understanding and tackling 'next-tier cyber threats
TRANSCRIPT
www.cloudsec.com | #CLOUDSEC
Understanding and tackling “next-tier” cyber threats Charles Mok
Legislative Councillor (Information Technology)
@charlesmok
What happened in 2017? Ransomware: Top threat
2
IoT vulnerabilities
Email phishing
Social engineering
IoT for DDoS attack
Common types of attacks
More vulnerabilities exposed: and not just on PCs
Spyware, malware keeps appearing in app stores
Stealing credentials
Targeted
Stealthy
Personalized
Zero-day
The New Threat Landscape
#CLOUDSEC
TARGETED
• Critical infrastructure: electric power systems, transport infrastructure, supply chain
• High risk industries: healthcare providers, finance • Others: government, higher education, retail,
travel/hospitality, technology, entertainment
Newer attack methods emerging Ransom denial-of-service (RDoS) Destruction of service (DeOS) destroying organisations data and back-up Automation: reused malware + automation by bots to attack new exploits and flaws Sophisticated phishing
#CLOUDSEC
Hackers for hire: Attacks-as-a-service • DDoS-as-a-service
• ransomware-as-a-
service
• Fraud-as-a-service
hacker ecosystem: spreading tools in the dark web even paid subscription
How to tackle new cybercrime scenarios?
10
Strengthening defence against newer threats require holistic approach
Training of in-house
personnel
Proactive prevention
and detection
Regularly patch and
update systems
cyber resilience plan for recovery
Trend: Promote cooperation between public and private sector with legislation to protect digital assets
www.cloudsec.com | #CLOUDSEC
THANK YOU
Charles Mok
Legislative Councillor (Information Technology)
@charlesmok