2. Build Tangible Community Goods Through
Sharing & Collaboration
Frameworks, Checklists, Playbooks..
3. Today’s Goal: Build A Tangible Community
Good
Deliverable: Playbook for Building an APT Security Architecture
Key Discussion Points:
• Causes of recent breaches – learning
• Threat Taxonomy
• Program structure – Detect & Respond
• Getting management buy in
Timeline: Next 60 mins..
We will start with an empty slide..
4. Breach Analysis And Learning (Case Study 1)
• Breach Description
• End point compromise through APT style targeted phishing
• Attacker was targeting a specific customer through Wipro
• Learning
• Zero trust approach
• Awareness (hygiene) is not enough
• Better PR execution
• 3rd party monitoring
5. Breach Analysis And Learning (Case Study 2)
• Breach Description
• Database exposure through web-app
• Learning
• Monitor shadow IT
• 3rd party monitoring
• Inventory management
• Responding and “thanking” to researchers + VDP
6. Detection Program
• SOC –SIEM with
• focus on Human / UEABA
• Threat hunting
• Deception
• Monitor shadow IT
• 3rd party monitoring – OSINT +
Rating
• Inventory management
(External & Internal)
• Continuous red teaming
• Process
7. Response & Recovery Program Structure
• Communication / PR
• VDP
• External communication
• Internal process + playbook to handle disclosure
• Internal response drills + CCMP
• Insurance
• Awareness
8. Should We Disclose?
• Management
• Yes
• Board
• Major issue – Yes
• Regulator
• Based on regulation
• Affected/Impacted customers
• Yes
• Affected/Impacted End Users
• Yes
• Not Impacted
• Gray (Amazon disclosed)
• Impact of not disclosing
• Due diligence
• Future acquisition
• Loss of customer confidence
• Brand loss
• Loss of confidence at
Board/Mgmt level
9. Setting Expectations With Management
• Setting expectation
• We can be breached..100% security is not possible
• Cyber breach /crisis management drill
• Additional budget
• What works?
• Inform them on breaches and impact in the peer group
• We have the following controls – recommend additional controls and cost
• Showing current investment has helped prevent certain breaches
• Utilize regulators
• Customer expectations – RFPs
• Business impact of not having a control
• What doesn’t?
• Giving technical details or using technical terms – convert to business terms/impact
• Budget for tools