Emerging Trends in Cyber Security Risks and Challenges for Internal Audit

Explore the evolving risks in cyber security for 2023 and beyond, including trends such as cloud services, identity and access management, AI/ML, data privacy, and the vulnerabilities in IoT and digital supply chains. Delve into the dilemmas faced by both security defenders and intruders, with insights from YPIA webinars and industry experts like Gartner and Crowdstrike.

• Cyber Security
• Trends
• Internal Audit
• Risk Management
• Cyber Threats

mireille Follow

Uploaded on Mar 23, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Understanding Evolving Risks in Cyber Security Emerging Cyber Security Risks: Trends and Challenges for Internal Audit Fetri Miftach,PhD Ceng MBCS CITP April 2023

2. Cyber Security Trends 2023 and beyond Cloud Services Identity & Access, Misconfiguration, Reduced Visibility, API Security ... AI/ML Data Privacy, Data Posioning, Model Extraction Internet of Things Vulnerable from the Very Beginning Digital Supply Chain Inventory, Access, Monitoring Source: Gartner, Kasperksy, Forbes, CrowdStrike 2

3. The intruder only needs to exploit one of the victims in order to compromise the enterprise Security Defender s dilemma

4. Ref: Crowdstrike 2023 Global Threat Record YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit 4

5. But ... 5

6. Solarwinds saga ... YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

7. Solarwinds saga ... YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

8. YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

9. The defender only needs to detect one of the indicators of the intruder s presence in order to initiate incident response within the enterprise Intruder s dilemma

10. YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

11. LESSONS LEARNED Understanding own constraints It is important for businesses to understand the extent of vulnerabilities visible to external parties. Internal resources may be limited and focused on protecting known systems and mitigating identified vulnerabilities but would-be attackers can see much more from the outside. Any vulnerability information may be traded, sold, passed around and used as part of a long-term attack campaign - they maybe used to test the readiness of security operations to detect and respond to attack patterns failure of which provide additional latitude for the attacking party. YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit OIC-CERT Online Training 2020 September 2020

12. Vulnerabilties YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

13. YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

14. YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

15. YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

16. AI Attacks https://www.belfercenter.org/publication/AttackingAI YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit

17. LESSONS LEARNED Establishing new baselines Since users are now working remotely, using different services, doing more personal browsing on their work computers, and generating a different volume of network traffic and events, the baseline for normal network activity has completely changed. The new baseline will have to be analysed to update or create new monitoring rules, set up detection alerts, formulate specific dashboards, and the need to look and understand new anomalies that fall outside the baseline. If a company decides to implement a long-term strategy on migration to remote activity, new policies will have to be drawn up to regulate self- defined protection regimes that may be implemented by employees at their home. For example, a security-conscious staff may employ personal VPN services for secure browsing, and these VPN services have diverse geographic exit points. If this user connect to the company s network from a foreign location not commonly seen, this could raise an alert that needs to be investigated. YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit OIC-CERT Online Training 2020 September 2020

18. Ref: Indeks Kami ver 5.0, Domain V Pengelolaan Aset YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit 18

19. Understanding your contrsaints and Understanding your contrsaints and working together to mitigate risks working together to mitigate risks Criminal organisations may spend more money/resources to plan and execute an attack campaign than a typical infosec budget of a medium/large company They may have more resources (numbers and capability) than an internal infosec team They can access expertise (buy their services) that understand how the company s system/infra works most probably, better than most of the company s internal staff Everyone in the long service planning to delivery processes have to play a role in securing the work that they are responsible for The internal infosec team have to look after the security of all of the company s systems and infrastructure, not to identify simple vulnerabilites or security bugs during development YPIA Webinar: Emerging Cyber Security Risks: Trends and Challenges for Internal Audit