the new warhead through a computer simulation attached to

the missile. His presentation was watched on a big screen. The missile exploded upon an

order from the computer.

3. The warhead blew first; the solid fuel in its engines next, so explaining the two

consecutive bangs across Tehran and the early impression of two explosions, the first

more powerful than the second, occurring at the huge 52 sq. kilometer complex of

Alghadir.

DEBKAfile Exclusive Report November 18, 2011, 2:29 PM (GMT+02:00)

Is the Stuxnet computer malworm back on the warpath in Iran?

Exhaustive investigations into the deadly explosion last Saturday, Nov. 12 of the

Sejil-2 ballistic missile at the Revolutionary Guards (IRGC) Alghadir base point

increasingly to a technical fault originating in the computer system controlling the

missile and not the missile itself. The head of Iran's ballistic missile program Maj.

Gen. Hassan Moghaddam was among the 36 officers killed in the blast which

rocked Tehran 46 kilometers away.

(Tehran reported 17 deaths although 36 funerals took place.)

Iran's Sejil 2 ballistic missile.


Photograph: AP


Iran Nearly Finished Decoding U.S. Drone, Tehran Claims Published December 12, 2011 | Associated Press

Read more: http://www.foxnews.com/world/2011/12/12/iran-

nearly-finished-decoding-us-drone/#ixzz1rkIgb1le

http://www.foxnews.com/world/2011/12/12/iran-nearly-finished-decoding-us-drone/












7

Naval Air Station Cecil Field

Jacksonville, Florida

December 1982

Anwer Yusoff

1982; Freshie 18+

About me…Anwer Yusoff


About me… 1172 Anwer


Where it all started….

9


1

1


• Consumers are bombarded with media reports narrating dangers of the

online world

– Identity Theft

– Embezzlement and fraud

– Credit card

theft

– Corporate

Loss

• Just “fear

mongering”?

Busy media…..cyber headlines everyday


• Lock the doors and windows and you are secure

– NOT

• Call the police when you feel insecure

– Really?

• Computers are powerful, programmable machines

– Whoever programs them controls them (and not you)

• Networks are ubiquitous

– Carries genuine as well as malicious traffic

13

Cybersecurity…..what is that?

End result: Complete computer security is unattainable, it is a cat

and mouse game

Similar to crime vs. law enforcement


Cybersecurity is the collection of tools, policies, security concepts, security safeguards,

guidelines, risk management approaches, actions, training, best practices, assurance and

technologies that can be used to protect the cyber environment and organization and

user’s assets.

Organization and user’s assets include connected computing devices, personnel,

infrastructure, applications, services, telecommunications systems, and the totality of

transmitted and/or stored information in the cyber environment. Cybersecurity strives to

ensure the attainment and maintenance of the security properties of the organization and

user’s assets against relevant security risks in the cyber environment.

The general security objectives comprise the following:

Availability

Integrity, which may include authenticity and non-repudiation

Confidentiality

Definition of cybersecurity (referring to ITU-T X.1205 - Overview of cybersecurity)


Cybersecurity issues overview….

• Computer security

The protection of assets from unauthorized access, use, alteration, or

destruction

• Physical security

Includes tangible protection devices

• Logical security

Protection of assets using nonphysical means

• Threat

Any act or object that poses a danger to computer assets


Sources: Internet World Stats (30 June 2015)

MALAYSIA

MY - 30,513,848 population (2015) - Country Area: 329,758 sq km

Capital City: Kuala Lumpur - population 1,627,172 (2011)

20,596,847 Internet users as of June, 2015, 67.5% penetration, per ITU.

13,589,520 Facebook subscribers on Dec 31-2012

Internet use in

Malaysia


Top 15 countries with highest numbers of users attacked

between April 2013 and July 2014. Malaysia: 1.97% out of

3,408,112 malware attacks

Source: Mobile Cyber Threats. Kaspersky Lab & INTERPOL Joint Report, October 2014

ISSUES & CHALLENGES

- Malaysia Ranked 9th In Malware Attacks


Source: TREND MICRO – TrendLabs 2Q 2014 Security Roundup

ISSUES & CHALLENGES

- Online Banking Malware Attacks


CYBER SPACE

889,469

Reported Case of

Malware & Botnet

Drones Infection

9,915 Reported

Case on General

Incident

Classification

TREND OF MALAYSIA CYBER

SECURITY THREATS IN 2015

156,357 Reported Spam

Emails

CYBER HARASSMENT

FRAUD! Info: www.mycert.my


CYBER INCIDENTS REFERRED TO CYBERSECURITY MALAYSIA

5802

As of 31st Aug

2016

Copyright © 2016 CyberSecurity Malaysia 21 Source: The Nielsen Company (April 2011)

The highest usage was recorded among people

aged 20-24. almost 6 in 10 (57%) regularly

use the internet.

