Alert Logic , profile picture
Uploaded byAlert Logic
PPTX, PDF300 views

Cyber Resiliency

The document outlines key strategies and best practices for cyber incident response, emphasizing the importance of preparation, identification, notification, and effective mitigation strategies. It cites a case study on a ransomware attack affecting the Tewksbury Police Department, illustrating the disruptive impact of such incidents and the need for structured cyber incident response plans. The document highlights various roles and responsibilities within incident response teams and encourages regular testing and training to enhance preparedness and confidence.

Embed presentation

Downloaded 23 times
Breach Stats
Paul Fletcher – Cyber Security Evangelist @_PaulFletcher Cyber Resiliency
Breach Stats
Step 1: Cut the cord as soon as possible well… maybe… Actually, Give It a Minute or Two
Downside of moving too fast
Downside of moving too fast
Before you act, ask yourself: • What is your primary objective? • What about the Cyber Security Incident Response plan? • Is there a downside to quietly observing the actions of the attacker?
Types of Cyber Security Incidents • Application Vulnerabilities - Word Press - MySql - Web Server (IIS or Apache) • Operating System Attacks - Linux Kernel • Malicious Software - Worm - Trojan - Other • Denial of Service (DoS or DDoS) • Ransomware
Ransomware Incidents Ransom demand variation over time.
Case Study: Tewksbury Police Department Attack • Phishing email (package delivered – click this link for details) • Employee clicked, malware was launched • Attacker gained access and encrypted data on mapped servers • Ransom demand of only $500 (if a million people give you $1, You have $1 million.) Impact • Total Police Operations Disruption • Reverted to broken manual processes • No access to arrest records/warrants • Unable to conduct ID verification Five days with no computing. Public and private security experts unable to decrypt. No technical mitigation.
If Ransomware Hits – Haggle! • Act quickly before they pack up • Most attackers happy with smaller pay day • In larger cases, FBI recommends professional negotiators be hired
Cyber Incident Response Plans
Cyber Incident Response • The Plan is the Thing - Preparation - Identification - Notification - Mitigation Strategy - Containment - Eradication - Recovery - Lessons Learned • Templates
Roles and responsibilities • Incident notification • Help desk • Technical team • Triage team • Forensics team • Network Security • Malware analysis • Communications • Executive team • Legal/Marketing/HR
Roles and responsibilities Incident Notification • Employees • Contractors/Consultants • Vendors • Customers • Competitors • Law Enforcement Notification Method • Should be easy • Have multiple options
Roles and responsibilities • Help desk • Properly trained • Escalation • Pre-triage • Technical team • Triage – fix known issues, return system to normal • Forensics – root cause analysis, chain of custody • Network and systems – infrastructure assessment • Malware analysis – reverse engineer, zero days
Roles and responsibilities • Communications • Within the incident response team • Internally • Decision makers • Externally • Designated role • Notes • Timelines • Next steps • Executive team • Legal/Marketing/HR
Cyber Incident Response • Cloud considerations - Robust log solution - Understand your cloud service providers security model - Understand the shared security responsibility - Clearly defined resources - Include when testing the plan - Have pristine content ready to re-deploy - Test this capability
Test the plan • Self risk assessment • Incident response walk through • Recent breach details • Team risk assessment • Entire incident response team • Confirm roles, timing, talent and tools • Executive risk assessment • Focused on process and business impact • C-level collaboration • Live exercise risk assessment • Practice leads to experience • Experience leads to confidence • Confidence leads to execution
Cyber Incident Response • Test the plan • Roles and responsibilities • Cloud considerations • The plan is the thing • Test the plan…again
No Substitution for Preparation • Assume that at some point you will be breached • Make actionable • Consider observing the adversary without tipping them off to understand full extent of the breach and attacker intent • Use cloud networking tools to isolate compromised infrastructure and orchestrate recovery efforts • Run your incident response team through regularly scheduled and surprise exercises • Engage cloud provider during exercises • Utilize hybrid infrastructure
Shared Cyber Incident Response Preparation Identification Notification Mitigation Strategy Containment Eradication Recovery Lessons Learned
Thank you.

