Cyber Resilience
Cyber Resilience
Threat landscape in 2015
430,000,000
160,000
Anthem
Office of Personnel Management
Ashley Madison ,
The Hacking Team
Talk Talk(157k)
2015 - More data breaches ! $325m ransomware
170,000,000
£60m101,000
Mossack Fonseca
100m Tech Support
100,000
500,000,000 identities
“The starting point must be that every British
company is a target, that every British network
will be attacked, and that cybercrime is not
something that happens to other people”.
George Osborne - 2015
Why the Third Sector is targeted
• They hold something criminals want
– Money
– Personal data
– Infrastructure
– Email accounts
– Intellectual property
– Credit card details
– Reputation
– A route to a bigger prize
• It’s easier
– Lack of understanding – “It won’t happen to me” – “I don’t have anything worth taking….”
– Not a priority - too busy running the organisation
– Lack of skills
– Limited budgets
• Just an internet (IP) address to the attacker…
Women’s Resource Centre website – Jan 2016
Ransomware = ‘Big business’
Government is Taking Steps…
• Invested £1.9 billion in National Cyber Security Programme
• Established National Cyber Security Centre
– Cyber Essentials Scheme
– Cyber Streetwise
– Cyber Information Sharing Partnership
• Academic Centres of Excellence in cyber security research (13)
• Develop cyber skills
• National Offensive Cyber Programme
• Increase cyber defences
But organisations needs to do more…
Benefits of Cyber Essentials
• Reduces the threat of 80% of cyber attacks.
• Cost effective and easy to implement.
• Mandated or strongly recommended for many contracts.
• Mitigate indirect supply chain risks
• Government backed scheme with wide industry support
• “Kite mark” demonstrates verified cyber credentials
• A set of 5 key technical controls
“It’s a no-brainer – and I’d like to see all businesses adopt it”
Ed Vaizey
5 Key Controls
• Firewalls
• Secure configuration
• User access control
• Malware protection
• Patch management
Supporting Organisations
• Cabinet Office
• Department of Culture, Media & Sport
• Information Commissioners Office
• Confederation of British Industry
• Federation of Small Businesses
• Chamber of Commerce
• British Insurance Brokers Association
Cyber Security Maturity
Make your organisation Cyber Resilient
• Understand the risk – Information!!!
• Implement appropriate technical controls
• Governance - policies, procedures
• Educate staff
• Incident and recovery planning
• Manage supply chain risks.
• Report Cyber Crime to PSNI
• Join CISP
Prevention
Secure Configurations
Sound Governance
Robust Policies
User Awareness
Technical controls
Detection
Monitoring and Alerting
Staff alertness
Anomalous Behaviour
Audit and Reviews
Security Tests
Response
Assessment
Containment
Reporting
Forensics
Recovery
Review
Prevention
Detection
Response
Key Take Aways!
What does this mean for NI?NORTHERN IRELAND
Further information• Cyber Essentials:
– https://www.gov.uk/government/publications/cyber-essentials-scheme-overview
– http://www.cyberstreetwise.com/cyberessentials
– http://www.cesg.gov.uk/servicecatalogue/cyber-essentials/Pages/Scheme-Library.aspx
• ICO:
– https://ico.org.uk/media/for-organisations/documents/1575/it_security_practical_guide.pdf
• HMG 10 Steps to Cyber Security:
– https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets
• Cyber Information Sharing Partnership (CISP)
– https://www.cert.gov.uk/cisp/
• PSNI Cybercrime
– http://www.psni.police.uk/
• Cyphra
– Conrad Simpson [email protected]