Malaysian internet users (aged 20-24) spend an average of 22.3 hours online per week

87.9% of Malaysians on the internet access Facebook

Once online, Malaysian’s Top 3 activities

1. social networking sites 2. instant messaging 3. reading local news

Internet use in

Malaysia


The cybercrime situation in

Malaysia

22

in 18,386 cases in 2012

lost to scams

HIGH LEVEL U S A G E = HIGH

RISK

Billion RM 1.6

Source: Federal commercial crime investigation department (CCID)


Which are more common

Our Honeynet project detected

millions of Malware in

2009, 2010, and 2011 during the height of

Conficker Worm

Outbreak.

23

We believe Malicious attacks are more

common in Malaysia

malicious attacks or accidental breaches?


Which are more common malicious attacks or accidental breaches?

We believe Malicious attacks are more

common in Malaysia

According to Sophos Security Threat Report 2013:

Malaysia is 6th

Riskiest country TER of 17.44%

(TER is measured as the percentage of PCs that experienced a malware attack, whether successful or failed, over a three-month period)

Norway with 1.81% TER

Indonesia with 23.54% TER

Threat Exposure Rate (TER)


The world is becoming more digitized and interconnected,

opening the door to emerging threats and leaks….

Organizations continue to move to new

platforms including cloud, virtualization,

mobile, social business and more

EVERYTHING

IS EVERYWHERE

With the advent of Enterprise 2.0 and social

business, the line between personal and

professional hours, devices and data has

disappeared

CONSUMERIZATION

OF IT

The age of Big Data – the explosion of digital

information – has arrived and is facilitated by

the pervasiveness of applications accessed

from everywhere

DATA

EXPLOSION

The speed and dexterity of attacks has

increased coupled with new actors with new

motivations from cyber crime to terrorism

to state-sponsored intrusions

ATTACK

SOPHISTICATION


The Cost of a Breach (and Other Cyber Events)

Direct Costs

• Discovery/Data forensics.

• Notification costs.

• Identity monitoring costs.

• Real-time crisis management

costs.

• Additional security measures,

remediation.

• Lawsuits.

• Regulatory fines.

Indirect Costs

• Loss of customer

confidence.

• Executive management

distraction from core

business objectives.

• Loss of employee

productivity.

• Lost sales.

• Higher customer acquisition

costs.

• Lower stock price.

• Loss to reputation/brand.

Similar Costs for other Cyber Events = Reputational Risk


Key Takeaways….

Issue of data breach businesses face is not if, but when

Businesses need to minimize exposure; create systems

to protect data; respond appropriately and use

insurance to cover response costs

Human beings are inventive; despite the best policies,

non-compliance and resulting breaches will occur

Your crisis management skills will serve you well when

paired with subject matter experts

The issue is not if….but when, how often and how bad will it be?

In Conclusion…

• What can I do? – Focus on data leakage protection - Apply the

appropriate data classifications to such information and secure it accordingly

– Understand not only your weaknesses, but also those of your partners’ - Your network is only as secure as your outsourced service provider - apply as stringent policies to their access as you would to your own employees.

– Pen-tests - Have a third party regularly assess your networks and systems using “real world” methods.

In Conclusion…

• What can I do? – Treat incident detection and response as a consistent

business process — not just something you do reactively. – Understand the threat landscape

• Advanced attackers are no longer relying solely on vulnerable web applications and phishing emails to gain access to targeted companies.

• They are targeting individuals, conducting reconnaissance, and are willing to lie in wait while a user acts to compromise themselves.

– Build intel into your operation - Ensure that security operations incorporate data from intelligence services to identify when domains are compromised

– Awareness is key – train employees (i.e. no USB sticks!!)


…..questions….kopi/bio break ?


What steps are taken by the

Malaysian Government to keep cyber threats under control ?

One of the most important

step was in creating :

National Cyber

Security Policy

(NCSP)

Establishing

CyberSecurity

Malaysia to

implement NCSP


Interdependencies The high degree of interdependency between our critical infrastructure sectors means failures in one sector can propagate into others.

