MANAGING CYBERSECURITY AWARENESS BY EXPERIENCE

Similar documents
ACTIONABLE SECURITY AWARENESS: CONVERT THE WEAKEST LINK INTO THE SAFETY FORCE

Kaspersky Security Awareness

EMPLOYEE SKILLS TRAINING PLATFORM. On-access skills training and measurement for all employees

Express Monitoring 2019

Caribbean Cyber Security: Not Only Government s Responsibility

Cyber Security Congress 2017

Real estate predictions 2017 What changes lie ahead?

Cybersafety Culture Assessment

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Cybersecurity for IT Online. kaspersky.com/awareness #truecybersecurity. Kaspersky Enterprise Cybersecurity

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

Good afternoon. I am pleased to join you at the National Security Conference today.

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

A CFO s Guide to Cyber Security in the Coming Year

RESOLUTION 130 (REV. BUSAN, 2014)

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

29-31 OCTOBER cyberethicaldays.com THE BEST WAY TO PROMOTE YOUR CYBER SECURITY SOLUTIONS IN EUROPE

Leading the Digital Transformation from the Centre of Government

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Serious Organised Crime Agency Collaborative Partnership s Work! Howard Lamb SOCA e-crime

SWIFT Response to the Committee on Payments and Market Infrastructures discussion note:

Samu Konttinen, CEO Q3 / 2017 CORPORATE SECURITY REVENUE UP BY 11% - GOOD GROWTH CONTINUED

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

CYBER SECURITY AIR TRANSPORT IT SUMMIT

2015 VORMETRIC INSIDER THREAT REPORT

BRING EXPERT TRAINING TO YOUR WORKPLACE.

MALAYSIA S APPROACH IN CAPACITY BUILDING. Dr Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia 24 March 2017

DXC Security Training

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Mozilla position paper on the legislative proposal for an EU Cybersecurity Act

Cybersecurity, Trade, and Economic Development

Kaspersky Industrial Cybersecurity Training Program

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Securing the User: Winning Hearts & Minds to Drive Secure Behavior

What is ISO ISMS? Business Beam

with Advanced Protection

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Global Information Security Survey. A life sciences perspective

Discussion on MS contribution to the WP2018

CONE 2019 Project Proposal on Cybersecurity

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Attack: Is Your Business at Risk?

ISACA January 2016 Cybersecurity Snapshot US Results. Number of respondents (n) = 862

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Project Management Professional (PMP ) Certification

Cyber Security. It s not just about technology. May 2017

Run the business. Not the risks.

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Building a Threat Intelligence Program

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

How DDoS Mitigation is about Corporate Social Responsibility

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Micro Focus Partner Program. For Resellers

About Issues in Building the National Strategy for Cybersecurity in Vietnam

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Gujarat Forensic Sciences University

Asset Management conference 2016

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Kaspersky Enterprise Cybersecurity. Employee Skills Training Platform. #truecybersecurity

TRANSFORMING WEST MIDLANDS POLICE A BOLD NEW MODEL FOR POLICING

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Cyber Security Technologies

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

e:

The NextGen cyber crime battlefield. Why organizations will always lose this battle

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Cybersecurity and the Board of Directors

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

SEACEN Cyber Security Summit 2014 Demystifying Cyber Risks: Evolving Regulatory Expectations

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Incident Response Plans: The Emergency Shutoff Control for Cyber Risk. Tabitha Greiner, Acumera Chris Lietz, Coalfire

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular

Training + Information Sharing: Pillars of enhancing cybersecurity posture

Strategy for information security in Sweden

Security Awareness Training Courses

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Ransomware piercing the anti-virus bubble

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

A practical guide to IT security

CYBER RESILIENCE & INCIDENT RESPONSE

Neotys Academy. Neotys Training Catalog Neotys. All Rights Reserved.

