Path to cyber resilience: Sense, Resist, React ePublication Pdf... · 2018-01-09 · Some statistics on cybersecurity for aviation sector 91% 63% 94% Plans to invest in cybersecurity

Page 1

EY’s 19th Global Information Security Survey 2016-17

GCAA – Risk Management Seminar

11th December, 2017

Mohamed Nayaz, Partner, EY

Path to cyber resilience:Sense, Resist, React

The better the question. The better the answer.

The better the world works.

Would you be ready for a cyber attack this morning?

Page 3 25 December, 2017 Cyber resilience for aviation sector

Some statistics…

How prepared is your company to handle a cyber attack?

25%

69%

3%

2%

Fully prepared

Somewhat prepared

Not where we need to be

Unsure

Page 4 25 December, 2017

Evolution of Threats

Cyber resilience for aviation sector

Page 5 25 December, 2017

The EY GISS 2017 in a nutshell.Executive Summary


► EY’s 19th Global Information Security Survey:

“Path to cyber resilience: Sense, resist, react”

► Responses were received from 72 countries

and across nearly all industries

► 1735 responses from C-suite leaders,

Information Security and IT executives/managers

Full EY GISS 2017 report can be

found online at ey.com/giss2017

SCHOTT - GISS results/ey.com/giss2016

Page 6

Top security breach incidents in the aviation sector

Cybercrime is big business. Today’s attackers:

► Are more organized – they are not just opportunists

► Are patient and sophisticated – they will often gain access and wait until the right moment to pounce


Page 7

British Airways, May 2017: Cancelled all flights from Heathrow

and Gatwick following a massive global IT failure.1

Delta Airlines, 8 August 2016: Global computer system outage

caused grounding of airlines for 6 hours, causing large scale

cancellations2

Southwest Airlines, 20 July 2016:Router failure causing large

scale disruptions including system crash, back up failures resulting

in flight delays and cancellations 4

5

LOT, 21 June 2015: Cyber attack caused the grounding of more

than 1,400 passengers in the Warsaw Frederic Chopin Airport6

Vietnam Airlines, 29 July 2016: Website security breach of the

airlines resulted in the loss of confidential data like name, address,

dates of birth of frequent flyers. 3

Top security breach incidents in the Aviation sector (Contd..)

United Airlines, 8 July 2015: Failed computer network router

caused disruptions in airline reservation systems resulting in flight

cancellations and delays

British Airways, 27 March 2015: A cyber attack was carried out

on the airways club executive account and reward points were

redeemed7


Page 8

Sector Trends Emerging themes

Nation State and APT Focus

Advanced networks blend OT with IT

on latest aircraft

► A single exploitable routing device may be all that

separates an airliners operational systems from those of

entertainment devices, potentially allowing flight and other

systems to be feasible

► Data management and subsequent data security is a

growing concern in the aerospace sector. Lateral

movement from entertainment networks to those

which control critical plane components

► Cloud-based applications and outsourced software

management can decrease your data management

requirements, but also exposes data to a third party

vendor and their security controls that you don’t

manage

► Nation States are increasingly targeting aerospace

companies (intellectual property, research and

development, business processes)

► Information gained through targeting aerospace companies

could be used for foreign military purposes or to aid another

governments competitive advantage for future targeting

efforts

Data Processing

► Airfields must now respond to incidents of private and

commercial drones affecting controlled airspace

► Nation state actors actively seek to manipulate remotely

piloted aircraft and sensors operated by the defense sector

for political and competitive gains

Drones

Digital Technology Innovation

► Increased investment into automation and information

technology

► Maintenance technologies are allowing less downtime

for maintenance conducted in between flight cycles,

allowing systems to predict, order and ship

components nearing the end of their shelf life

► Growing use of collaboration platforms for more

efficient supply chain planning, HR and admin

functions, which create additional attack vectors for

cyber actors to leverage


Page 9

Some statistics on cybersecurity for aviation sector

91%

63%

94%

► Plans to invest in cybersecurity programs over the next three years

► of airlines say cybersecurity is a board-level responsibility

► of airports are investing in cybersecurity incident response management

Source: SITA survey 2016


Page 10

Cyber Resilience

Sense► Ability of organizations to predict

and detect cyber threats.

