Scale your database traffic with Read & Write split using MySQL Router
Cybersecurity Risk from User Perspective
1. CYBERSECURITY RISK FROM
CONSUMER PERSPECTIVE
LESSON LEARNED FROM THE COVID-19 PANDEMIC
Avinanta Tarigan
Research Center for Cryptography and System Security
Gunadarma University
2. MY SELF
• Education:
• 1997 - Bachelor Degree in Computer Science – Gunadarma University
• 2017 – PhD in Computer Science – Universitaet Bielefeld
• Activities :
• Lecturer in Computer Science department, Gunadarma University
• Head of Research Center for Cryptography and System Security
• AAMAI
• Past work / research :
• National roadmap for Security Incident Response Capabilities Development
• First Certification Authority Systems (PKI) in Indonesia
• Decentralized (Blockchain) Protocol Development and Decentralized Apps
Development
• Cryptographic Protocol development and formal verification
• IT Audit & Penetration Testing
7. WHAT ARE THE RISK
Change Effect Risk
Work From Home Personal mobile and computers
allowed to access corporate networks
Data breach
(Key / Screen Logger, Direct attack by malware
infected on user computer to corporate
networks)
Remote desktop compromise
Cloud Utilization Important data are stored and
exchanged in the cloud
Data loss, data manipulation, data breach,
malware infection
Increased Vicon
Utilization
Important and confidential
conversation or meeting are held and
stored by third party
unauthenticated users silently join the meeting
Stolen recorded meeting from cloud
Unauthorized access to user’s screen / desktop
Vicon chat room can be used as code injection
Digital Documents are
used as legal document
Users rely on integrity of documents Documents Forgery, Unauthorized modification
Increased network
demand
More throughput is needed, increase
bandwidth capacity
Lack of Service
Network is down
8.
9. LATEST THREAT FOUND DURING PANDEMIC
• Ransomware combines encryption with stolen data
• Light loader malware attack on every device,
payload is downloadable, difficult to detect
• Covid-19 domain registration increase significantly -
> Phising
• Large scale attack to health related sites by APT
(Advanced Persistence Threat)
• 150.000 new m-apps on playstore deliberately
loaded with malware
• Malware bypass 2 Factor Authentication (2FA)
• Online Skimming (CC)
• Compromised cloud service caused data breach
• Malware :
• Cryptomining
• Mobile Fraud AdWare
• Banking trojan
• Spyware (SMS, 2FA, CC)
• High profile global vulnerabilities
• Exim Mail Agent (CVE-2020-10149)
• Draytek Vigor Command Injection vulnerability
(CVE-2020-8515)
• Microsoft Windows SMBGhost RCE Exploit (CVE-
2020-0796)
14. DIGITAL SIGNATURE
Digital signature is used to protect
authenticity and integrity of a document and
promote non-repudiation
• Authentication of signer
• Sign, confirm, and send various insurance
documents and legal disclosure
• On-time quality services to their customer
• According to UU ITE, documents signed
with digital signatures are legally valid
15. Cyber
Security
Threats
Controls
Cyber
Space
Assets
Vulnerabilities
Apps, Libraries, OS,
Protocol, People, Policy
Attacker
Insider / Outsider
Exploit Techniques
Buffer Overflow, Injection,
XSS, Sniffing, Social
Engineering, Malware, etc
Aspects
Authentication
Integrity
Confidentiality
Non-Repudiation
Availability
INCIDENT
Reported or Keep Secret
Security Management
Continues Security
Man, Tools,
Method Secure System Dev
Awareness & Skill
Cryptography
Incident Handling
Threat Intelligence
Digital Forensic
People
Software & Services
Internet / Infrastructure
Convention
Tangible & Intangible
Physical & Logical
Locally Stored
On Cloud Stored
Identify
Protection
Detection
Respond
Recovery
ISO/IEC 27001
PCI/DSS, NIST Fr
Security Audit ISO 19001:2011
ISO 27035
ISO 27037
Security is a
process not a
product
Security is chain of
trust, the strength
is the weakest link
use
to exploit
resulting in
that break
Open &
Underground
explore
KAMI
18. SOC & CSIRT
• SOC ( Security Operation Center ) A Security
Operations Center (SOC) is
an organized and highly skilled team whose
mission is to continuously monitor and
improve an organization’s security posture
while preventing, detecting, analyzing, and
responding to cyber security incidents with
the aid of both technology and well-
defined processes and procedures.
• CSIRT ( Computer Security Incident response
Team ) is a group of IT professionals that
provides an organization with services and
support surrounding the prevention,
management and coordination of
potential cybersecurity related emergencies.
