Download presentation
Presentation is loading. Please wait.
Published byMargareta Berg Modified over 6 years ago
1
Cyber Resilience Dealing with the worst of cyber threats — Alex Serrano IBM Resiliency Services Leader Australia and New Zealand Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
2
A boiling frog… ~ 3 million Cyber Attacks ~ 42 million Cyber Attacks
recorded in 2009 1 recorded in 2016 1 Average total cost of data breach is USD 3.86 million, $1.99 million in Australia. 4 More than 2,000 IT and security practitioners across the globe share three key concerns: 2 56% Had a significant disruption in the last 2 years. 65% report the severity of attacks has increased in the last year Are confident their organisations can prevent, detect, contain and respond to a cyber attack 53% 77% Of organisations lack a formal Cyber Security Incident Response Plan (CSIRP), applied consistently across the enterprise 1: Barbe, Claudia (2016). Weltweite PwC-Umfrage zur IT-Sicherheit: Zahl der Hackerangriffe auf Unternehmen steigt kontinuierlich. PwC. 2: Ponemon Institute (2018). The Third Annual Study of the Cyber Resilient Organization.” 3: Ponemon Institute, (2017) 2017 Cost of Data Breach Study,” 4: Ponemon Institute, (2018) 2018 Cost of Data Breach Study,”
3
… or a clear and present danger?
Source: World Economic Forum, 2018 World Economic Forum 2018 Global Risks Perception Survey: Cyberattacks ranked #3 “Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace.” Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
4
$3.86 million $310+ million $8 billion 1 in 4 The worst is upon us….
Average total cost of a data breach in 2018 $310+ million Cost impact for one company impacted by NotPetya $8 billion Estimated global cost of WannaCry attack 1 in 4 Odds of an organisation experiencing a data breach over a two year period The financial impact of cyber attacks are rising, and some of the largest costs in 2017 related to ransomware attacks, which accounted for 64% of all malicious s. A Ponemon study found the total cost of a data breach in 2017 was US$3.62 million dollars. Notable examples included the WannaCry attack—which affected 300,000 computers across 150 countries—and NotPetya, which caused publicly reported losses of over US$310 million for one organization and US$ million for another. The estimated global cost of the WannaCry attack is around US$8 billion. Ponemon research into data breaches report the odds of experiencing a data breach over the next two years at 1 in 4. Staggeringly high odds if you are unprepared. Source: Ponemon, 2017 Cost of Data Breach Study - CBSNews WannaCry ransomware attack losses could reach $4 billion -
5
…Or yet to come?? Jan Mar Feb May July March June Sept 2018 2017
Petya/NotPetya/Nyetya/Goldeneye/ QakBot Trojan– destructive malware Deloitte Equifax breach of 143 million records City of Atlanta WikiLeaks CIA Vault 7 Meltdown/Spectre Feb May July 2017 2018 March June Sept Jan Mar Shamoon - destructive malware Triton targets industrial control systems (ICS) Macron Campaign Hack Verizon WannaCry Attacks are now often designed to permanently disrupt as many machines as possible. In the case of NotPetya, the malware was, in fact, more characteristic of a “wiper” attack (intended to destroy data) rather than a ransomware attack for financial gain. There is no mechanism to unlock the disabled machines even if a payment had been made. The impacts of Petya/NotPetya were felt throughout the industry in 2017, but as we move into 2018 the City of Atlanta faced a crippling ransomware attack. Costing over US$10 million in emergency procurements and additional budget requests thus far, this attack that started as ransomware has led to significant outages of mission critical applications for the city. Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
6
What is cyber resilience?
