Cyber Resiliency. Felicity March. May 2018

Similar documents
Cyber Resilience. Think18. Felicity March IBM Corporation

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Threat Intelligence to enhance Cyber Resiliency KEVIN ALBANO GLOBAL THREAT INTELLIGENCE LEAD IBM X-FORCE INCIDENT RESPONSE AND INTELLIGENCE SERVICES

MITIGATE CYBER ATTACK RISK

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Recovery at a Click - where to be in 18 months

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Disaster Recovery Is A Business Strategy

Copyright 2016 EMC Corporation. All rights reserved.

Why you should adopt the NIST Cybersecurity Framework

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Business continuity management and cyber resiliency

Are we breached? Deloitte's Cyber Threat Hunting

Cyber Threat Landscape April 2013

TSC Business Continuity & Disaster Recovery Session

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

locuz.com SOC Services

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CYBER RESILIENCE & INCIDENT RESPONSE

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

RSA INCIDENT RESPONSE SERVICES

Privileged Account Security: A Balanced Approach to Securing Unix Environments

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

You ve Been Hacked Now What? Incident Response Tabletop Exercise

THE CYBERSECURITY LITERACY CONFIDENCE GAP

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Business Continuity Management

Building a Resilient Security Posture for Effective Breach Prevention

Cyber Resilience: Developing a Shared Culture. Sponsor Guide

Table of Contents. Sample

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Cybersecurity and the Board of Directors

Improving Cybersecurity through the use of the Cybersecurity Framework

Managed Endpoint Defense

Conducted by Vanson Bourne Research

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Emerging Issues: Cybersecurity. Directors College 2015

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Business Continuity Planning

Verizon Software Defined Perimeter (SDP).

Cyber Security. It s not just about technology. May 2017

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Cyber Resiliency: A Recipe for Digital Trust?

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

CipherCloud CASB+ Connector for ServiceNow

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Disaster Recovery and Business Continuity Planning (Mile2)

Ensuring business continuity with comprehensive and cost-effective disaster recovery service.

CCISO Blueprint v1. EC-Council

GUIDE. Navigating the General Data Protection Regulation Mini Guide

Bradford J. Willke. 19 September 2007

RSA INCIDENT RESPONSE SERVICES

Industrial Control System Cyber Security

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity for Health Care Providers

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Digital Wind Cyber Security from GE Renewable Energy

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

THE POWER OF TECH-SAVVY BOARDS:

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

BHConsulting. Your trusted cybersecurity partner

Incident Response Services

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

SECURITY & PRIVACY DOCUMENTATION

Gujarat Forensic Sciences University

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Heavy Vehicle Cyber Security Bulletin

SECURITY SERVICES SECURITY

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

SFC strengthens internet trading regulatory controls

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Best Practices in Securing a Multicloud World

NHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17)

Dell EMC Isolated Recovery

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

align security instill confidence

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

CISO as Change Agent: Getting to Yes

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Transcription:

Cyber Resiliency Felicity March May 2018 1

Cyber Resiliency Cyber Resiliency is the ability of an organization to continue to function with the least amount of disruption in the face of cyber attacks. Cyber resiliency is broader in scope comprising of both cyber security and business continuity. Cyber security is designed to protect systems, networks and data from cyber crimes. Effective cyber security reduces the risk of a cyber attack and protects organisations from the deliberate exploitation of its assets. Business continuity provides the plans and systems to resume operations when a cyber attack leads to a cyber outage causing service disruption. Thus, Cyber resiliency is an end to end initiative that brings together and addresses three critical areas... information security, business continuity and network resilience of enterprises to ensure organizations continue to function against cyber attacks and cyber outages. 2

IBM Cyber Resiliency High-profile cyberattacks continue to dominate the business and technology news space at alarming frequency Newsworthy cyberattacks of 2016-2017 Aug 2016: Shadow Brokers Sep 2016-Feb 2017: Cloudbleed Oct 2016: Dyn DDOS attack Mar 2017: WikiLeaks CIA Vault 7 May 2017: Macron campaign hack May 2017: WannaCry June 2017: Petya, NotPetya, Nyetya, Goldeneye June 2017: 198 million US voter records exposed July 2017: Verizon Sep 2017: Deloitte Sep 2017: Equifax breach of 143 million records Jan 2018: Spectre and Meltdown vulnerabilities Our focus here are new, highly destructive cyberattacks 3

