Strategic Cyber Espionage

Cyber criminals, suspected to be based in China, are targeting key elements of India’s critical information infrastructure with the “key strategic goal of collecting intelligence,” according to cyber security firm FireEye.

“The campaign’s attacks were also detected in April 2015, about one month ahead of Indian Prime Minister Narendra Modi’s first state visit to China,” the firm said.

FireEye posits the advanced persistent threat (APT) attack vector used spear-phishing emails containing Microsoft Word attachments headlining regional issues of interest and contained a malware script called WATERMAIN, which creates backdoors on infected machines.

More on the above article is available at:

Cybersecurity Strategy Needed for the Banking Industry

Even though cybersecurity has been recognized as a high priority among financial institutions, the results of a recent survey conducted at FICO’s Asia Pacific Chief Risk Officer (CRO) Forum revealed 64% of senior banking officials in the Asia Pacific region feel their institutions are not prepared for cyber threats.

Findings from the survey bear close correlation to trends identified in a 2014 PwC report that found cybercrime to be the second most prevalent economic crime within the financial sector.  This provides a clear indication within the banking industry – that can easily be extrapolated to other business sectors  – of the growing need for implementation of a cyber strategy framework to deal with computer network vulnerabilities, hacker threats, and attacks to customer data and critical information technology infrastructures.

Ideally, a comprehensive strategy should be scalability to the size of the organization, have defensive capabilities that mature over time, and incorporate three main elements – the means for assigning attack attribution, dynamic rules-of-action for impact mitigation, and established trust relationships for threat prevention and business recovery information sharing.

These concepts form the fundamentals of two in-depth methodologies I have developed entitled,  “Cyber Strategy Maturity Modeling” and “Cyber Strategic ART (Attribution, Rules, and Trust).”