19. CYBER THREAT
INTELLIGENCE
• Cyber threat intelligence is information
about threats and threat actors that
helps mitigate harmful events in
cyberspace[. Cyber threat intelligence
sources include open source
intelligence, social media
intelligence, human Intelligence,
technical intelligence or intelligence
from the deep and dark web.
20. CSIRT / CERT COOPERATION
National CSIRT
Gov CSIRT
Province CSIRT Gov Org CSIRT Ministry CSIRT
Public CSIRT Sectoral CSIRT
Fin CSIRT
Bank A CSIRT
X Insurace
CSIRT
Y Insurance
CSIRT
Fintech Z CIRT
Transportation
CSIRT
Critical Infra
CSIRT
• Computer Security Incident
Response Team
• Prepare and Strengthening
• Response to Incidents
• Recovery
• Investigation
• Capability Building through
Networking, Simulation, Cyber
Exercise, Cyberdrill
• Incident / Vulnerability / Threat
sharing information
• Sectoral CSIRT has advantage of
application / environment
homogenity
• BSSN agenda to develop
network of CSIRT and capability
building
21. MODERN CYBER SECURITY : THREAT HUNTING
Proactive Rather Than Reactive
1. Assumption is system compromised
2. Proactive to search for threat
3. Iterative work to search on undiscover
vulnerability
4. To be curious on the new attack
techniques
5. Alert from protection system is just a
tools to help to monitor
6. Improving automatic detection
23. THE CHANGE, RISK, AND SOLUTION
Change Effect Risk Tech
WFH Personal mobile and computers
allowed to access corporate
networks
Data breach
(Key / Screen Logger, Direct attack by
malware infected on user computer to
corporate networks)
• User training awareness (simulation, random check,
continues alert)
• Latest AV and patches on users’ comp
• Access from home are limited and treated differently
Cloud Utilization Important data are stored and
exchanged in the cloud
Data loss, data manipulation, data breach,
malware infection
• Invest in cloud security
• Real time prevention of threats with IaaS security
• Deploy on containers an serverless apps
Vicon Utilization Important and confidential
conversation or meeting are held
and stored by third party
unauthenticated users silently join the
meeting
Stolen recorded meeting from cloud
unauthorized remote access to user’s
screen/desktop
• Invest on Vicon infrastructure
• DRM and other cryptography measures
• Security audit and testing
Digital
Documents are
used as legal
document
Users rely on integrity of
documents
Documents Forgery, Unauthorized
modification
• Digital Signature and Public Key Infrastructure
• Crypto Token
Increased
network demand
More throughput is needed,
increase bandwidth capacity
Lack of Service
Network is down
• Invest in network security (IPS, AV, Firewall)
• All network protection and scalability keeping
business continuity
24.
25.
26. 1. Proaktif, bukan reaktif. Artinya
prinsip ini fokus pada antisipasi dan
pencegahan.
2. Mengutamakan privasi pengguna.
Prinsip ini memetakan pada upaya
untuk memberikan perlindungan privasi
secara maksimum dengan memastikan
bahwa data pribadi secara otomatis
dilindungi dalam sistem IT atau praktik
bisnis tertentu.
3. Perlindungan privasi diintegrasikan
ke dalam desain.
Kewajiban menanamkan perlindungan
data pribadi pada desain teknologi
secara holistik.
4. Memiliki fungsi maksimal.
Prinsip ini menekankan pada
penyediaan standar mitigasi risiko
untuk sistem elektronik yang
kewajibannya tidak semata-mata demi
keamanan perusahaan, tapi juga demi
privasi dari pemilik data pribadi.
5. Sistem keamanan yang total.
Prinsip ini terwujud dengan
memperkuat sistem keamanan dari
mula hingga akhir.
6. Transparansi.
Prinsip ini memastikan praktik bisnis
maupun teknologi yang ada beroperasi
sesuai aturan yang sudah disepakati
dan diungkap ke publik. Penyedia jasa
juga harus tunduk pada proses verifikasi
yang dilakukan oleh pihak independen.
7. Menghormati privasi pengguna.
Prinsip paling vital yang diwujudkan
dengan memberikan peran aktif bagi
pemilik data pribadi untuk mengelola
data mereka
PRINSIP
PERLINDUNGAN
DATA PRIBADI
27. CYBERLAW IN INDONESIA
• UU No 11 Tahun 2008, UU No 19 Tahun
2016 : Informasi dan Transaksi
Elektronik
• Permen No 20 Tahun 2016 (Kominfo)
Tentang Perlindungan Data Pribadi
dalam Sistem Elektronik
• PPeraturan Otoritas Jasa Keuangan
(OJK) Nomor 77/POJK.01/2016 tentang
Layanan Pinjam Meminjam Uang
Berbasis Teknologi Informasi
• Peraturan Badan BSSN
• RUU Perlindungan Data Pribadi
• RUU Kamsiber