eu cyber attacks and the incident response imperative
DESCRIPTION
Speaking at the recent Cyber Security Summit in London, Lee Miles, Deputy Head of the U.K. National Cyber Crime Unit said, "cybercrime is anonymous, sophisticated, and international." Gone are the days of hacking "to plant a flag for kudos... it's all about the money now," he said. Accounts like these highlight the inevitability of breaches and emphasize just how crucial a capable incident response capability is to survival. This webinar will review the major components of a modern incident response function, highlighting what organizations can do to quickly improve their program. It will use the Co3 platform to demonstrate how firms can dramatically improve incident response without requiring a significant investment in staff, professional services, or infrastructure. Our featured speakers for this webinar will be: - Ted Julian, Chief Marketing Officer, Co3 Systems - Tim Armstrong, Security Incident Response Specialist, Co3 Systems Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.TRANSCRIPT
1
“Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
– PC Magazine, Editor’s Choice
“Co3…defines what software packages for privacy look like.”
– Gartner
“Platform is comprehensive, user friendly, and very well designed.”
– Ponemon Institute
“One of the most important startups in security…”
– Business Insider
“One of the hottest products at RSA…”
– Network World
“...an invaluable weapon when responding to security incidents.”
– Government Computer News
“Co3 has done better than a home-run... it has knocked one out of the park.”
– SC Magazine
“Most Innovative Security Startup.”
– RSA Conference
We’ll get started
in just a minute.
EU Cyber Attacks & The
Incident Response
Imperative
3
Agenda
Introductions
Co3 Systems Background
Today’s Breach Reality
IR Functional Components
IR Management Demo
Q&A
4
Introductions: Today’s Speakers
• Ted Julian, Chief Marketing Officer, Co3 Systems
• Tim Armstrong, Security Incident Response Specialist, Co3 Systems
5
SS
AE
16
TY
PE
II C
ER
TIF
IED
D
AS
HB
OA
RD
S &
RE
PO
RT
ING
Bringing people, process, and technology together for times of crisis
I N C I D E N T R E S P O N S E P L A N
PLAN SYNTHESIS INTEGRATED INTELLIGENCE ARTIFACT CORRELATION
INSTANT CREATION
& STREAMLINED
COLLABORATION
HR IT
LEGAL/ COMPLIANCE MARKETING
COMMUNITY BEST
PRACTICES
INDUSTRY STANDARD
FRAMEWORKS
ORGANIZATIONAL SOPS
GLOBAL PRIVACY BREACH REGULATIONS
CONTRACTUAL REQUIREMENTS
ACCELERATED MITIGATION TROUBLE TICKETING SIM GRC
AUTOMATED ESCALATION EMAIL WEB FORM TROUBLE TICKETING ENTRY WIZARD SIM
6
Today’s Breach Reality – The EU Conundrum
• Data in the U.S. and anecdotal experience suggests a worldwide epidemic
• But without mandated public breach disclosure across the E.U., data is limited, and it’s hard to quantify
7
Today’s Breach Reality
Source: Verizon DBIR 2014
Incident classification patterns over time
8
Today’s Breach Reality
81% of large organisations had a security breach (down from
86%* a year ago)
60% of small businesses had a security breach (down from
64%* a year ago)
59% of respondents expect there will be more security
incidents in the next year than last
£600k -
£1.15m
average cost to a large organisation of its worst security
breach of the year (up from £450 - £850k a year ago)
£65k -
£115k
average cost to a small business of its worst security
breach of the year (up from £35 - £65k a year ago)
Source: 2014 Information Security Breaches Survey, pwc
U.K. Breaches Are Slightly Down
But Costs Are Way Up
9
Co3 Systems, Inc.
IR Can Help
An IR Plan and a Strong security posture reduce expense
Impact of eight factors on the per capita cost of data breach
Source: 2014 Cost of Data Breach Study: Global Analysis
IBM & Ponemon Institute
POLL
11
The IR Lifecycle
Prepare Improve Organizational Readiness
• Appoint team members
• Fine tune response SOPs
• Link in legacy applications
• Run simulations (fire drills, table tops)
Mitigate Document Results & Improve Performance
• Generate reports for management, auditors, and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
Assess Identify and Evaluate Incidents
• Assign appropriate team members
• Evaluate precursors and indicators
• Track incidents, maintain logbook
• Automatically prioritize activities based on criticality
• Log evidence
• Generate assessment
Manage Contain, Eradicate and Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment strategy
• Isolate and remediate cause
• Instruct evidence gathering and handling
12
Co3 Systems, Inc.
Prepare
• Incident response teams often include:
– IT, Legal (internal and/or external), Compliance, Audit, Privacy, Marketing, HR, Senior Executive
– Pre-define roles and responsibilities
• RACI (Responsible, Accountable, Consulted, Informed)
• SOPs can include:
– Processes to be followed by incident type
– Standardized interpretation of legal / regulatory requirements
– 3rd party contractual requirements
• Simulations
– Can range from drills to full-scale exercises
– Communications is key
• Roles, contact info, internal and external
– Gauge organization preparedness, catalyze improvement
Prepare Improve Organizational Readiness
• Appoint team members
• Fine tune response SOPs
• Link in legacy applications
• Run simulations (fire drills, table tops)
PREPARE
14
Co3 Systems, Inc.
Assess
• Prioritize efforts
– Based on value of asset, potential for customer impact, risk of fines, and other risks
• Leverage threat intelligence
• Incident declaration matrix
– Based on category and severity level
– Can set SLAs for each
Assess Identify and Evaluate Incidents
• Assign appropriate team members
• Evaluate precursors and indicators
• Track incidents, maintain logbook
• Automatically prioritize activities based on criticality
• Log evidence
• Generate assessment
ASSESS
POLL
17
Co3 Systems, Inc.
Manage
• Iterate on your plan
• Communicate status
– Different mechanisms for different constituents
• Ensure everything is tracked
Manage Contain, Eradicate and Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment strategy
• Isolate and remediate cause
• Instruct evidence gathering and handling
MANAGE
19
Co3 Systems, Inc.
Mitigate
• Conduct a post-mortem
– Validate investment or lobby for more
– Identify areas for improvement
• Did we hit our SLAs?
– Update playbooks
• Track incident source
– pinpoint risk to drive improvement, and/or trigger bill-back
• Update preventative and detective controls
Mitigate Document Results & Improve Performance
• Generate reports for management, auditors, and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
MITIGATE
QUESTIONS
22
Next Up
• Today's Breach Reality, The IR Imperative, And What You Can Do About It
– Wednesday, July 16, 2014 1:00 PM - 2:00 PM EDT
• BlackHat 2014
– August 5-7, Las Vegas
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a
nightmare scenario as painless as possible,
making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“Co3…defines what software packages for
privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and
very well designed.”
PONEMON INSTITUTE
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013