Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cybersecurity – Mock
Cyberwar Game
Page 2
Cyber Attacks – The Cover Story
Cyber security is one of the most commonly talked about threat these days
as cyber ...
Page 3
Cyber Attacks – The Headline News
The frequency and veracity of issues are rapidly increasing
Page 4
Cyber Security: No Industry is SPARED
RSA SECURITY
40m records, $60m loss
Dept. of Energy – 105,000
customer detail...
Page 5
Internet usage and population statistics
World
Population
Connected
Devices
6.3 billion
500 million
6.8 billion
11....
Page 6
Evolving Cyber threat landscape
Impact these incidents have on Organizations
Customer
Loss
Drop in
market cap
Brand...
Page 7
And it has become a boardroom issue now
Board responsibility: Cyber Security moving
from server room to board room
Page 8
Changing the way organizations think
about information security
With so much at stake –
intellectual property,
cust...
Page 9
Mock Cyberwar Game
Anticipating cyber attacks is the
only way to be ahead of cyber
criminals.
Page 10
Case study (1/4)
► Scenario
► You are executives of an e-commerce giant named AmazingKart.com
► CEO is being alert...
Page 11
Case study (2/4)
► Expectations
► Find out how was the data leaked and impose corrective measures
► Draft a media ...
Page 12
“Your website has been hacked WE OWN YOU!”
At 1920 hours, Friday
The CEO receives a text
Case study (3/4) – Chrono...
Page 13
At 2002 hours, Friday
IT department discovers a 3rd party VAS hosted on cloud went live without checks, the
websit...
Page 14
Hackers discloses the hack before you by Tweeting about it
At 2005 hours, Friday
Case study (3/4) – Chronology of ...
Page 15
The media picks up the tweet and the news is published on online social forums. The
tweet goes viral
At 2015 hours...
Page 16
Case study (3/4) – Chronology of events
At 2020 hours, Friday
Customer call centre and email queries hit the roof!...
Page 17
Case study (3/4) – Chronology of events
At 2030 hours, Friday
Business Partners start calling you and enquire abou...
Page 18
Case study (4/4) – Chronology of events
At 2045 hours, Friday
Query from the authorized bank and payment gateway e...
Page 19
Case study (4/4) – Chronology of events
At 0700 hours, Sat
The news of the hack is now published in all the leadin...
Page 20
Case study (4/4) – Chronology of events
At 0800 hours, Sat
Emergency meeting called by the Board of Directors to a...
Page 21
Case study (4/4) – Chronology of events
At 0900 hours, Sat
You have a media statement to be made which has been pe...
Page 22
Mind Map
Page 23
Case study (4/4) – Chronology of events Do you think we were well
prepared for this cyber
attack?
 Are we confid...
Page 24
Key Takeaways
You will never have enough
time!
Even top executives with years of
experience in managing crisis are...
Page 25
Thank You!
The more we sweat in
peace, the less we bleed in
war – Tsun Zu
Be Cyber secure!
Lets Connect
Lalit Kalr...
Upcoming SlideShare
Loading in …5
×

