SESSION 304 Wednesday, April 13, 3:00pm - 4:00pm Track: Service Management Excellence

The Service Desk on the Front Lines of Cyber-Resilience

Bob Rice Director, Solutions3 LLC bob.rice@solutions3llc.com

Session Description Headlines about security breaches and the theft of company intellectual property and personal and financial information are far too common. The service desk is key to ensuring the early detection of security events and providing the first-line response. So what role should the service desk play in early identification of security events, and how can the service desk best be prepared to respond? Are there best practices to provide guidance to develop robust cyber-protection? This session explores cyber-resilience best practices and the impact the service desk plays in response and cyber-resilience. Speaker Background Bob Rice is the director of professional services at Solutions3 LLC. From his experience as a help desk agent up through his current position, Bob has mentor and led organizations in the delivery and support of IT services, within commercial and federal classified projects. Bob has spoken at FUSION and LIG conferences, PMI events, and BrightTalk webinars. He has also authored ITIL, data center, and cloud computing courses.

The Service Desk on the Front Lines of Cyber-Resilience

Bob Rice

Agenda• What About Bob?

• Setting the Stage

• Risks and Challenges

• What Is Cyber Resilience?

• The Service Desk

• Call To Action

• Q&A

Bob Rice

Director, Professional Services Organization

Solutions3 LLC

• ITIL® Expert

• ITIL® Practitioner Courseware Reviewer

•RESILIA™ Certified

• Lean IT Certified

•Accredited ITIL®/RESILIA/Lean IT Trainer

• Service Management Process Consulting

• 30+ Years IT and Engineering

• itSMF Atlanta LIG Event Chair

What About Bob?Solutions3

•Award Winning IT Management

Consulting & Training Organization

• Specializing in Architecting,

Implementing, and Training for IT

Management Solutions

SETTING THE STAGEThe Service Desk on the Front Lines of Cyber-Resilience

Landscape Cyber Risks

Estimated cost of data breaches:

$2.1 Trillion By 2019

95%Cyber attacks

succeed due to human factors

$2.7 MillionAverage size of financial impact

48%Increase in

cyber incidents since 2014

(+42 Million)

$4.2 Trillion Internet Economy in

2016

13.5% to 23% Projected rise in

consumer internet purchases

2010 - 2016

94%Businesses with 10+

employees that conduct business

online

936 ExabytesGrowth in global

internet traffic from 2005 - 2015

>9 BillionConnected devices in

the world

Quick Survey

• How many of you know that your company

intellectual property (IP) has been compromised?

• How many of you know that your company IP has

NOT been compromised?

• What about your Personally Identifiable Information

(PII)? Is it safe?

Breaches In The News• FBI and DHS Breach (2/7/2016) – teenagers arrested, access provided by a help

desk agent

• Home Depot - 53 Million

• Target - 40 Million

• JP Morgan - 76 Million households / 8 Million small businesses

• Anthem – 1 in 3 Americans info stolen

• Office of Personnel Management - 21.5 Million SF86 forms stolen / 5.6 Million

fingerprint cards stolen

• Sony – Stolen IP (Movies, videos, etc.)

• Ashley Madison – many people embarrassed

Actual Scenario – A Targeted Attack

You are working on something that will potentially revolutionize an industry

• You include employer info on your social media pages and post photos and updates from victories at Tuesday night trivia at the local sports bar

• One night at the bar, you strike up a conversation with a new “friend” and talk about technology. The new “friend” lets it slip that they work for IBM.

• The new “friend” gives you a business card with the iconic blue IBM logoand offers some “swag” they have in their car, including an IBM coffee mug, T-shirt, mouse pad and 8-gig flash drive.

• The next morning at work you push the thumb drive into your computer.

• Within seconds, the company's entire email network is compromised, and hackers begin work scraping messages, documents, attachments and images.

Actual Scenario – Cyber Security Review

• A small company is very proud of the work it has done protecting their “data center”

• A consulting company recommends a security assessment

• CIO says that they don’t need an assessment, they are well protected

• The consultant suggests that the CIO allow him to check, and bets that he can be in the system in minutes

• The CIO agrees, and the consultant is in the network in 20 minutes by exploiting known vulnerabilities

• The CIO agrees to the security assessment and hires the consulting firm to assess and build a roadmap for improvement

Actual Scenario – Official Sounding Email

Email from someone I don’t know…

We are currently upgrading all Webmail email outlook access to the newly launched IT WEBMAIL 3GB Unlimited. In order to restore your full email access with the new version HTK4S anti-virus 2016, you need to click below to fill the re-activation form.

CLICK HERE

System Helpdesk.

RISKS AND CHALLENGESThe Service Desk on the Front Lines of Cyber-Resilience

Trends that Impact the Service Desk

• Bring Your Own Device (BYOD)

– Smartphones

– Tablets

– Laptops

• Internet of Things (IoT)

– Fitness devices

– Watches (Laptop->Connected to Email->Exchange Server)

• Social Media / Marketing

• Near Field Communication (NFC)

– Company and personal credit cards

– Easy to compromise with a portable Point of Sale device

• Culture – Attitudes and Behaviors

Introducing your staff and users:

• Ova A'Cheva – The Business manager

– “I don't care what your processes are, I need this and need it now!”

– “Security is IT’s responsibility, not mine!”

