YOUR ITADVANTAGEAdvanced Cyber Security Threats to the Financial Services

30 October 2017

Agenda

Advanced Cyber Security Threats to the Financial Services

• Global Trends

• Common Threats against financial institutions

• Top Threats

• Source of attacks

• Malwares

• Dark Web

• Data Compromises

• Recommendations and Mitigations

• Third- & Fourth-party Best Practices

30 October 2017 2

Why Financial Sector is Targeted

Financial Threats are still profitable for cyber

criminals and therefore continue to be an

significant part of the threat landscape. From

financial Trojans that attack online banking, to

attacks against ATMs and fraudulent interbank

transactions, there are many different attack

vectors utilized by criminals.

There is a gap between companies perception of theircyber security capabilities and their actual ability todefend themselves from cyber threats

30 October 2017 3

Global Trends

Threat Landscape Is Changing

and Complexity AroundHeightened Awareness

Personal Information

The More Connected The More Vulnerable

New IT Sourcing Models are Being Implemented

30 October 2017 4

Industries Most Frequently Breached in 2016

The financial services sector moved from the third most-attacked industry in 2015 (behind healthcare and manufacturing) to the first most-attacked in 2016, due primarily to a large rise in SQLi and OS CMDi attacks. Also the financial services came third in regards to the number of records breached.

The cost of a cyber

attack by C-level

executives is estimated

at $11.6 million, while

IT Decision Makers

estimate $19.2 million

Information and communications

Government

Financial Services

Media and entertainment

Professional services

3,377,128,95585

398,087,84139

204,420,28322

42,008,94737

19,574,0005

Records breached Number of incidents

Data Source: IBM X-Force® Research and Development30 October 2017 5

Common Threats Against Financial Institutions

30 October 2017 6

Who is Responsible for Security Breaches?

Accountability and responsibility creates gaps for attackers to exploit.

Such disconnects and communications failures can also create problems in the event of an attack, when time is often of the essence and clarity is important.

It’s vital that organizations work to narrow these gaps in understanding, intelligence and responsibility.

C-SUITE

35%

21%

11%

17%

11%

The IT team Senior management team The leader of the organisation All Staff The board

19%

30%

20%

17%

13%

ITDM

WHO IS RESPONSIBLE FOR SECURITY BREACHES?

32%

30 October 2017 7

50%

Data Source: BAE Systems - The 2017 Cyber Defense Monitor

Who Are TheAttackers?

ATTACKER MOTIVATION, CAPABILITY & INTENT

Opportunists

Cybercriminals

Hacktivists

Nation State

30 October 2017 8

Top Threats to Financial Institutions

Unencrypted Data New Technology Without Security

Third Party Services

Being Unprepared for New Forms of

HackingUnsecured Mobile

Banking

30 October 2017 9

Source of attacks against financial services security clients

In 2016, insiders were

responsible for more

financial services

sector attacks than

outsiders

Data Source: IBM X-Force Interactive Security Incidents data30 October 2017 10

Source of attacks against financial services security clients

Injection-type attacks were the clear leader in the financial services sector in 2016

1%

Data Source: IBM X-Force Interactive Security Incidents data30 October 2017 11

1%

51%

0% 10% 20% 30% 40% 50% 60%

Employ probabilistic techniques

Engage in deceptive interaction

Inject unexpected items

Subvert access control 13%

Manipulate data structures 13%

Collect and analyse information 9%

Indicator 6%

Manipulate system resources 3%

Abuse existing functionality 3%

Detection Distribution and Threat Detection 2015-2016

Number of financial threat detections in 2016 and 2015Distribution of financial malware detections

The financial Trojan threat landscape is dominated by three

malware families: Ramnit, Bebloh (Trojan.Bebloh), and Zeus

(Trojan.Zbot). These three families were responsible for 86

percent of all financial Trojan attack activity in2016

Data Source: Symantec – ISTR Financial Threats Review 201730 October 2017 12

Still Lots of Opportunities for Malware

30 October 2017 Data Classification: MEEZA 13

Phishing – Widespread email – lots of victims

Spear Phishing – Targeted email aimed at a few victims

Compromised Vendors – any remote access is high prize target

IT Supply Chain – compromise integrators / distributors

Malicious Mobile Apps – Free or fake mobile apps

IT Patch Management Systems – broad distribution of code

Drive by Download– the unintentional download of malicious software, typically from an infected reputable site

Major Milestones in the Evolution of Evasion Techniques

30 October 2017 14

Malware evasion

techniques have

become far more

numerous and

sophisticated

since they first

appeared in 1980.

Data Source: McAfee

Dark Market Evasion Tools for Sale

30 October 2017 15Data Source: McAfee Labs Threats Report, June 2017

Dark Web: Connecting Miscreant Suppliers with MiscreantBuyers

Online libraries and advertisements of stolen data

Education on how to launch spamming, phishing, and key logging attacks

Advertisements for partners for complex fraud schemes

Recruitment

Detailed info sharing on technical vulnerabilities of software and specific financial institutions and their service providers

30 October 2017 16

Data Compromises by Region & Industry

Data Compromises By Region

Data Source: 2017 Trustwave Global Security Report30 October 2017 17

Data Compromises By Industry 2016

Data Compromise – Method of Detection

Data Source: 2017 Trustwave Global Security Report30 October 2017 18

Median Time Between Compromise Milestones (Days)

Containment is Much quicker when a breach isself-detected

Median Time Between Intrusion and Detection

Data Source: 2017 Trustwave Global Security Report30 October 2017 19

Median Time Between Detection and Containment(Days)

Recommendations and Mitigations

Never neglect training and refreshing

Further reduce exposure to insider threats

Protect your enterprise while reducing costand complexity

Risk and Resilience Seek Balance

Embrace Adaptive SecurityApproaches

Apply a cognitive approach to detecting

Augment cyber Security intelligence capabilities

Finding Security-People and Skills

Security Disciplines Converge

Extending Security For Digital Businesses

30 October 2017 20

Third- & Fourth-Party Best Practices

Never neglect training and refreshing

Collaborating with vendors

Creating a fourth-party risk program.

Using continuous monitoringtechnology

Emphasizing the importance of third- and fourth-partycybersecurity to the board

Considering how third- or fourth-party cybersecurity impacts cyber insurance

30 October 2017 21

Any Questions?

30 October 2017 22

Thank You

Faisal Al KuwariChief Technology Officer

T +974 4405 1000 F +974 4405 2000 P.O.Box 892 Doha – Qatarwww.meeza.net