Cyber Due Diligence: Understanding the New Normal in Corporate Risk

Similar documents
Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

CYBERSECURITY MATURITY ASSESSMENT

Best Practices in Securing a Multicloud World

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

CYBER RESILIENCE & INCIDENT RESPONSE

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Cyber Threat Landscape April 2013

Cybersecurity The Evolving Landscape

DATA BREACH NUTS AND BOLTS

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Sage Data Security Services Directory

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Cyber Risks in the Boardroom Conference

Business continuity management and cyber resiliency

Cybersecurity and Nonprofit

How will cyber risk management affect tomorrow's business?

locuz.com SOC Services

Combating Cyber Risk in the Supply Chain

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Avanade s Approach to Client Data Protection

2017 Annual Meeting of Members and Board of Directors Meeting

Protect Your Organization from Cyber Attacks

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

The Impact of Cybersecurity, Data Privacy and Social Media

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

The Common Controls Framework BY ADOBE

Security Awareness Training Courses

01.0 Policy Responsibilities and Oversight

Cybersecurity in Higher Ed

NYDFS Cybersecurity Regulations

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

SURVIVING THE CYBERPOCALYPSE. Craig Felty Vice President, Patient Care Services Hancock Regional Hospital

Incident Response and Cybersecurity: A View from the Boardroom

Ransomware A case study of the impact, recovery and remediation events

Information Security Incident Response Plan

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

Incident Response Services

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

CipherCloud CASB+ Connector for ServiceNow

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

SECURITY & PRIVACY DOCUMENTATION

Credit Card Data Compromise: Incident Response Plan

Information Security Controls Policy

Protecting your next investment: The importance of cybersecurity due diligence

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

CYBER ALERT. Cyber Investigations, Part 4: Hallmarks of Enterprise Impact Investigations. Key Components of an Enterprise Impact Investigation

EU General Data Protection Regulation (GDPR) Achieving compliance

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Cyber Attack: Is Your Business at Risk?

Cybersecurity Today Avoid Becoming a News Headline

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

You ve Been Hacked Now What? Incident Response Tabletop Exercise

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Cyber Insurance: What is your bank doing to manage risk? presented by

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Changing the Game: An HPR Approach to Cyber CRM007

GDPR is here to stay. How prepared are you?

Ransomware A case study of the impact, recovery and remediation events

MITIGATE CYBER ATTACK RISK

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

CYBER SOLUTIONS & THREAT INTELLIGENCE

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

What It Takes to be a CISO in 2017

Effective Strategies for Managing Cybersecurity Risks

Information Security Incident Response Plan

Defending Our Digital Density.

CCISO Blueprint v1. EC-Council

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Security Communications and Awareness

GDPR: A QUICK OVERVIEW

CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

SOLUTION BRIEF Virtual CISO

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Cybersecurity Auditing in an Unsecure World

Twilio cloud communications SECURITY

Evolution of Cyber Attacks

Data Security: Public Contracts and the Cloud

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

FDIC InTREx What Documentation Are You Expected to Have?

Data Protection and GDPR

Hacking and Cyber Espionage

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

ForeScout Extended Module for Splunk

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Transcription:

Cyber Due Diligence: Understanding the New Normal in Corporate Risk Gillian Stacey, Davies Ward Phillips & Vineberg LLP Donald Good, Navigant Consulting Peter Gronvall, Navigant Consulting 8:30 to 10:00 a.m. EDT October 19, 2017

CYBER DUE DILIGENCE CONFRONTING THE CHALLENGES OF TODAY S NEW NORMAL 2

TABLE OF CONTENTS SECTION 1: Why cyber diligence, and When? SECTION 2: Today s Landscape: Cyber and Information Security SECTION 3: The Depth of Necessary Diligence: Deep/Dark Web SECTION 4: Cyber Diligence: Truly the Best Course to Adopt Today 3

CYBER DILIGENCE: WHY & WHEN? 4

WHY? THE DRIVERS IN TODAY S ENVIRONMENT Why is a cyber-focused approach necessary in today s legal due diligence scenarios? Corporate Health - Keep corporate information safe - Protect employees - Ensure sound M&A transactions - Establish safe contracts with others Legal - Risk management - Ensure smart spend for infosec Regulatory - Non-discretionary requirements - Many more jurisdictions likely to follow Insurance - Demonstrate good practices in the event of claims - Minimize premiums on cyber policies Compliance - Cornerstone of GDPR preparation - Satisfy standards and guidance from: HIPAA DFARS PCI DSS OCC Shareholders and the C-Suite Non-discretionary Board requirements 5

THE WHEN? AS IT RELATES TO CYBER INTELLIGENCE Pre-breach: Establish Corporate Health - Address the potential risk before an event - Identify the roles and accountability/communication plan Reacting to a Breach: A Common Scenario - Manage and recover from an incident - Include Media Relations, the C-Suite, outside counsel, maybe law enforcement M&A / Transactional Scenarios - Know the cyber risk of the merger partner/acquisition target - Explore the expanded vendor supply chain New Normal: We are as strong as our weakest link Ensuring Business Health: Examining Existential Risks - Contract requirements - Audit - Physical and virtual security; looking for insider threat vulnerabilities 6

CYBER AND INFORMATION SECURITY: TODAY S LANDSCAPE 7

TODAY S CYBER THREATS Hacktivists Criminal Insider Nation State 8

A TYPICAL ATTACK LIFE CYCLE Source: http://www.ritholtz.com/blog/wp-content/uploads/2013/02/attack-life-cycle.png 9

MOST COMMON BREACHES / ATTACKS Ransomware Business Email Compromise Office365 Compromise POS Employee-Created Vulnerabilities W-2 and Human Resource Data Vendor Vulnerabilities 10

