CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead...
Transcript of CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead...
![Page 1: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/1.jpg)
CYBER RISK LANDSCAPE
1
CRAIGROSEWARNE(MBA,CISM,CISSP,ISO27001LeadImplementer&
Auditor,CertifiedLeadIncidentResponseProfessional)
![Page 2: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/2.jpg)
AGENDA
INTRODUCTION:• Threat Landscape
• Recent High Impact Incidents
MANAGING THE RISK:• Country
• Organisation
• People
2
![Page 3: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/3.jpg)
4
WHO?
WHERE?
HOW?
![Page 4: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/4.jpg)
RISK LANDSCAPE
VICTIMVSTHREATACTORS
Employees
ThirdParties(Contractors/Suppliers)
Online
Predators
Governments
Hackers
Terrorists
Criminals
Hacktivists
Competitors/
Clients
ESTIMATED GLOBAL SPEND $120 BILLION+
Country Risk
Organisation Risk
People Risk
ESTIMATED COST OF CYBERCRIME$400 BILLION+
4
WHO?
WHERE?
HOW?
WHY?PowerOutages
Flooding
WaterShortages
NaturalDisasters
PoliticalUnrest
EnvironmentalImpact
FiscalCrisisCorruption
EconomicSlowdown
TerrorAttacks
![Page 5: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/5.jpg)
COLLUSION
SCAMS
SOCIALENGINEERING
SPEARPHISHING
INFORMATIONLEAKS
EXTORTION
DARKWEBACTIVITY
RANSOMWARE
DISGRUNTLEDEMPLOYEES
RECKLESSEMPLOYEES
HACKTIVISTS
UNAWAREEMPLOYEES
INFORMATIONPARTNERS
5
WHO? HOW?
![Page 6: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/6.jpg)
ORGANISEDCRIMINALSYNDICATES
OPPORTUNISTICCRIMINALS
ONLINEPREDATORS
THUGSCybercriminalCodeof
Ethics
“IfwhatyouputontheInternetis
worthanything,oneofuswilltryto
hackorstealit.”
“Ifyoudon’tcareaboutprotecting
yourstufffromthelikesofus,don’t
worry:You’reourfavouritetypeof
customer!” 6
WHO?THEFTOFSENSITIVE
INFORMATION
EXTORTION
FRAUD
BUSINESSDISRUPTION
INFORMATIONLEAKS
HOW?
![Page 7: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/7.jpg)
INTELLIGENCEGATHERING
INTELLECTUALPROPERTYTHEFT
PROPAGANDA&MISINFORMATION
TERRORFUNDING
CRITICALINFRASTRUCTUREDAMAGE
DISTRIBUTEDDENIALOFSERVICE
STATESPONSOREDATTACKS– MILITARY/
INTELLIGENCE
MERCENARY/BLACKHATHACKERS
TERRORGROUPS
HACKTIVISTS
7
WHO? HOW?
![Page 8: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/8.jpg)
VULNERABILITY MANAGEMENT
8
WHERE?
![Page 9: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/9.jpg)
Threat Actor (Introduces)
Threat (Exploits)
Vulnerability (Leads to)
Risk (Can damage)
Asset
Exposure
BusinessOperationsImpact
FinancialImpact
ReputationImpact
PersonalImpact
9
WHO…HOW…WHERE…WHY?
![Page 10: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/10.jpg)
11
![Page 11: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/11.jpg)
11
COUNTRY RISK:
![Page 12: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/12.jpg)
NATIONAL CYBER STAKEHOLDERS
12
![Page 13: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/13.jpg)
NATIONAL CYBER STAKEHOLDERS
13
Public Sector Private Sector Safety and Security ClustersOversight CommitteesGovernment CSIRTDisaster Management
IntelligenceDefenceLaw EnforcementJustice & CorrectionsForeign AffairsKey Departments – Tax / Home Affairs / Communications / Water / Energy / Transport…
National Key Points | National, Provincial & Local Government | Citizens | Children
Industry Associations (AGI)Regulators / OmbudsmanNon-Profit Organisations
Financial | Retail | ISPs | TMT| Manufacturing | Academia | Healthcare | Professional Services | Vendors…
Investment Partners | B2B | B2C | Informal Traders | Customers
STRATEGIC
KEY SECTORS
DEPENDANTS
![Page 14: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/14.jpg)
NATIONAL PRIORITY AREAS
Edit Text Here
1. SAFETY & SECURITY
2. CYBER CRIME
4. SKILLS & AWARENESS
3. CRITICAL INFRASTRUCTURE PROTECTION
14
![Page 15: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/15.jpg)
15
FRAUD?
