Upload
charles-mok
View
128
Download
0
Tags:
Embed Size (px)
Citation preview
Protect the Unexpected – A policy prospective
Charles Mok
Legislative Councillor
(Information Technology)
#CLOUDSEC
2
Big data is everywhere
ICT runs financial system
IoT creates
new loopholes
Threat environment more complex with innovations
3
Cyber security incidents more frequent
Hong Kong
3443 security incidents reported in 2014
116% increase from 2013
Source: Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
5
High profile cases -Germany steel mill hacked (spear-phishing attack, causing destruction of equipment)-U.S. Office of Personnel Management breach
(sensitive personal info of 21.5m people compromised, inside and outside of govt)-French TV network TV5monde disabled by hackers from Islamist group
(took over broadcast, email, social media)-Germany parliament Bundestag hacked
(sensitive materials stolen from 15 computers)
6
Credit card details of 100 million customers stolen, US$148 million breach-related costs
more than 47,000 US Social Security number(celebrities, freelancers, and current and former Sony employees) stolen
Names, credit card info and other private details of 37 million users stolen
8
1. Remote Access Trojan (RAT)
perform unauthorized operations and hide their presence
key logging, screen and camera capture, file access, code execution, registry management, password sniffing
9
2. Malware and spear phishing
Estimated in 90% of cyber attacks(Trend Micro)
malicious links/attachments
Information gathering: to be used later in further scams/attacks to victim
Spreading malware to target computers
10
3. Cyrptolocker ransomware
Encrypts victim’s computer system with keyRequires victim to pay ransom by bitcoin
within given time
11
4. Distributed Denial-of-Service Attacks
temporarily interrupting or suspending the services of web
servers
12
5. Hacktivism & Cybergraffiti
web defacement, social media hijacking to grab headline, spread a cause or bring embarrassment to victim
Recent cases: Taiwan govt and Hong Kong political party
13
Sources of threats and emerging risks…
Internet of things & embedded devices
Rogue insidersLegacy softwares
Big data breaches
Outdated software and OS-based attacks
Mobile devices
Attacks on Cloud storage providers
<insert speaker organization logo> 15www.cloudsec.com | #CLOUDSEC
MITIGATION:
Risk Management
Or Law Enforcement?
16
Securit
y
Privacy
Big tussle in the post-Snowden era:
Are tougher cybersecurity laws the solution
or the source of more problems?
17
Trends in cyber-security legislations
Requires sharing of cyber threat information among private and public entities = permission more data collection from users?
18
• More govt power to obtain records
• Right to restrict internet access
• Impose responsibilities on ISPs• Require real names log-in• Security requirements for
"critical industries"• Data localisation• Network equipment to be
‘reviewed’ before sales• Block illegal information from
overseas
Some countries go further on cybersecurity…
with chilling implications
Security or censorship?
19
Hong Kong: how to respect users’ privacy and freedomwhile fighting cyber threats remains important issue
20
Protect consumers More clarity to industry
Hold government accountable
Sharing best practices
Partnership and coordination on
breach notification and response
Privacy and security both matter: How to strike the right balance?
#CLOUDSEC
Charles Mok
Legislative Councillor
(Information Technology)
Follow me on:Facebook: Charles Mok 莫乃光Twitter: @charlesmok