Download as PDF, PPTX
Uploaded byResilient Systems
EU Cyber Attacks And The Incident Response Imperative
The document discusses the significance of co3 systems in enhancing incident response planning and reducing the financial impact of data breaches. It highlights the current breach reality, indicating that while breaches among large organizations have decreased slightly, their costs have risen significantly. The document also outlines the incident response lifecycle and emphasizes the importance of preparation, assessment, management, and mitigation in incident response strategies.
More Related Content
Similar to EU Cyber Attacks And The Incident Response Imperative
![[Bucharest] Attack is easy, let's talk defence](https://cdn.slidesharecdn.com/ss_thumbnails/attackiseasyletstalkdefencev3-151026104559-lva1-app6891-thumbnail.jpg?width=640&height=640&fit=bounds)
![[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...](https://cdn.slidesharecdn.com/ss_thumbnails/cb22keynoteunderwhelmedmakingsenseoftheoverwhelmingchallengeofcybersecurity-230101083039-ff0c756e-thumbnail.jpg?width=640&height=640&fit=bounds)
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
EU Cyber Attacks And The Incident Response Imperative
- 1. 1 “Co3 makes theprocess of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” – PC Magazine, Editor’s Choice “Co3…defines what software packages for privacy look like.” – Gartner “Platform is comprehensive, user friendly, and very well designed.” – Ponemon Institute “One of the most important startups in security…” – Business Insider “One of the hottest products at RSA…” – Network World “...an invaluable weapon when responding to security incidents.” – Government Computer News “Co3 has done better than a home-run... it has knocked one out of the park.” – SC Magazine “Most Innovative Security Startup.” – RSA Conference We’ll get started in just a minute.
- 2. EU Cyber Attacks& The Incident Response Imperative
- 3. 3 Agenda Introductions Co3 Systems Background Today’sBreach Reality IR Functional Components IR Management Demo Q&A
- 4. 4 Introductions: Today’s Speakers •Ted Julian, Chief Marketing Officer, Co3 Systems • Tim Armstrong, Security Incident Response Specialist, Co3 Systems
- 5. 5 SSAE16TYPEIICERTIFIED DASHBOARDS&REPORTING Bringing people, process,and technology together for times of crisis I N C I D E N T R E S P O N S E P L A N PLAN SYNTHESIS INTEGRATED INTELLIGENCE ARTIFACT CORRELATION INSTANT CREATION & STREAMLINED COLLABORATION HR IT LEGAL/ COMPLIANCE MARKETING COMMUNITY BEST PRACTICES INDUSTRY STANDARD FRAMEWORKS ORGANIZATIONAL SOPS GLOBAL PRIVACY BREACH REGULATIONS CONTRACTUAL REQUIREMENTS ACCELERATED MITIGATION TROUBLE TICKETING SIMGRC AUTOMATED ESCALATION EMAIL WEB FORM TROUBLE TICKETING ENTRY WIZARD SIM
- 6. 6 Today’s Breach Reality– The EU Conundrum • Data in the U.S. and anecdotal experience suggests a worldwide epidemic • But without mandated public breach disclosure across the E.U., data is limited, and it’s hard to quantify
- 7. 7 Today’s Breach Reality Source:Verizon DBIR 2014 Incident classification patterns over time
- 8. 8 Today’s Breach Reality 81% oflarge organisations had a security breach (down from 86%* a year ago) 60% of small businesses had a security breach (down from 64%* a year ago) 59% of respondents expect there will be more security incidents in the next year than last £600k - £1.15m average cost to a large organisation of its worst security breach of the year (up from £450 - £850k a year ago) £65k - £115k average cost to a small business of its worst security breach of the year (up from £35 - £65k a year ago) Source: 2014 Information Security Breaches Survey, pwc U.K. Breaches Are Slightly Down But Costs Are Way Up
- 9. 9Co3 Systems, Inc. IRCan Help An IR Plan and a Strong security posture reduce expense Impact of eight factors on the per capita cost of data breach Source: 2014 Cost of Data Breach Study: Global Analysis IBM & Ponemon Institute
- 10.
- 11. 11 The IR Lifecycle Prepare ImproveOrganizational Readiness • Appoint team members • Fine tune response SOPs • Link in legacy applications • Run simulations (fire drills, table tops) Mitigate Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization Assess Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Track incidents, maintain logbook • Automatically prioritize activities based on criticality • Log evidence • Generate assessment Manage Contain, Eradicate and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling
- 12. 12Co3 Systems, Inc. Prepare •Incident response teams often include: – IT, Legal (internal and/or external), Compliance, Audit, Privacy, Marketing, HR, Senior Executive – Pre-define roles and responsibilities • RACI (Responsible, Accountable, Consulted, Informed) • SOPs can include: – Processes to be followed by incident type – Standardized interpretation of legal / regulatory requirements – 3rd party contractual requirements • Simulations – Can range from drills to full-scale exercises – Communications is key • Roles, contact info, internal and external – Gauge organization preparedness, catalyze improvement Prepare Improve Organizational Readiness • Appoint team members • Fine tune response SOPs • Link in legacy applications • Run simulations (fire drills, table tops)
- 13.
- 14. 14Co3 Systems, Inc. Assess •Prioritize efforts – Based on value of asset, potential for customer impact, risk of fines, and other risks • Leverage threat intelligence • Incident declaration matrix – Based on category and severity level – Can set SLAs for each Assess Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Track incidents, maintain logbook • Automatically prioritize activities based on criticality • Log evidence • Generate assessment
- 15.
- 16.
- 17. 17Co3 Systems, Inc. Manage •Iterate on your plan • Communicate status – Different mechanisms for different constituents • Ensure everything is tracked Manage Contain, Eradicate and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling
- 18.
- 19. 19Co3 Systems, Inc. Mitigate •Conduct a post-mortem – Validate investment or lobby for more – Identify areas for improvement • Did we hit our SLAs? – Update playbooks • Track incident source – pinpoint risk to drive improvement, and/or trigger bill-back • Update preventative and detective controls Mitigate Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization
- 20.
- 21.
- 22. 22 Next Up • Today'sBreach Reality, The IR Imperative, And What You Can Do About It – Wednesday, July 16, 2014 1:00 PM - 2:00 PM EDT • BlackHat 2014 – August 5-7, Las Vegas
- 23. One Alewife Center,Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE “Co3…defines what software packages for privacy look like.” GARTNER “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE “One of the hottest products at RSA…” NETWORK WORLD – FEBRUARY 2013