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Building cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Transcription:

MANAGING CYBERSECURITY AWARENESS BY EXPERIENCE Kaspersky Interactive Protection Simulation security awareness training for top managers and decision makers 2017 Kaspersky Lab. All rights reserved. 1

CYBERSECURITY TODAY LOST IN A CORPORATE BERMUDA TRIANGLE CEO Does not see how cybersecurity spendings relate to Revenues SECURITY Focus on protecting the confidential information Many security controls are under IT management IT & BUSINESS MANAGERS Focused on business efficiency, automation, new technologies Mutual understanding and daily attention to cyberthreats between these 3 are crucial to successful cybersecurity in the modern business 2

CYBERSECURITY TODAY LOST IN A CORPORATE BERMUDA TRIANGLE Lectures and technical red/blue exercises are flawed: Long, too-technical, boring, not for managers Fail to build common language at the common sense level We need a fresh and workable approach 3

KASPERSKY INTERACTIVE PROTECTION SIMULATION (KIPS) Fun, engaging and fast (2 hours) Team-work builds cooperation Competition fosters initiative & analysis skills Gameplay develops understanding of cybersecurity measures No deep security expertise necessary 4

SIMULATION IS CHANGING THE ATTITUDE Typical situation / behavior Security controls are in place, they are believed to be enough to protect Malfunctions or mistakes are not considered to be caused by cybersecurity incidents Criminals are using sophisticated techniques to stay hidden until they strike at full power Cybersecurity = pure responsibility of security department What we are showing to people Be prepared to the emerging threats, learn the way criminals operate (threat intelligence), both technical ways and their goals Combine the incident response with incident prevention Always properly configure security controls Watch out for alerts from security, IT and business standpoints at the same time 5

FOUR KIPS SCENARIOS AVAILABLE Corporation Manufacturing and sales with B2B ordering portal, regional sales and delivery Bank Bank with own ATM network; with retail and corporate business E-Government Web servers and portals to run government online services Industrial Industrial control systems and critical infrastructure (power station or water plant) Each of the scenarios focuses on the respectful threat vectors, allows to discover and analyze the typical mistakes in building the cybersecurity and incident response procedures in the corresponding industry KIPS training shows to participants the real role of the cybersecurity in business continuity and profitability; highlights the emerging challenges and threats which are coming in nowadays; describes typical mistakes companies are doing when building the cybersecurity; and encourages a cooperation between business and security teams a cooperation which helps to maintain the stable operations and sustainability to the cyberthreats 6

CORPORATION Teams compete running a simulated company manufacturing goods, with B2B customers buying directly and via online channels, suppliers shipping spare parts. Some security controls are in place, and company is earning decent profit. However, as the company experiences a series of attacks Heartbleed, APT, B2B Ransomware, Insider they see the unexpected impact on profits, and have to adopt financial, IT or Security strategies and solutions to minimize the impact of the attack and keep their profits. 7

BANK Teams compete running a simulated regional bank with ATM network, trade business, online banking, a lot of security controls in place, compliant to security standards, predictable fraud level, and earning profit. However, as the bank experiences a series of attacks Carbanak, Tyupkin, Cryptor, Black Energy they see the exponentially growing impact on profits, and have to adopt different financial, IT or Security strategies and solutions to minimize the impact of the attack and keep their profits. 8

egovernment Teams compete running a set of public web services for the citizens in the Agency s data center, with the goal of providing services in a timely manner, and protecting sensitive personal information of citizens. However, as the hackers are seeking the way to harm Agency reputation and they experience a series of attacks using the vulnerabilities in their systems, the customer satisfaction drops dramatically and they have to adopt different strategies and solutions to minimize the impact of the attack and keep their reputation high. 9

INDUSTRIAL Teams compete running a simulated industrial object and earning money. As the plant experiences a Stuxnetstyle cyberattack they see the impact on production and revenues, and have to adopt different engineering or IT strategies and solutions to minimize the impact of the attack and earn more money. We also have an easier version of industrial scenario Water Plant. 10

