Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe
Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack Cyber Resilience needs an end to end approach that brings together critical areas to ensure organisations continue to function during cyber attacks and cyber outages. Cyber Security Cyber security is designed to protect systems, networks and data from cyber crimes. Effective cyber security reduces the risk of a cyber attack and protects organisations from the deliberate exploitation of their assets. Business Continuity Business continuity provides the capability to resume operations when an event causes a service disruption. Plans for business continuity address natural catastrophes, accidents and deliberate physical attacks; but now they must also support resumption of operations following cyber attack disruptions.
Cyber Resilience Maturity Assessment Workshop Often these attacks disrupt business operations instead of garnering financial gain WikiLeaks CIA Vault 7 Petya/NotPetya/Nyetya/Goldeneye/ QakBot Trojan destructive malware Deloitte Equifax breach of 143 million records City of Atlanta Meltdown/Spectre Feb May July 2017 March June Sept Jan 2018 Mar Shamoon - destructive malware Macron Campaign Hack WannaCry Verizon Triton targets industrial control systems (ICS) 3
Cyber Resilience Maturity Assessment Workshop Why is cyber resilience needed? Cyber attacks are evolving and on the rise. Top 5 causes of cyber disruptions 61% Phishing and social engineering 45% Malware 37% Spear-phishing attack 24% Denial of service 21% Out-of-date software Many organizations are unprepared 68% 66% 75% 197 days Lack the ability to remain resilient in the wake of a cyber attack Suffer from insufficient planning and preparedness Have ad-hoc, non-existent, or inconsistent cyber security incident response plans Average amount of time hackers spend inside IT environments before discovery Sources: Ponemon Institute 2018 Cost of Data Breach Study: Impact of Business Continuity Management IBM/Forbes Insights survey of 153 executives at large enterprises worldwide, 4
As a result of these new attacks board leaders have ranked cyberattacks in the top 5 of Global Risks at the World Economic Forum in Davos, Switzerland, in 2018 Business Impact 4.8-15% * Stock Value Erosion post Cyberattack / Data Breach Source: Cyber Value Connection Source: Source: World Economic Forum, 2018 WEF Regional Risks for Doing Business 2018
The Cyber Resilient Organisation - current awareness & action Stance on Cyber Resilience Only 43% improved in past 12 months Barriers to Cyber Resilience Lack of investment 60% Inability to hire skills 56% Lack of Visibility into assets 46% Lack of end user training 31% Lack of training and cert for IT staff 28% Silo and Turf issues 24% Lack of Information governance practices 22% Lack of Board reporting 17% Lack of C Level Buy in 15% Business Owner Who has overall responsibility for directing an organizations efforts to ensure a high level of cyber resilience? CIO 23% BU Leader 22% CISO 14% NO ONE PERSON 11% BC Manager 8% CRO 7% CEO 7% CTO 6% 6 2018 IBM Corporation
Work out your vulnerabilities and build a safe future proof strategy Identify your risks Identify Recover normal operations Recover Respond with a Plan Respond Protect Detect https://www.nist.gov/cyberframework Protect your assets against attacks Detect threat activity
Cyber Resilience Maturity Assessment Workshop Cyber resilience serves a number of IT and risk management disciplines Incident Response Information Security Cyber Resilience Business Continuity Disaster Recovery Network Security Risk Management 8
Our Approach Identify Protect Detect Respond Recover Uses IBM Cyber Resilience Lifecycle Measures Cyber Resilience capabilities of IT environment and Operational Processes Uses recognized best practice Framework Identifies current and target state Provides recommended improvements and road map Preliminary Assessment Workshop Approach 1 2 3 Asset Management Business Environment Risk Assessment Define Goals and Requirements Discuss initial situation and define requirements in context Cyber Resiliency Assess Maturity Levels of Each Category Analysis Access Control Supply Chain Risk Awareness Training Protection Technologies Anomalies & Events Maintenance Governance Mitigation Security Monitoring Detection Processes Data Security Response Planning Response Improvements Recovery Planning Present Results and Roadmap Risk Management Strategy Info Protection Services Recovery Improvements Analyze assessment results and derive roadmap to enhance Cyber Resiliency Level Response Communications Recovery Communications 9
Cyber Resiliency Assessment 10
Cyber Resilience Maturity Assessment Workshop Is there a universally accepted standard? Cyber Resilience as a domain is still evolving Different industry bodies recommend different approaches based on geography, industry, size Cyber Security Framework (CSF) from NIST is one of most popular and widely used. COBIT National Institute of Standards and Technology Contains informative references to other industry recognized standards and frameworks. International Organization for Standards Council on CyberSecurity International Society of Automation 11
Do you have one defined Leader that is responsible for Switch over & Fail Over? Does your CISO work hand in hand with your Disaster Recovery Manager and Business Continuity Manager? Does your Backup Strategy include Point in Time copies, Air gapped & WORM storage, forensic analysis and continuous switch over testing? Does your Disaster Recovery Plan get tested regularly that includes your supply chain? Do you run your production environment from your DR environment on a regular basis? Is Resilience at the core of your architectural design principles? 12
Thank You FelicityMarch@UK.IBM.COM Oslo