View
156
Download
1
Embed Size (px)
Citation preview
Manage the unexpectedCrisis management in a hyper connectedworld: how to achieve cyber resilience
Brussels, 28 January 2016
New technologies bring new risks and crisis situations
Cloud &Virtualization
CollaborationPlatforms
MobileBYOD
Social mediaBig data
Newpaymentsystems
Internet ofthings
BCI BE Forum 2
ReadinessPrepare smarter
7BCI BE Forum
Sun Tzu,The Art of War6th Century BC
If you know your enemies and know yourself,you will not fear the result of a hundred battles;
If you know yourself but do not know your enemies,for every victory gained you will also suffer a defeat;
If you know neither your enemies nor yourself,you will be imperiled in every single battle.
ReadinessMake sure you understand…
8BCI BE Forum
1. Your organisation 2. Your threat landscape 3. Your capabilities
ReadinessFirst, understand your organisation
9BCI BE Forum
What does your organization look like?• Geographical locations (of your operations, vendors, partners, and customers)• Presence (brick & mortar vs. e-store)• B-2-B or B-2-C?• Sector & sub-sector• Centralized or distributed?• Business processes• Types of data processed by the various divisions (financial, personal, IP, etc.)?• Systems used to support the business
Readiness
10
Competition
Criminals
Customers
Hackers
Insiders
Threat actorsMaking astatement
Competitiveadvantage
Espionage
Disruption
Financial Gain
Targeted assets Impacts
Organized Crime
Hacktivists
State Agencies
Terrorists
Second, understand your threat landscape
Attack VectorsFinancial data
IntellectualProperty
SensitiveOperationalInformation
Services
Brand image
Malicious code
Socialengineering
Botnets
DDOS
Spam
Phishing
Physical damage
Ransomware
Financial loss
Reputation harm
Lawsuit
Regulatorysanctions
Loss of trust
Continuity ofservice
What are the threats your organization might be facing?
Motives
Are we ready to deal with the unexpected?Just a tweet
11BCI BE Forum
Dow Jones fell 143 points (recovered in 7 min)Reuters: 200$ Billion lost on global exchanges
Are we ready to deal with the unexpected?How much are your data worth to you?
12BCI BE Forum
Source: www.batblue.com/category/watch-desk/
http://www.bbc.com/news/uk-34784980
ReadinessFinally, assess your cyber capabilities
13BCI BE Forum
What do your capabilities look like?• What is the current maturity of your capabilities?• What should their maturity be?• Is their maturity uniform across the organisation?• How do they match up against the threats they face?• Have we correctly prioritized our investments to enhance
the most important capabilities?
Examples include:
• Training & Awareness• Data Leakage Prevention• Vendor Management• Security Event Monitoring• Privacy & Data Protection• Physical Security
16
Response
Strategic impacts
Operational impacts
Tactical impacts
• Increased governmental regulations• C-Suite resignations or forced
departures increased• Vulnerability to corporate raiders
increased• Share price and/or market share
decreased
• Intellectual property compromised• Reputation and/or brand negatively
impacted• Significant contracts or key
customers lost• Inability to raise capital• International tax issues
• Government scrutiny of businesspractices increased
• Shareholder/customer litigation• Higher operation costs (new protections)• Major fines and penalties from
regulatory bodies
• Liquidity issues• Breach insurance claims made• Financial reporting requirements impaired• Customer contracts breached• Direct financial loss• Liability/compensation payments
• IT support costs to investigate andremediate increased
• Customer support staff to address publicconcerns increased
• Unplanned server shutdowns• IT business disrupted• Legal customer notification required
• Confidential data lost• Operation dependent on breached
applications disrupted• Report noncompliance• Cyber insurance claims• Beach of Personal Data
A crisis is no place for “on-the-job training”
A cyber incident might have a greatimpact on all levels of theorganisation.
If you know what the impacts canbe its easier to identify them andmodify your response strategyaccordingly.