2016 IN REVIEW: RIFE WITH ATTACK THREATS Symantec Information Security Threat Report, 2017 11

MAY 2017 - WANNACRY Ransomware that infected over 200,000 machines within three days Represented a new type of attack - Exploited known Windows vulnerability - Self-propagated - No user actions required Relatively low payment rate High cost to remediate We were still lucky 12

WHAT CAN HAPPEN AFTER THE FIRST INCIDENT Aftershock password attacks - Reverberations of 2014 Yahoo! and other breaches (LinkedIn, Amazon vendors, etc.) - Billions of credentials available Continued evolution of attacks - More attacks on IoT devices Industrial Control Systems - More targeted attacks - Integration of machine learning - Broader damage and more difficult recovery A sizable increase in Nation State involvement - Cyber attacks evolve from tools of espionage to tools of attack - Responses will evolve from technical defence to include policy, diplomatic, law enforcement, and economic components 13

THE WEB IT IS BIGGER THAN WE THINK BUT WE HAVE TO GO THERE 14

THE WEB IS FAR MORE THAN MEETS THE EYE (OR THE USER) Surface Web - Most familiar - Accessible to search engines and standard browsers - From <1% 4% of all web data Deep Web - All web pages that search engines cannot find - User databases, webmail, data behind paywall - Most web data reside here Dark Web - Encrypted network - Inaccessible to traditional search engines or browsers - Very small amount of web data 15

INSIDE THE DEEP WEB & DARK WEB http://www.tech4pub.com/2014/02/26/infographic-deep-web/ Symantec Information Security Threat Report, 2017 16

DARK WEB - USES AND CHALLENGES Legitimate Use in Censored Countries - Access to Western News and Culture Netflix Facebook - Anonymous organization for social activism Criminal Enterprises - Cyber attack tool and strategy exchanges - Stolen intellectual property - Stolen corporate secrets - Silk Road - Terrorism - Pornography - Human Trafficking - State-Sponsored Attacks: planning and execution 17

CYBER DILIGENCE: SURVEILLING FOR CYBER RISK 18

CYBER DILIGENCE: THE REALITY It s not a matter of if you will be breached; it is a matter of when. - Often-Stated Information Security proverb You ve probably already been compromised, you just don t know it. - Bob Anderson, former Executive Director of the FBI, currently Managing Director, Navigant Consulting, Inc. 19

THE REACH OF CYBER DILIGENCE Risk Assessments - Deep/dark web, and peer-to-peer web surveillance for known corporate data/documents/passwords/rogue-employee behaviour Incident Readiness Assessments - Analysis of policies, infrastructure, hardware, software - Gap analysis - Recommendations - Selection of best-in-breed solutions Event Readiness Testing - Table top exercises - Red team simulations/walk through - Penetration testing - End-point monitoring Incident Response - Computer forensics, data breach analytics, data exfiltration assessment, noticing requirements, patching and affirmation of breach solution 20

AN INTELLIGENT CYBER DILIGENCE MODEL Prepare for risk readiness - Continuous network and perimeter monitoring Scope the potential risk of incidents/problems - Triage - Identify - Dive Contain the risk - Learn how the network was breached - Feedback into threat intelligence - Block and segregate network locations as needed Eradicate the issue - Patch entry points - Optimize enterprise password management - Remove malware/vulnerabilities Recover systems as necessary - Restore systems from backups - Enlist counsel as needed Debrief key stakeholders Debrief Preparation Recover Scope Eradicate Contain 21

CYBER DILIGENCE ASSESSMENT Navigant deploys a customized, five (5) phased approach in support of each engagement that utilizes industry standards and best practices to help identify and manage risk, and achieve a compliance-oriented, mature incident-readiness state. Phase 1: Project Initiation Phase 2: Build Data Inventory Phase 3: Execute Information Security Assessment Phase 4: Enhance Privacy Disclosures Phase 5: Close Gaps and Transition to Future State Key Activities & Deliverables Governance Set up Program Management structure, communications and overall cadence Engage Team Conduct kick off with Navigant team and develop project status and tracking tools. Knowledge Transfer Partner with client to transfer data-centric knowledge Current State Gather information associated with existing data management processes Data Inventory Documentation Interviews Strategic Road Map Develop and gain approval on the road map Review of Network, Devices, and IT Schema Analyze network security protocols and credentials - CI360, etc. Breach Determination and Log Analysis Assess usage patterns, configuration, and security measures Consent Enhance processes and procedures to comply with necessary requirements Data Updates Build processes to find, update, or delete data, and test process DPIA Create data protection impact assessment Table Top Exercises Test process of receiving requests from data subjects; incident readiness planning Close Gaps Develop processes to close gaps or ensure plan is in place to close all open gaps Transition Train organization to matinan platform and schedule drift check sessions 22

THE BROADER BUSINESS NETWORK Vendors/Supply Chain - Third-party relationships may pose potential threat to security - Effective risk management requires comprehensive tools and processes to handle those threats Point of Sale Industrial Control Systems (ICS) - SCADA applications 23

VENDOR RELATIONSHIPS: ASSESSMENTS Integrate into pre-breach assessments Include vendor network: - In risk register - In response plans - As part of monitoring topology Leverage: - Agreements - Rights to audit - Third-party solutions 24

THANK YOU PETER GRONVALL Managing Director 202-973-7238 peter.gronvall@navigant.com DON GOOD Director 202-481-8349 don.good@navigant.com navigant.com 25

Questions? 26

Thank you Gillian Stacey Davies Ward Phillips & Vineberg LLP 416.367.6934 gstacey@dwpv.com Donald Good Navigant Consulting 202.481.8349 donald.good@navigant.com Peter Gronvall Navigant Consulting 202.973.7238 peter.gronvall@navigant.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback