Cybercrime: Mitigation Challenges

Slides:



Advertisements
Similar presentations
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Advertisements

Session 3 – Information Security Policies
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Dell Connected Security Solutions Simplify & unify.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Ali Alhamdan, PhD National Information Center Ministry of Interior
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Albany Bank Corporation Security Incident Management Program.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Despite of spending high on digital information security, organizations still remain exposed to external threats. However, data center providers are helping.
Risks and Hazards to Consider Unit 3. Visual 3.1 Unit 3 Overview This unit describes:  The importance of identifying and analyzing possible hazards that.
Security and resilience for Smart Hospitals Key findings
JMFIP Financial Management Conference
Cybersecurity as a Business Differentiator
RISK MANAGEMENT SYSTEM
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Information Security Program
CPA Gilberto Rivera, VP Compliance and Operational Risk
Information Security – Current Challenges
Cybersecurity, competence and preparedness
Challenges and opportunities for the CFO
Update from the Faster Payments Task Force
Cybersecurity - What’s Next? June 2017
IS4550 Security Policies and Implementation
Insiders are Today’s Biggest Security Threat
Comprehensive Security and Compliance at an Affordable Price.
Emerging Payments Market Developments: Trends and Risks James Van Dyke, President and Founder Presented at the Federal Reserve Bank of Atlanta, November.
Team 1 – Incident Response
MGMT 452 Corporate Social Responsibility
Data Minimization Framework
ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR
Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,
Introduction to a Security Intelligence Maturity Model
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Behavior Analytics Market to surpass $3.5bn by 2024: Global Market Insights,
Gelişmiş Tehdit Korumasının İnkar Edilemez 4 Gerçeği
Managing Information Technology
CYBER SECURITY MARKET Global Cyber Security Market, Size, Share, Market Intelligence, Company Profiles, Market Trends, Strategy, Analysis, Forecast
I have many checklists: how do I get started with cyber security?
Making Information Security Manageable with GRC
GDPR - New Data Protection Regulation
Cyber Trends and Market Update
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
Securing the Threats of Tomorrow, Today.
University of Muenster Consulting
Cyber security Policy development and implementation
Cyber Security Culture
DATA LOSS PREVENTION Mr. Collins Oduor.
SOUTH AFRICAN INSURANCE ASSOCIATION
Mastercard® Threat scan
Risk Mitigation & Incident Response Week 12
Strategic threat assessment
Managing IT Risk in a digital Transformation AGE
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Cyber Security in a Risk Management Framework
GRC - A Strategic Approach
The future of financial infrastructure An ambitious look at how blockchain can reshape financial services An Industry Project of the Financial Services.
CyberSecurity Strategy For Defendable ROI
Presentation transcript:

Cybercrime: Mitigation Challenges 29 November 2016 Phoenicia Hotel – Beirut, Lebanon Fouad KHALIFEH Group Chief Compliance Officer FRANSABANK sal

Highlights Risks of Cybercrime Categories of Targeted Attackers Data Breach and its’ Consequences Implementing future-proof security Governance: Integrating compliance with threat intelligence Conclusion and Recommendations November 2016 Fouad Khalifeh

Risks of Cybercrime Assets Reputation November 2016 Fouad Khalifeh

Categories of Targeted Attackers Banks are as exposed to ‘mass market’ attacks as any other organization. But the greatest threat is from targeted attacks as these can be more difficult to detect and the attacker may focus on a specific system or set of information. Attackers generally fall into three broad categories: The financially motivated attacker who intends to compromise systems to conduct theft or fraud electronically. The espionage motivated attacker who intends to steal information to sell on to a third party. November 2016 Fouad Khalifeh

Categories of Targeted Attackers The politically motivated attacker who intends to compromise information or systems to achieve a goal shared within a group. Such attacks can be defended against if organizations implement a multi-layer approach to security: making it as difficult as possible for attackers to compromise systems and maximizing the speed of attack detection. November 2016 Fouad Khalifeh

Data Breach Two years ago, J.P. Morgan, the largest U.S. bank by assets, was targeted by cybercriminals in a breach that exposed names, addresses and other information of 76 million customer households, although no money was taken. Data Breach has a much powerful impact than loss of funds November 2016 Fouad Khalifeh

Consequences of a Data Breach A data breach in a financial institution can put the business at risk from different perspectives. All of the following issues need to be considered when a data breach occurs: Managing a breach: The process of retrieving data and tracing the breach involves expense and resource. November 2016 Fouad Khalifeh

