The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
How to Boost your Cyber Risk Management Program and Capabilities?
1.
2. INTRODUCTION
Author of IADFE (CPIA and CRIA) and CPSA / CRT courses – CREST
Accredited.
Co-Founder of SWCSC.
ISMS and Digital Forensic Technical Assessor.
ISMS Auditor.
Investigator / Problem Solver.
Incident Responder.
IRCA and IISP Professional Member.
3. OBJECTIVE
• Understanding your organisation in crisis due to
an exploitation of risk can develop the
organisation's resilience and team in the drive
for a stronger level of compliance maturity.
4. JOHN CHAMBERS, FORMER CHIEF
EXECUTIVE OFFICER OF CISCO
“There are two types of companies: those who
have been hacked, and those who don’t yet know
they’ve been hacked”
5. Information comes in many
types and formats.
The preservation of confidentiality, integrity
and availability of information; in addition,
other properties, such as authenticity,
accountability, non-repudiation, and reliability
can also be involved.
6. IN THE NEWS
• Big Names:
• Target - 2013
• Sony – 2014
• Ashley Madison – 2015
• TalkTalk - 2015
• Equifax - 2017
• Ransomware.
• NHS – 2017.
• WikiLeaks.
• Vault 7 – 2017.
7. BACK TO REALITY
• Local Businesses.
• Not everything makes the news.
• Big Threats hitting SMEs.
• Devon and Cornwall Police
website was taken down.
• A large holiday resort booking
system was lost.
• A jeans manufacturer lost their
online shop.
• They weren’t the targets of the threats!
8. 3B Data Security llp
Telephone: 01223 298 333 | Email: info@3BDataSecurity.com | web: www.3BDataSecurity.com
How you handle information is very important.
Your customers have entrusted their information to you.
If you misuse or lose personal information it could cause
serious harm or distress to people.
16. CAPABILITIES ROADMAP
IS StrategyTechnical
Threats Intel
Business
Planning and
Management
Network
Endpoint
Application
Operational Monitoring
Technical / System
Controls
System
Emerging
Technology
UserData
17. RISK MANAGEMENT
• Risk Assessment and Management.
• Root Cause Analysis.
• Technical Control management.
• Training.
• System Audit Controls.
• Plan-Do-Check-Act Lifecycle.
19. RISKS
• Calculating the likelihood and
impact on a particular asset.
• Physical
• Software
• People
• Information
• Paper
• Services
• Company Image and
Reputation
23. MANAGING
TRAINING
• Use accredited professionals to
deliver training.
Or
• Send staff on accredited courses.
• Do your research on courses and
find the best one for the business.
• Will it help mitigate a problem?
• Will it provide an improvement
to a business function?
24. INCIDENT RESPONSE
• If it goes wrong, how do you know what to do?
• Guess?
• Call upon specialist firms.
• Incident Responders.
• Digital Forensic firm.
• Often ex-Forces, Police and other agencies – experience will be of a high quality.
• Know who to call upon when something does happen.
• Develop a playbook of incidents and how the organisation would deal with them.
25. FORENSIC
READINESS
• When an incident requires
further investigation.
• Know what to do with
potential evidence.
• Containment is key but
take professional advice.
• Create a plan so that
everyone in the
organisation knows what
to do and what NOT to
do.
26. TABLE TOP
EXERCISES
• Specialists setup a fictional scenario
to test various levels of the business.
• Opportunity to test your incident
response plan and forensics
readiness plan.
• Ability to discuss certain scenarios.
• Often will shed light on areas
not thought of before.
27. CONCLUSION
• Develop your information security to challenge the normal of the business.
• Develop realistic challenges that the business could face.
• Get help in from the businesses that know how.