IBM Cyber Resiliency Some destructive cyberattacks will get through Ciaran Martin said the UK had been fortunate to avoid a so-called category one (C1) attack, broadly defined as an attack that might cripple infrastructure such as energy supplies and the financial services sector. The US, France and other parts of Europe have already faced such attacks. Martin said he anticipated such an attack in the next two years. He admitted total protection was impossible. Some attacks will get through. https://www.theguardian.com/technology/2018/jan/22/cyber-attack-on-uk-matter-of-when-not-if-says-security-chief-ciaranmartin Figures for cyber-attacks since the NCSC opened through to December last year underline the pressure building on the UK from hackers. The NCSC recorded 34 C2 attacks, with WannaCry the most disruptive of these, and 762 slightly less serious C3 ones. 4

IBM Cyber Resiliency NotPetya got through and it could have been much worse; it was not designed to spread externally 80% of infections were in Ukraine, followed by 9% in Germany Some large firms trading in Ukraine were collateral damage Biggest thing in IBM last summer (we supported just a few affected firms) Initial infection through a legitimate software update; extremely hard to prevent, if at all possible No successful prevention of initial infection where the malware payload was downloaded Where uncontained, the infection spread everywhere in minutes Typically, within the hour affected firms lost everything, everywhere, all at once; a shock and awe moment Organisations had not designed DR solutions to withstand or to recover from a cyber-attack, resulting in recovery taking weeks or months 5

As a result of these new attacks board leaders have ranked cyberattacks in the top 5 of Global Risks at the World Economic Forum in Davos, Switzerland, in 2018 Global Risks that have a macro- impact across sectors. Boards across the globe need to consider how key business parameters will be influenced by these risks in view of mitigations implemented. In terms of preparedness, Cyberattacks presents a significant opportunity to de-risk the business. However a coherent strategy and understanding of underlying issues is lacking, as the impact is not fully understood at the Board Level. Business Impact 4.8-15% * Stock Value Erosion post Cyberattack / Data Breach Source: World Economic Forum, 2018 Source: Cyber Value Connection Source:

Incident Timeline Phishing Email Credentials Stolen Database Stolen Encrypted Communication Law Enforcement Calls CEO Twitter Sentiment Falls Update C-Level Executives Insider? Victim? Validate Altered Financial Reports Response Website Legal Deposition BOOM Malware Deployed Remote Access to Network Additional Compromises First Public Indicator Stock Price Falls Press Conference Forensic Research Notify Customers & Partners Board of Directors Meeting Regulation Authority Investigation

Cyber resiliency is a team sport Combining Security, Business Continuity, DR and Networks Identify your risks Identify key assets, systems and data Assess your cyber resiliency readiness, process and posture Define a roadmap and action plan to build or improve your cyber resiliency plan Recover normal operations Orchestrate and automate your recovery workflow Rebuild mission-critical business applications Restore data from back up Prioritize network resources to speed recovery Recover Identify Protect Protect your assets against attacks by discovering vulnerabilities before they are exploited Awareness and Training Access Control Discover and patch systems Automatically fix vulnerabilities Zero Trust as a guiding principle of your network policy Respond with a Plan Response planning and orchestration Engage cyber incident responders leveraging threat intelligence to repel the attackers Remediate the attack damage by restoring systems and closing vulnerabilities Respond Detect Detect threat activity with advanced analytics See attacks across the enterprise Investigate active threats from inside and outside the enterprise Cognitive analysis and automation (*) National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity https://www.nist.gov/cyberframework

Cyber Resiliency Blueprint Identify Protect Detect Respond Recover Definition of Goals and Requirement related to identified Risk Maturity Assessment on the dimensions of : IT-Security Network Security Business / IT-Continuity Awareness and Training Data Security, Account and Access Management End Point Management (patch and compliance management) SOC/SIEM Optimisation Vulnerability Management Endpoint Detection and Response Integration of Threat Intelligence and Cognitive analysis Activation of contingency plans with automated communication Cyber Threat Management Cyber Incident Orchestrated Response Management IT Recovery Orchestration Automated recovery including dependency management in hybrid IT environments Strategic Post-Cyber-Attack Analysis Gap Analysis and Definition of Roadmap and associated action plan Establishment of Business / IT-Continuity Organization Optimisation of Backup, Archive and Disaster Recovery Separation of the data and control layer in the network Zero Trust Internet Hub Micro-segmentation of the network Automatic reporting of network availability Monitoring of WAN links Construction and implementation of Software Defined WAN Policy based routing of network traffics Rapid deployment of new sites (MWS Emergency Kit) Global centralized control of network components (SD WAN) Outcomes Current level of maturity including action plan to enhance the maturity Technical restart concept incl. segmented network Crisis organization for detection and initiation of measures in case of a cyber attack Immediate actions to defend against the cyber attack Detailed Analysis and Prioritized Roadmap to define and implement the Blueprint for your company Fully and quickly recovered IT landscape after the cyberattack Implementation Quick Wins and Strategic Initiatives Run

