Jisc, profile picture
Uploaded byJisc
PPTX, PDF1,605 views

Mitigation starts now

The document discusses cyber incident handling and reporting. It notes that 65% of large firms and 1 in 4 businesses experienced a cyber breach or attack in the past year. It outlines steps for businesses to take to prepare for and handle cyber incidents, including having an incident response plan, understanding network topology, and ensuring key points of contact. It provides details on where to report historic or ongoing cyber incidents and crimes. It also describes the Cyber Information Sharing Partnership (CiSP), a platform for sharing cyber threat information between government and industry.

Embed presentation

Download to read offline
Mitigation starts now DI Daniel Lawrence, NPCC National Cyber PROTECT Coordinator 1/11/2016
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Mitigation starts now DI Daniel Lawrence NPCC National Cyber PROTECT Coordinator
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Objectives • Incident Handling – Are you ready? • Reporting Cyber Incidents • Assessment of the Incident (who takes precedence)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Incident Handling – Are you ready?
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Cyber breaches and attacks over the past year: • 65% of large firms • 1 in 4 of all businesses What is at risk? • Your money • Your data (e.g. customer details, intellectual property, confidential emails) • Your day-today operations (e.g. customer website, internal systems) • Your business’ reputation The cyber threat: are you a target?
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Things to think about • Tell the organisations that can help • Ensure you have a business continuity plan for when things go bad • Think about messaging, both internally and externally • Know your network and what normal looks like • Do you know what information you are holding and how quickly you can find out what has gone?
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Not just a problem for the IT department Will require a response from staff across teams: • Legal • HR • Communications/Media • C-level staff • Business Continuity
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Incident Handling Model
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Understand the risks facing your business • Assemble the correct team • Understand your network topology • Develop and test an incident handling plan • Establish effective forensic readiness
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Ensure you have key points of contact • Agree a decision log format • Exercise the incident handling team • Drive user awareness • Agree internal and external communications & reporting structures
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Detect events as they happen • Use data feeds to provide context • Understand the affected asset • Make proportionate response recommendations
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Understand the attack • Preserve evidence • Consider appropriate clean-up actions • Initiate internal communications
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Activity will depend on the nature of the incident • Implement alongside your Business Continuity Plan • Ensure full visibility and agreement of system owner • Ensure shared understanding on briefings • Establish a feedback loop
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Maintain the feedback loop • Identify when systems can be reintroduced • Focus on preventing a recurrence • Maintain communications • Ensure a shared understanding of the end state
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Treat incidents as learning opportunities • Complete relevant documentation • Learning lessons is an ongoing process • Consider implications for all elements of your business • Share what you have learned – on CiSP!
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Reporting Cyber Incidents & Cyber Crime
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Historic / incident that has passed • Action Fraud – actionfraud.police.uk • 0300 123 2040 Crime in Action • 101 / 999 Local to National * * *
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Information Sharing and CiSP Need to Know → Need to Share
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk  CiSP is a joint government and industry initiative to share cyber threat information, hosted by CERT-UK  Free to join – funded by UK government  Current membership stands at over 6500 individuals and under 2500 organisations  The ‘Fusion Cell’ stimulates discussion and sharing on the platform and provides all source assessment  Sharing is based on Traffic Light Protocol  CiSP produces a range of products/outputs including alerts and analysis papers for organisations
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Different products for differing cyber maturity
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk CiSP Homepage
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk All groups are private (members only) but their existence is public. Only members can view content in a private group. Secret groups are private but invisible to non-members. Restriction either by membership (group) or by subject (space) Open to every member with no restrictions CiSP Environment Group Private Secret Space
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Spaces and Groups
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk You can be anonymous… …but think carefully if you need to be.
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Discuss – Disseminate – Analyse
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Structured Incident Reports Future developments
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Enhanced 2FA
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk A New Homepage
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk From the board to the frontline…
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Evoke behaviour change Cannot be done in isolation End user / employee awareness is not the panacea…. Board level responsibility There needs to be technical solutions as the most educated will still ‘click the link’ or ‘open the attachment’… Top to bottom review of processes is key Role of PROTECT is to raise awareness to those identified as being most vulnerable to exploitation.
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk dlawrence@cert.gov.uk

More Related Content

PDF
NCSC Speaker
byRoyal United Services Institute for Defence and Security Studies
 
PDF
Evertio Schrems II
byFanny Surjana
 
PPTX
Ghostery MCM - May 2016
byGhostery, Inc.
 