“Dynamic and integrated platform combining cybersecurity with backup and recovery methods to protect against, detect, respond to, and recover from cyber attacks while minimising the impact on business”. Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
7
What is the ‘worst’? “… antifragility is the combination of aggressiveness plus paranoia – clip your downside, protect yourself from extreme harm, and let the upside, the positive Black Swans, take care of itself”1. Source: 1. (2012) Nicholas Taleb Nassim Nicholas Taleb, Antifragile: Things that Gain from Disorder Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
8
Cyber heroes need serious tools…
Mobile 1980s Centralized Mainframes 2016+ Cognitive Era Early 2000s E-Business 1990s Distributed Computing Late 2000s Smarter Planet Client / Server Internet Big Data & Analytics Social Business Cloud Hybrid Cloud environments TCP / IP Early 2010s CAMS “Current Wave” AI, Predictive, Orchestrated Personal Computer Increasing Complexity Practitioner-Led Technology-Led Systems Integration Services Integration As computing technologies have progressed over time, so have the complexities that need to be managed. In the first wave, the trend was to have a RTO in weeks to days with infrastructure recovery in the data center. Typically these were singular centralized systems. The expectations in wave 2 for RTO reduced to days and cloud began to be a part of the story Wave 3 expectations were in the minutes to hours with more hybrid environments The trend going forward is an expectation of always-on systems with an expectation of zero downtime and at the same time, our systems are more heterogenous than ever. To solve for this expectation and complexity, AI, predictive systems, and orchestration as part of a software-defined resiliency story will be critical. The future is AI and Orchestration. By proactively identifying threats you can predict emerging threats and risks by modelling behaviors You can gain actionable insights so you can triage and respond quickly with improved accuracy and you can respond quickly with confidence leveraging orchestration to generate a complete and dynamic response, enabling faster, more intelligent remediation Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
9
… to shut down the time to identify and contain attacks
1. Mean Time To Identify (MTTI) 2. Mean Time To Contain (MTTC) Organisations with BCM in Security show a time saving of 43 days in MTTI for data breaches. 1 Organisations with BCM in Security show a time saving of 35 days in MTTC for data breaches. 1 3. DR Automation & Orchestration 4. IT Service Continuity & BCM Organisations with BCM in Security experienced a ‘material disruption’ to business in 55% of data breaches, versus 76% for those without BCM. 1 Organisations with DR automation & orchestration experience a 39.5% cost saving per day during data breaches. 1 16% reduction in the total cost of a data breach USD 3.94 million vs USD $3.35 million 1 1: IBM (2017) “2017 Cost of Data Breach Study: Impact of Business Continuity Management” Ponemon Institute, June 2017
10
Assess capabilities across the cyber life cycle…
Identify: Defining a roadmap and action plan to build or improve Organization’s cyber resilience plan Protect: Protecting the Organization against attacks by discovering vulnerabilities before they are exploited Detect: Detecting unknown threats with advanced analytics Respond: Responding effectively to cyber outbreaks Recover: Recovering access to critical data and applications Based on the NIST cyber security framework, the IBM cyber resilience lifecycle enables organizations to improve their cyber robustness across the five phases of the lifecycle: Identify – is about preparing a plan Protect – discover weaknesses before attackers can Detect – find unknown threats with advanced analytics and stop attacks before they become entrenched Respond – Coordinate your response so everyone is on the same page and all tasks are completed Recover – Get back up and running quickly and efficiently Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
11
Take stock of what capabilities need boosting…
12
Build a blueprint and roadmap for the cyber ‘journey’
Identify Protect Detect Respond Recover Definition of Goals and Requirement related to identified Risk Awareness and Training SOC/SIEM Optimisation Activation of contingency plans with automated communication IT Recovery Orchestration Automated recovery including dependency management in hybrid IT environments Data Security, Account and Access Management Vulnerability Management Maturity Assessment on the dimensions of : IT-Security Network Security Business / IT-Continuity End Point Management (patch and compliance management) Endpoint Detection and Response Cyber Threat Management Integration of Threat Intelligence and Cognitive analysis Cyber Incident Orchestrated Response Management Strategic Post-Cyber-Attack Analysis Optimisation of Backup, Archive and Disaster Recovery Gap Analysis and Definition of Roadmap and associated action plan Construction and implementation of Software Defined WAN Rapid deployment of new sites (MWS Emergency Kit) Separation of the data