GENERAL GUILLERMO P. ENRIQUEZ JR. LECTURE SERIESSustaining the Legacy of Good Governance and Excellence

Engels Antonio, RHCE, RHCI, RHCX, ONE

Domain Tech

Philippine National Police Information Technology Management ServiceNational Association of Data Protection Officers of the Philippines

Bluepoint Institute of Higher Technology FoundationPhilippine Army

CYBER SECURITY AND CYBER HYGIENE

It is essential that leaders empower and encourage personnelto maintain cyber hygiene the basics of cyber security.

Leaders simply cannot overlook the importance of educatingthe entire organization to keep it watertight.

Regular training on cyber security and cyber hygiene usingengaging and accessible resources is the best way to cultivatea highly secure workforce.

Gary CheethamChief Information Security Officer, Content Guru

Confidentiality Availability

Integrity

Disclosure Destruction

Alteration

geographyto political geography to kinetically functional geography to a cyber geography that is ruled by ideological variation rather than politically constructed borders.

James ScottSenior Fellow, Institute for Critical Infrastructure Technology

THREAT ACTOR or ATTACKER

• Insider Malcontent• Script Kiddie Reputation• Thrill-Seeker Satisfaction• Cyber Terrorist Violence• Hacktivist Ideology• Cyber Criminal Profit• Nation-State Geopolitics

EXTERNALACTOR

INTERNALACTOR

YOU

THREAT VECTOR or ATTACK

• Exploit Security Vulnerability Technology, Process, Human• Phishing Social Engineering Pharming, Vishing, Smishing• Malware Malicious Software Hardware, Firmware, Software

AdwareDisplays unwanted advertisements, usually based on the behavior of the device owner.

BotnetOrganizes all infected machines into a network of bots that the attacker can remotely manage.

AdwareDisplays unwanted advertisements, usually based on the behavior of the device owner.

BotnetOrganizes all infected machines into a network of bots that the attacker can remotely manage.

KeyloggerSecretly records and sends keyboard or keypad strokes, periodically or in real-time, to the attacker.

KeyloggerSecretly records and sends keyboard or keypad strokes, periodically or in real-time, to the attacker.

MinerUses the resources of an infected device to earn cryptocurrency for the attacker.

MinerUses the resources of an infected device to earn cryptocurrency for the attacker.

RansomwareEncrypts data and demands payment in return for decrypting it, usually under time pressure.

RansomwareEncrypts data and demands payment in return for decrypting it, usually under time pressure.

RootkitProvides the attacker with undetected and elevated or unrestricted access to a device.

RootkitProvides the attacker with undetected and elevated or unrestricted access to a device.

SpywareCollects and sends information to the attacker, without the knowledge of the device owner.

SpywareCollects and sends information to the attacker, without the knowledge of the device owner.

TrojanHidden code of a malicious nature within a useful or seemingly useful program.

TrojanHidden code of a malicious nature within a useful or seemingly useful program.

VirusReplicates itself by attaching to other programs or files, where it hides until activated.

VirusReplicates itself by attaching to other programs or files, where it hides until activated.

WormPropagates itself via a network to other devices without requiring any host program or user action.

WormPropagates itself via a network to other devices without requiring any host program or user action.

GLOBAL THREAT LANDSCAPE

• 95% of cybersecurity breaches are caused by human error • More than 77% of organizations do not have an incident response plan• The most expensive component of a cyber attack is information loss at $5.9 million• The FBI reported a 300% increase in reported cybercrimes since the pandemic began• The CSA reported that cybercrime accounted for 43% of all crime in Singapore in last year

INFILTRATION

• 94% of malware is delivered by email• Attacks via email rose by 220% in 2020• 1 in 13 web requests may lead to malware• The average ransomware payment rose by 33% in 2020 to $111,605• An organization will fall victim to a ransomware attack every 11 seconds

EXFILTRATION

• Data breaches exposed 36 billion records in the first half of 2020• Personal data was involved in 58% of breaches in 2020• 30% of data breaches involved internal actors• 45% of breaches involved exploit, 30% involved malware, and 25% involved phishing• The average cost of a data breach in 2020 was $3.86 million• Remote work has increased the average cost of a data breach by $137,000• Remote workers have caused a security breach in 20% of organizations

Economic CostsTheft of intellectual property and corporate information, cost of recovering data and repairing damaged systems

Reputational CostsLoss of consumer trust, loss of current and potential customers to competitors, negative media publicity

Regulatory CostsFines, penalties, and sanctions imposed by data privacy and cybersecurity laws and regulations

APPI CCPA CDPA CISLCOPPA CPRA DPA FCRAFISMA GDPR GLBA HIPAAPDPA PDPB PDPO PIPASHIELD

DPA INFRACTIONS FINES AND PENALTIES

• Any of the general privacy principles (transparency, legitimate purpose, and proportionality)• Failure to comply with the conditions for consent in Section 3(b) of the DPA• Violation of any of the data subject rights pursuant to Section 16 of the DPA

