Protect the Unexpected – A policy prospective

Charles Mok

Legislative Councillor

(Information Technology)

#CLOUDSEC

2

Big data is everywhere

ICT runs financial system

IoT creates

new loopholes

Threat environment more complex with innovations

3

Cyber security incidents more frequent

Hong Kong

3443 security incidents reported in 2014

116% increase from 2013

Source: Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)

4

High profile cyber attacks threatens

governments, enterprises and consumers

5

High profile cases -Germany steel mill hacked (spear-phishing attack, causing destruction of equipment)-U.S. Office of Personnel Management breach

(sensitive personal info of 21.5m people compromised, inside and outside of govt)-French TV network TV5monde disabled by hackers from Islamist group

(took over broadcast, email, social media)-Germany parliament Bundestag hacked

(sensitive materials stolen from 15 computers)

6

Credit card details of 100 million customers stolen, US$148 million breach-related costs

more than 47,000 US Social Security number(celebrities, freelancers, and current and former Sony employees) stolen

Names, credit card info and other private details of 37 million users stolen

7

5 common weapons of cyber attacks

8

1. Remote Access Trojan (RAT)

perform unauthorized operations and hide their presence

key logging, screen and camera capture, file access, code execution, registry management, password sniffing

9

2. Malware and spear phishing

Estimated in 90% of cyber attacks(Trend Micro)

malicious links/attachments

Information gathering: to be used later in further scams/attacks to victim

Spreading malware to target computers

10

3. Cyrptolocker ransomware

Encrypts victim’s computer system with keyRequires victim to pay ransom by bitcoin

within given time

11

4. Distributed Denial-of-Service Attacks

temporarily interrupting or suspending the services of web

servers

12

5. Hacktivism & Cybergraffiti

web defacement, social media hijacking to grab headline, spread a cause or bring embarrassment to victim

Recent cases: Taiwan govt and Hong Kong political party

13

Sources of threats and emerging risks…

Internet of things & embedded devices

Rogue insidersLegacy softwares

Big data breaches

Outdated software and OS-based attacks

Mobile devices

Attacks on Cloud storage providers

14

Unexpected source…

Law enforcement using spyware to hack the

public?

<insert speaker organization logo> 15www.cloudsec.com | #CLOUDSEC

MITIGATION:

Risk Management

Or Law Enforcement?

16

Securit

y

Privacy

Big tussle in the post-Snowden era:

Are tougher cybersecurity laws the solution

or the source of more problems?

17

Trends in cyber-security legislations

Requires sharing of cyber threat information among private and public entities = permission more data collection from users?

18

• More govt power to obtain records

• Right to restrict internet access

• Impose responsibilities on ISPs• Require real names log-in• Security requirements for

"critical industries"• Data localisation• Network equipment to be

‘reviewed’ before sales• Block illegal information from

overseas

Some countries go further on cybersecurity…

with chilling implications

Security or censorship?

19

Hong Kong: how to respect users’ privacy and freedomwhile fighting cyber threats remains important issue

20

Protect consumers More clarity to industry

Hold government accountable

Sharing best practices

Partnership and coordination on

breach notification and response

Privacy and security both matter: How to strike the right balance?

#CLOUDSEC

Charles Mok

Legislative Councillor

(Information Technology)

charlesmok@charlesmok.hk

Follow me on:Facebook: Charles Mok 莫乃光Twitter: @charlesmok