PPTX
SCL Conference 8 June 2017 - Investigatory Powers Act
byGraham Smith
 
PDF
MMV Webinar 2. GDPR Insights. January 2018
byMatch-Maker Ventures
 
PPTX
GDPR Part 1: Quick Facts
byAdrian Dumitrescu
 
PDF
Cyber crime (prohibition,prevention,etc)_act,_2015
byChinatu Uzuegbu
 
PDF
Keeping Information Safe: Privacy and Security Issues
byipspat
 
NCSC Speaker
byRoyal United Services Institute for Defence and Security Studies
 
Evertio Schrems II
byFanny Surjana
 
Ghostery MCM - May 2016
byGhostery, Inc.
 
SCL Conference 8 June 2017 - Investigatory Powers Act
byGraham Smith
 
MMV Webinar 2. GDPR Insights. January 2018
byMatch-Maker Ventures
 
GDPR Part 1: Quick Facts
byAdrian Dumitrescu
 
Cyber crime (prohibition,prevention,etc)_act,_2015
byChinatu Uzuegbu
 
Keeping Information Safe: Privacy and Security Issues
byipspat
 

What's hot

PPTX
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
byQualsys Ltd
 
PPT
Data protection-training
byJames Wright
 
PDF
11 European Privacy Regulations That Could Cost You €1 Million in Fines
bySkyhigh Networks
 
PDF
Denis Gursky Internet Censorship in Ukraine
byDenis Gursky
 
PPTX
Ipswitch and cordery on the road " All you need to know about GDPR but are t...
bySébastien Roques
 
PPTX
The Practical Impact of the General Data Protection Regulation
byGhostery, Inc.
 
PDF
SAP Business One
byAGSanePLDTCompany
 
PDF
EY General Data Protection Regulation: Are you ready?
byVYTIS MALECKAS
 
PDF
Current Conditions and Challenges of Cybersecurity in Taiwan
byAPNIC
 
PDF
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
byJames Bryce Clark
 
PPTX
GDPR Presentation slides
byNaomi Holmes
 
PDF
Business Privacy & Facility Security
byMatt Walther
 
PDF
Quels sont les enjeux de la réglementation GDPR
byLeonard Moustacchis
 
ODP
The Junta Digital Agenda: 76 Days Later
byArthit Suriyawongkul
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
byQualsys Ltd
 
Data protection-training
byJames Wright
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
bySkyhigh Networks
 
Denis Gursky Internet Censorship in Ukraine
byDenis Gursky
 
Ipswitch and cordery on the road " All you need to know about GDPR but are t...
bySébastien Roques
 
The Practical Impact of the General Data Protection Regulation
byGhostery, Inc.
 
SAP Business One
byAGSanePLDTCompany
 
EY General Data Protection Regulation: Are you ready?
byVYTIS MALECKAS
 
Current Conditions and Challenges of Cybersecurity in Taiwan
byAPNIC
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
byJames Bryce Clark
 
GDPR Presentation slides
byNaomi Holmes
 
Business Privacy & Facility Security
byMatt Walther
 
Quels sont les enjeux de la réglementation GDPR
byLeonard Moustacchis
 
The Junta Digital Agenda: 76 Days Later
byArthit Suriyawongkul
 

Viewers also liked

PPTX
Cyber Crime - "Who, What and How"
byJisc
 
PPT
Role of the CISO in Higher Education
byJisc
 
PPTX
Certifying and Securing a Trusted Environment for Health Informatics Research...
byJisc
 