Cyber Resiliency combines multiple IT disciplines Cyber Resiliency Organization Dimensions Technology Environment IT Risk Organisational Management Information Security Management Resiliency Data Security Information Protection IT Risk Management Threat & Vulnerability Management Business Continuity Management Network Security Business Continuity Management Policy & Governance IT Service Continuity Management Cyber Resiliency Program Asset Management Identity & Access Management Change & Config Management Event & Incident Response IT Service Continuity Management Collaboration & Communication Disaster Recovery Management Partner Eco System Training & Awareness

Detail Approach of Maturity Assessment Life Cycle Focus Areas Organization Dimensions Sub Dimensions Maturity Rating Cyber Resiliency Deliverables Policy & Governance Identify Cyber Resiliency Program Partner Eco System Cyber Resiliency Maturity IT Risk Management Training & Awareness Protect Data Security Asset Management Information Protection Change & Config Management Technology Environment Detect Threat & Vulnerability Management Identity & Access Management Respond Event & Incident Response IT Service Continuity Management IBM Recommendations Collaboration & Communication Recover Business Continuity Management Disaster Recovery Management

Cyber Resiliency Assessment 12

Resiliency Orchestration Recover Brief description Advantages Managing DR and resiliency at the business process and application level Reducing the recovery times and resources by using 400+ recovery automation library patterns Using technology to orchestrate automated test plans and failovers Dashboard for continual monitoring and predictions of RTO and RPO Help to reduce risk and increase visibility Help to simplify and accelerate DR process Help to reduce deployment time, recovery time and operating costs Help to simplify DR testing exercises Help to increase availability of business applications Use Cases Drill reliability Increased drill success rate from 60% to >95% Increased IT availability Over 85% reduction in downtime for DR Scale Up DR program Parallel recovery of multiple applications across data centres Cost savings Over 70% reduction in costs 3x more DR enabled applications

IBM Resiliency Approach for Rapid Recovery Against Cyber Outages Recovery automation, air-gapped protection and Immutable storage are essential to rapidly recover from cyber outages. Air-gapped Protection An air-gapped solution ensures backup data is not accessible through the same network as production data Immutable storage (WORM) Verifiable Data Immutable storage systems protect your data from changes by always writing a new version Validation ensures the data or configuration that is backed up matches production data and an audit trail proves veracity Orchestration / Automation Components to meet Regulations Application aware Recovery Orchestration / automation ensures systems can be recovered rapidly in parallel Regulatory bodies impose data storage locations, timelines, audit records, format, and media rules; For e.g. Sheltered Harbor needs customer data to be stored in a third party site 14 March 2018 / 2018 IBM Corporation

Cyber Resiliency solutions powered by IBM Resiliency Orchestration software for Cyber Incident Recovery Cyber Incident Recovery for Platform Configuration This solution provides recovery against cyber attacks that corrupt the configuration and alter the behavior of data center platforms including network devices, storage devices, virtual devices and servers. The solution replicates the configuration data of these devices and servers into IBM immutable storage located in IBM public cloud or IBM Resiliency Data Center, and alerts the user when there is a suspicious change in configuration data and rapidly restores the original configuration to the impacted devices(s) or servers based on policies. Cyber Incident Recovery for Applications/Data This solution provides recovery against cyber attacks that corrupt the data itself. The solution replicates the data from servers and storage using copy data management products, with an air-gap mechanism, into IBM immutable storage located in the DR site of the customer and maintains multiple read-only PIT copies. When there is a cyber outage, it presents options to user to select the right copies to be restored and rapidly restores them on to DR compute infrastructure and DR storage infrastructure. 15

Impacts of these attacks are so high because firms are unprepared for response and recovery from these cyberattacks, here are some lessons learned 1 Get yourselves Match Fit Build a response plan with the right workflow Partner with industry experts that can help in time of need to quickly analyze the situation, handle crisis communication and work with law enforcement. Also required are experts that can quickly recover of all of the technology & assets to restore business operations. Practice 3 4 DR vulnerabilities must be fixed The DR capability is also affected by the cyberattack Unarticulated DR planning assumptions, e.g. AD is available What is the backup for the backup? Meet the challenge of scale Unrealistic DR tests and not for cyberattack scenarios Very labour intensive and long recovery Need for DR Automation and Orchestration 2 Cyber resiliency is a team sport Organizational alignment required gap between Security and DR DR functions mitigating traditional BC/DR risks, not recovery from cyberattack 5 Look out for Industry 4.0 / OT Supply Chain NotPetya attacked via a trusted supplier WannaCry impact on NHS via imaging and analysis equipment Back versions in OT systems. Significant patching lag. IT departments not aware

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback