Cyber Attack: Executive Simulation for Xtend Delegates

Kevin.Duffey@CyberRescue.co.uk
LIVE SCENARIO
Executive Simulation of
a Cyber Attack
Are you ready to lead
Business Recovery during a Breach?

HOW READY ARE YOU?
Breach Response
Capability Maturity

HOW READY ARE YOU?

You’ll be on the Board of Acme

PRIZE FOR BEST XTEND DELEGATE
£4,999 worth of:
• Cyber Resilience
Score vs Peers, or
• Executive Breach
Simulation
• Phishing Campaign
To be used towards a purchase in next 3 months
against a purchase of at least £5,000.

You’ll have expert Non-Execs
Anjola Adeniyi David van Sertima

Cyber Rescue helps CEOs
reduce harm from cyber attacks

We’ve done this before

HACK HERE FOR SECRETS…

You’re now on the Board of Acme

Your IT Director says “all good”

Q1 – How do you respond?
1. Please write that down
2. Ask for Evidence
3. Ask for a Score
4. Ask for an Independent Score
5. Independent score Vs Peers
6. Fire him now, for useless answer

March 8th, 2019

What does an
“honour system” for
patching look like?

Q2: Who do you inform?
1. CEO – the boss needs to know
2. Police – perhaps they can help
3. DPO – tell Data Privacy Officer
4. IT Team – were we breached?
5. Supplier – were they breached?
6. Lawyer – what must we do?
7. Crisis Coordinator – eg Security

The correct answer is to tell the person
designated in your BCP or Incident Plan.
Often, that should be the Security Director.
(Telling your CEO is OK too, but don’t expect an
expert response immediately…. .)

How do you describe the situation?

A 2nd message from the Collective
Proof
you don’t care
Sensitive
Info on
187 Customers

Q3: When do you tell customers?
1. Immediately
2. In 24 hours
3. In 48 hours
4. In 72 hours
5. In 7 days
6. In 28 days
7. Don’t inform

Update from IT Department
The Koreans might still be
in our systems.
If only you had invested in
SilverBullet Security.
We can stop the hackers if
we disconnect for 3 days.

Q4: What executive action to take?
1. Disconnect systems from internet
2. Forensics – what has happened?
3. Remediation – close the breach
4. Ask Insurer to confirm covered
5. Brief the Board and set Budget
6. Submit report to Regulators
7. Implement Cyber Crisis Plan

Where is your Cyber Crisis Plan?
Do you have a printed copy in your office?

Where is your Cyber Crisis Plan?
The ECB has
concluded
that some
plans "might
be too large
to actually
be used in a
crisis.”

Your plan includes:
Check if hackers could (still)
be in our systems now

The results come back -
The report shows
your security is
worse than most.
It fell dramatically
in the last month.
Visitors to your
web site could
become infected.

What hackers
can see today
Example Medium Vulnerability

Acme don’t care about my safety!
Now Collective will steal my money
Because we care
On Friday, Acme launch a great
new service to show customers how
we care
And rumours are circulating…

Day 5 – Tuesday, 07:50
… and you are doorstepped by journalists

Day 5 – Tuesday, 07:50
“Do you care for your customers?”
“How are you helping them?”
“What did celebrity Kara say?”
“Have you told the Police?”
“Are your web sites safe?”
“Are you criminally negligent?”
… and you are doorstepped by journalists

Q5: What communications are needed?
1. Stop other comms, such as ad campaign
2. Create web site with Q&A about breach
3. Customer advice, eg how to prevent fraud
4. Provide script (eg for Twitter & Call Centre)
5. Pre-brief employees about situation
6. Identify advocates to speak for company
7. Customer Compensation to go with apology

What communications are needed?
“The challenge of building a
website to notify consumers
proved overwhelming, and
regrettably, mistakes were made.”
Richard F. Smith, 4th Oct 2017

1. None – start now
2. In 24 hours
3. In 48 hours
4. In 72 hours
5. In 7 days
6. In 28 days
7. Don’t inform
So when do you tell customers?

Day 4
Example call from a client
I got your email.
I just want to query your instruction
to reset my password…
Why do you need my maiden
name?
But then phone calls start.

From: BreachRecovery@Acme.com
To: You
Good day
We are sorry to confirm that media reports are correct, and
we have been breached. To protect you, please reset your
password here -
http://www.Acmi.com/breach-recovery/
Please email if you have any questions.
Regards
William Jenkins
Breach Recovery
+60 19 281 1899

What hackers
can see today
Someone spoofing your customers

Customer
Inbox
Someone spoofing your customers
Criminal Mail Server
Emails are quickly
configured to look
like @Acme.com
Customer Mail Server
Yes, let the email through.
There’s no reason to doubt this
message is from @Acme.com
Customer Inbox
As the email got through
the customer assumes
it is propbably genuine.

Your call centre

Your insurance

Your communications

Your legal position

How likely you’ll be hacked??
Nation State attack?

Say GDPR one
more time!

So, where are we? -

Executive Simulation

Cyber Attack
Executive Simulation
Contact us for:
• An executive simulation for your senior team
• A bespoke response plan to help executives during a breach
• A fully-automated score of your cyber security vs. your peers

Cyber Attack: Executive Simulation for Xtend Delegates

Recommended

Recommended

More Related Content

More from Kevin Duffey

More from Kevin Duffey (20)

Recently uploaded

Recently uploaded (20)

Cyber Attack: Executive Simulation for Xtend Delegates