dragon advance tech the latest cybersecurity landscape in
play

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong - PowerPoint PPT Presentation

Dragon Advance Tech The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference - 2018 Frankie Li You heard a lot ... Like this But not from Hong Kong 2014-2015 7 2016: APT 3 targeted the organizations with


  1. Dragon Advance Tech

  2. The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference - 2018 Frankie Li

  3. You heard a lot ... Like this

  4. But not from Hong Kong

  5. 2014-2015

  6. 7

  7. 2016: APT 3 targeted the • organizations with "spear-phishing" attacks "Relevant security • measures had already been put in place to block the suspicious e- mails,” Government office confirmed in a statement

  8. 2016

  9. 2016: The SWIFT Attacks – Hong Kong?

  10. ATM Hacks extend to the Great China Regions

  11. Exchange hacking occurs regularly The BitGril hack is a bit complicated. The exchange just The exchange did The exchange announced the tokens not use cold suspended The Coincheck hasn’t were missing. They storage. The trading, closed its disclosed how their announced that it exchange issued website and system was breached, appear to be related Bitfinex tokens exchange services, just saying that it wasn’t The hacker could to BitGrail’s software (BFX) for users and filed for access the backup an inside job. It kept who lost their bankruptcy Attackers customer assets in a hot The exchange key. The exchange funds protection. Users compromised the wallet. Users are reported a was closed and Bitgrail did not received funds partly employees’ partially refunded in hack on its compensation Mar 2018 refunded to users computers. Partial website. 30% Bitfinex Bitcoin was compensation of the token Bitstamp was exposed to the was paid to users have been hacked through Coincheck hosting site taken. phishing. The vulnerability. Reserves had Mt. Gox platform was The funds were been moved completely stolen and the to a cold reorganized. exchange was wallet Bitthumb Losses were Bitfloor closed covered from reserve fund Coinrail Bitcoinica Bitstamp Feb 2014 Mar 2012 Sept 2012 Jan 2016 Aug 2016 Jul 2017 Jun 2018 Jan 2018 Feb 2018

  12. 2016: Security Landscape changed? Money is now Data

  13. 2016: Cyber Fortification Initiative

  14. 2017

  15. 2017: Hong Kong travel agent WWPKG • One of Hong Kong’s largest travel agencies , revealed its customer database was hacked, putting at risk personal information such as ID card numbers and credit card • The police source said that the hackers were likely to be based overseas

  16. 2018: Hong Kong Broadband Network

  17. 2018: Unpublished Attack Incident

  18. 2018: Data Leakage Incidents

  19. Latest Development of CX Incident

  20. 2018: Smart Banking Initiatives 30

  21. 2018: Cybersecurity and Technology Risk Protected by C-RAF The seven domains of maturity assessments 31

  22. Is You Online Banking Infrastructure Secure? 32

  23. 2018: New Cybersecurity Incidents • On Oct 31, 2018 HKMA has requested to all e-wallets operators to suspend the automatically top-up via the Fast Payment System because they found a number of customers had suffered loss of fraud cases on electronic Direct Debit Authorization (eDDA)

  24. 2018: HSBC e-payment app PayMe Under Fire • Simple verification procedures for HSBC e-payment app PayMe allowed hackers to carry out unauthorised transactions after luring victims into disclosing their email passwords using phishing scams 34

  25. Short Near Future we shall have eKYC 35

  26. Latest Development of Virtual Banks

  27. Smart FinTech | Exposing more attack service 37

  28. Safe House or Sweet Home? 40

  29. Safe House or Lake Resort on the cliff? 41

  30. Encryption = Security? 42

  31. Firewall == Network Security? 43

  32. How is your Security being Implemented? 44

  33. Building Cybersecurity Capacity for Hong Kong Technical/Procedural Legal Measures Organizational Measures Structures - Governmental lead - Legal Measures - Government Cybersecurity Goals Strategy Coordination and Framework - Government Legal - Governmental Focal - Secure Government Authority Point Infrastructure - Adequate and - Sectoral CIRT - Global Technical harmonized legal - Public-Private Collaboration frameworks Partnerships Capacity Building International Human Capacity Cooperation Building - Enhanced collaboration - Curricula and Training - Cybersecurity Skills (multi-stakeholder, Program Development Bi/Multi lateral) - Bespoke Training - Culture of Cybersecurity - Inter-Agency Collaboration - Cybersecurity Innovation

  34. Thank you Q & A

Recommend


More recommend