Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Published byPhillip McGee Modified over 9 years ago

Similar presentations

Presentation on theme: "Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank."— Presentation transcript:

1 Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank

2 Agenda What is Cybercrime and Cybersecurity? Trends Impact on African banks What is needed? Questions for the board room

3 Cybercrime and Cybersecurity Cybercrime unlawful acts wherein the computer is either a tool or target or both Cybersecurity combines people, processes, and technology to continually monitor vulnerabilities and respond proactively to secure an organization’s assets.

4 Cybercrime and Cybersecurity Damage with respect to: Confidentiality Integrity Availability Losses/what is at stake: Financial Regulatory Reputational

5 Trends Everybody is a target Easy to get into Lot’s of money to be made Small chance of being caught Ever increasing and expanding Moving from desktop computers into smart phone arena Cyber crime is here to stay!

6 Attacks are increasingly easy to conduct Email propagation of malicious code “Stealth”/advanced scanning techniques Widespread attacks using NNTP to distribute attack Widespread attacks on DNS infrastructure Executable code attacks (against browsers) Automated widespread attacks GUI intruder tools Hijacking sessions Internet social engineering attacks Packet spoofing Automated probes/scans Widespread denial-of-service attacks Techniques to analyze code for vulnerabilities without source code DDoS attacks Increase in worms Sophisticated command and control Anti-forensic techniques Home users targeted Distributed attack tools Increase in wide-scale Trojan horse distribution Windows-based remote controllable Trojans (Back Orifice) Skill level needed by attackers 1990 2011 Attack sophistication 6

7 Spy Eye screenshots

8

9

10

11

12

13

14

15 Impact on African banks Dependency on IT is a fact Cyber crime is in infancy stage https://spyeyetracker.abuse.ch/ https://zeustracker.abuse.ch/ Internet banking almost non-existant Skimming attempts and gas attacks are moderate Fraud with mobile banking based on social engineering Mobile banking the way forward for hackers Penetration of smart phones will be turning point

16 Impact on African banks Connection to international payment networks will massively increase risk Banks launch new products rapidly Need to get ready now

17 What is needed? Improvement needed in: people process technology

18 What is needed? People Get people in with the right skill set Employ a Chief Security Officer Educate your employees Educate your customers

19 What is needed? Processes Implement security policies Perform risk analysis with respect to IT Manage residual risk Move from active to pro-active

20 What is needed? Technology Invest in securing network and internet connectivity Buy software to help automate checking compliance with security base lines Hire outside contracters to monitor for threats and attacks aimed at your bank

21 Questions for the board room What are the top-5 IT risks? How are they being managed? How serious is the threat of cyber crime? How is management dealing with that? Who is responsible for managing IT risk? How is reported on these risks? What action plans are drafted/followed? How is progress monitored?

22 Questions for the board room What were the latest security incidents? How is management dealing with these? Is card skimming a problem? Will it be? Are gas attacks on ATM’s a problem? Does the bank have a CERT team? Is the SMS services provider at the right security level?

23 Actions/shopping list 1.Establish a board Risk Committee separate from the Audit Committee and assign it responsibility for enterprise risks, including IT risks. Recruit directors with security and IT governance and cyber risk expertise. 2.Ensure that privacy and security roles within the organization are separated and that responsibilities are appropriately assigned. The CIO and CSO should report independently to senior management. 3.Evaluate the existing organizational structure and establish a cross- organizational team that is required to meet at least monthly to coordinate and communicate on privacy and security issues.This team should include senior management from human resources, public relations, legal, and procurement, as well as the CFO, CIO, CSO, CRO, and business line executives. 4.Review existing top-level policies to create a culture of security and respect for privacy. Organizations can enhance their reputation by valuing cyber security and the protection of privacy and viewing it as a corporate social responsibility.

24 Actions/shopping list 5.Review assessments of the organization’s security program and ensure that it comports with best practices and standards and includes incident response, breach notification, disaster recovery, and crisis communications plans. 6.Ensure that privacy and security requirements for vendors (including cloud and software-as-a-service providers) are based upon key aspects of the organization’s security program, including annual audits and control requirements. Carefully review notification procedures in the event of a breach or security incident. 7.Conduct an annual audit of the organization’s enterprise security program, to be reviewed by the Audit Committee. 8.Conduct an annual review of the enterprise security program and effectiveness of controls, to be reviewed by the board Risk Committee, and ensure that identified gaps or weaknesses are addressed. 9.Require regular reports from senior management on privacy and security risks.

25 Actions/shopping list 10.Require annual board review of budgets for privacy and security risk management. 11.Conduct annual privacy compliance audits and review incident response, breach notification, disaster recovery, and crisis communication plans. 12.Assess cyber risks and potential loss valuations and review adequacy of cyber insurance coverage.

26 Questions? a.w.j.heintjes@rn.rabobank.nl

Download ppt "Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Control and Accounting Information Systems

Control and Accounting Information Systems
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”

Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google