Preparing to recover from a cyber attack

545
-1

Published on

Published in: Economy & Finance, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
545
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
22
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Preparing to recover from a cyber attack

  1. 1. Recovering from a Cyber-Attack © Copyright, Risk Masters, Inc. 2013. All rights reserved. Why you need to prepare What you need to do 1 1
  2. 2. Cyber-Recovery: Executive Summary RMI The Problem  Cyber-Attacks are a continuous threat – some might succeed  How will you operate and recover following a successful attack? The Risks     Meeting obligations to your clients, suppliers and staff Financial and property losses Reputational losses Regulatory compliance The Strategy  Increase the Cyber-Resilience of your Infrastructure  Have a Cyber-Recovery Plan in addition to BCP/DR plans Being Prepared     Organize Plan Transform Validate © Copyright, Risk Masters, Inc. 2013. All rights reserved. 2
  3. 3. RMI Risk Masters, Inc. The Problem © Copyright, Risk Masters, Inc. 2013. All rights reserved. 3
  4. 4. The Cyber-Recovery Problem RMI Cyberattacks are a continuous threat, and some may succeed • How will you operate securely and recover quickly following a successful attack? • How will you mitigate the legal, regulatory, financial and operational risks of a successful attack? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 4
  5. 5. Every Day You Are Under Attack © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI 5
  6. 6. Your Defenses are Ready… © Copyright, Risk Masters, Inc. 2013. All rights reserved. But How Secure Are You? RMI 6
  7. 7. Some Attacks Succeed… © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI 7
  8. 8. A Breach Leads to Many Risks RMI • Can you meet obligations to your clients, suppliers and staff? • What would the financial and property losses be? • And what about reputational losses? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 8
  9. 9. RMI Risk Masters, Inc. The Risks © Copyright, Risk Masters, Inc. 2013. All rights reserved. 9
  10. 10. RMI Are you prepared to operate and recover? Does your BCP/DR plan address CyberRecovery? Will your insurance cover you? © Copyright, Risk Masters, Inc. 2013. All rights reserved. When an Attack Breaches Your Defenses… Can you protect the privacy of your staff and clients? Can you meet your obligations to your clients? 10
  11. 11. A Breach Puts Privacy at Risk Can you protect the privacy of your staff and your clients? RMI • You have legal and contractual requirements to protect the privacy and confidential information of your staff and clients. – Your business reputation may be compromised by the exposure of such information • When you cannot trust your computer systems, how can you assure privacy and confidentiality? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 11
  12. 12. A Breach Puts Delivery at Risk Can you meet your obligations to your staff and clients? © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • You have products and services to deliver every day – and your staff and clients depend on these. • When you cannot trust your computer systems, how can you be sure that you can meet your commitments? – What will be your liability for failing to do so? 12
  13. 13. A Breach Creates Financial Risk Costs may be high Will your insurance cover you? Insurance may not Cover Insurance is Complex RMI Sony is still awaiting the final tally for losses related to its data breaches earlier this year. At last count, it had 100 million compromised customer accounts, and Sony anticipated the debacle would cost $200 million. With 58 class-action suits in the works, that may be wishful thinking. But what about Sony’s insurance coverage? Sony’s insurer said the company did not have a cyber insurance policy. It said Sony’s policy only covered tangible losses like property damage, not cyber incidents. Cyber Insurance—Mitigating Loss from Cyber Attacks Perspectives on Insurance Recovery Newsletter - 2012 The market is rapidly growing for insurance that is specifically meant to cover losses arising out of cyber attacks and other privacy and data security breaches. These policies are marketed under names like "cyber-liability insurance," "privacy breach insurance" and "network security insurance." © Copyright, Risk Masters, Inc. 2013. All rights reserved. 13
  14. 14. A Breach Needs to be Reversed Does your BCP/DR plan address CyberRecovery? © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • A Cyber-Attack compromises your trust in your computer systems – But BCP/DR recovers from loss of use of facilities, infrastructure, technology and physical resources – Can you trust that your BCP/DR resources will be unexposed or survive a cyber attack? 14
  15. 15. RMI Risk Masters, Inc. The Strategy © Copyright, Risk Masters, Inc. 2013. All rights reserved. 15
  16. 16. A Strategy for Cyber-Recovery RMI • How can you increase the CyberResilience of your infrastructure? • Do you have a Cyber-Recovery Plan in addition to or as part of your BCP/DR plans? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 16
