8
Distribute.IT – A Case Study

Distribute.IT – A Case Study. Background Formed 2002 as a startup Web Services provider −Domain name registrar −Web/Server Hosting −SSL Products −SMS

Embed Size (px)

Citation preview

Distribute.IT – A Case Study

Background

• Formed 2002 as a startup• Web Services provider

− Domain name registrar

− Web/Server Hosting

− SSL Products

− SMS messaging• ~10% Market Share - .au domain names• Offices in Melbourne & Jakarta• 30+ Employees• 200,000+ domain name clients• 30,000+ hosting clients• 8-10 million SMS messages per annum• 3,000+ Resellers• Profitable, growing, cash flow positive business

Initial Breach

Fri. 3/6 4/6

Fri.10/6

BreachDetected

Network Lockdown

5/6 6/6 7/6 8/6 9/6

CustomerFallout

Compliance

Reconfigure Entire Network

June 3 – June 10, 2011

Major BreachJune 11 – June 23, 2011

Sat. 11/6 12/6 13/6 14/6 15/6 16/6 17/6 18/6 19/6 20/6 21/6 22/6 23/6

~ 4:30 pm ‘Major’

Incident

~ 5:30 pm Shutdown

entire network

Network Rebuild

Major BreachJune 11 – June 23, 2011

Sat. 11/6 12/6 13/6 14/6 15/6 16/6 17/6 18/6 19/6 20/6 21/6 22/6 23/6

~ 4:30 pm ‘Major’

Incident

~ 5:30 pm Shutdown

entire network

Network Rebuild

ClientComms

Social Media

Compliance

auDA nzDNC ICANN

AFP

First Servers come back online

Approx. 96% of servers online

AnalysisStaff Loss

AFP Meetings

Customer Loss

Board Meeting

Media

Complete Assessmen

t

Board Meeting

Solvency? Insurance

Compliance

Governing Body Support (auDA, etc)

Social Media

Media

Government

Media

Announcement Re: 4 servers

Liquidator Meetings

Staff Loss

Privacy Commissioner

Banks

Accreditations

Damage Mitigation

Sale of Assets to Netregistry

Lessons Learnt

• Cyber Security is not just an IT issue

• Security is a Process – not a static position

• Governance and Risk (Information Security Management)

What Now?

• Cqr.com• [email protected]

Questions?

DISCLAIMER OF LIABILITY

While every effort is made to provide accurate and complete information, CQR Consulting Pty Ltd and/or Distribute.IT Pty Ltd and/or the presenters do not warrant or represent that the information in this presentation is free from errors or omissions or is suitable for your intended use. The information provided in this presentation may not be suitable for your specific situation or needs and should not be relied upon by you in substitution of you obtaining independent expert advice. Subject to any terms implied by law and which cannot be excluded, CQR Consulting Pty Ltd accepts no responsibility for any loss, damage, cost or expense (whether direct or indirect) incurred by you as a result of any error, omission or misrepresentation in information in this presentation. All information in this presentation is subject to change without notice. Reproduction (in whole or in part) of this presentation only with the prior written consent of the author(s).