and control layer in the network – Zero Trust Internet Hub Automatic reporting of network availability Establishment of Business / IT-Continuity Organization Policy based routing of network traffics Global centralized control of network components (SD WAN) Micro-segmentation of the network Monitoring of WAN links Technical restart concept incl. segmented network Crisis organization for detection and initiation of measures in case of a cyber attack Immediate actions to defend against the cyber attack Fully and quickly recovered IT landscape after the cyberattack Current level of maturity including action plan to enhance the maturity Outcomes Detailed Analysis and Prioritised Roadmap to define and implement the Blueprint for your company Hier ist Platz für Ihre Notizen Implementation – Quick Wins and Strategic Initiatives Run
13
Prepare for the ‘worst’ day
4/13/2019 Prepare for the ‘worst’ day Credentials Stolen Encrypted Communication Twitter Sentiment Falls Insider? Victim? Response Website Law Enforcement Calls CEO Phishing Database Stolen Update C-Level Executives Validate Altered Financial Reports Legal Deposition BOOM Malware Deployed Additional Compromises Press Conference Notify Customers & Partners Regulation Authority Investigation Remote Access to Network First Public Indicator Stock Price Falls Forensic Research Board of Directors Meeting Studies show that the typical attack takes 191 days for an organization to detect and remediate (source: Ponemon, 2017 Cost of Data Breach Study - Lets take a look at what is going on before that happens. A typical attack involves phishing or social engineering to get an insider to click a link that deploys malware. Once the attacker is in the network, they begin looking to spread their attack by gathering credentials and looking for remote access. Commonly, they start with database or financial data and look for a way to exfiltrate that data. Once the exfiltrated data is available on the dark web, the public or law enforcement begins to become aware. This often happens before the company itself knows about the breach. Whether the attack is detected internally or the company is informed via an external source, when the company is made aware, this is what we refer to as the BOOM moment. Before the BOOM is all the activity that attackers use to infiltrate the organization and all the attempts by the organization to protect against these attacks. After the BOOM, is how the company responds to the incident. Often, the breach is public – personal data exposed, business services unavailable, etc. As a result, the company faces a backlash of customer sentiment and the potential for the stock price to fall. This is a crucial time and detailed, up to the minute knowledge on the situation is critical so the organization can tell a cohesive story. More importantly, having the ability to respond quickly to the incident and recover to a working state as fast as possible will result in less costs due to business disruption. Source: Ponemon, 2017 Cost of Data Breach Study - REPORTED AVERAGE: 191 days
14
… by orchestrating for cyber incident recovery
IBM Resiliency Orchestration uses Backup/Replicated Data with Air Gap to protect against cyber outages Production Infrastructure DR Infrastructure Resiliency Orchestration Copy Data Manager Servers Servers Automation Change Management Copy Data Manager Dashboard Validation Reporting Storage Storage Key Features: Air-Gapped Access Reduces Risk of Backup Corruption Quick Recovery Reduces Downtime and Ensures Best RPO Efficient Point-In-Time Recovery with Copy Data Management technologies like Actifio Immutable Storage for preventing corruption of back-up Cloud Object Storage Copy Data Manager Network Network Data Verification Combined Slide to be put – Security summit / CVP deck Release announcement : Q3 2018
15
… going beyond automation for real DR insight and control
DR management simplification: ‘single pane of glass’ management orchestration of heterogeneous applications, workloads, infrastructure Monitor ‘Real-time’ DR capability: continuous validation of data replication and DR failover readiness Eliminate Manual Overhead: Eliminate reliance on on manual runbooks and recovery risks Scenario testing capability: Orchestrate for scenarios (e.g. single system vs ‘whole of site’) Cyber Resilience: Achieve “air gapped” DR systems and infrastructure 50% reduction in dependency on DR specialists* Good practice DR workflow Real-time RPO & RTO “Pre-Flight” checks Out-of-box Switchover & Switchback Automated application Recovery Compliance & deviation Reports 60% reduction in DR test time* 75% reduction in people resources for application failover and recovery* * DR improvements experienced on average by IBM clients adopting Resiliency Orchestration based on on historical results. IBM Cloud Resiliency Orchestration offers disaster recovery monitoring, reporting, testing and workflow automation capabilities of complex hybrid cloud environments in a scalable, easier-to-use solution built on industry standards. The service combines automation and analytics for faster, more cost-effective disaster recovery to help keep daily business operations