► Cyber threat intelligence

► Active defense

► Need to know what will happen,

and they need sophisticated

analytics to gain early warning

of a risk of disruption.

Resist► The corporate shield

► Starts with how much risk an

organization is prepared to take

across its ecosystem

► Followed by establishing the

three lines of defense:

► First line of defence

► Second line of defence

► Third line of defence

React• If Sense fails and there is a

breakdown in Resist organizations

need to be ready to deal with the

disruption

• Incident response capabilities

• Preserve evidence in a forensically

sound way

• Investigate the breach

• Initiate a claim against perpetrators.

• Bring the organization back to

business as usual in the fastest

possible way

• Learn from what happened, and

adapt and reshape the organization to

improve cyber resilience going

forward.

See the threats comingEstablish corporate shield through

countermeasuresRecover from disruption


Page 11

Overall picture

Sense(See the threats coming)

Resist(The corporate shield)

React(Recover from disruption)

Where do organizations

place their priorities?Medium High Low

Where do organizations

make their investments?Medium High Low

Board and C-level

engagementLow High Low

Quality of executive or

boardroom reportingLow Medium Low


Page 12

Sense

Page 13

Sense: Predict and detect cyber threats.

56% use functions of a

security operation centre

Majority of organizations improved their

sense capabilities, but some are still just

delivering the basics.

64% do not have, or only have an

informal threat intelligence program

Most organisations have a too much

focus on their own environment and do

not consider the whole cyber ecosystem.

68% would not increase their

cybersecurity spending even

if a supplier was attacked

To improve their threat intelligence,

organisations should share information

and collaborate with other companies

e.g. suppliers and customers; especially

with the rise of the internet of things.

Source: EY’s 19th Global Information Security Survey:


Page 14

SOC


Page 15

Sense


Page 16

Resist

Page 17

Resist: Withstand cyber attacks.

86% say their cybersecurity

function does not fully meet their needs

Most organizations need to improve resist

capabilities to better defend, mitigate and

neutralize cyber attacks.

33% say they need more than

25% additional budget

Although every year budgets increase,

the amounts being spent and required to

invest are also rising.

Meeting organization’s cybersecurity

objectives requires investments into the

right things to close the skill gap and to

create more awareness on the board level.

56% see their main obstacle in

the lack of skilled resources



Page 18

Resist: Withstand cyber attacks

What are the main obstacles or reasons that challenge your Information Security

operation’s contribution and value to the organization?

Lack of skilled

resources

57% Budget

constraints

61%

Lack of executive

awareness or support

23%

Management and

governance issues

24%

Lack of quality tools

for managing

information security

24%

Fragmentation of

compliance/ regulation

20%Other 3%



Page 19

React

Page 20

Where is the money spent?

Compared to the previous year, which of the following activities does your organization

plan to spend more on over the coming year?

Multiple responses allowed

SIEM and SOC

Threat and vulnerability

management

46%

All sectors

40%

All sectors

Identity and access

management

Incident response

capabilities

43%

All sectors

39%

All sectors

Cloud computing

Business continuity

57%

All sectors

45%

All sectors



Page 21

It is critical that companies develop a strong, centralized response framework as

part of their overall enterprise risk management strategy

► The CBRP provides guidance to all lines of businesses involved in the response and can

help ensure that:

► An organization’s business continuity plan is appropriately implemented

► A communication and briefing plan among all internal stakeholders is developed and enforced

► All breach-related inquiries received from external and internal groups are centrally managed

Today’s emergency services: the Cyber Breach Response Program (CBRP)


Page 22

Growing cyber threats and implications for Aviation companies

Recover

From cybersecurity event by

restoring normal operations and

services

► Set up recovery plan

► Consider recover infrastructure, restoring data and reconnecting services with minimum disruption

► Routine audits and testing of incident response plan.