KIPS PLAYED BY 10,000 SECURITY PROFESSIONALS FROM 40+ COUNTRIES The Kaspersky Interactive Protection Simulation was a real eyeopener and should be made mandatory for all security professionals. www.computerweekly.com/feature/interactive-cyber-attack-a-dangerous-game Atlanta, USA Kuala-Lumpur, Malaysia It was truly eye-opening and a number of the participants asked about using this game at their companies. Joe Weiss PE, CISM, CRISC, ISA Fellow 11

CASE STUDY. STAR-3 NATIONAL CYBER DRILL OF QATAR. 2015 National Cyber Drill was based on Kaspersky Interactive Protection Simulation Games were held for 4 different economy sectors: Financial Industrial Corporate Government 12

KIPS OUTCOME IS PRACTICAL AND VALUABLE Players by themselves come to the conclusions, important and actionable for their everyday job on cybersecurity: Cyber incident is not a virus, it is a damage to the business More automation brings more patchwork, so it is crucial to fix the security holes they bring It is not enough only for IT Security to take care about cyberrisks, business must participate We at CERN have a huge number of IT and engineering systems, with thousands of people working on them. Thus, from a cybersecurity perspective, increasing awareness and engaging people to take care about cybersecurity is as crucial as the technical controls. Kaspersky Lab s training proved to be engaging, bright and efficient. Stefan Luders, CISO, CERN 13

TWO FORMS OF KIPS TRAINING KIPS Live KIPS Online up to 80 trainees in the same room the same language for all participants a trainer and an assistant on site printed materials are essential More limitations, but stronger engagement due to on-site presence and face-to-face competition. Plays as a team-building event as well. up to 300 teams (= 1000 trainees) simultaneously, from any location different teams can choose a game interface in different languages a trainer leads a session via WebEx Perfect for global organisations or public activities. Can be combined with KIPS Live to add some remote teams to the on-site event. 14

TRAINING PROCESS OVERVIEW Game rules and housekeeping explained KIPS is played by teams Ideal scenario unveiled and lessons learned Results announced congratulations to winners! Trainer tells about the game and its rules, trainees listen and follow slides on a big screen or via WebEx. Players read news and decide on actions by choosing cards according to their strategy and budget and time limitations. After each turn a rating is updated. Trainer tells about threats met by players, unveils the ideal scenario and draw participants to conclusions and practical takeaways. Participants can be invited to share results and photos on social media. Trainer facilitates, encourages and controls timing. 25 minutes 50 minutes 25 minutes 10 minutes 15

DELIVERY OPTIONS AND LANGUAGES Kaspersky Lab trainer Our certified trainer (available in all regions) Train-the-trainer License to use the training inside the enterprise by internal trainers or as a training center license Custom scenario Based on the customer cybersecurity environment KIPS software and printed materials are available in a number of languages*, and new localizations are being added regularly. English Russian German Japanese French Spanish EU Spanish LA Portuguese Turkish Italian * Please check with Kaspersky Security Awareness team if a specific scenario is available in your language there can be some exclusions. 16

KIPS LIVE REQUIREMENTS Group 20-80 people, split into teams comprised of 3-4 people Room ~ 3m 2 /person, no columns, regular form Time The game takes 2 hours, and the room must be available 2 hours prior to the game for preparation and setup Equipment Projector, Screen, 1 ipad per team + Wi-Fi, Sound system (speakers, microphones) Furniture Tables of participants for 4 people (rectangular size not less than 75x180 cm, or round with no more than 1.5 m diameter), Participants should sit in groups of 4 at the tables. Tables for co-host, Chairs on the number of participants 17

KASPERSKY SECURITY AWARENESS TRAINING PRODUCTS 93% likelihood to apply knowledge 90% decrease in the number of incidents 50-60% reduction * of the cyber risk monetary volume 30x ROI Measurable security awareness program results Kaspersky Cybersecurity Awareness Training comprises of 5 elements which intermesh, but which are also fully effective if used separately. * Aberdeen Group. Research as of 2014 18

WE PROTECT WHAT MATTERS MOST 19 www.kaspersky.com/awareness

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback