Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Выдержит ли ваш бизнес натиск ransomware?


Published on

Вы разрабатываете программу непрерывности бизнеса и экстренного восстановления, планируете, как будете справляться с пожаром, сбоями питания или стихийными бедствиями. Но внезапно в вашу сеть попадает шифровальщик-вымогатель, и, возможно, каждую секунду вы теряете доступность своих активов, а вместе с ними и данные. Докладчик расскажет о том, почему угрозу шифровальщиков стоит рассматривать в контексте непрерывности бизнеса и как справляться с уже произошедшим инцидентом и минимизировать его последствия.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Выдержит ли ваш бизнес натиск ransomware?

  1. 1. PROPRIETARY AND CONFIDENTIAL 1ACRONIS © 2017 WILL YOUR BUSINESS STAND A RANSOMWARE? Yulia Omelyanenko Unit Manager of governance, risks and compliance Positive Hack Days VII, Moscow
  2. 2. PROPRIETARY AND CONFIDENTIAL 2ACRONIS © 2017 Bio Overview • 6 years in Information Security • 3 years in GRC (before it became mainstream) • GRC unit manager in Acronis • Previously worked as GRC manager for multiple regions in pharmaceuticals, security auditor and consultant
  3. 3. PROPRIETARY AND CONFIDENTIAL 3ACRONIS © 2017 Business continuity program purpose is to ensure that business-critical assets are continuously available
  4. 4. PROPRIETARY AND CONFIDENTIAL 4ACRONIS © 2017 Classic way to implement BCP
  5. 5. PROPRIETARY AND CONFIDENTIAL 5ACRONIS © 2017 Leadership Commitment of BCP ü Understand value and purpose ü Establish Business Continuity Program #1
  6. 6. PROPRIETARY AND CONFIDENTIAL 6ACRONIS © 2017 Risk Assessment and Threat Modelling ü Define disruptive events ü Assess impact and analyze risks ü Propose risk treatment #2 Risk Assessment for BCP may be performed as part of global Risk Management initiative Must contain all threats that may cause loss of availability
  7. 7. PROPRIETARY AND CONFIDENTIAL 7ACRONIS © 2017 Conduct a Business Impact Analysis (BIA) ü Identify critical assets and processes ü Define recovery time and recovery point ü Identify other parties and resources for recovery #3
  8. 8. PROPRIETARY AND CONFIDENTIAL 8ACRONIS © 2017 Deploy, maintain, test, improve, get certified… #4
  9. 9. PROPRIETARY AND CONFIDENTIAL 9ACRONIS © 2017 Deploy, maintain, test, improve, get certified… #4
  11. 11. PROPRIETARY AND CONFIDENTIAL 11ACRONIS © 2017 Let’s get back to the basics
  12. 12. PROPRIETARY AND CONFIDENTIAL 12ACRONIS © 2017 The main purpose of BCP is to to ensure that an organization can continue to operate in case of serious incidents or disasters and is able to recover to an operational state within a reasonably short timeline
  13. 13. PROPRIETARY AND CONFIDENTIAL 13ACRONIS © 2017 Risk Assessment and Threat Modelling #2 Integrate BCP or its part with InfoSec activities Threat models Operational risks Risk Assessment Loss of asset availability? BIA Human made disasters Natural disasters Third party risks How possible it is we will catch ransomware? What assets might be damaged?
  14. 14. PROPRIETARY AND CONFIDENTIAL 14ACRONIS © 2017 Ensure that your threat models correlate with reality
  15. 15. PROPRIETARY AND CONFIDENTIAL 15ACRONIS © 2017 Conduct a Business Impact Analysis (BIA) #3 BIA must include all possible scenarios Calculate: ● Cost of resources for recovery ● Possible damage caused by disaster We have lost a number of assets. What consequences may this have?
  16. 16. PROPRIETARY AND CONFIDENTIAL 16ACRONIS © 2017 Disaster recovery plan#4 DRP for business IT continuity plan Incident management Backup and recovery Asset management Segregation of duties ITCP in SLA
  17. 17. PROPRIETARY AND CONFIDENTIAL 17ACRONIS © 2017 Ransomware recovery chain Risk Assessment and Threat Modelling How ransomware can potentially appear in network; How internal processes can be enhanced to minimize this risk; What assets might be damaged with ransomware; Conduct a Business Impact Analysis (BIA) How much can company lose if systems are encrypted; How much downtime can the company accept; What kind of remediation is possible and how much will it cost Disaster recovery plan Backup and restore plans; Internal forensic lab Equipment replacement; Pay the hackers, etc.
  18. 18. PROPRIETARY AND CONFIDENTIAL 18ACRONIS © 2017 Hints for DRP implementation 1) You already might have enough necessary processes in place to prepare a DRP 2) Delegate functionally on business associates (5% of daily responsibilities) 3) Extract ITCP part if business doesn’t support solid BCP 4) Test your disaster recovery plans (e.g. perform periodic test backup and restore)
  19. 19. PROPRIETARY AND CONFIDENTIAL 19ACRONIS © 2017 P.S. why not an option?
  20. 20. PROPRIETARY AND CONFIDENTIAL 20ACRONIS © 2017 Questions? yulia.omelia /yomelia