Consequences of a Data Breach Impact on brand reputation: Customers can lose faith in their bank if breaches are broadcast in the media. Regulatory fines (and others like cards issuers and customer-related legal actions, etc.) : Stronger and more impactful enforcement is likely to be seen more often. These consequences can be avoided by ensuring that systems are secured and by remaining vigilant so that successful attacks can be remediated before data is breached. November 2016 Fouad Khalifeh

Implementing future-proof security Emerging trends and technology evolution are paving the way for new ways of working, but also for new security threats and challenges (example: the recent “Ransomware” issue). As cybercriminals shift their focus to bank employees, and mobile banking gains momentum, the only constant in this game is change. Security strategies and infrastructures need to become more agile and predictive as no technology can rule out the human factor completely, so security awareness will remain critical. November 2016 Fouad Khalifeh

Implementing future-proof security Education of Employees is the best defense against many threats. However, this is most effective when organizations break away from traditional security awareness models to employ creative techniques and deploy technologies that can influence user behaviors. Automation of processes it helps guard against human error and offers the capability to manage large amounts of data Multi-layer security including firewalls, secure sign-on, dual authentication with triangulation of access and real-time business event monitoring, helps protect against data failings from external attack. November 2016 Fouad Khalifeh

Implementing future-proof security Improved real-time tracking and business intelligence will alert companies to any security breach. The ability to monitor every transaction across global operations will be the key to protecting against internal and external threats. Managed security services or a security operations center, will help detect real-time external or internal security breaches. New technologies such as mobile banking applications or payment, need to be considered within the overall security framework. This will be critical from a cost and resource perspective. Applications, procured through line of business functions, can operate outside of the core infrastructure which will impact on the security and risk posture of the organization. November 2016 Fouad Khalifeh

Implementing future-proof security The bottom-line is that financial institutions will be unlikely to keep ahead of criminals and so will remain a top target for attacks. To counteract, organizations will need to continuously update information security policies, systems and infrastructures, and ensure they keep up with best practices in securing customers’ data. November 2016 Fouad Khalifeh

Governance: Integrating compliance with threat intelligence The security ecosystem is complex and starts with governance. Banks need to develop and enforce IT policies that comply with regulations, but also ensure that risk is being minimized for targeted attacks against identified critical systems, such as core banking or customer data. November 2016 Fouad Khalifeh

Governance: Integrating compliance with threat intelligence Effective governance requires an integrated approach, which sets the standards on the right level for the different parts of the business. By prioritizing risks and defining policies that span across all locations, policies can be enforced through built-in automation and workflow to protect information, identify threats, anticipate and remediate incidents. November 2016 Fouad Khalifeh

Conclusion and Recommendations The finance industry is constantly fighting cybercrime and, given the potential financial gain from a successful attack, this battle is likely to continue. However rigorous the security employed, exposure to new risks is inevitable (Risk Managers are required in this regard, to set the acceptable level of risk their organization can handle). New technologies and services must be adopted to cope with competitive pressure, and regulations must be complied with. November 2016 Fouad Khalifeh

Conclusion and Recommendations Only by advancing the intelligence and analysis around attackers and their methods, can the industry hope to stay ahead How? By forming a group of the largest Lebanese banks, the Cybercrime Intelligence Management Group (CIMG). The CIMG will seek to tackle the growing cyber-threats, by having group members provide a support mechanism for information-sharing, management and collaboration. November 2016 Fouad Khalifeh

Conclusion and Recommendations Such group could share information and data between members about threats and actual attacks, prepare comprehensive responses for when attacks occur, and conduct scenario analysis designed for the issues facing the biggest institutions. This will help create a central information hub that works towards advancing the intelligence and analysis around attackers and their methods: risk profiling attackers, and creating a sanctions-like list of attackers and potential threats. As data collection and dissemination is still at its early stages, creating such a group of banks can be effectively built today from the ground up. November 2016 Fouad Khalifeh

Conclusion and Recommendations Debatable Issues facing the CIMG: CIMG to integrate all banks or just the biggest institutions? Banking Secrecy requirements: what kind of information to share, for it to be useful? Role of the SIC: currently no data is being shared on known Cybercrime cases Assets and Reputation are the main Cybercrime risks. Are there any other risks? And to which level are those risks “acceptable”, “manageable”, or plain “catastrophic”? Each institution will have to establish a risk-based approach towards cyber risks, in order to maximize the benefits of using the CIMG. November 2016 Fouad Khalifeh

Group Chief Compliance Officer Thank you. Questions and Answers. Fouad KHALIFEH Group Chief Compliance Officer FRANSABANK sal Hamra Street Beirut, Lebanon Fouad.khalifeh@fransabank.com Tel: 00961 1 340 180 Ext. 3663 Direct: 00961 1 344 771 Mobile: 00961 3 426 374 November 2016 Fouad Khalifeh

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.