Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data2Vault on Reviewing your risks and your action plan

29 views

Published on

Cyber Themes 2018: https://londondsc.co.uk/cyberthemes2018/

Use "#ReviewingYourRisks" on Twitter to join in the conversation!

---
About Data2Vault:
Data2Vault provide a range of data protection solutions all delivered as secure, managed services that are automated, optimised and simplify core IT operations to help drive efficiency and reduce risk.

---
We are a not for profit organisation, founded as a joint venture by the Mayor of London, the Metropolitan Police Service (MPS) and the City of London Police (CoLP). We work in partnership with private industry and academia to help businesses, primarily SME business (less than 249 employees), to embrace digital innovations and operate in a secure online environment protecting themselves against cyber criminals.

What is our purpose?
- To provide simple, measurable and effective digital security solutions to businesses.
- To enable businesses to operate in a secure digital environment.
- To target victims of cyber crime and provide support to prevent repeat victimisation.
- To evidence a positive shift in the digital security of businesses.

---
Find out more information via:

Website ▶ https://londondsc.co.uk/
Twitter ▶ https://twitter.com/LondonDSC
LinkedIn ▶ https://www.linkedin.com/company/london-digital-security-centre/
Instagram ▶ https://www.instagram.com/londondigititalsecuritycentre

  • Be the first to comment

  • Be the first to like this

Data2Vault on Reviewing your risks and your action plan

  1. 1. Assessing your Risks Preparing for recovery 18th July 2018 LDSC
  2. 2. Run | Grow | Transform 2 Run the business Innovate the business Grow the business 66% 20% 14%
  3. 3. BCI Cyber Resilience report 2018 3 Cyber is now the Number 1 threat to Business Continuity
  4. 4. Top 3 Cyber threats 4 Top 3 threats all compromise data integrity
  5. 5. RISK – the Swiss cheese model 5 Layers of Defence, Barriers & Safeguards Residual Risk Building design Sprinklers Fire extinguishers Staff Training Fire Insurance Self Insure Fire Loss
  6. 6. RISK – the Swiss cheese model 6 Layers of Defence, Barriers & Safeguards Residual Risk Technology Defences Policies & Procedures Training & Awareness Testing & Verification Cyber/ Business Interruption/ Data Loss/ Insurance Self Insure Data Loss
  7. 7. 3-2-1 of Data Protection 3 COPIES The source and two in backup 2 ENVIRONMENTS [Live systems – Backup] Different media//vendors//software//firmware 1 COPY OFFSITE Geographically separate source data from a backup copy 7
  8. 8. 8 10 6 8 9 7 11 9 10 10 11 18 15 30 31 28 29 28 35 35 37 39 36 31 28 15 17 16 15 17 11 Restoration Emergency/Incident Management Contingency Planning Business Resumption Work Area/Workforce Continuity Disaster Recovery Outcome of Last Exercise Exercising DR plans is the second most critical aspect of the DR process (conducting a BIA is the first) and the aspect most feared Exercise Cancelled. Exercise went OK – Significant Problems. Exercise went well with Problems. Exercise fully successful. All service levels fully met. Not sure. It is all about Recovery A false sense of security
  9. 9. Ransomware’s Evolution Moving target Recover again, and again Pay again, and again Attack-Loop Virus attacks BUs (infects repository) Virus infects Detonates And now this … Keep “n” copies of backups No Ransom Virus attacks BUs (deletes repository) Then this Virus infects Detonates Recover from Backup Pay Ransom Cannot Recover Virus attacks BUs (deletes repository) And then this Virus infects Detonates Recover from Backup No Ransom Then this Detonates Virus infects Virus infects Detonates Pay Ransom This happened
  10. 10. Achieve Compliance Simply, Affordably  Efficient methodologies flex to changing, stringent regulations  Privacy by Design  Article 6 (Managing Consent)  Article 17 (“Right to Be Forgotten”)  Find and wipe Personal Identifiable Information (PII) from backup and archive data  Limit image-based backups to DR only  Backup files for long-term retention  Article 25 (State of the Art)  Article 32 (Recover in a timely manner)
  11. 11. Public Cloud services High Availability  Multiple servers  Multiple Data Centres  Multiple copies  Same data, viruses and malware Data Backup  Protects your data  Multiple separate copies  Multiple locations  Multiple generations  Scans for malware 11 Cloud Service High Availability Data Backup MS Office365 Yes No Google Apps Yes No Salesforce.com Yes No AWS Yes No Azure Yes No What about protecting your data in a Cyber Attack?
  12. 12. Plan, Simplify & Test Plan  Business Impact Analysis  Identify the critical data  Identify the priority threats  Respond to emerging threats Simplify  Less software and hardware to maintain  Optimise resources  Automate to remove human intervention Test  Backup & Recovery  IT Disaster Recovery services  Business Continuity services 12
  13. 13. 13 Transferring Residual Risk www.data2vault.com Twitter: @data2vault LinkedIn: data2vault Email: mark.saville@data2vault.com

×