More Related Content

PPTX
#ALSummit: Live Cyber Hack Demonstration
byAlert Logic
 
PPTX
#ALSummit: Cyber Resiliency: Surviving the Breach
byAlert Logic
 
PPTX
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
byDigital Bond
 
PPTX
#ALSummit: Architecting Security into your AWS Environment
byAlert Logic
 
PPT
Safeguard your enterprise against ransomware
byQuick Heal Technologies Ltd.
 
PPTX
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
PPTX
Improve threat detection with hids and alien vault usm
byAlienVault
 
PDF
Reality Check: Security in the Cloud
byAlert Logic
 
#ALSummit: Live Cyber Hack Demonstration
byAlert Logic
 
#ALSummit: Cyber Resiliency: Surviving the Breach
byAlert Logic
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
byDigital Bond
 
#ALSummit: Architecting Security into your AWS Environment
byAlert Logic
 
Safeguard your enterprise against ransomware
byQuick Heal Technologies Ltd.
 
Malware detection how to spot infections early with alien vault usm
byAlienVault
 
Improve threat detection with hids and alien vault usm
byAlienVault
 
Reality Check: Security in the Cloud
byAlert Logic
 

What's hot

PDF
Reducing Your Attack Surface
byAlert Logic
 
PDF
Web Application Penetration Testing
byPriyanka Aash
 
PDF
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
PDF
Realities of Security in the Cloud
byAlert Logic
 
PPTX
Ethical hacking
byAishwary Sinha
 
PPTX
Incident Response: Validation, Containment & Forensics
byPriyanka Aash
 
PPTX
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
byDigital Bond
 
PDF
Security Implications of the Cloud - CSS Dallas Azure
byAlert Logic
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 
PPTX
Ethical hacking/ Penetration Testing
byANURAG CHAKRABORTY
 
PDF
Carbon Black Corporate Overview 2016
byExclusive Networks ME
 
PDF
Breaking and entering how and why dhs conducts penetration tests
byPriyanka Aash
 
PPTX
Is Antivirus (AV) Dead or Just Missing in Action
byQuick Heal Technologies Ltd.
 
PDF
Security Implications of the Cloud
byAlert Logic
 
PPTX
Thinking Differently About Security Protection and Prevention
byDavid Perkins
 
PDF
The Intersection of Security & DevOps
byAlert Logic
 
PPTX
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
PPT
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
PPTX
Continuous Automated Red Teaming (CART) - Bikash Barai
byAllanGray11
 
PPTX
Alienvault threat alerts in spiceworks
byAlienVault
 
Reducing Your Attack Surface
byAlert Logic
 
Web Application Penetration Testing
byPriyanka Aash
 
Wfh security risks - Ed Adams, President, Security Innovation
byPriyanka Aash
 
Realities of Security in the Cloud
byAlert Logic
 
Ethical hacking
byAishwary Sinha
 
Incident Response: Validation, Containment & Forensics
byPriyanka Aash
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
byDigital Bond
 
Security Implications of the Cloud - CSS Dallas Azure
byAlert Logic
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
byAlienVault
 
Ethical hacking/ Penetration Testing
byANURAG CHAKRABORTY
 
Carbon Black Corporate Overview 2016
byExclusive Networks ME
 
Breaking and entering how and why dhs conducts penetration tests
byPriyanka Aash
 
Is Antivirus (AV) Dead or Just Missing in Action
byQuick Heal Technologies Ltd.
 
Security Implications of the Cloud
byAlert Logic
 
Thinking Differently About Security Protection and Prevention
byDavid Perkins
 
The Intersection of Security & DevOps
byAlert Logic
 
AWS Security Best Practices for Effective Threat Detection & Response
byAlienVault
 
Ethical Hacking and Penetration Testing
byRishabh Upadhyay
 
Continuous Automated Red Teaming (CART) - Bikash Barai
byAllanGray11
 
Alienvault threat alerts in spiceworks
byAlienVault
 

Viewers also liked

PDF
How to design enterprise apps that sell
byInVision App
 
PDF
Lec(9):capacitive divider
byeslam elfayoumy
 
PPTX
West African Food Markets and Transformations in Agriculture
byPascal Corbé
 
PDF
User-centric design for large enterprises
byInVision App
 
PPT
Résoudre la crise alimentaire africaine : L'urgence d'un agenda mené par l'A...
byEuforic Services
 