ELECTRICITY

UTILITIES

SECTORS/

SERVICES

Threats to Critical National Information

Infrastructures (CNII)

35

Pervasive and sustained cyber

threats can pose a potentially devastating

impact


The National Cyber Security

Policy

36

Objectives:

Address The Risks To The Critical National Information Infrastructure

To Ensure That Critical Infrastructure Are Protected To A Level That Is

Commensurate With The Risks

To Develop And Establish A Comprehensive Program And A Series Of

Frameworks

The National Cyber Security Policy formulated by MOSTI

NCSP Adoption and Implementation

The policy recognises the critical and highly interdependent nature of the CNII and aims to develop and establish a comprehensive programme and a series of frameworks that will ensure the effectiveness of cyber security controls over vital assets


NC

SP T

HR

UST

CN

II S

ECTO

R

VISION Malaysia's Critical National Information Infrastructure shall be secure, resilient and self-reliant. Infused with a culture of

security, it will promote stability, social well being and wealth creation.

NATIONAL CYBER SECURITY POLICY

Def

ence

&

Sec

uri

ty

Tran

spo

rtat

ion

Ba

nki

ng

&

Fin

ance

Go

vern

men

t

Info

rmat

ion

&

Co

mm

un

icat

ion

s

Ene

rgy

Emer

gen

cy

Serv

ices

Wa

ter

Foo

d &

A

gric

ult

ure

He

alth

S

erv

ice

s

NSC | Effective Governance | Establishment of a national info security coordination centre, effective institutional arrangements & Public –Private Cooperation

T1 AGC| Legislation & Regulatory Framework | Reduction of cybercrime & increased success in the prosecution in cyber

crime T2 MOSTI | Cyber Security Technology Framework | Expansion of national certification scheme for InfoSec management & assurance T3

MOSTI | Culture Of Security & Capacity Building | Reduced no. of InfoSec incidents through improved awareness &

skill level T4

MOSTI | R & D Towards Self Reliance | Acceptance & utilization of locally developed info security products

T5 MICC | Compliance & Enforcement | Strengthen or include

infosec enforcement role in all CNII regulators

MICC | International Cooperation | International cooperation & branding on CNII protection with improved

awareness & skill level

T6 NSC | Cyber Security Emergency Readiness | CNII resilience against cyber crime, terrorism, info warfare

T7

T8 CNII | Assets (real & virtual), systems and functions that are vital to the nation that their incapacity or destruction would have a devastating impact on: National Defense & Security | National Economic Strength | National Image | Government capability to function | Public Health & Safety


Governance


• APPROVED BY THE GOVERNMENT ON 14 JAN 2013 • TO SUPPORT GOVERNMENT’S ASPIRATION IN INFORMATION SECURITY: TO CREATE TRUST IN

INTER-COMMUNICATION AND INTERACTION AMONG USERS IN NATION’S CYBER SPACE • TO ENSURE SECURITY IN E-COMMERCE ACTIVITIES AND TO SUPPORT NATIONAL DIGITAL

TRANSFORMATION AGENDA

Cyphertext

Encryption

KE : Decrypting Key

Plaintext Plaintext

KE : Encrypting Key

Decryption

NATIONAL CRYPTOGRAPHY POLICY

DASAR KRIPTOGRAFI NEGARA

Copyright © 2016 CyberSecurity Malaysia Majlis Keselamatan Negara 40

NATIONAL CRYPTOGRAPHY FRAMEWORK

BAHAGIAN 1: TAKRIFAN

BAHAGIAN 3: PENYATAAN

DASAR

BAHAGIAN 2: PENGENALAN

BAHAGIAN 4: OBJEKTIF DASAR

BAHAGIAN 5: SKOP DASAR

BAHAGIAN 6: RASIONAL DASAR

BAHAGIAN 7: PELAKSANAAN

DASAR

BAHAGIAN 8: PEMAKAIAN

DASAR

BAHAGIAN 9: PENUTUP


“Negara berpendirian bahawa bidang kriptografi adalah

penting bagi merealisasikan aspirasi Kerajaan dalam

aspek keselamatan maklumat elektronik negara.