running and to proactively avoid disruptions that lead to lost revenue, brand damage and dissatisfied customers. From a cost perspective the new service will enable better automation of server and application processes, resulting in a more timely DR deployment and exercise process. With the help of the dashboard, many of these tasks will be managed automatically with complete transparency to the customer. Since orchestration serves to link automated processes across platforms and clouds, there is an increased confidence by the customer to respond quickly to DR events, possibly with a lower requirement for manual intervention and high-level human expertise. Finally, the quality of the customer’s DR environment improves overall, due to the tool’s consistent ability to spot potential issues and control by the customer to remediate these issues via the automated dashboard. Value drivers: Accelerated revenue growth in DR orchestration and through Geo expansion Additional revenue opportunities in DR and IT Consultancy and GBS Solution can run on AWS and is intended to run on SoftLayer and can be leveraged for both Cloud units and GTS clients Sanovi is enabling IBM to leapfrog & differentiate in support of Hybrid Cloud environments as well as existing legacy on-premise solutions – for multi-platform, multi-vendor, multi-OS, physical and virtual infrastructures -- and up to Applications & Business Process recovery management DR management simplification: IBM Resiliency Orchestration (RO) enables ‘single pane of glass’ management and orchestration of heterogeneous applications, workloads, infrastructure and capability to achieve stringent Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Monitor ‘Real-time’ DR capability: IBM RO provides monitoring, reporting, testing, and workflow automation capabilities for continuous validation of data replication and DR failover readiness, providing increased confidence in DR readiness Eliminate Manual Overhead: Orchestrate the recovery of critical systems IBM RO enables more rapid DR failover and recovery without a reliance on manual methods, runbooks, and teams to manage failover and recovery risks. Maintenance of manual runbooks is eliminated along with the errors that this can introduce. Scenario testing capability: RO enables the flexible development of DR strategies to orchestrate for multiple distinct scenarios (e.g. single system recovery from DR, IT service recovery, or ’whole-of-site’. Cyber Resilience: RO with a suitable architecture can facilitate “air gapped” DR of critical systems and infrastructure configuration recovery to protect against destructive cyber attacks.
16
… and overcoming ‘force disparity’ in the face of attacks.
Identify Protect Detect Respond Recover Threat Intelligence Feed via portal or Annual Vulnerability Test Client-run Enterprise Vulnerability Management Client-run network and endpoint security Recommendations on actions to secure network or endpoints Machine-assisted Threat Disposition 24x7 monitoring and investigation SLA on alert trigger Use Case Library Up to 5 runbook designs Incident management Table-top exercises and response management program Automated / orchestrated responses based on event triggers Root Cause Analysis Improve response plan based on lessons learned Foundation Package Included ⁄ Governance Named Security Manager Quarterly Executive Review Pre-Delivery Assessment & Maturity Roadmap Vulnerability Ranking On-demand Testing Enterprise Vulnerability Management Security Assessments for Cloud, Data, and Identity Continuous threat hunting with recommendations Managed Network and Endpoint Security Security policy assessment and design SLA on notification User Behavioral Analytics Additional runbook designs Managed Detection & Response Incident Containment Named Incident Manager Resilient for custom use Cyber Resilience Services Business process continuity Annual security standards CSF Review Extensions Optional Extending to the Left and Right of Boom These ovals represent our services governance layer, such as named AP’s and SSMs, etc Governance Security Standards Operational Model Custom Business Relevant Reports Assess or Manage On-premises SOC
17
Thank you Alex Serrano IBM Resiliency Services Leader,
Australia and New Zealand — Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
18
Navman MiVue850 Full HD Dual Camera, valued at $499 RRP*
Before you go… Interested in a 1:1 meeting? Visit the Gartner Concierge or the IBM booth to schedule a meeting with Mijee Walker, IBM Resiliency Services Leader, Asia-Pacific. Cyber Resilience Rapid Risk Assessment As a first step to assessing and building a cyber resilience capability suited to your organisation, we are offering a Quickstart Cyber Resilience Workshop. Visit the IBM booth to express your interest. WIN* a Navman Dash Cam! CODE: 426 Unlock the prize box on the IBM booth using this code, and scan your badge to enter the draw to win* Navman MiVue850 Full HD Dual Camera, valued at $499 RRP* *Terms & conditions available at the IBM booth
19
Gartner Security & Risk Management Summit / August, 2018 / © 2018 IBM Corporation
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.