Respond

To a potential cybersecurity

event

► Know how to respond to cybersecurity incidents

► Set up a team and internal reporting structure

► Set up incident response plans

Detect

System intrusions, data

breaches and unauthorized

access

► Detect intrusions inside and outside of networks

► Detection strategy to include real time and proactive monitoring of networks, payment systems,

communication channels etc.

Protect

Organizational systems, assets,

and data

► Aviation companies to ensure appropriate safeguards are in place

► Take protection measures like raising awareness and provide trainings

Identify

Internal and external cyber risk► Implement risk assessment including classification of critical information assets, threats,

vulnerabilities, measurement of cyber risks and communication strategy for cyber risks


Page 23

What leaders are asking about their cyber security readiness?

Shared

Services

Centers

Regulatory risk

Control failures

Reputation riskInformation

risk

Executive leadership should consider whether the organization’s security framework could

respond to these issues:

How will governments

and regulators respond

to the increasing threat

of information risk?

How would a cyber

attack affect our

reputation and brand?

Could gaps or

weaknesses in our IT

controls and security be

contributing factors?

How will our

organization address

the key risk areas of

security, resilience and

data leakage?

Would using third parties

or shared service

centres increase risks to

our security and IT

sourcing?

IP & data

security

Is our organization

covered against data

leakage, loss and

rogue employees?

The success of a

sophisticated, effective

security strategy lies in the

ability to look ahead to future

opportunities and threats.


Page 24

A holistic approach to cybersecurity planning

Enable

► business performance

►Make security everyone’s responsibility.

►Don’t restrict newer technologies; use the forces of change to enable them.

►Broaden the program to adopt enterprise-wide information risk management

concepts.

►Set security program goals and metrics that influence business performance.

Identify the real risks

►Define the organization’s overall risk appetite and how information risk fits.

►Get governance right — make security a board-level priority.

►Allow good security to drive compliance, not vice versa.

►Measure leading indicators to catch problems while they are still small.

►Accept manageable risks that improve performance.

Sustain an enterprise program

►Align all aspects of security (information, privacy, physical and business continuity) with

the business.

►Spend wisely in controls and technology —invest more in people and processes.

►Consider selectively outsourcing operational security program areas.

Optimize for business performance

Protect what matters the most

►Develop a security strategy focused on business drivers and protecting high-value data.

►Assume breaches will occur — improve processes that plan, protect, detect and

respond.

►Balance fundamentals with emerging threat management.

►Assess the threat landscape and develop predictive models highlighting your real exposures.

►Identify the most important information and applications, where they reside and who has or needs access.


Page 25

A holistic approach to cybersecurity planning

Threat

Management/ SOC

operations

Technology Security

Assessment

Cloud Security

ReviewData Privacy

Third party risk

assessmentPayment Security


Page 26

Thank You

Mohamed Nayaz

Partner

Advisory Services | Cyber & Resilience

Tel. +968 99429679

[email protected]

The full report with all

insights and results of the

EY’s 19th Global

Information Security Survey

2016-17 can be found online

at

ey.com/giss2016-17

Find out more about EY’s cybersecurity services and visit

ey.com/cyber.

Full EY’s 20th GISS 2017-

18 report can be found

online at ey.com/giss2017-

18


http://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2016-pdf/$FILE/GISS_2016_Report_Final.pdf

http://ey.com/cyber

http://www.ey.com/gl/en/services/advisory/ey-global-information-security-survey-2017-18

Documents

Path to cyber resilience: Sense, Resist, React ePublication Pdf... · 2018-01-09 · Some statistics on cybersecurity for aviation sector 91% 63% 94% Plans to invest in cybersecurity