4

Share

Download to read offline

Cybersecurity: Mock Cyberwar Game

Download to read offline

Lalit Kalra, Senior Manager, Advisory Services, EY India

Related Books

Free with a 30 day trial from Scribd

See all

Cybersecurity: Mock Cyberwar Game

  1. 1. Cybersecurity – Mock Cyberwar Game
  2. 2. Page 2 Cyber Attacks – The Cover Story Cyber security is one of the most commonly talked about threat these days as cyber crimes have reached an all time high…
  3. 3. Page 3 Cyber Attacks – The Headline News The frequency and veracity of issues are rapidly increasing
  4. 4. Page 4 Cyber Security: No Industry is SPARED RSA SECURITY 40m records, $60m loss Dept. of Energy – 105,000 customer details leaked Angry Birds - hacked Global ATM heist – $45m in 26 countries Target Store 40m credit cards NASA – 10,000 employee details Montana Health 1.3m patient data Nationwide Insurance 1m customer details
  5. 5. Page 5 Internet usage and population statistics World Population Connected Devices 6.3 billion 500 million 6.8 billion 11.2 billion 7.4 billion 28.4 billion 7.6 billion 50 billion Connected Devices per person 0.08 1.64 3.83 6.58 More connected devices than people 2003 2013 2017 2020 Source: Cisco IBSG. April 2013
  6. 6. Page 6 Evolving Cyber threat landscape Impact these incidents have on Organizations Customer Loss Drop in market cap Brand dilution Regulatory Impact Operational inefficiency Financial Loss
  7. 7. Page 7 And it has become a boardroom issue now Board responsibility: Cyber Security moving from server room to board room
  8. 8. Page 8 Changing the way organizations think about information security With so much at stake – intellectual property, customer, operations and financial data, and organizational reputation – informed leaders are realizing that it is time for a fundamental rethink of how information security is understood and positioned within their organization Increasing Cyber Risk Board Responsibility Potential Solutions
  9. 9. Page 9 Mock Cyberwar Game Anticipating cyber attacks is the only way to be ahead of cyber criminals.
  10. 10. Page 10 Case study (1/4) ► Scenario ► You are executives of an e-commerce giant named AmazingKart.com ► CEO is being alerted by the media of a possible cyber attack on your ecommerce portal. The CIO is completely alien to this news ► Your company network has been attacked by unknown hackers. The attackers have posted on the web, purchase histories of one million users along with their vital personal details and Credit card details ► As a result, sales are dropping and AmazingKart.com is taking a drubbing by the media, as well as by competitors ► You as the CXOs of AmazingKart.com must figure out all the steps your company needs to take, post-intrusion, to restore normal operations
  11. 11. Page 11 Case study (2/4) ► Expectations ► Find out how was the data leaked and impose corrective measures ► Draft a media release post the intrusion ► Contact all your affected patrons ► Use all the possible media channels to communicate including social media ► Alert all your employees, especially the front desk ► Liaison with your business partners, bankers etc. ► Updates to the Board of Directors
  12. 12. Page 12 “Your website has been hacked WE OWN YOU!” At 1920 hours, Friday The CEO receives a text Case study (3/4) – Chronology of events Whom do you contact first? What would be your immediate steps? https://www.AmazingKart.com
  13. 13. Page 13 At 2002 hours, Friday IT department discovers a 3rd party VAS hosted on cloud went live without checks, the website is inaccessible IT dept. puts a website out of order message… How do you restore the original website as backup is unavailable? Next steps Case study (3/4) – Chronology of events
  14. 14. Page 14 Hackers discloses the hack before you by Tweeting about it At 2005 hours, Friday Case study (3/4) – Chronology of events The hacker already warned you first about vulnerability, but you ignored? Now what? Do you know about your social media footprint? Do we track it actively? Unkn0wn Hack3r @UnkwHack Dec 26 ALL customers are in deep trouble – Personal and Card details @AmazingKart ‘s data! bit.ly/akrt.ru #CapturedTheFlag #CloseTheShop 2 mins Unkn0wn Hack3r @UnkwHack Dec 26 Cough Cough! seems @AmazingKart is in trouble! #vendors#customers 5 mins
  15. 15. Page 15 The media picks up the tweet and the news is published on online social forums. The tweet goes viral At 2015 hours, Friday Case study (3/4) – Chronology of events Do we have a social media strategy? AmazingKart hacked! The naked truth of ecommerce companies in India Unknown Hacker Group claims via Twitter AK – India’s leading ecommerce company hacked! Client data leaked. Claims Unknown Hacker Group via Twitter AK – A leading ecommerce company headquartered in Bangalore, India seems to be hacked. The unknown hacker group has taken responsibility of this hack and claimed the same via twitter. More news awaited. AmazingKart Hacked! Millions of customer data at risk
  16. 16. Page 16 Case study (3/4) – Chronology of events At 2020 hours, Friday Customer call centre and email queries hit the roof! Customers panic as they come to know from media that their data, credit card details have been compromised
  17. 17. Page 17 Case study (3/4) – Chronology of events At 2030 hours, Friday Business Partners start calling you and enquire about the hack, extent of damage/loss Business partners are worried about their exposure to the cyber attack, damage, loss?
  18. 18. Page 18 Case study (4/4) – Chronology of events At 2045 hours, Friday Query from the authorized bank and payment gateway enquiring about the hack, what do you do? Ask them to block all cards? Do you even have a list?
  19. 19. Page 19 Case study (4/4) – Chronology of events At 0700 hours, Sat The news of the hack is now published in all the leading business dailies. The Global team calls up the CEO asking for an explanation… Who’s face would be on that newspaper? AmazingKart hacked! Is critical customer data at risk? Will the management speak?
  20. 20. Page 20 Case study (4/4) – Chronology of events At 0800 hours, Sat Emergency meeting called by the Board of Directors to assess the situation What do you tell the board?
  21. 21. Page 21 Case study (4/4) – Chronology of events At 0900 hours, Sat You have a media statement to be made which has been pending for a day now. The media news about hack has affected your brand image, Customer/Business partners are unhappy… Your pending press conference has to happen NOW, what and how will you respond?
  22. 22. Page 22 Mind Map
  23. 23. Page 23 Case study (4/4) – Chronology of events Do you think we were well prepared for this cyber attack?  Are we confident in having a face to face media briefing explaining the security breach?  Have we already had a board discussion about cyber security?
  24. 24. Page 24 Key Takeaways You will never have enough time! Even top executives with years of experience in managing crisis aren't always prepared to handle cyber incidents. Cyber security is a business issue affecting the survival and reputation of the company Don’t forget your employees While everyone is firefighting with external agencies, organizations often forget to communicate about the cyber-attack situation to their own employees. Mock Drill - Not just one time activity People come and go, strategies change, but in the end practice makes perfect. Not an IT Issue Only
  25. 25. Page 25 Thank You! The more we sweat in peace, the less we bleed in war – Tsun Zu Be Cyber secure! Lets Connect Lalit Kalra Advisory Services, EY Lalit.Kalra@in.ey.com
  • prabhakardamor

    Feb. 20, 2020
  • HYDN

    Aug. 20, 2017
  • yashbedifferent

    Mar. 19, 2017
  • AnilChiplunkar

    Mar. 17, 2017

Lalit Kalra, Senior Manager, Advisory Services, EY India

Views

Total views

805

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

67

Shares

0

Comments

0

Likes

4

×