1% to 5% of the annual gross income

• Failure to implement appropriate measures to protect the security of personal information• Failure to ensure third parties implement security measures• Failure to report a breach within the required time

0.5% to 3% of the annual gross income

Failure to register Fine from PHP 50,000 to PHP 100,000

Failure to comply with any Commission order Fine not exceeding PHP 50,000 plus other applicable fines

Unauthorized Processing• 1 to 6 years imprisonment• Fine from PHP 500,000 to PHP 4,000,000

Access Due to Negligence

Improper Disposal• 1 to 6 years imprisonment• Fine from PHP 100,000 to PHP 1,000,000

Unauthorized Purposes• 1.5 to 7 years imprisonment• Fine from PHP 500,000 to PHP 2,000,000

Intentional Breach• 1 to 3 years imprisonment• Fine from PHP 500,000 to PHP 2,000,000

Concealment of Data Breach• 1.5 to 5 years imprisonment• Fine from PHP 500,000 to PHP 1,000,000

Malicious Disclosure

Unauthorized Disclosure• 1 to 5 years imprisonment• Fine from PHP 500,000 to PHP 2,000,000

Combination of Acts• 1 to 6 years imprisonment• Fine from PHP 500,000 to PHP 2,000,000

Privacy harms do not just involve tangible financial or physical injury.

Privacy harms more often involve intangible injuries.

Many privacy violations involve broken promises or thwarted expectations abouthow data will be collected, used, and disclosed.

Other privacy violations involve flooding people with unwanted advertising oremail spam.

Or, expectations may be betrayed, resulting in their data being sharedwith third parties that may use it in detrimental ways but precisely when and how

is unknown.

Danielle Keats Citron and Daniel J. SoloveAuthors, Privacy Harms

PHYSICAL

REPUTATIONAL

RELATIONSHIP

PSYCHOLOGICAL

Emotional DistressDisturbance

ECONOMIC

DISCRIMINATION

AUTONOMY

CoercionManipulation

Failure to InformThwarted Expectations

Lack of ControlChilling Effects

TYPOLOGY OF PRIVACY HARMSDanielle Keats Citron and Daniel J. Solove

The threat landscape keeps evolving:

Attackers are bigger, smarter, faster and more patient leading to long games, supply-chain subversion and so on.

Attacks are more financially, economically, and politically profitable than ever.

Users are more vulnerable and exposed to more attack vectors than ever before.

Chief Technology Officer, Mirantis

ResilienceAnticipation

Detection Reaction

Education

SURFACE WEB

4%

DEEP WEB

90%

DARK WEB

6%

Vulnerability AssessmentPenetration Testing

Stress Testing

Security Information Event ManagementUser and Entity Behavior Analytics

Security Orchestration, Automation, and Response

Threat Intelligence

ReconnaissanceScanning and Enumeration

Gaining Access

Lateral MovementPrivilege EscalationMaintaining Access

Covering Tracks

SURFACE WEB

4%

DEEP WEB

90%

DARK WEB

6%

Threat Intelligence

ReconnaissanceWeaponization

Delivery

ExploitationInstallation

Command and ControlAction on Objective

SURFACE WEB

4%

DEEP WEB

90%

DARK WEB

6%

Threat Intelligence

Name a song that takes you back to your high school or college days

Enter your birthday to find out who your Guardian Angel is

Your hero name is your middle name and the name of your first pet

Your warrior name is the place you were born in and your favorite team

Last Reminder: Your package could not be delivered on 08.06.2021From: PhlPost Tracking <phlpostcares@phlpost.gov.ph>X-Mailer: Microsoft Outlook, Build 11.5608.5606Server: 496751-cw91774.tmweb.ru (94.228.114.101)Note: phlpostcares@phlpost.gov.ph originated from a third-party server

Hello,

Your package could not be delivered on 08.06.2021 because no customs duty was paid ( 14.00 PHP )

Merchant : PhlPostTotal: 14.00 PHPOrder number : PH15140710-2021Delivery scheduled between : 04.06.2021 - 11.06.2021

• To confirm the shipment of your package Click here .

You will receive an email or SMS when you arrive in your home address. You will have 8 days, from the date of availability, to withdraw the package. Upon withdrawal, you will be asked for ID.

• For more services, find the follow-up of your shipment by Clicking here .

Thank you for your trust,

Sincerely,Your Philippine Postal customer service.