• Ima Geek – overly connected user

• Shirley U. Jokin – Admin

– Affinity password logging (Sticky notes under the keyboard)

– “I can't remember passwords, they're in my way!”

• Otter O'Fice – Sales/Marketing

– “I don't have time for passwords!”

– “Nothing can get in the way of closing a deal – especially security!”

• Vera I. Plannot – the VIP who always needs help, like yesterday…

Risks and Challenges• People are our strongest asset, but…

• No one is safe

• Threats are constantly adapting

• Threats are more targeted

• Compliance does not equal security

• Identifying Critical Information Assets

Making It Personal

It’s not just about the single individual and Personally Identifiable Information (PII)!

Making It Personal* It’s about you and who you are connected to *

Count on it - Big Data Analytics are being used by the crooks!

WHAT IS CYBER RESILIENCE?(AND WHERE CAN I GET SOME?)

The Service Desk on the Front Lines of Cyber-Resilience

Cyber Resilience References

• RESILIATM Cyber Resilience Best Practices

• NIST Cybersecurity Framework

• NIST Framework for Improving Critical Infrastructure Cybersecurity (PDF)

• NIST Special Publication 800-39 Managing Information Security Risk

• ISO27001

• ITIL®

• M_o_R (AXELOS – Management of Risk)

Based on Axelos RESILIAtm: Cyber Resilience Best Practices, 1st Edition, 2015.

Cyber Resilience

What is Cyber Resilience?

• “The ability to prevent, detect and recover from any impact that incidents

have on the information required to do business.”

• Cyber Resilience extends Cyber Security throughout the organization…

Based on Axelos RESILIAtm: Cyber Resilience Best Practices, 1st Edition, 2015.

Cyber Resilience

Resilience

The ability of a system or component

to resist an unplanned disturbance

or failure, and to recover in a timely

manner following any unplanned

disturbance or failure.

Security

The state of being free from danger

or threat.

• Involves protection of what is

important

• Often more emphasis on

prevention and less on recovery

from an incident

Based on Axelos RESILIAtm: Cyber Resilience Best Practices, 1st Edition, 2015.

THE SERVICE DESKThe Service Desk on the Front Lines of Cyber-Resilience

The Service Desk in Action

• Quick and effective response to cyber incidents

• Effective engagement of cyber resilience plans

• Security incident escalation

• Incident information capture at point of occurrence

• Initial implementation of risk mitigation plan

• Security incident response improvement

Preparation and Planning

• Expect Cyber Security incidents

– Risks cannot always be prevented

– Risk response should be based on the value of

an information asset and the probability of the

threat

• Have a plan to respond

– Based on each classification of information

asset criticality

– Define formal response teams

– Have a pre-defined communication plan

– Determine resources required for investigation

and forensic analysis

Execution

• Detect security incidents

– Identify “finger prints” of typical security incidents

– Update all scripts to include analysis points for potential security

incidents

– Have a single focal point for managing security incidents

– Triage all suspected security incidents to validate them and to identify

proper escalation

– Security incidents must be responded to quickly

– Consistency in response is important

Evidence

• Evidence Collection

– During the incident, evidence must be collected for potential legal

responses

– Defined procedures to preserve evidence must be included in the

planning for security incidents

– The Chain of Custody of the evidence is critical to the use of the

evidence in any legal action

Response

• Containment

– The immediate objective during a security incident response team

– This stops the “pain” from spreading and allows for subsequent

decisions

– Allows for further evidence to be collected

• Response

– Identify the required actions to eradicate the cause of the incident

– If a recovery is required, determine how to recover

Improve

• Continual Service Improvement

– Conduct post incident review of security

incident

– Some security incidents will be major

breaches (e.g. major incidents)

– If needed, identify root cause and determine

how to prevent future occurrences

– Test your plans and improve them

– Review the information assets involved and

determine additional security planning

needed

Anticipate Attack Vectors

Be Vigilant!

Phishing Spear-Phishing Trojans Viruses

Social Engineering Malware Hijacking Ransomware

Hacking DoS DDoS Infection

Spyware Keystroke Loggers Pre-Texting

• Train users what to expect

• Warn users when suspicious activity is identified

• Provide regular security awareness through service desk interaction

Ongoing Effort

• Stay Prepared and Informed

– Have a focal point that checks security sites for potential and active

threats

– Daily broadcast of potential and active threats to the service desk and

users

– Check out suspicious issues reported by users

• http://www.snopes.com/

• https://www.us-cert.gov/

• http://www.symantec.com/security_response/landing/threats.jsp

Training

• Service Desk Training

– RESILIA™

– Training on internal security policies

– Updates on scripts and procedures

– Service Management tool updates and training

• User Training

– Basic information at Anti-virus vendor pages

– Custom enterprise security training

– Weekly email updates

– Updates to internal webpages

CALL TO ACTIONThe Service Desk on the Front Lines of Cyber-Resilience

Call to Action

• What should the Service Desk do?

– Realize that the Service Desk is on the front lines of Cyber

Resilience

– Ensure the Service Desk is prepared to identify and respond

to cyber incidents

– Design a purposeful and effective cyber incident response

and recovery

– Encourage a cyber smart workforce

– Proactively identify threats and communicate them

Q & A

Thank you for attending this session.

Please don’t forget to complete a session evaluation!