PDF
Protecting our customers - BT security
byJisc
 
PPTX
Data and information governance: getting this right to support an information...
byJisc
 
PPTX
GDPR: More reasons for information security
byJisc
 
PPT
Working with students and ISO27001
byJisc
 
PPTX
Information security at University of East London: the benefits (and pitfalls...
byJisc
 
PPTX
Closing plenary and keynote from Lauren Sager Weinstein
byJisc
 
PPTX
110G networking within JASMIN
byJisc
 
PPTX
Provisioning Janet
byJisc
 
PPTX
Archiving data from Durham to RAL using the File Transfer Service (FTS)
byJisc
 
PPTX
Challenges in end-to-end performance
byJisc
 
PPTX
Science DMZ
byJisc
 
PPTX
Enabling efficient movement of data into & out of a high-performance analysis...
byJisc
 
PPT
Solving Network Throughput Problems at the Diamond Light Source
byJisc
 
PDF
Science DMZ at Imperial
byJisc
 
PDF
The Impact of the General Data Protection Regulation - 10th May 2016
byIISPEastMids
 
PPTX
Data and disadvantaged students - using learning analytics for inclusion
byJisc
 
PPTX
The Assessment Journey
byJisc
 
Cyber Crime - "Who, What and How"
byJisc
 
Role of the CISO in Higher Education
byJisc
 
Certifying and Securing a Trusted Environment for Health Informatics Research...
byJisc
 
Protecting our customers - BT security
byJisc
 
Data and information governance: getting this right to support an information...
byJisc
 
GDPR: More reasons for information security
byJisc
 
Working with students and ISO27001
byJisc
 
Information security at University of East London: the benefits (and pitfalls...
byJisc
 
Closing plenary and keynote from Lauren Sager Weinstein
byJisc
 
110G networking within JASMIN
byJisc
 
Provisioning Janet
byJisc
 
Archiving data from Durham to RAL using the File Transfer Service (FTS)
byJisc
 
Challenges in end-to-end performance
byJisc
 
Science DMZ
byJisc
 
Enabling efficient movement of data into & out of a high-performance analysis...
byJisc
 
Solving Network Throughput Problems at the Diamond Light Source
byJisc
 
Science DMZ at Imperial
byJisc
 
The Impact of the General Data Protection Regulation - 10th May 2016
byIISPEastMids
 
Data and disadvantaged students - using learning analytics for inclusion
byJisc
 
The Assessment Journey
byJisc
 

Similar to Mitigation starts now

PPTX
Cloud Security.pptx
byBinod Rimal
 
PDF
Craft Your Cyber Incident Response Plan (Before It's Too Late)
byResilient Systems
 
PPTX
ISACA ISSA Presentation
byMarc Crudgington, MBA
 
PPTX
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
byCollege Development Network
 
PPT
Cyber Crime and Security Ch 1 .ppt
bywaleejhaider1
 
PDF
Data breach-response-planning-laying-the-right-foundation
byBradley Arant Boult Cummings LLP
 
PPTX
June 16 2015 P&S Update Webinar
byMichael R Geske
 
PDF
Information Security in term of computer science
bysaifafd343
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
PPT
2.4.1 - Intro to Cyber Security for students.ppt
byrameshselvarajkkp
 
PPTX
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
byTechSoup Canada
 
PPTX
Datto event master slides
byGary S. Creigh
 
PPTX
Unit 1.pptx
byMsVaishaliKumar
 
PDF
BEA Presentation
byGlenn E. Davis
 
PDF
NCSC_SBG_Actions.pdf
byPolicypros.co.uk
 
PPTX
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
PDF
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
PPT
All's Fair in Love and Cyber Warfare
byNationalUnderwriter
 
PPTX
New Developments in Cybersecurity and Technology for RDOs: Howland
bynado-web
 
PDF
Azstec cyber-security-workbook
byYulia Dianova
 
Cloud Security.pptx
byBinod Rimal
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
byResilient Systems
 