Kecekapan dan kemandirian dalam bidang kriptografi

merupakan antara keperluan utama untuk mencapai

kemakmuran ekonomi, kesejahteraan rakyat dan

keselamatan negara”

POLICY STATEMENT


Melindungi aspek kerahsiaan, integriti, kesahihan dan ketidaksangkalan (non-repudiation) maklumat Kerajaan dan agensi/organisasi CNII;

Meningkatkan penggunaan Produk Kriptografi Terpercaya dalam kalangan agensi/organisasi CNII;

Mempertingkatkan kemandirian negara melalui pembangunan industri kriptografi tempatan; dan

Menggalakkan pembangunan kapasiti sumber manusia dalam bidang kriptografi.

POLICY OBJECTIVES


7 STRATEGIC APPROACHES

PELAKSANAAN DASAR

(POLICY IMPLEMENTATION)

Penyelidikan dan Pembangunan Kriptografi

(R&D)

Pembudayaan Penggunaan Kriptografi

(Acculturation)

Pembangunan Keupayaan Industri Kriptografi Tempatan

(Local Cryptography Industrial Capacity)

Pembangunan dan Pelaksana Panel Penilaian dan Pensijilan Produk Kriptografi Terpercaya

(Trusted Products)

Pemantapan Pengurusan Teknologi Kriptografi

(Management of Cryptography Technology)

Pemantapan Aspek

Perundangan dan Peraturan

(Legal and Regulatory

Aspects)

Pengwujudan Mekanisme Tadbir Urus

(Effective Governance) 1

2

4

5

6

7 3


Penggunaan Produk Kriptografi Terpercaya adalah mandatori dalam urusan

yang melibatkan Rahsia Rasmi;

Penggunaan Produk Kriptografi Terpercaya atau produk kriptografi yang diterima pakai oleh industri adalah digalakkan dalam urusan perkhidmatan awam yang melibatkan Maklumat Rasmi; dan

Penggunaan Produk Kriptografi Terpercaya atau produk kriptografi yang diterima pakai oleh industri adalah mandatori bagi urusan yang melibatkan Maklumat Rahsia agensi/organisasi CNII bukan Kerajaan.

POLICY APPLICATIONS


The ISMS standard has been mandated by Cabinet for CNII

organizations

On 24 February 2010, the Cabinet agreed that CNIIs

should implement and undergo certification for MC

ISO/IEC 27001:2007 Information Security Management

System (ISMS) within 3 years


GAMBARAN KESELURUHAN RANGKA KERJA KESELAMATAN SIBER

SEKTOR AWAM (2016 – 2020) CYBER SECURITY FRAMEWORK

(RAKKSSA 2016-2020)

Objektif RAKKSSA 2016-2020 adalah bagi memastikan keselamatan

penyampaian perkhidmatan Sektor Awam sekaligus meningkatkan tahap

keyakinan kepada(terhadap) pihak berkepentingan (agensi Kerajaan,

industri dan manusia awam). Rakan strategik yang membangunkan

RAKKSSA 2016-2020 adalah MAMPU, CGSO, CSM dan MIMOS.


LEGISLATIVE & REGULATORY FRAMEWORK Cyber Laws – Malaysia

Digital Signature Act 1997

Copyright Act

(Amendments) 1997

Computer Crime Act

1997

Personal Data Protection Act

2010

Evidence (Amendment)

(No. 2) Act 2012

TeleMedicine Act 1997

The Communications

and Multimedia Act 1998

The legal challenges in the borderless world will far outpace the existing legal models. Thus, on-going work to identify and recommend changes to

current laws needs to be carried out

Chapter VIA, Offences

Relating to Terrorism,

Penal Code

(Amendment) Act 2007 47


Malaysia is heading into the right direction

concerning cyber laws….

Existing Penal Code (Act 574) can serve as a general law on criminal

offenses in Malaysia -- Because most cybercrimes are traditional by

nature, instead ICT is used as a medium to commit criminal acts.

Other laws that, while not exactly amount to being a Cyber Law, are in

fact indirectly applicable to the cyberspace as well such as the;

a. Security Offences (Special Measures) Act,

b. Defamation Act,

c. Sedition Act,

d. Evidence Act 114A.


