Dragon Advance Tech
The Latest Cybersecurity Landscape in Hong Kong FinTech Security Conference - 2018 Frankie Li
You heard a lot ... Like this
But not from Hong Kong
2014-2015
7
2016: APT 3 targeted the • organizations with "spear-phishing" attacks "Relevant security • measures had already been put in place to block the suspicious e- mails,” Government office confirmed in a statement
2016
2016: The SWIFT Attacks – Hong Kong?
ATM Hacks extend to the Great China Regions
Exchange hacking occurs regularly The BitGril hack is a bit complicated. The exchange just The exchange did The exchange announced the tokens not use cold suspended The Coincheck hasn’t were missing. They storage. The trading, closed its disclosed how their announced that it exchange issued website and system was breached, appear to be related Bitfinex tokens exchange services, just saying that it wasn’t The hacker could to BitGrail’s software (BFX) for users and filed for access the backup an inside job. It kept who lost their bankruptcy Attackers customer assets in a hot The exchange key. The exchange funds protection. Users compromised the wallet. Users are reported a was closed and Bitgrail did not received funds partly employees’ partially refunded in hack on its compensation Mar 2018 refunded to users computers. Partial website. 30% Bitfinex Bitcoin was compensation of the token Bitstamp was exposed to the was paid to users have been hacked through Coincheck hosting site taken. phishing. The vulnerability. Reserves had Mt. Gox platform was The funds were been moved completely stolen and the to a cold reorganized. exchange was wallet Bitthumb Losses were Bitfloor closed covered from reserve fund Coinrail Bitcoinica Bitstamp Feb 2014 Mar 2012 Sept 2012 Jan 2016 Aug 2016 Jul 2017 Jun 2018 Jan 2018 Feb 2018
2016: Security Landscape changed? Money is now Data
2016: Cyber Fortification Initiative
2017
2017: Hong Kong travel agent WWPKG • One of Hong Kong’s largest travel agencies , revealed its customer database was hacked, putting at risk personal information such as ID card numbers and credit card • The police source said that the hackers were likely to be based overseas
2018: Hong Kong Broadband Network
2018: Unpublished Attack Incident
2018: Data Leakage Incidents
Latest Development of CX Incident
2018: Smart Banking Initiatives 30
2018: Cybersecurity and Technology Risk Protected by C-RAF The seven domains of maturity assessments 31
Is You Online Banking Infrastructure Secure? 32
2018: New Cybersecurity Incidents • On Oct 31, 2018 HKMA has requested to all e-wallets operators to suspend the automatically top-up via the Fast Payment System because they found a number of customers had suffered loss of fraud cases on electronic Direct Debit Authorization (eDDA)
2018: HSBC e-payment app PayMe Under Fire • Simple verification procedures for HSBC e-payment app PayMe allowed hackers to carry out unauthorised transactions after luring victims into disclosing their email passwords using phishing scams 34
Short Near Future we shall have eKYC 35
Latest Development of Virtual Banks
Smart FinTech | Exposing more attack service 37
Safe House or Sweet Home? 40
Safe House or Lake Resort on the cliff? 41
Encryption = Security? 42
Firewall == Network Security? 43
How is your Security being Implemented? 44
Building Cybersecurity Capacity for Hong Kong Technical/Procedural Legal Measures Organizational Measures Structures - Governmental lead - Legal Measures - Government Cybersecurity Goals Strategy Coordination and Framework - Government Legal - Governmental Focal - Secure Government Authority Point Infrastructure - Adequate and - Sectoral CIRT - Global Technical harmonized legal - Public-Private Collaboration frameworks Partnerships Capacity Building International Human Capacity Cooperation Building - Enhanced collaboration - Curricula and Training - Cybersecurity Skills (multi-stakeholder, Program Development Bi/Multi lateral) - Bespoke Training - Culture of Cybersecurity - Inter-Agency Collaboration - Cybersecurity Innovation
Thank you Q & A
Recommend
More recommend