ISACA ISSA Presentation
byMarc Crudgington, MBA
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
byCollege Development Network
 
Cyber Crime and Security Ch 1 .ppt
bywaleejhaider1
 
Data breach-response-planning-laying-the-right-foundation
byBradley Arant Boult Cummings LLP
 
June 16 2015 P&S Update Webinar
byMichael R Geske
 
Information Security in term of computer science
bysaifafd343
 
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
2.4.1 - Intro to Cyber Security for students.ppt
byrameshselvarajkkp
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
byTechSoup Canada
 
Datto event master slides
byGary S. Creigh
 
Unit 1.pptx
byMsVaishaliKumar
 
BEA Presentation
byGlenn E. Davis
 
NCSC_SBG_Actions.pdf
byPolicypros.co.uk
 
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
All's Fair in Love and Cyber Warfare
byNationalUnderwriter
 
New Developments in Cybersecurity and Technology for RDOs: Howland
bynado-web
 
Azstec cyber-security-workbook
byYulia Dianova
 

More from Jisc

PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PPTX
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 
PPTX
Strengthening open access through collaboration: building connections with OP...
byJisc
 
PPTX
Andrew-Brown-JUSP-showcase-20240730.pptx
byJisc
 
PPTX
JUSP Showcase - Rebuilding Data presentation
byJisc
 
PPTX
Adobe Express Engagement Webinar (Delegate).pptx
byJisc
 
PPTX
FE Accessibility training matrix partnership - information session
byJisc
 
PPTX
Procuring a research management system: why is it so hard?
byJisc
 
PPTX
Adobe Express Engagement Webinar (Delegate).pptx
byJisc
 
PPTX
How libraries can support authors with open access requirements for UKRI fund...
byJisc
 
PPTX
Supporting (UKRI) OA monographs at Salford.pptx
byJisc
 
PPTX
The approach at University of Liverpool.pptx
byJisc
 
PPTX
Jisc's value to HE: the University of Sheffield
byJisc
 
PPTX
Towards a code of practice for AI in AT.pptx
byJisc
 
PPTX
Jamworks pilot and AI at Jisc (20/03/2024)
byJisc
 
PPTX
Wellbeing inclusion and digital dystopias.pptx
byJisc
 
PPTX
Accessible Digital Futures project (20/03/2024)
byJisc
 
PPTX
Procuring digital preservation CAN be quick and painless with our new dynamic...
byJisc
 
PPTX
International students’ digital experience: understanding and mitigating the ...
byJisc
 
PPTX
Digital Storytelling Community Launch!.pptx
byJisc
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 
Strengthening open access through collaboration: building connections with OP...
byJisc
 
Andrew-Brown-JUSP-showcase-20240730.pptx
byJisc
 
JUSP Showcase - Rebuilding Data presentation
byJisc
 
Adobe Express Engagement Webinar (Delegate).pptx
byJisc
 
FE Accessibility training matrix partnership - information session
byJisc
 
Procuring a research management system: why is it so hard?
byJisc
 
Adobe Express Engagement Webinar (Delegate).pptx
byJisc
 
How libraries can support authors with open access requirements for UKRI fund...
byJisc
 
Supporting (UKRI) OA monographs at Salford.pptx
byJisc
 
The approach at University of Liverpool.pptx
byJisc
 
Jisc's value to HE: the University of Sheffield
byJisc
 
Towards a code of practice for AI in AT.pptx
byJisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
byJisc
 
Wellbeing inclusion and digital dystopias.pptx
byJisc
 
Accessible Digital Futures project (20/03/2024)
byJisc
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
byJisc
 
International students’ digital experience: understanding and mitigating the ...
byJisc
 
Digital Storytelling Community Launch!.pptx
byJisc
 

Recently uploaded

PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
API-First Architecture in Financial Systems
bycyy111112
 

