Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

YUDU - Managing a Breach (LDSC Cyber Themed Evening)


Published on

Cyber Themes 2018:

Use "#ManagingABreach" on Twitter to join in the conversation

YUDU is the leading publishing platform for content delivery to web and Native Apps using advanced publishing software for distributing and controlling business.

We are a not for profit organisation, founded as a joint venture by the Mayor of London, the Metropolitan Police Service (MPS) and the City of London Police (CoLP). We work in partnership with private industry and academia to help businesses, primarily SME business (less than 249 employees), to embrace digital innovations and operate in a secure online environment protecting themselves against cyber criminals.

What is our purpose?
- To provide simple, measurable and effective digital security solutions to businesses.
- To enable businesses to operate in a secure digital environment.
- To target victims of cyber crime and provide support to prevent repeat victimisation.
- To evidence a positive shift in the digital security of businesses.

Find out more information via:

Website ▶
Twitter ▶
LinkedIn ▶
Instagram ▶

  • Be the first to comment

  • Be the first to like this

YUDU - Managing a Breach (LDSC Cyber Themed Evening)

  1. 1. SentinelLooking after people, businesses & reputations in a crisis Managing a Breach: The communications piece. Richard Stephenson CEO - YUDU Sentinel LDSC 2018 1
  2. 2. • Risks facing Businesses • Cyber Attacks - Frequency and Financial cost • Lessons from Cyber Attacks • Communication Plans • The App Advantage • Summary What I will cover today !2
  3. 3. The Financial Cost and Frequency of Cyber Attacks is worsening • Allianz Risk Barometer 2017 • In 2017 Business Interruption was the top Insurance Risk of companies • Non Premises Damage (Cyber and Terrorist attacks) becoming a much bigger issue
 !3 • 2017 Cost of Cybercrime study - Poneman Institute • Annualised average cost of cyber security $11.7m / business (Accenture $2.4m) • Increase cost year on year 22.7% • Average no of breaches per year 130 • Increase in the average number of breaches 27.4%
  4. 4. Cyber Attacks: What are the main causes and cost - Allianz Main causes 0% 20% 40% 60% 80% Hacker Attack Data/Security Breach Malware/Virus Employee Error Main losses 0% 17.5% 35% 52.5% 70% Business Interruption Reputational Loss Liability Claims Reinstatement of data/restoration Source: Allianz Global Corporate & Speciality: 2017 : 446 respondents !4
  5. 5. • Breaches often reported by outsiders • Breaches often occur over a long period of time Cyber attacks are different and more complicated Source: Mandiant M-Trends 2017 report External Notification Internal Notification Days to detect !5 (Accenture = 50 days)
  6. 6. Cyber by Sector Source: Mandiant M-Trends 2017 report Sector Percentage of total Cyber Attacks Financial 15% Retail & Hospitality 15% Healthcare 12% High Tech 12% Professional & Business Services 10% !6
  7. 7. Lessons - We are all at risk Tuesday, 27th June 2017 "From my experience, [DLA Piper] is an excellent firm with reasonable due diligence procedures. This tells me...this could happen to anyone.” - Larry Poneman (Poneman Institute) • One day to restore Phones • Six days to restore email • Unspecified file and data restoration date !7 DLA Piper Attack
  8. 8. Lessons - Communications Failure • Attack took place on 23rd Jan 2015. Attackers hidden for months, identified 7 weaknesses • External suppliers entry used: Refrigeration contractor, remote camera supplier • Fax machines used as they could not send emails: Communication crippled • Months before reconnected to the internet • Financial cost £4.5m in year, followed by over £2.7m/year for new protection • Costs in efficiency have been real due to changes in operating processes !8
  9. 9. March 2016 : • Massive data breach reported of 2.6 Terabytes, 11.6 million documents. • Access was probably over years March 2018 : “Reputational deterioration, the media campaign, the financial consequences and irregular actions by some Panamanian authorities have caused irreparable damage, resulting in the total ceasing of public operations at the end of this month,” - Mossack Fonseca statement Lessons - Reputational Cost 2 Years !9
  10. 10. Comms Plans are the starting point: Flex and adaptation is the reality Target When What Frequency Method IT Team Immediate Availability/Status Until fixed inApp, SMS Staff Immediate Instructions 3 hrs inApp, SMS C level Immediate Status / Actions ? inApp, SMS Shareholders ? Status / Impact ? Docs, email Clients ? ? ? Docs, email Social Media Fast True story Regular Direct Press Considered Open Docs, Conf Suppliers ? ? ? SMS, email Support services ? ? ? SMS, email Authorities 72 hrs Data Breach etc As required Docs, email Crisis PR Immediate Status Long term Web Conf • Command and control and authority must be established immediately • Teams need to be multi-disciplinary. It is a business issue not just IT !10
  11. 11. • Follow the plan • Speak with one voice • Reassure stakeholders • Answer questions honestly • Continuously communicate with all stakeholders but tailor communication detail to suit the audience Some main lessons from MIT Insights - Incident Management Source: MIT Technology Review Insights: 2016 !11
  12. 12. Why use Smartphones? - We all have them !12
  13. 13. • Controlled & Practiced Environment • Independent Comms Channel • Contacts always updated and secure • Offline Library BC / DR plans available • In-App messaging and notification • Security The App Advantage in Incident Communication !13
  14. 14. Why use Smartphones? - We all have them !14
  15. 15. People are at the heart of mitigating an attack !15
  16. 16. 2 way polls - Aggregated responses • Yes/No answers give immediate picture to incident controllers • Focusses resources in the exceptions and non responders !16
  17. 17. Always ready independent multiple communication channel: In-App, SMS, Email, Voice !17
  18. 18. Contacts: Always updated - Incident ready • Secure Virtual Control Centre is update with contact data on staff and external contacts via API or weekly CSV • App users only see contacts in their groups and automatically updated. GDPR compliant !18
  19. 19. Offline Library - Plan in your hand when the incident strikes BC Plans, Crisis comms plans, Incident Playbooks, Crisis Checklists !19
  20. 20. Groups - Targeted Messaging and Document Management Communicate and give access to documents to groups formed from internal AND hybrid internal/external response teams !20
  21. 21. Presentation Summary • Communication Plans must exist for all incident types • The need to adapt is a certainty • Communication channels need to be independent & ready to go • Technology must be robust and simple to use • Different groups need different communications • Apps are ideal vehicles for communications !21
  22. 22. Questions SentinelLooking after people, businesses & reputations in a crisis !22 Richard Stephenson