Upload
dorthy-robertson
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
CYBER RESILIENCE BEST PRACTICE
To Discuss
• Why cyber risk management is increasingly challenging
• How everyone has a role to play in your cyber risk management
• Insight from the Board on cyber risks and its impact on cyber risk management
• Insight and ideas for managing your cyber risks
Balancing opportunity and riskThe risks
$4.2 trillionestimated value of the internet economy in G20 economies by
2016
The opportunities
94%of businesses with 10+ employees are
online
936 exabytes
growth in global internet traffic from
2005-2015
13.5% to 23%projected rise in
consumer purchases via the internet from 2010-
2016
4.1%of GDP contributed
by internet
$445 billioncost of cyber-crime to the global economy
per year
44%increase in cyber incidents - 1.4 per
organization per week
90%of cyber attacks succeed because of the unwitting
actions of a member of staff$145
average cost paid for each lost or stolen file containing
sensitive or confidential information
The Challenges….
“253 days is the average number of days it takes an organisation to realise that they have been successfully attacked.”
“90% of large UK organisations had a security breach in 2014 (an increase of 81% from 2013)”
“90% of all successful cyber-attacks rely on human vulnerability to succeed.”
“69% of all large organisations were attacked by an unauthorised outsider in 2014 (an increase of 55% from the previous year)”
“59% of UK businesses expect attacks to increase next year”
1 person can enable an attacker to compromise your systems and access your most valuable information.
The Challenges - common client statements
“Why would anyone want to attack our organization?”
“We do not know what our most critical information
assets are in our organization.”
“We have our networks well protected by good
technology”
“Our current information/cyber security
training is ineffective in driving new behaviour's
across the organization.”
“We know we have already been attacked but do not
know how best to respond and recover effectively.”
“We do not know what good cyber resilience looks like for
our organization”
The Challenges – the hacking process
Process Tools
Reconnaissance Whois, NSLookup, Spyfu, EDGAR, Sam Spade, Google, DNS Lookup, ARIN, Wget, Dig, Traceroute
Scanning Ping, Nmap, Angry IP Scanner, Netcraft, Nikto, Nessus, ike-scan, RPCDump
Develop /select/deliver exploit
Metasploit, Rootkit (Hacker Defender, FU, Vanquish, HE4Hook)
Cover tracks Log eraser, Demon
The Challenges... the Cyber Crime toolbox……
The Challenges
Everyone has a role to play….
The challengeThe Human Factor
90%NEED TO INFLUENCE
AND ENABLE POSITIVE CHANGE IN USER BEHAVIOURS
Insight from the Board.
We need to develop a coherent cyber resilience strategy
We need to know what our critical information assets are
We need a cyber smart workforce and partner network
We need to embed good practices across our
organization
We need to communicate and understand more effectively
across the organization
We need to understand how we will respond and recover from
attack more effectively
Cyber Risk Management
Cyber Resilience is the ability for an organisation to resist, respond and recover from incidents that will impact the
information they require to do business.
Cyber Risk Management
What does good look like?
Cyber Risk Management
INFORMATION SECURITY
Confidentiality Integrity Availability Authenticity
People
Process
Technology
Security Policy
Regulatory Compliance
Staff Awareness Program
Access Control
Security Audit
Incident Response
Encryption, PKI
Firewall, IPS/IDS
Antivirus
You need staff who are ‘risk aware’ of.:
Phishing Social engineering
Online safety
Social media BYOD
Removable data
Password safety
Personal information
Information handling
Remote and mobile
working
Summary of business challenges
KEEP VALUE OF YOUR BUSINESS, IN YOUR BUSINESS
MAINTAIN REPUTATION
BALANCE OPPORTUNITIES AND RISKS
Need to identify and manage what good cyber
resilience looks like
Need to influence and enable positive change
in user behaviours
Need to communicate effectively during business as usual and during crisis
QUESTIONS
AND ANSWERS?