To minimise risks

1. ISMS Certification – to preserve confidentiality, integrity and availability of information assets

2. Malaysia Trustmark – for secure e-Business websites

3. ICT products evaluation and certification under the Common Criteria ISO/IEC 15408

BoD should encourage to comply with

International standards:


1. Rethink approach to IT security • Proactive approach to threats (rather than responsive) • IT security = business enabler, not infrastructure cost • Align IT security strategy to corporate risk management

objectives

2. Update security policies • Organisations need to handle new trends like BYOD, big

data, IoT and cloud

3. Adopt intelligent multi-layer defence • Application security is important in a Web-centric world

4. Maintain up-to-date systems (e.g. patches and regular

security audits)

5. Educate user and implement security best practices

To minimise risks BoD should encourage to comply with

International standards:


Jabatan Perlindungan Data Peribadi Malaysia (JPDP) merupakan agensi di bawah Kementerian Komunikasi dan Multimedia (KKMM) berperanan memastikan pematuhan Akta melalui peningkatan kesedaran/promosi, amalan-nasihat yang baik dan memberikan nasihat umum dan bimbingan serta menjalankan penguatkuasaanTanggungjawab utama mengawal selia pemprosesan data peribadi individu yang terlibat dalam urus niaga komersial oleh pengguna datamenguatkuasakan Akta untuk membanteras penyalahgunaan data peribadi.

Protection of Personal Data

Jabatan Perlindungan Data Peribadi

Malaysia (JPDP)



Jabatan Perlindungan Data Peribadi Malaysia (JPDP)

OBJEKTIF UMUM

Fokus utama JPDP adalah mengawal selia pemprosesan data peribadi seseorang

individu oleh pengguna data agar ia digunakan dengan cara yang penuh berintegriti,

selamat dan tidak disalahgunakan.

OBJEKTIF OPERASI JPDP

Secara spesifik, JPDP adalah bertanggungjawab memastikan semua pengguna data

peribadi dalam transaksi komersial mematuhi undang-undang perlindungan data

peribadi melalui pelaksanaan penguatkuasaan yang perlu bagi mengelakkan

penyalahgunaan data peribadi.




7 Prinsip Perlindungan Data Peribadi yang wajib dipatuhi di bawah s. 5(1) dalam Akta ini demi menjaga keutuhan data peribadi Pertama - Prinsip Am di mana seseorang pengguna tidak dibenarkan memproses data peribadi seseorang lain tanpa kebenarannya. Pengertian proses di sini harus dimengertikan sebagai mengendalikan data melalui cara atau kaedah automatis atau pengkomputeran atau apa-apa proses lain Kedua - mesti mematuhi Prinsip Notis dan Pilihan di mana makluman dan tujuan awalan dimaklumkan kepada subjek data berkenaan Ketiga - ialah Prinsip Penzahiran tujuan data peribadi seseorang subjek itu demi mengenal pasti maksud yang baginya data peribadi itu hendak dizahirkan. Keempat - Prinsip Keselamatan - apabila memproses data peribadi mana-mana subjek, mengambil langkah supaya data tersebut selamat, tidak diubahsuai, disalahguna atau diberikan kepada pihak-pihak yang tidak berkenaan. Kelima - Prinsip Penyimpanan: sesuatu data peribadi itu tidak dibenarkan disimpan di dalam sesuatu pemprosesan lebih daripada had masa yang diperlukan Keenam - Prinsip Integriti Data - setiap data peribadi dipastikan supaya tepat, lengkap, tidak mengelirukan dan terkini menepati maksud sesuatu data itu disimpan dan diproses. Ketujuh - Prinsip Akses: seseorang hendaklah diberi hak akses kepada data peribadinya yang dipegang oleh seseorang pengguna data dan juga boleh membetulkan datanya itu supaya terkini.




Oleh yang demikian, rakyat Malaysia khususnya perlu menyedari hak-hak mereka mengikut prinsip-prinsip yang terdapat di dalam Akta ini. Orang ramai boleh mengemukakan sebarang aduan yang berkaitan APDP 2010 (Seksyen 709) sekiranya merasakan sebuah organisasi atau seseorang telah melanggar salah satu daripada 7 Prinsip Perlindungan Data Peribadi. Berikut adalah amalan yang disarankan kepada pengadu iaitu apabila Akta ini telah berkuatkuasa:- i) Pengadu perlu membuat aduan dan memohon penjelasan kepada organisasi yang terlibat terlebih dahulu; ii) Sekiranya pengadu masih tidak berpuas hati dengan jawapan dan tindakan yang diambil oleh organisasi berkenaan, maka, pengadu bolehlah terus membuat aduan kepada pihak JPDP melalui alamat aduan yang disertakan bagi membolehkan penyiasatan boleh dijalankan; iii) Sekiranya pengadu masih terkilan dengan keputusan Pesuruhjaya berhubung perkara tersebut, maka, ia bolehlah merayu kepada Tribunal Rayuan dengan memfailkan suatu notis rayuan dengan Tribunal Rayuan.




