The role of business continuity in managing cybersecurity threats

4th May 2016

About GRCBizassurance

• Formed in 2011, GRCBizassurance is a specialist Security Consulting and Services company. We are black-woman majority owned

• We are a South African Consulting Team operating in Johannesburg and Cape Town

• Collectively we have over 80 years IT and security track record across corporate customers and government customers

• Our team has expertise in:

• Security architecture design

• Data protection

• Identity and access management

• Security and incident event management

• Firewalls

• Reverse and forward proxy

• Network and web application vulnerability management

• Ethical hacking

• Unified email management

• Disaster recovery

info@grcbizassurance.com +27 11 258 8750 Building 2 Country Club Estate, 21 Woodlands Drive, Woodmead, Johannesburg 2192 South Africa

Should we be afraid of cyber threats?

• Cyber security spans a broad range of issues related to national security, whether through terrorism, crime or industrial espionage

• Cyber crime can take the form of information theft, identity theft, hacking or denial of service to vital systems

• It has become a fact of life across Europe, US, Asia, Australia…even South Africa

• Cyber threats are very real…and can be very personal, and impact your businesses

Loss of contracts / business opportunities

Increased insurance premiums

Temporary loss of ability to trade

Loss of credibility / damage to company reputation

Damage to credit rating

Temporary loss of access to business critical information

What are some high profile incidents?http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

What are some high profile incidents?

What are adversaries’ motives?

• Information is attracting the attention of adversaries who look for new ways to steal it, and benefit from it

• Adversaries include hacktivists, nation-states, and others not necessarily seeking direct financial gain

• The personalization and consumerization of cyber attacks means that adversaries may also include a competitor, as well as those who just want to see chaos

• The growing value of personal data will attract cyber thieves and lead to sophisticated markets for stolen data

• It is in leading to more security and privacy legislation

What are some key trends?

• Cybercrime typically follows the money – especially on smartphones and online transactional

platforms

• Even some nation-states are becoming opportunistic and use syndicated cyber criminals

create an attack by using both new innovative techniques and undisclosed vulnerabilities

• The focus on cyber threats is now on its value and its impact is increasingly becoming a

board-level debate

• The role of the CISO is shifting from being a technical lead to being a business risk leader

• Cloud and BYOD offer new challenges…and attack surfaces

Why is business continuity important in responding to a cyber attack?

Why is business continuity important in responding to a cyber attack?

• It’s not about what your business should do at the time of an attack, but rather how you

implement a response and recovery plan

• The biggest risk your business could face in today’s uncertainty of cyber attacks is not being

prepared

• Even with a comprehensive recovery strategy in place in your business, the chaotic

atmosphere brought on by a cyber attack becomes very difficult to manage

• Your business must rely on your business continuity blueprints during this chaos

• Your business needs to rigorously and regularly test backup and recovery systems

• This will given assurance to your business leaders that in an emergency situation, that your

business systems will be able to fully support any restoration or continuity needs

• Your business must therefore adopt an effective risk management and response plan as a key

mitigation approach

Threat management

Threat management

Threat management

Threat management

Your call to action that enables your business to respond to a cyber attack

• Team up with a dedicated Security service provider with expertise in ISO27001/2 and ISO22301

• Establish Recovery Time Objectives and Recovery Point Objectives which should be clearly defined for every key application with business stakeholders

• Orchestrate a trial scenario for worst-case scenarios

• Leverage cloud services, and allow BYOD to be integral to your business recovery planning

• Frequently and thoroughly test for system replication

• Make sure that your DR plan and your teams have what’s needed to recover your information systems and business functions in the event of an emergency

• Create a checklist

• Walk through steps

• Run a simulation

• Perform a parallel

• Amplify the importance of good cyber security in your boardroom

• Mobilise your security incident response team using the cloud security platforms like Qualysand EiQ

• Secure systems and ensure business continuity

• Conduct a thorough investigation – root-cause analysis

• Manage public relations, and address legal and regulatory requirements