PPT
Hipaa Compliance With IT
byNainil Chheda
 
PDF
Shinjuku.rb #29 ActiveJobでSQS使ったのとその永続化についての話
byTakeuchi Yuichi
 
PDF
Omoidoriのファンづくりマーケティング
byNatsumi Sato
 
PPTX
Quark Virtualization Engine for Analytics
byDataWorks Summit/Hadoop Summit
 
PPTX
HIPAA Compliance in the Cloud
byDataWorks Summit/Hadoop Summit
 
PDF
【ヒカラボ】RDS for MySQL → Aurora
byYuki Kanazawa
 
PDF
The State of Enterprise UX 2016: Panel Discussion
byuxpin
 
PDF
Potential Solutions to the Fundamental Problem of Causal Inference: An Overview
byEconomic Research Forum
 
PPTX
Creating and Scaling an Enterprise Design System
byuxpin
 
PDF
Team Personas for Enterprise UX
byuxpin
 
DOC
Gutierrez
byMatematica2APV2
 
How to design enterprise apps that sell
byInVision App
 
Lec(9):capacitive divider
byeslam elfayoumy
 
West African Food Markets and Transformations in Agriculture
byPascal Corbé
 
User-centric design for large enterprises
byInVision App
 
Résoudre la crise alimentaire africaine : L'urgence d'un agenda mené par l'A...
byEuforic Services
 
Hipaa Compliance With IT
byNainil Chheda
 
Shinjuku.rb #29 ActiveJobでSQS使ったのとその永続化についての話
byTakeuchi Yuichi
 
Omoidoriのファンづくりマーケティング
byNatsumi Sato
 
Quark Virtualization Engine for Analytics
byDataWorks Summit/Hadoop Summit
 
HIPAA Compliance in the Cloud
byDataWorks Summit/Hadoop Summit
 
【ヒカラボ】RDS for MySQL → Aurora
byYuki Kanazawa
 
The State of Enterprise UX 2016: Panel Discussion
byuxpin
 
Potential Solutions to the Fundamental Problem of Causal Inference: An Overview
byEconomic Research Forum
 
Creating and Scaling an Enterprise Design System
byuxpin
 
Team Personas for Enterprise UX
byuxpin
 
Gutierrez
byMatematica2APV2
 

Similar to Cyber Resiliency

PDF
Navigating-Cybersecurity-Incidents-in-2025.pptx.pdf
byWin In Life Academy
 
PPTX
Navigating Cybersecurity Incidents in 2025
bywininlifeacademy5
 
PPTX
Incident Response
byprimeteacher32
 
PPTX
INCIDENT-RESPONSE_093004 (1).pdtffyghgptx
byjess12castano
 
PDF
Cybersecurity Incident Response Planning.pdf
byCiente
 
PPTX
2022 Rea & Associates' Cybersecurity Conference
byRea
 
PPTX
You Will Be Breached
byMike Saunders
 
PDF
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
PDF
YBB-NW-distribution
byMike Saunders
 
PPTX
Draft_ppt_dmss[1][2] (1) FINAL123455667.pptx
bymazumderdevangshu
 
PPTX
Ch2-Incident Response Process.pptxIncident Response Process
bySuhail Qadir Mir
 
PPTX
chapter on Incident Response Management.
bySuhail Qadir Mir
 
PPTX
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
byCashmir Pangandaman
 
PPTX
IT Security and Management - Semi Finals by Mark John Lado
byMark John Lado, MIT
 
PDF
Incident Response
byInnoTech
 
PDF
You will be breached
byMike Saunders
 
PDF
Cyber Incident Response View - Aeren LPO.
byAeren LPO
 
PDF
Department of Homeland Security Guidance
byMeg Weber
 
PDF
DHS Guidelines
byMeg Weber
 
PDF
Incident Response Planning and Management
byCybernetic Global Intelligence
 
Navigating-Cybersecurity-Incidents-in-2025.pptx.pdf
byWin In Life Academy
 
Navigating Cybersecurity Incidents in 2025
bywininlifeacademy5
 
Incident Response
byprimeteacher32
 
INCIDENT-RESPONSE_093004 (1).pdtffyghgptx
byjess12castano
 
Cybersecurity Incident Response Planning.pdf
byCiente
 
2022 Rea & Associates' Cybersecurity Conference
byRea
 
You Will Be Breached
byMike Saunders
 
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
YBB-NW-distribution
byMike Saunders
 