  17. 17. Are You Prepared to Respond? RMI • Is your infrastructure Cyber-Resilient? – Is the affect of an attack contained by architectural features and operational procedures that limit damage, or does the attack run freely? • Is your BCP/DR plan Cyber-Resilient? – Will critical systems and communications that you are relying on fail due to an attack? – Do support agreements (e.g: hosting, insurance) cover cyber-recovery? • Does your BCP/DR address cyber-attacks? – Are your policies and procedures aligned with assurances of safety, or are you backing up the attacker to restore it during your recovery? © Copyright, Risk Masters, Inc. 2013. All rights reserved. 17
  18. 18. Cyber-Resilience: Mitigating a Breach RMI • Traditional cyber-defense is built as a “fortress perimeter” – Networks were not designed to be cyber-resilient – Cyber-defenses (e.g.: barriers, detection) were added to existing networks • Fortress defenses are limited – They do not readily keep up with attackers – They encumber users (access controls, BYOD limits) • Networks can be designed with cyber-resilience © Copyright, Risk Masters, Inc. 2013. All rights reserved. 18
  19. 19. Components of Cyber-Resilience RMI • Segmentation: Distinct and critical services that need to be secured are isolated in multiple secure zones with air-gaps and sterile zones • Hardening: Applications and infrastructure are Internet-hardened • Dispersal: Public facing services and non-proprietary content may be hosted in public clouds, while sensitive content may be secured in distinct protected zones and content accessed only through secure transactions. • Synchronization: Operational activities (e.g.: releases, imaging, builds, backup, versioning, retention) are synchronized with integrity validation processes (quarantine, virus scanning/cleansing, etc…) © Copyright, Risk Masters, Inc. 2013. All rights reserved. 19
  20. 20. Segmentation - Example RMI Implementing a network as separate and distinct networks that are secured from each other provides organic resilience © Copyright, Risk Masters, Inc. 2013. All rights reserved. 20
  21. 21. RMI Risk Masters, Inc. Being Prepared © Copyright, Risk Masters, Inc. 2013. All rights reserved. 21
  22. 22. Being Prepared for Cyber-Recovery RMI Your checklist for Cyber-Recovery  Organize  Plan  Transform  Validate © Copyright, Risk Masters, Inc. 2013. All rights reserved. 22
  23. 23. RMI Organize Validate Planning for CyberRecovery Plan Transform © Copyright, Risk Masters, Inc. 2013. All rights reserved. 23
  24. 24. Planning for Cyber-Recovery RMI Develop an organizational structure to lead recovery activities before and after an attack Organize © Copyright, Risk Masters, Inc. 2013. All rights reserved. 24
  25. 25. Planning for Cyber-Recovery Plan © Copyright, Risk Masters, Inc. 2013. All rights reserved. RMI • Assess current state of readiness – Review prevention and recovery plans – Evaluate operational integrity – Test readiness and effectiveness • Design cyber-resilience into your infrastructure and operating model – Bulkheads, compartments, isolation – Align operating cycles (e.g.: backup) with processing that establishes trust in your infrastructure • Develop a recovery plan 25
  26. 26. Planning for Cyber-Recovery Transform RMI • Implement the changes necessary to achieve – Cyber-resilience – Cyber-recoverability © Copyright, Risk Masters, Inc. 2013. All rights reserved. 26
  27. 27. Planning for Cyber-Recovery RMI • Test your plan  Randomly test components throughout the year  Periodically test large-scale integrated components, and the whole system Validate • During your tests...  Recognize that systems are under attack  Contain the damage, prevent its spread, remove the agents  Restore trusted software and data from a trusted image.  Manage the consequences, minimize its impact, communicate effectively © Copyright, Risk Masters, Inc. 2013. All rights reserved. 27
  28. 28. A Recovery - Example Corporate IT Data Center (HQ) RMI Response Activities to Hacker Attack To Plant IT Network 1 6 1 3 4 Virus/Trojan Signature from Vendor Symantec Bare Metal Restore Server Corporate IT “Gold Network” 6 Recovery Time from Trojan Attack NOTE: This Illustration assumes a Trojan attack whose presence remains latent for seven (7) days. 2 Day “0” Trusted Backup Once a signature is delivered, Client must run a job to scan image backups chronologically backward in order to identify a “trusted image” from which infected servers can be restored. Corporate IT will restore infected server(s) from trusted image backups and resume IT services. 4 5 6 Client must wait on vendor distribution of a virus signature that will permit inspection of backups for possible infection. Firewall Firewall EMC VNX (image storage) When corruption has been identified, operators will take action to isolate the problem. 5 2 2 Virus or Trojan Horse sits in a latent state after being planted by the intruder. This corruption may not manifest itself for days, weeks or even months after infection. 3 Storage Corporate IT has establish an isolated network in HQ that will resist external intrusion and perform daily chronological images backups for critical system and application servers. 2 System/Application Servers 3 Undetected Latent Threat 4 5 6 1 2 3 4 © Copyright, Risk Masters, Inc. 2013. All rights reserved. 5 6 7 8 9 10 11 12 13 14 Expected Recovery Time (in calendar days) 28

×