Cybersecurity Challenges:

Komitas Stepanyan, PhD, CRISC, CRMA, CobitFDeputy Head of Internal Audit

Central Bank of Armenia

“WAR GAMES”IS NOT A MOVIE ANYMORE

AGENDA

Introduction

Recent Hot Issues

Challenges

Solutions

• The era of digital life

• Mobile technologies, BYOD, Public WiFi

• Social networks

• Sound IT/IT Security governance

• Right people at the right place

• Best in calls technical solutions

• Ransomware

STATISTICS

Over 169 million personal records were exposed in 2015, across the financial, business, education, government and healthcare sectors. In 2017 several BILION*.2

In 2015, there were 38 % more security incidents detected than in 2014. In 2017 223 % more than in 2016. 1

The median number of days that attackers stay dormant within a network before detection is over 200.4

In 2017, 24% of breaches affected financial organizations5

More than 70 percent of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim.3

Min: $400 billion

Max: $600 billion

How can we manage and mitigate

Cybersecurity risks

more effectively?

Cybersecurity losses - 2016

Good conditions for large-scale hacker attacks !

Cybersecurity losses - 2019

~ 2 trillion

The Internet of Things: From Fiction to Reality

Total Number of Vulnerabilities 2017, Top 10 Products By Vendor

DIGITAL LIFE IS NOT PERFECT

RECENT HOT CASES

https://www.youtube.com/watch?v=MK0SrxBC1xs

400,000 drug pumps installed in hospitals around the world

․․․independent security researcher identified a critical

vulnerability in 2015 in popular drug infusion pumps that

hundreds of thousands of hospitals use.

Hackers could raise the dosage limit patients received,

allowing to remotely kill a victim in the hospital ․․․

RECENT HOT CASES

40 Million Stolen Credit Card

Numbers and Up To 70 Million

Customers data Stolen

RECENT HOT CASES

Bangladesh central bank hacked. Attackers

used a malware and steal $81 million.

February 2016

Second malware attack - Vietnamese commercial bank hacked

May 13, 2016

RECENT HOT CASES

2017 HOT CASES

Google and Facebook were victims of Business Email Compromise (BEC) or ‘CEO Fraud’

March 2017, 64 Cyberattacks

April 2017, 85 Cyberattacks

Malware Threat to ATMs

Homographic Phishing Attacks2017

The year of ransomware... Password security

January 2017, 89 Cyberattacks

1 Billion user accounts stolen from Chinese Internet Giants

Ransomware infected 70% of the storage devices that record data from D.C. police surveillance cameras, DC Police Department

52GB database was stolen containing information on 33.7 million people

May 2017, 67 Cyberattacks

WannaCry Ransomware

August 2017, 90 Cyberattacks

More than 700m email addresses, as well as a number of passwords has been stolen

September 2017, 41 Cyberattacks

143 million customers personal and financial information stolen from Equifax

PASSWORD

81 % of hacking-related breaches leveraged either stolen and/or weak passwords *

AGENDA

Introduction

Recent Hot Issues

Challenges

Solutions

• The era of digital life

• Mobile technologies, BYOD, Public WiFi

• Social networks

• Sound IT/IT Security governance

• Right people at the right place

• Best in calls technical solutions

How to effectively mitigate cyber security challenges?

• Ransomware

… there will be 21 billion connected devices by 2020

Gartner Research Group

60 SEC OF OUR DIGITAL LIFE -2016

DAILY INTERNET USAGE BY DEVICE (IN HOURS)

?

kids (5-15)

?aged (65+)

ENCRYPTION AS A WEAPON - RANSOMWARE

What is ransomware?

sophisticated piece of malware that blocks

the victim’s access to his/her files.

The cyber security community agrees that this is the most

prominent and worrisome cyber threat of the moment.

RANSOMWARE – A REAL CHALLENGE FOR ANYONE

FACTS

88% of breaches fall into the nine patterns that Data Breach

Investigations Report first identified back in 2014.

About 60% of cases, hackers are able to get results in minutes

23% of people receiving PHISHING letters, opens them and 11%

clicks on links or opens attached files

91% of successful data breaches started with a phishing attack

99.9% of exploited vulnerabilities were compromised more than a year

after details were published

SOCIAL ENGINEERING

https://www.youtube.com/watch?v=bjYhmX_OUQQ

https://www.youtube.com/watch?v=bjYhmX_OUQQ

USE OF CLOUD COMPUTING SERVICES, 2014 AND 2016 (% OF ENTERPRISES)

Source >>> http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises

USE OF CLOUD COMPUTING SERVICES IN ENTERPRISES, BY PURPOSE, 2014 AND 2016 (% )

Source >>> http://ec.europa.eu/eurostat/statistics-explained/index.php/Cloud_computing_-_statistics_on_the_use_by_enterprises

BYOD – BRING YOUR OWN DEVICE

Bring Your Own Everything… (BYOx)

2015 2016 2020. . . . .

+30%5.2

billion~ 7

billion20

billion

PUBLIC WIFI

TOP 10 COUNTRIES FOR PUBLIC WIFI IN 2015

1

2

3

4

5

6

7

8

9

10

AN EVIL TWIN HOTSPOT

International Conference

International Conference

Internet

AGENDA

Introduction

Recent Hot Issues

Challenges

Solutions

• The era of digital life

• Mobile technologies, BYOD, Public WiFi

• Social networks

• Sound IT/IT Security governance

• Right people at the right place

• Best in calls technical solutions

How to effectively mitigate cyber security challenges?

• Ransomware

Cyber security looks like a game of Cat and Mouse: It will never end.

SUMMARY

SUMMARY

Knowledge and informed people: the most efficient way to mitigate

cyber security risks today and tomorrow

SUMMARY

Don’t be lazy to cover cyber security basics…

Think Before You ClickUpdate Regularly

Use an Effective Password Policy

Be suspicious of warnings that pop up asking you to install

Guard Your Personal Data

Use SSL Correctly

Don’t be lazy to educate employees…

SOLUTIONS

• ISO 27001• COBIT• ITIL• NIST

• Hardened IT Infrastructure

• Effective monitoring tools

• Patch Management• Configuration

Management• Incident Management

Best in class

IT solutions

Sound IT and

IT Security

Governance

• Strong InfoSec• Strong IT Audit• Informed, aware

personnel

Right people

at the right place

Thank You !

Contact me: