ATOS: Preparing your business to manage cyber incidents
-
Upload
bcilondonforum -
Category
Business
-
view
385 -
download
3
Transcript of ATOS: Preparing your business to manage cyber incidents
Drew Gibson |
BRACE FOR IMPACTPreparing your businessto manage cyber incidents
2| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Cyber is more than an IT problemOrganisations deal with it to varying degrees of success
This is however industry or market dependent
3| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Global number of attacks - unknown
2012 first time mentioned in WEF Global Risks Report
It has been a known issue for many years The data says it all
So why is it such an issue?
first virus 1982 Elk Cloner(open to debate)
US$315bn* Global cost of attacks over the past 12 months- Grant Thornton survey
$ Recognition as an issue
Ranking in 2016 report – out of top 10,
Global spend on cyber-securityestimated at
20152020
$75 bn $170 bn
becoming more normalised
4| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Cyber is more than an IT problemWe know that cyber attacks are prolific and cost organisations millions
So how do we prepare ourselves for the inevitable in a sustainable manner
???? ?
5| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Legal Obligations
6| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
What if?
7| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Hypothetically You were a UK based telecoms and internet provider
So what?
8| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Hypothetically Who had been hacked! Multiple times…
How much data has gone?
9| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Hypothetically And you hadn’t joined up your IT Security Team and your PR Department…
How much data has gone?
Publicly messaged
4 million customers
156,000 accounts breachedfollowing forensicinvestigation
cost of prevention estimated at
£3.5-4.5 million(consultancy based)
cost of remediation post incident at
£60 million(reported)
organisational restructures– who stayed, who went, who will go?
10| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Hypothetically What could it do to your share price?
11| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
So could this be you?
12| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
So Rollback 6 months…
13| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
What could you have done?What could have prevented or reduced the impact of the data breach
▶ Technical protection▶ The Legal protection▶ Enhanced/Better IT Security procedures▶ Joined up business processes ▶ Better understanding of vulnerability and victimhood?? ?
14| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
What could you have done?Using the technology to protect you
▶ Monitoring▶ Inner protection as well as external
15| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
What could you have done?IT processes and procedures
But are these sufficient protection on their own and do they really consider the customer’s view point
16| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
What could you have done?Legal aspects are you braced for impact
17| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
What could you have done?Do the business processes match the IT Security processes
▶ It is not necessarily about the breach, but how it is managed
▶ lack of communications▶ Well intentioned, but misleading
communications – potentially 4 million customers v 156,000 actual
4 million potential
156,000 actual16,000
18| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
What could you have done?Psychologically are you braced for impact
▶ how does the rest of the world view you – the victim or part of the problem
▶ Were you irresponsible with people’s data▶ So what did you really save by not investing in better data
protection measures▶ Consumers understanding about their data – they can give
it away with ease, but you have to protect it in a way that they don’t have to.
▶ The assumption that you will treat all their data in confidence
▶ It might not be you – have you been negligent in who you have engaged to look after the data
▶ Or to transfer it?
19| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
The Perception
20| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Stealing money from a cash machineSo what is the difference
21| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Cyber is more than an IT problemSo did these organisations understand the attacks impacts?
This is however industry or market dependent
22| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
The Costs
23| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
The costs are simple to articulate.McKinsey/World Economic Forum report,Increased Cyber Security Can Save Global Economy Trillions (2014) stated:
But they still don’t provide a clear definition of cyber or its issues
8 Months is the average time that an advanced threat goes unnoticed on a victims network
US 3$ Trillionis the total global impactof cyber-crime
2.5 Billion exposed records as a result of a data breach in the past five years, (2009-2014)
1 in 5 organisations have experienced an Advanced Persistent Threat (APT) attack
In 2013 there was a
in breaches being identified and reported and it is growing
62% increase
24| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Studies into perceptions and actual costs of cyber attacksOften not the share price, but the hidden costs that result from a cyber attack
25| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
The CostsDo Cyber Attacks effect share prices?
26| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
The Solution
27| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Understand how you define “cyber”Understand that you are comparing the same thing, only differently
So how do organisations define what it relates clearly?
ClearUnclearLow
Understanding ofthe term Cyber
Abili
ty t
o de
fine
the
term
Cyb
erHigh
Dev
elop
gre
ater
und
erst
andi
ng a
to
wha
t de
finit
ions
mea
n in
rela
tion
to
vuln
erab
iliti
es
Provide greater clarity as to what cyberrefers to and what it does not
Vagueness of
Definitions
Muddled Definitions
Coherence of
Definitions
Confusion of Definitions
Move to greater coherence of definitions
1
2
3
4
28| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Understand how you define “cyber”Understand that you are comparing the same thing, only differently
Current issue in achieving greater coherence of definitions
So need to define what it relates clearly.
ClearUnclearLow
Understanding ofthe term Cyber
Abili
ty t
o de
fine
the
term
Cyb
erHigh
Dev
elop
gre
ater
und
erst
andi
ng a
to
wha
t de
finit
ions
mea
n in
rela
tion
to
vuln
erab
iliti
es
Provide greater clarity as to what cyberrefers to and what it does not
Vagueness of
Definitions
Muddled Definitions
Coherence of
Definitions
Confusion of Definitions
1
2
3
4
29| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Questions
30| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos
Thank you
Drew Gibson MScPrincipal Consultant – Operational Risk and Cyber Resilience, Atos Consulting+44 (0) 7894 437 [email protected]