The Philippine postal system has a history spanning over 250 years. In 1767, the first post office in the Philippines was established in the city of Manila, which was later organized under a new postal district of Spain. At first, the postal office served mainly to courier government and church documents. In 1779, the postal district encompassed Manila and the entire Philippine archipelago. The postal district was reestablished on 5 December 1837. A year later, Manila became known as a leading center of postal services within Asia. Spain joined the Universal Postal Union in 1875, which was announced in the Philippines two years later. By then post offices were set up not only in Manila but in many major towns and cities in the provinces. During the Philippine Revolution, President Emilio Aguinaldo ordered the establishment of a postal service to provide postal services to Filipinos. It was later organized as a bureau under the Department of Trade on 5 September 1902, by virtue of Act No. 426, which was passed by the Philippine Commission. The Philippines eventually joined the Universal Postal Union, this time as a sovereign entity, on 1 January 1922. While the Manila Central Post Office building, the center of Philippine postal services and the headquarters of the then-Bureau of Posts, was completed in its present-day Neo-Classical style in 1926, it was destroyed during World War II. After the war, the Central Post Office was rebuilt in 1946. With the overhaul of the Philippine bureaucracy in 1987, the Bureau of Posts was renamed the Postal Service Office (PSO) by Executive Order No. 125, issued by President Corazon Aquino on 13 April 1987. It was also that order that placed the PSO under the DOTC. On 2 April 1992, by Republic Act No. 7354 the Postal Service Office became the present-day PHLPost. The law also granted the Philippines Postal Corporation, the authority to reopen the Philippine Postal Savings Bank, which occurred on 21 July 1994 by President Fidel V. Ramos. Mr. Joel Otarra, a former member of the board of directors in 2011 was appointed as the new postmaster general and CEO of the Philippine Postal Corporation (PHLPost) on December 2016 by President Rodrigo Roa Duterte.

..

WHEREAS, the PNP-ITMS-AC advocates cleanliness of data, adherence to data classification standards, and privacy andcyber hygiene in the PNP;

WHEREAS, the PNP-ITMS-AC is always ready to assist the PNP-ITMS in providing accurate, reliable and secure informationto the PNP and the community and in fostering a culture of digital and cyber cleanliness in the PNP;

NOW, THEREFORE, be it resolved as it is hereby resolved, that the PNP-ITMS-AC hereby supports the IntensifiedCleanliness Policy of the new administration of the PNP, particularly by advocating a policy of CLEANLINESS IN DATAwhich means that police data should adhere to the following principles:

• Data should be free from viruses, malware, or unauthorized access;• Data should be well-organized and efficient, with no useless or irrelevant input; and• Data should be uncorrupted, coherent, accurate, reliable and secure.

In this manner, the PNP-ITMS-AC hopes to help strengthen the war against cyber crime and protect the sensitive data ofthe people and the community.

• Limit data collection to what is necessary• Restrict access to entrusted data• Rectify outdated data immediately• Backup existing data regularly• Dispose of unneeded data properly

CYBER SECURITY MATURITY MODEL

LEVEL TECHNICAL PRACTICE PROCESS MATURITY GUIDE

1Basic Cyber HygieneDemonstrate basic cyber hygiene based on 15 FAR 52.204-21 and 17 NIST 800-171 Revision 1 security requirements

PerformedPractices are performed, at least in an ad-hoc manner

FAR 52.204-21NIST 800-171 Revision 1

2Intermediate Cyber HygieneDemonstrate intermediate cyber hygiene based on 51 NIST 800-171 Revision 1 security requirements

DocumentedStandard operating procedures, policies, and plans are established for all practices

NIST 800-171 Revision 1DFARS Clause 252.204-7012

3Good Cyber HygieneDemonstrate good cyber hygiene based on 42 NIST 800-171 Revision 1 security requirements

ManagedActivities are adequately resourced and reviewed for adherence to policies and procedures

NIST 800-171 Revision 1DFARS Clause 252.204-7012

4Proactive Cyber HygieneDemonstrate a substantial and proactive cybersecurity program based on 17 NIST SP 800-171B security requirements

ReviewedProcesses are periodically reviewed, properly resourced, and improved across the organization

NIST SP 800-171BDFARS Clause 252.204-7012

5

Advanced or Progressive Cyber HygieneDemonstrate proven ability to optimize capabilities in an effort to repel advanced persistent threats based on 9 NIST SP 800-171B security requirements

OptimizedActivities are standardized across all applicable organizational units and identified improvements are shared

NIST SP 800-171BDFARS Clause 252.204-7012

As the world is increasingly interconnected, everyone shares the responsibility of securing cyberspace.

Newton LeeAuthor, Counterterrorism and Cybersecurity: Total Information Awareness

We need a cybersecurity renaissance that promotes cyber hygiene and a security centric culture applied and continuously reinforced by positive peer pressure.

James ScottSenior Fellow, Institute for Critical Infrastructure Technology

GENERAL GUILLERMO P. ENRIQUEZ JR. LECTURE SERIESSustaining the Legacy of Good Governance and Excellence

Engels Antonio, RHCE, RHCI, RHCX, ONE

Domain Tech

CYBER SECURITY AND CYBER HYGIENE

engels.antonio.one engels@antonio.one

MACHINE LEARNING AND ZERO TRUSTPractical steps to employ Zero Trust and Machine Learning for cybersecurity in a post-perimeter world

Engels AntonioRHCE, RHCI, RHCX, ONE