cyber risk landscape · cyber risk landscape 1 craig rosewarne (mba, cism, cissp, iso27001 lead...
TRANSCRIPT
CYBER RISK LANDSCAPE
1
CRAIGROSEWARNE(MBA,CISM,CISSP,ISO27001LeadImplementer&
Auditor,CertifiedLeadIncidentResponseProfessional)
AGENDA
INTRODUCTION:• Threat Landscape
• Recent High Impact Incidents
MANAGING THE RISK:• Country
• Organisation
• People
2
4
WHO?
WHERE?
HOW?
RISK LANDSCAPE
VICTIMVSTHREATACTORS
Employees
ThirdParties(Contractors/Suppliers)
Online
Predators
Governments
Hackers
Terrorists
Criminals
Hacktivists
Competitors/
Clients
ESTIMATED GLOBAL SPEND $120 BILLION+
Country Risk
Organisation Risk
People Risk
ESTIMATED COST OF CYBERCRIME$400 BILLION+
4
WHO?
WHERE?
HOW?
WHY?PowerOutages
Flooding
WaterShortages
NaturalDisasters
PoliticalUnrest
EnvironmentalImpact
FiscalCrisisCorruption
EconomicSlowdown
TerrorAttacks
COLLUSION
SCAMS
SOCIALENGINEERING
SPEARPHISHING
INFORMATIONLEAKS
EXTORTION
DARKWEBACTIVITY
RANSOMWARE
DISGRUNTLEDEMPLOYEES
RECKLESSEMPLOYEES
HACKTIVISTS
UNAWAREEMPLOYEES
INFORMATIONPARTNERS
5
WHO? HOW?
ORGANISEDCRIMINALSYNDICATES
OPPORTUNISTICCRIMINALS
ONLINEPREDATORS
THUGSCybercriminalCodeof
Ethics
“IfwhatyouputontheInternetis
worthanything,oneofuswilltryto
hackorstealit.”
“Ifyoudon’tcareaboutprotecting
yourstufffromthelikesofus,don’t
worry:You’reourfavouritetypeof
customer!” 6
WHO?THEFTOFSENSITIVE
INFORMATION
EXTORTION
FRAUD
BUSINESSDISRUPTION
INFORMATIONLEAKS
HOW?
INTELLIGENCEGATHERING
INTELLECTUALPROPERTYTHEFT
PROPAGANDA&MISINFORMATION
TERRORFUNDING
CRITICALINFRASTRUCTUREDAMAGE
DISTRIBUTEDDENIALOFSERVICE
STATESPONSOREDATTACKS– MILITARY/
INTELLIGENCE
MERCENARY/BLACKHATHACKERS
TERRORGROUPS
HACKTIVISTS
7
WHO? HOW?
VULNERABILITY MANAGEMENT
8
WHERE?
Threat Actor (Introduces)
Threat (Exploits)
Vulnerability (Leads to)
Risk (Can damage)
Asset
Exposure
BusinessOperationsImpact
FinancialImpact
ReputationImpact
PersonalImpact
9
WHO…HOW…WHERE…WHY?
11
11
COUNTRY RISK:
NATIONAL CYBER STAKEHOLDERS
12
NATIONAL CYBER STAKEHOLDERS
13
Public Sector Private Sector Safety and Security ClustersOversight CommitteesGovernment CSIRTDisaster Management
IntelligenceDefenceLaw EnforcementJustice & CorrectionsForeign AffairsKey Departments – Tax / Home Affairs / Communications / Water / Energy / Transport…
National Key Points | National, Provincial & Local Government | Citizens | Children
Industry Associations (AGI)Regulators / OmbudsmanNon-Profit Organisations
Financial | Retail | ISPs | TMT| Manufacturing | Academia | Healthcare | Professional Services | Vendors…
Investment Partners | B2B | B2C | Informal Traders | Customers
STRATEGIC
KEY SECTORS
DEPENDANTS
NATIONAL PRIORITY AREAS
Edit Text Here
1. SAFETY & SECURITY
2. CYBER CRIME
4. SKILLS & AWARENESS
3. CRITICAL INFRASTRUCTURE PROTECTION
14
15
FRAUD?
RANSOMWARE?
CYBER ATTACKS?
BUSINESS RESILIENCE?
COMPLIANCE - PENALTIES?
ORGANISATIONAL RISK
RISK & OPPORTUNITY MANAGEMENT
13
ATTACK SCENARIO
Reconnaissance Weaponisation Exploitation Command-and-Control Encryption
UnauthorisedAccess UnauthorisedUse
Installation
ObjectiveAchieved:
Monetise4Infect&Lateral
Movement3SpearPhishing2Intelligence
Gathering1
Source:CyberKillChain(LockheedMartin)
17
DEMO
CYBER RISK BUILDING BLOCKS
INFORMATIONRISKSTRATEGY&FRAMEWORK
GOVERNANCE&COMPLIANCE
CONTINUOUSLEARNING&AWARENESS
INFORMATIONSHARING&COLLABORATION MONITORING&
THREATINTELLIGENCE
RISK&CONTROLASSESSMENT
PERFORMANCEMEASUREMENT&METRICS
INCIDENTMANAGEMENT RECOVERY&RESILIENCE
18
PREV
ENT
RES
PON
DD
ETECT
REC
OVER
RANSOMWARE EXAMPLE
14
20
THE EXECUTIVE CYBER CHECKLIST
RISK ASSESSMENT GUIDANCE
21
Information Risk Assessment
Cyber Risk Analysis
Ensure the team includes strategic and operational
teams from across business – not just IT!
The assessment shouldfactor in concerns raised by stakeholders, audit findings
and past incidents
Wolfpack Cyber Security Framework:
SA Banking Sector (Incl SWIFT)SA Government Sector (Incl CIIP)
Covers over 500 vulnerabilities:• Key GRC• CIS 20 Critical Controls• ISO 27002 / 27032 / 27035• ASD – Strategies to Mitigate Cyber• Business Impact, Privacy
22
• Gaming• Passwords• Safe Banking• Scams• Online Shopping• Mobile Safety• Online Predators• Cyberbullying• Social Media…
PERSONAL SELF DEFENCE
23
PEOPLERISK DEMO
WOLFPACK INFORMATION RISK (PTY) LTD
Established: July 2011Black Economic Empowerment: Level 2 BBEEE
We specialise in information and cyber-threatmanagement covering the full spectrum of prevention,detection, incident response and business resiliencecapabilities.
Trust: Wolfpack are security cleared by the SA Government and
SA Reserve Bank. Confidentiality & Integrity assured!
Experience - Recent Projects: African Bank / Barloworld / Blue
Label Telecoms / Bidvest Bank / Gautrain / Mercantile Bank /
MTN / Nampak / Nedbank / Netcare / Outsurance / Pick n Pay /
SA National Blood Services / SARB / Toyota
WeareanindependentSouthAfricaninformationriskservicescompany
24
PHYSICAL ADDRESS :
Unit A3, Rock Cottage Office Park Cnr Christiaan de Wet & John Vorster Roads, Randpark Ridge, Johannesburg, South Africa.
CONTACT DETAILS:Phone: +27 11 794 7322Fax +27 86 604 6736
[email protected]://www.wolfpackrisk.com
SERVICES:
Research and Threat IntelligenceAdvisory AwarenessTrainingMonitoring Incident Management
25