Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anatomy of a Common Cyber Attack

Published byLili Szilágyiné Modified over 4 years ago

Similar presentations

Presentation on theme: "Anatomy of a Common Cyber Attack"— Presentation transcript:

1 Anatomy of a Common Cyber Attack
Targeted spear-phishing Privilege escalation through credential theft Installation of malware Packaging and exfiltration of targeted data Covering up of tracks

2 Lessons Learned: Common Failings
Application Security Overall Management Infrastructure Security Identity & Access Management Overall Management Failed to address recommendations from third-party assessments Governance/senior leaders not involved Uneven security across organization Identity & Access Management Lack of control over system administrator credentials Use of default passwords for privileged accounts Improper/unnecessary access to networks by third parties Failure to use two-factor authentication for remote access Data Protection Lack or failure of encryption Incomplete inventory of sensitive data and its locations, leading to insufficient data protection Infrastructure Security Improper segmentation Failed or insufficient network monitoring Unnecessary permissions for connections between servers Failure to decommission systems no longer in use Unnecessary connection between servers and the external internet Failure to deploy purchased network security/monitoring tools Application Security Application patching and updating problems Failure to restrict permissions to install unauthorized software Failure to audit for known vulnerabilities Data Protection

3 Lessons Learned: Preparedness
Companies that have responded effectively: Prioritize and plan: draft and exercise an incident response plan Identify single interdisciplinary team to manage the response Engage outside experts pre-incident Draft holding statements Look at third-party vendor access Connect with law enforcement Prepare and/or promptly inform the Board post-incident Assess information security practices against regulators’ publications, enforcement actions Companies that have responded effectively: Prioritize and plan: draft and exercise an incident response plan Identify single interdisciplinary team to manage the response Engage outside experts pre-incident Third-party forensics team Crisis communications team Credit monitoring / mailing vendor Law firm Draft holding statements Look at third-party vendor access Connect with law enforcement Prepare and/or promptly inform the Board post-incident Assess information security practices against regulators’ publications, enforcement actions

4 Lessons Learned: Coordinated Response
Forensics First: Address Compromise & Understand What Happened Communications Issues Legal Issues Forensics are critical: what is known, unknown and degree of uncertainty Conduct a legally privileged investigation Reputational issues first, but be mindful of potential for litigation Consider all constituencies — ensure consistent messaging Track and coordinate communications with regulators and law enforcement Statutory and contractual notice obligations Address regulators and law enforcement Consider potential SEC disclosure issues Identify SOX systems and include in scope of forensic work Cyber Insurance Litigation Forensics First: Address Compromise & Understand What Happened: Forensics are critical: what is known, unknown and degree of uncertainty Conduct a legally privileged investigation Communications Issues Reputational issues first, but be mindful of potential for litigation Consider all constituencies—ensure consistent messaging Track and coordinate communications with regulators and law enforcement Legal Issues Statutory and contractual notice obligations Address regulators and law enforcement Consider potential SEC disclosure issues: Material? Risk factor revision? Identify SOX systems and include in scope of forensic work Cyber Insurance—notify insurer ASAP; be mindful that public statements do not undermine claims Litigation

5 Lessons Learned: Coordinated Response
Forensics FTC/SEC Customers State AGs Employees & Directors Insurers Media Congress Interdisciplinary team managing/coordinating response Manage simultaneous work streams Ensure common and complete understanding of the facts across team Law Enforcement Litigation

6 Response Workstream: The Initial 24 Hours
Key Tasks Comments / Points of Contact Incident response team convenes Initial meeting / call to be set up as soon as possible Incident Response Team will manage immediate response actions CISO response: containment and remediation Focus on CISO & efforts to contain/remediate incident Outside counsel Contact outside counsel Outside counsel to engage pre-arranged forensic firm(s), if necessary, in consultation with legal team and other relevant stakeholders Law enforcement Consider whether to contact FBI and/or other agencies Document preservation Consider issuing document preservation notice(s) Credit monitoring / identity protection services Confirm breach of sensitive PII (e.g., payment card data coupled with name, SSN, passport, etc.) SEC Consider need for Form 8-K filing Internal messaging Communications statements & guidance to employees Briefings to management/directors Provide briefing to key senior executives Inform Board of current status

7 Response Workstream: Beyond the First 24 Hours
Key Tasks Comments / Points of Contact Technical response and forensics Ongoing forensic investigation, containment & remediation Audit firm requests Respond to requests for information from company auditors Evaluate data breach notice to consumers/counterparties/AGs Continually evaluate obligation to provide notice to individual consumers or contract counterparties as forensic information is developed Ensure notification complies with state-specific requirements Alert state AGs as appropriate Communications Implement external and internal communications plans as forensic information develops Investor relations Coordinate with corporate communications Board of directors Regular updates to Board or appropriate Board committee Law enforcement Outside counsel to coordinate/cooperate with law enforcement SEC Consider disclosure obligations as forensic information develops Contracts Review contracts for any notice obligations Litigation Monitor for litigation filings

Download ppt "Anatomy of a Common Cyber Attack"

Similar presentations

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Network security policy: best practices

Network security policy: best practices
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Chapter 6 CRISIS MANAGEMENT. Introduction - Crisis: ◦is a situation that specifically involves a pharmaceutical product, medical device or activity with.

Chapter 6 CRISIS MANAGEMENT. Introduction - Crisis: ◦is a situation that specifically involves a pharmaceutical product, medical device or activity with.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

Similar presentations

Ads by Google