A personal data breach might havesimilar, but different, impacts onthe organisation and how yourespond and recover…
17
Response
Strategic impacts
Operational impacts
Tactical impacts
• Increased governmental regulations• C-Suite resignations or forced
departures increased• Vulnerability to corporate raiders
increased• Share price and/or market share
decreased
• Intellectual property compromised• Reputation and/or brand
negatively impacted• Significant contracts or key
customers lost• Inability to raise capital• International tax issues
• Government scrutiny of businesspractices increased
• Shareholder/customer litigation• Higher operation costs (new
protections)• Major fines and penalties from
regulatory bodies
• Liquidity issues• Breach insurance claims made• Financial reporting requirements impaired• Customer contracts breached• Direct financial loss• Liability/compensation payments
• IT support costs to investigate andremediate increased
• Customer support staff to addresspublic concerns increased
• Unplanned server shutdowns• IT business disrupted• Legal customer notification required
• Confidential data lost• Operation dependent on breached
applications disrupted• Report noncompliance• Cyber insurance claims• Beach of Personal Data
A crisis is no place for “on-the-job training”
Do you know how the new EUGeneral Data ProtectionRegulation (GDPR) will impactyour organisation when itbecomes effective in early 2018?
• Increased accountability fororganisations
• Increased enforcement power forauthorities
• Higher fines• Privacy by design (PIAs)• Mandatory retention periods• …
Are you aware of the new EU data breach notification requirements???Response
BCI-event 18
Deadline forOrganisation
Duty of theOrganisation
Is there riskto rights orfreedoms?
Required Content
Personal databreach
(1) Facts surrounding the breach(2) Effects(3) Remedial actions
(1) Nature of the breach (categories & No.of data subjects and records impacted(2) DPO contact details(3) Consequences of the breach(4) Remedial actions
(1) Nature of the breach(2) DPO contact details(3) Consequences of the breach(4) Remedial measures
On-going
- Without unduedelay (max 72h)
- Can be inmultiple phases
Without unduedelay
Internaldocumentation &
duty for theprocessor to notify
the controller
Notify the DPA
Notify the datasubjects
No
Yes
Yes, a HighRisk
ResponsePrepare your corporate crisis management team to deal with the unexpected
1. Initiate & Declare2. Analyze
situation
3. Develop
Objective
4. Decide
on COA
5. Determine
Actions
6. Review &
Refine
• Consistent meeting agenda and structureis critical. It helps save time, set prioritiesand provide clarity.
• Obtain situational understanding and(re)gain the initiative
• Continually frame the crisis, new impactsmight emerge, things might escalatequickly
Establish a clear on-going decisionmaking process
Exercise to deal with the unexpected
BusinessContinuity
CyberSecurity
Key takeaways
21BCI BE Forum
• Incident Management• Crisis Management• Communications
High risk & big impacts• Regulatory• Reputational• Financial
Readiness Response Recovery
Key takeaways
22BCI BE Forum
1. No industry is immune (Every company’s Information network can be compromised)• Not a matter of if you will be attacked, but when… & to what extent• Also, of equal importance, how you will manage an event/incident/breach
2. Cyber damages go beyond Euros• While the average cost is known, the long term effects on reputation, brand, morale, etc. are
significant and take their toll on organizations – Good BC can help minimize this damage3. Speed of attack is increasing and response times are shrinking
• Cyber threats are asymmetrical risks (small, highly skilled groups exact disproportionate damage,and threat velocity is increasing while response windows are getting smaller)
4. Teamwork & Communication – None of us are as smart as all of us• Engage with your business leaders, your cyber security team, privacy professionals, risk &
compliance team, and your forensics specialists in order to make sure that you have all of theinput you need to keep the business going when problems arise.
Presenters
23BCI BE Forum
Johan Van GriekenDeloitte PartnerIT Risk Management, Business Continuity Leader
Berkenlaan 8B1831 DiegemBelgium
Phone: + 32 2 800 24 53Email: [email protected]
Ryan ReynoldsDeloitte Senior ManagerCyber Security, Privacy and Data Protection Services
Berkenlaan 8B1831 DiegemBelgium
Phone: + 32 2 800 29 81Email: [email protected]