28. ISO/IEC 27032
Training Courses
• ISO/IEC 27032 Introduction
1 Day Course
• ISO/IEC 27032 Foundation
2 Days Course
• ISO/IEC 27032 Lead Cybersecurity Manager
5 Days Course
Exam and certification fees are included in the training price.
www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
www.pecb.com/events
John Chambers, the former CEO of CISCO once said, “There are two types of companies: those who have been hacked, and those who don’t yet know they’ve been hacked”. Not a recent comment by the former CEO but very prevalent to now, not only for companies but for consumers too.
2017 was arguably the biggest tide change in the news as the various outlets for example newspapers, websites, TV and radio news started to discuss the dangers of cyber attacks and so called hacking. Cyber attacks and hacking have become quite fashionable but without any true understanding beyond the big headline. The reality is that attack attempts happen constantly all day, every day without any relent because it is usually a system doing the hard work not the stereotypical hoodie attack in their parents bedrooms. The hacker has existed for decades but the loot has become more achievable with data being worth good money on the black market.
The big names range from Target superstores in the USA to TalkTalk in the UK, with the most recent being Equifax which hit customers all over the world. What is surprising, these attacks that made the news are not the biggest reported but this does not mean the consequential damage was not enough to effect a huge amount of clients, employees and shareholders to name a few. We will talk about the impacts and the aftermath of attacks later on in this session.
Another so-called attack which made the news because it effected so many people in the UK was the attack on the NHS in March 2017, which was the aftermath of a ransomware infection as oppose to an attack on the NHS. The issue that I would like everyone to understand at this stage, what the news outlets reported and what NHS trusts were actually effected did vastly differ. Again, we will discuss what ransomware is in a later key skill area.
The last item I would like to take some time to discuss is that of WikiLeaks and Julian Assange, who has made the news on and off for a couple of years with a focus on his refuge at the Ecuadorian Embassy in London. Why the news focus on the latter is probably due to their own understanding of the crimes against Julian Assange. Why he is important for this session, he is the founder of WikiLeaks, a website that exploits secrets from all over the world but predominantly from the USA. In March 2017, WikiLeaks released the ’Dark Matter’ files, which included malware that has taken the world on at storm since the announcement as every major piece of malware includes something from the Dark Matter reports.
Now a lot more closer to home, local news outlets are unlikely to cover the articles we discussed in the previous slide but the reality is that those threats effect local businesses too through being part of a supply chain or using technology that is vulnerable just like the big companies that have made the news. At the end of the day, systems like Windows is the same regardless if it is a small home office to a massive enterprise environment.
Now, let’s take a practical example from the last slide, the ransomware that hit the NHS was called WannaCry which was exploiting certain Windows systems that had the vulnerability which was advertised in the Vault 7 paper, Dark Matter. Well this same ransomware also hit smaller companies all over the UK including holiday parks to jeans shop, in most cases rendering the business paralysed. SME businesses do not usually have the manpower of the large enterprises and usually really on single technical officers or an outsourced supplier to help them, but it is not unusual for a disaster to uncover the frailties in the recovery process from a problem such as ransomware attack. The businesses that were hit were not the targets of the attack, just the victims of the attack.
At this stage, nothing technical to understand but we are starting to discuss some regular terms which are paramount to get used to. Use the analogy of the difference between driving a car and knowing how the engine works, it is likely that most of you will understand that the engine drives the car but without fuel or oil, it will not work. You do not need understand it does not work, just the fact you recognise that oil and fuel is needed for a car to work.
Taking the information from the first key skill area, we take a look at the PWC Cyber Security breaches survey 2017 which has surveyed various organisations in relation to cyber security, one of the sections correlates the types of breaches. Taking into account whilst the responses were low for the survey, they are very representative of the data breaches typically effecting organisations daily. The common breaches being through staff receiving fraudulent emails at 72%, followed by malware on any type of business system at 33%, spoofed company emails at 27% and surprisingly ransomware has been separated from the rest of the malware category at 17%. The more common issue involves a human at some stage being groomed into doing an action they believe to be genuine like opening an invoice attachment or clicking a link within an email.