RANSOMWARE?
CYBER ATTACKS?
BUSINESS RESILIENCE?
COMPLIANCE - PENALTIES?
ORGANISATIONAL RISK
![Page 16: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/16.jpg)
RISK & OPPORTUNITY MANAGEMENT
13
![Page 17: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/17.jpg)
ATTACK SCENARIO
Reconnaissance Weaponisation Exploitation Command-and-Control Encryption
UnauthorisedAccess UnauthorisedUse
Installation
ObjectiveAchieved:
Monetise4Infect&Lateral
Movement3SpearPhishing2Intelligence
Gathering1
Source:CyberKillChain(LockheedMartin)
17
DEMO
![Page 18: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/18.jpg)
CYBER RISK BUILDING BLOCKS
INFORMATIONRISKSTRATEGY&FRAMEWORK
GOVERNANCE&COMPLIANCE
CONTINUOUSLEARNING&AWARENESS
INFORMATIONSHARING&COLLABORATION MONITORING&
THREATINTELLIGENCE
RISK&CONTROLASSESSMENT
PERFORMANCEMEASUREMENT&METRICS
INCIDENTMANAGEMENT RECOVERY&RESILIENCE
18
PREV
ENT
RES
PON
DD
ETECT
REC
OVER
![Page 19: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/19.jpg)
RANSOMWARE EXAMPLE
14
![Page 20: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/20.jpg)
20
THE EXECUTIVE CYBER CHECKLIST
![Page 21: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/21.jpg)
RISK ASSESSMENT GUIDANCE
21
Information Risk Assessment
Cyber Risk Analysis
Ensure the team includes strategic and operational
teams from across business – not just IT!
The assessment shouldfactor in concerns raised by stakeholders, audit findings
and past incidents
Wolfpack Cyber Security Framework:
SA Banking Sector (Incl SWIFT)SA Government Sector (Incl CIIP)
Covers over 500 vulnerabilities:• Key GRC• CIS 20 Critical Controls• ISO 27002 / 27032 / 27035• ASD – Strategies to Mitigate Cyber• Business Impact, Privacy
![Page 22: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/22.jpg)
22
![Page 23: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/23.jpg)
• Gaming• Passwords• Safe Banking• Scams• Online Shopping• Mobile Safety• Online Predators• Cyberbullying• Social Media…
PERSONAL SELF DEFENCE
23
PEOPLERISK DEMO
![Page 24: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/24.jpg)
WOLFPACK INFORMATION RISK (PTY) LTD
Established: July 2011Black Economic Empowerment: Level 2 BBEEE
We specialise in information and cyber-threatmanagement covering the full spectrum of prevention,detection, incident response and business resiliencecapabilities.
Trust: Wolfpack are security cleared by the SA Government and
SA Reserve Bank. Confidentiality & Integrity assured!
Experience - Recent Projects: African Bank / Barloworld / Blue
Label Telecoms / Bidvest Bank / Gautrain / Mercantile Bank /
MTN / Nampak / Nedbank / Netcare / Outsurance / Pick n Pay /
SA National Blood Services / SARB / Toyota
WeareanindependentSouthAfricaninformationriskservicescompany
24
![Page 25: CYBER RISK LANDSCAPE · CYBER RISK LANDSCAPE 1 CRAIG ROSEWARNE (MBA, CISM, CISSP, ISO27001 Lead Implementer & Auditor, Certified Lead Incident Response Professional)](https://reader035.fdocuments.in/reader035/viewer/2022071215/6044edc36dccf44b547b4804/html5/thumbnails/25.jpg)
PHYSICAL ADDRESS :
Unit A3, Rock Cottage Office Park Cnr Christiaan de Wet & John Vorster Roads, Randpark Ridge, Johannesburg, South Africa.
CONTACT DETAILS:Phone: +27 11 794 7322Fax +27 86 604 6736
[email protected]://www.wolfpackrisk.com
SERVICES:
Research and Threat IntelligenceAdvisory AwarenessTrainingMonitoring Incident Management
25