Cyphra - Cyber Security

Cyber Resilience

Threat landscape in 2015

430,000,000

160,000

Anthem

Office of Personnel Management

Ashley Madison ,

The Hacking Team

Talk Talk(157k)

2015 - More data breaches ! $325m ransomware

170,000,000

£60m101,000

Mossack Fonseca

100m Tech Support

100,000

500,000,000 identities

“The starting point must be that every British

company is a target, that every British network

will be attacked, and that cybercrime is not

something that happens to other people”.

George Osborne - 2015

Why the Third Sector is targeted

• They hold something criminals want

– Money

– Personal data

– Infrastructure

– Email accounts

– Intellectual property

– Credit card details

– Reputation

– A route to a bigger prize

• It’s easier

– Lack of understanding – “It won’t happen to me” – “I don’t have anything worth taking….”

– Not a priority - too busy running the organisation

– Lack of skills

– Limited budgets

• Just an internet (IP) address to the attacker…

Women’s Resource Centre website – Jan 2016

Ransomware = ‘Big business’

Government is Taking Steps…

• Invested £1.9 billion in National Cyber Security Programme

• Established National Cyber Security Centre

– Cyber Essentials Scheme

– Cyber Streetwise

– Cyber Information Sharing Partnership

• Academic Centres of Excellence in cyber security research (13)

• Develop cyber skills

• National Offensive Cyber Programme

• Increase cyber defences

But organisations needs to do more…

Benefits of Cyber Essentials

• Reduces the threat of 80% of cyber attacks.

• Cost effective and easy to implement.

• Mandated or strongly recommended for many contracts.

• Mitigate indirect supply chain risks

• Government backed scheme with wide industry support

• “Kite mark” demonstrates verified cyber credentials

• A set of 5 key technical controls

“It’s a no-brainer – and I’d like to see all businesses adopt it”

Ed Vaizey

5 Key Controls

• Firewalls

• Secure configuration

• User access control

• Malware protection

• Patch management

Supporting Organisations

• Cabinet Office

• Department of Culture, Media & Sport

• Information Commissioners Office

• Confederation of British Industry

• Federation of Small Businesses

• Chamber of Commerce

• British Insurance Brokers Association

Cyber Security Maturity

Make your organisation Cyber Resilient

• Understand the risk – Information!!!

• Implement appropriate technical controls

• Governance - policies, procedures

• Educate staff

• Incident and recovery planning

• Manage supply chain risks.

• Report Cyber Crime to PSNI

• Join CISP

Prevention

Secure Configurations

Sound Governance

Robust Policies

User Awareness

Technical controls

Detection

Monitoring and Alerting

Staff alertness

Anomalous Behaviour

Audit and Reviews

Security Tests

Response

Assessment

Containment

Reporting

Forensics

Recovery

Review

Prevention

Detection

Response

Key Take Aways!

What does this mean for NI?NORTHERN IRELAND

Further information• Cyber Essentials:

– https://www.gov.uk/government/publications/cyber-essentials-scheme-overview

– http://www.cyberstreetwise.com/cyberessentials

– http://www.cesg.gov.uk/servicecatalogue/cyber-essentials/Pages/Scheme-Library.aspx

• ICO:

– https://ico.org.uk/media/for-organisations/documents/1575/it_security_practical_guide.pdf

• HMG 10 Steps to Cyber Security:

– https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets

• Cyber Information Sharing Partnership (CISP)

– https://www.cert.gov.uk/cisp/

• PSNI Cybercrime

– http://www.psni.police.uk/

• Cyphra

– Conrad Simpson [email protected]