Draft_ppt_dmss[1][2] (1) FINAL123455667.pptx
bymazumderdevangshu
 
Ch2-Incident Response Process.pptxIncident Response Process
bySuhail Qadir Mir
 
chapter on Incident Response Management.
bySuhail Qadir Mir
 
KSS ON CYBERSECURITY INCIDENT RESPONSE AND PLANNING MANAGEMENT.pptx
byCashmir Pangandaman
 
IT Security and Management - Semi Finals by Mark John Lado
byMark John Lado, MIT
 
Incident Response
byInnoTech
 
You will be breached
byMike Saunders
 
Cyber Incident Response View - Aeren LPO.
byAeren LPO
 
Department of Homeland Security Guidance
byMeg Weber
 
DHS Guidelines
byMeg Weber
 
Incident Response Planning and Management
byCybernetic Global Intelligence
 

More from Alert Logic

PDF
Managed Threat Detection & Response for AWS Applications
byAlert Logic
 
PDF
Extending Amazon GuardDuty with Cloud Insight Essentials
byAlert Logic
 
PDF
Managed Threat Detection and Response
byAlert Logic
 
PDF
Extending Amazon GuardDuty with Cloud Insight Essentials
byAlert Logic
 
PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PDF
Security Spotlight: Presidio
byAlert Logic
 
PDF
The Intersection of Security & DevOps
byAlert Logic
 
PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PDF
Security Spotlight: Rent-A-Center
byAlert Logic
 
PDF
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
byAlert Logic
 
PDF
Realities of Security in the Cloud
byAlert Logic
 
PDF
The Intersection of Security & DevOps
byAlert Logic
 
PDF
Security Spotlight: Presidio
byAlert Logic
 
PDF
Security Implications of the Cloud
byAlert Logic
 
PDF
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
byAlert Logic
 
PDF
Realities of Security in the Cloud
byAlert Logic
 
PDF
CSS 2018 Trivia
byAlert Logic
 
PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PDF
Realities of Security in the Cloud
byAlert Logic
 
PDF
The Intersection of Security and DevOps
byAlert Logic
 
Managed Threat Detection & Response for AWS Applications
byAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
byAlert Logic
 
Managed Threat Detection and Response
byAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
byAlert Logic
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
Security Spotlight: Presidio
byAlert Logic
 
The Intersection of Security & DevOps
byAlert Logic
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
Security Spotlight: Rent-A-Center
byAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
byAlert Logic
 
Realities of Security in the Cloud
byAlert Logic
 
The Intersection of Security & DevOps
byAlert Logic
 
Security Spotlight: Presidio
byAlert Logic
 
Security Implications of the Cloud
byAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
byAlert Logic
 
Realities of Security in the Cloud
byAlert Logic
 
CSS 2018 Trivia
byAlert Logic
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
Realities of Security in the Cloud
byAlert Logic
 