Mitigation starts now

  • 1.
    Mitigation starts now DIDaniel Lawrence, NPCC National Cyber PROTECT Coordinator 1/11/2016
  • 2.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Mitigation starts now DI Daniel Lawrence NPCC National Cyber PROTECT Coordinator
  • 3.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Objectives • Incident Handling – Are you ready? • Reporting Cyber Incidents • Assessment of the Incident (who takes precedence)
  • 4.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Incident Handling – Are you ready?
  • 5.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Cyber breaches and attacks over the past year: • 65% of large firms • 1 in 4 of all businesses What is at risk? • Your money • Your data (e.g. customer details, intellectual property, confidential emails) • Your day-today operations (e.g. customer website, internal systems) • Your business’ reputation The cyber threat: are you a target?
  • 6.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Things to think about • Tell the organisations that can help • Ensure you have a business continuity plan for when things go bad • Think about messaging, both internally and externally • Know your network and what normal looks like • Do you know what information you are holding and how quickly you can find out what has gone?
  • 7.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Not just a problem for the IT department Will require a response from staff across teams: • Legal • HR • Communications/Media • C-level staff • Business Continuity
  • 8.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Incident Handling Model
  • 9.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Understand the risks facing your business • Assemble the correct team • Understand your network topology • Develop and test an incident handling plan • Establish effective forensic readiness
  • 10.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Ensure you have key points of contact • Agree a decision log format • Exercise the incident handling team • Drive user awareness • Agree internal and external communications & reporting structures
  • 11.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Detect events as they happen • Use data feeds to provide context • Understand the affected asset • Make proportionate response recommendations
  • 12.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Understand the attack • Preserve evidence • Consider appropriate clean-up actions • Initiate internal communications
  • 13.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Activity will depend on the nature of the incident • Implement alongside your Business Continuity Plan • Ensure full visibility and agreement of system owner • Ensure shared understanding on briefings • Establish a feedback loop
  • 14.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Maintain the feedback loop • Identify when systems can be reintroduced • Focus on preventing a recurrence • Maintain communications • Ensure a shared understanding of the end state
  • 15.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk • Treat incidents as learning opportunities • Complete relevant documentation • Learning lessons is an ongoing process • Consider implications for all elements of your business • Share what you have learned – on CiSP!
  • 16.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Reporting Cyber Incidents & Cyber Crime
  • 17.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Historic / incident that has passed • Action Fraud – actionfraud.police.uk • 0300 123 2040 Crime in Action • 101 / 999 Local to National * * *
  • 18.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Information Sharing and CiSP Need to Know → Need to Share
  • 19.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk
  • 20.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk  CiSP is a joint government and industry initiative to share cyber threat information, hosted by CERT-UK  Free to join – funded by UK government  Current membership stands at over 6500 individuals and under 2500 organisations  The ‘Fusion Cell’ stimulates discussion and sharing on the platform and provides all source assessment  Sharing is based on Traffic Light Protocol  CiSP produces a range of products/outputs including alerts and analysis papers for organisations
  • 21.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Different products for differing cyber maturity
  • 22.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk CiSP Homepage
  • 23.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk All groups are private (members only) but their existence is public. Only members can view content in a private group. Secret groups are private but invisible to non-members. Restriction either by membership (group) or by subject (space) Open to every member with no restrictions CiSP Environment Group Private Secret Space
  • 24.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Spaces and Groups
  • 25.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk You can be anonymous… …but think carefully if you need to be.
  • 26.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Discuss – Disseminate – Analyse
  • 27.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Structured Incident Reports Future developments
  • 28.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Enhanced 2FA
  • 29.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk A New Homepage
  • 30.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk From the board to the frontline…
  • 31.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk Evoke behaviour change Cannot be done in isolation End user / employee awareness is not the panacea…. Board level responsibility There needs to be technical solutions as the most educated will still ‘click the link’ or ‘open the attachment’… Top to bottom review of processes is key Role of PROTECT is to raise awareness to those identified as being most vulnerable to exploitation.
  • 32.
    This information isexempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk dlawrence@cert.gov.uk