Butir-butir yang perlu semasa membuat aduan:- Anda hanya perlu menulis surat kepada atau e-mailkan kepada Jabatan Perlindungan Data Peribadi untuk menjelaskan kes anda. Di dalam surat atau e-mel anda, anda perlu menyatakan perkara-perkara berikut:- i) Nama organisasi atau orang yang anda mengadu; ii) Menerangkan sebab kebimbangan anda; iii) Memberi butir-butir tindak balas yang mana anda telah terima daripada organisasi yang disyaki punca kebocoran maklumat; iv) Menyediakan salinan apa-apa surat atau e-mel mengenai perbincangan anda dengan organisasi atau individu berkenaan.

Sebarang aduan awam dan pertanyaan sila kemukakan kepada. Ketua Pengarah Jabatan Perlindungan Data Peribadi Malaysia Aras 6, Kompleks Kementerian Komunikasi dan Multimedia Lot 4G9, Persiaran Perdana Presint 4, Pusat Pentadbiran Kerajaan Persekutuan 62100 Putrajaya Tel: 03 8911 5000/7927/7906/7965 Fax: 03 8911 7959


Management should be asking these questions on

cyber security…

Is there someone on the board who serves as an IT expert and understands cyber risks and what is the role of board oversight in cybersecurity?

Who is in charge of your cybersecurity plan and which parts of your company are involved?

Is there a committee assigned to address cybersecurity?

Does the company have a chief security officer who reports outside of the IT organization?

Is social media a concern to your company?

Does your company have cyber insurance?


Do the outsourced providers and contractors have controls and policies in place and do they align with your company’s expectations?

Is there an annual company-wide education or awareness campaign established around cybersecurity?

Who are your likely adversaries (state sponsored, competitive, criminal, etc.) and what crown jewels do you most need to protect from them?

Do you have an incident response plan? Have you done a tabletop exercise?


cyber security….cont’d


What does you network map look like (physical assets, cloud resources, physical and digital security tools and protocols, etc.)?

Who has access to sensitive data, and what is the risk of an insider event?

What are your physical and digital security protocols following employee termination?

How do you interconnect with and share data with your supply chain and other business partners and does your company have a vendor risk management program?

Does your company receive and share information about cybersecurity threats?


cyber security….cont’d


P = People P = Process T = Technology

Bottom Line……PPT


the

The weakest link is..

PEOPLE

Human Factor


New Board Risks

and Challenges

Cyber Risk


62

Are we building a Maginot line.......


63

Are we building a Maginot line.......

1 : a line of defensive fortifications built before World War II to protect the

eastern border of France but easily outflanked by German invaders

2 : a defensive barrier or strategy that inspires a false sense of security


What’s in this for us……

64

More 2 billion people are connected to the Internet. Cellular phone subscriptions passing the 5 billion mark at the end of 2010. More than 50 billion objects are expected to be digitally connected by 2020, including cars, appliances and cameras. The amount of digital information created and replicated in the world will grow to a staggering amount of 35 trillion gigabytes by 2020.

About USD 8 trillion traded thru e-commerce last year


What’s in this for us……

65

https://www.siliconrepublic.com/companies/2015/11/25/digital-disruption-changed-8-industries-forever


Takeaways

Businesses need to minimize exposure; create systems to protect data; respond appropriately and use insurance to cover response costs.

Human beings are inventive; despite the best policies, non-compliance and resulting breaches will occur.

Your crisis management skills will serve you well when paired with subject matter experts.

Issues of cyber risk and data breach that businesses

face is not if….but when.


67

30 Mar ’07 : NISER

officially registered as 1998 - 2005

1997

• NITC Meeting on 7 Apr 2006 agreed to implement

NCSP and establishment of the Malaysia Cyber

Security Centre to administer NCSP.

• NCSP was endorsed by the Cabinet in May 2006.

• NISER was tasked to be the Malaysia Cyber

Security Centre.

March 2006

CyberSecurity Malaysia

was launched by the

Prime Minister of Malaysia

on 20 Aug 2007

About us…CyberSecurity Malaysia


Find out More

www.cybersecurity.my

www.mycert.org.my

[email protected]

Personal

[email protected]

mobile: +6012-2499476

http://www.cybersecurity.my


http://www.mycert.org.my

http://www.mycert.org.my




cybersecurity malaysia

Documents