The Intersection of Security and DevOps
byAlert Logic
 

Recently uploaded

PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 

Cyber Resiliency

  • 1.
  • 2.
    Paul Fletcher –Cyber Security Evangelist @_PaulFletcher Cyber Resiliency
  • 3.
  • 4.
    Step 1: Cutthe cord as soon as possible well… maybe… Actually, Give It a Minute or Two
  • 5.
  • 6.
  • 7.
    Before you act,ask yourself: • What is your primary objective? • What about the Cyber Security Incident Response plan? • Is there a downside to quietly observing the actions of the attacker?
  • 8.
    Types of CyberSecurity Incidents • Application Vulnerabilities - Word Press - MySql - Web Server (IIS or Apache) • Operating System Attacks - Linux Kernel • Malicious Software - Worm - Trojan - Other • Denial of Service (DoS or DDoS) • Ransomware
  • 9.
  • 10.
    Case Study: TewksburyPolice Department Attack • Phishing email (package delivered – click this link for details) • Employee clicked, malware was launched • Attacker gained access and encrypted data on mapped servers • Ransom demand of only $500 (if a million people give you $1, You have $1 million.) Impact • Total Police Operations Disruption • Reverted to broken manual processes • No access to arrest records/warrants • Unable to conduct ID verification Five days with no computing. Public and private security experts unable to decrypt. No technical mitigation.
  • 11.
    If Ransomware Hits– Haggle! • Act quickly before they pack up • Most attackers happy with smaller pay day • In larger cases, FBI recommends professional negotiators be hired
  • 12.
  • 13.
    Cyber Incident Response •The Plan is the Thing - Preparation - Identification - Notification - Mitigation Strategy - Containment - Eradication - Recovery - Lessons Learned • Templates
  • 14.
    Roles and responsibilities •Incident notification • Help desk • Technical team • Triage team • Forensics team • Network Security • Malware analysis • Communications • Executive team • Legal/Marketing/HR
  • 15.
    Roles and responsibilities IncidentNotification • Employees • Contractors/Consultants • Vendors • Customers • Competitors • Law Enforcement Notification Method • Should be easy • Have multiple options
  • 16.
    Roles and responsibilities •Help desk • Properly trained • Escalation • Pre-triage • Technical team • Triage – fix known issues, return system to normal • Forensics – root cause analysis, chain of custody • Network and systems – infrastructure assessment • Malware analysis – reverse engineer, zero days
  • 17.
    Roles and responsibilities •Communications • Within the incident response team • Internally • Decision makers • Externally • Designated role • Notes • Timelines • Next steps • Executive team • Legal/Marketing/HR
  • 18.
    Cyber Incident Response •Cloud considerations - Robust log solution - Understand your cloud service providers security model - Understand the shared security responsibility - Clearly defined resources - Include when testing the plan - Have pristine content ready to re-deploy - Test this capability
  • 19.
    Test the plan •Self risk assessment • Incident response walk through • Recent breach details • Team risk assessment • Entire incident response team • Confirm roles, timing, talent and tools • Executive risk assessment • Focused on process and business impact • C-level collaboration • Live exercise risk assessment • Practice leads to experience • Experience leads to confidence • Confidence leads to execution
  • 20.
    Cyber Incident Response •Test the plan • Roles and responsibilities • Cloud considerations • The plan is the thing • Test the plan…again
  • 21.
    No Substitution forPreparation • Assume that at some point you will be breached • Make actionable • Consider observing the adversary without tipping them off to understand full extent of the breach and attacker intent • Use cloud networking tools to isolate compromised infrastructure and orchestrate recovery efforts • Run your incident response team through regularly scheduled and surprise exercises • Engage cloud provider during exercises • Utilize hybrid infrastructure
  • 22.
    Shared Cyber IncidentResponse Preparation Identification Notification Mitigation Strategy Containment Eradication Recovery Lessons Learned
  • 23.

Editor's Notes

  • #4 Reasons to be targeted Source: datalossdb.org
  • #5 Story of malware that self-destructs if “phone home” unsuccessful after X amount of attempts.
  • #7 Cambridge University security researcher Sergei Skorobogatov has published a new research paper detailing a technique that would have helped the FBI bypass the iOS passcode limit on the shooter's iPhone 5C
  • #9 Different attack vectors may need to be handled differently and documented accordingly in your Cyber Incident Response Plan.
  • #16 An incident could be reported by any of these
  • #17 Help desk – pre-triage means that help desk analysis should be able to understand enough about the reported incident to prepare the user and their system for next steps. As an example, if a user reports malware, the help desk should be able to know the next step (is your policy to unplug the network cable or shut off the system or keep it up and running for forensics) and communicate that to the user.
  • #20 C-level collaboration – a chance to discuss each executive’s biggest concerns and priorities. External facilitator - This external source can bring a scenario to work through, ask compelling questions (without corporate knowledge), facilitate discussion and be a source for independent review of your plan
  • #23 Regarding cyber incident response, Alert Logic can identify the threat and notify our customer with a mitigation strategy.  Once the customer knows there is an active threat, they can use our recommendation to contain the threat to keep it from spreading, eradicate the threat from their systems and recover to normal operations.  It’s highly recommended that organizations have a prepared cyber incident response plan and document the lessons learned from each incident to enhance their plan as cyber incident handling experience increases. Preparation Identification Notification Mitigation Strategy Containment Eradication Recovery Lessons Learned