Page 1
MAINTAINING CUSTOMER LOYALTY THROUGH BUSINESS RESILIENCE
Thomas E. Williams Business Continuity/Cyber Security Strategy Manager
Gladiator - A Division of Jack Henry & AssociatesNorthville, Michigan
[email protected] 313-318-3839
August 8 & 9, 2019
Page 2
© 2017 Jack Henry & Associates, Inc.®1© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Maintaining Customer Loyalty Through Business Resilience
Tom WilliamsBusiness Continuity/Cyber Security Strategy Manager
Jack Henry & Associates, Inc.®
Presented byGladiator - A Division of Jack Henry & Associates &
The Graduate School of BankingAugust 9-10, 2019
Page 3
© 2017 Jack Henry & Associates, Inc.®2© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Tom Williams
Jack Henry & Associates
(Gladiator Division)Business Continuity-Cyber Security Strategy Manager
313-318-3839
[email protected]
Page 4
© 2017 Jack Henry & Associates, Inc.®3© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Agenda
Information Security Program Components
Executing the Business Continuity / Cyber Incident Response Plan
Gladiator Cyber-Attack Mock Drill
Key Cyber Threats Facing Financial Institutions Today
The FFIEC Guidelines on Business Continuity and Cyber Security
Page 5
© 2017 Jack Henry & Associates, Inc.®4© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Jack Henry & AssociatesThree Successful Brands
• Community and Multi-Billion Dollar Banks
• Core Processing Systems• Integrated Complementary
Products• In-House or Outsourced
Services
• Credit Unions of All Sizes• Core Processing Systems• Integrated Complementary
Products• In-House or Outsourced
Services
• Financial Institutions of All Sizes
• Corporate Entities and Strategic Partnerships
• Core Processor Agnostic• Best-of-Breed Niche Solutions
Page 6
© 2017 Jack Henry & Associates, Inc.®5© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Brief Introduction to Gladiator Services
Gladiator®
CoreDEFENSEManaged Security
Services™
Gladiator® IT Regulatory Compliance/Policy
Products™
Centurion Business Continuity
Planning™/ Centurion Disaster
Recovery®
Gladiator® Hosted Network Solutions™
Gladiator® Managed IT Services™
Page 7
© 2017 Jack Henry & Associates, Inc.®6© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Page 8
© 2017 Jack Henry & Associates, Inc.®7© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
In the News
CNN Headline - March 23rd
The FBI is investigating a ransomware attack on the city of Atlanta
Page 9
© 2017 Jack Henry & Associates, Inc.®8© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Every business is at risk from …Natural Disasters, Accidents, & Environmental Events
Cyber Attacks and Terrorism
Power & Energy Disruptions
Internal / External Fraud
Physical Security
Human Error
Page 10
© 2017 Jack Henry & Associates, Inc.®9© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
The Information Security Program Components
Page 11
© 2017 Jack Henry & Associates, Inc.®10© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Defined
• The processes and methodologies involved with keeping information Confidential, Available, and assuring its Integrity.
• Includes the following:– Access controls: Unauthorized access.– Protecting information: In transit, storage or idle state.– Resolution: Detection and remediation of breaches.
Page 12
© 2017 Jack Henry & Associates, Inc.®11© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Three Principles of Information Security
• Confidentiality• Integrity• Availability
Page 13
© 2017 Jack Henry & Associates, Inc.®12© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Page 14
© 2017 Jack Henry & Associates, Inc.®13© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Compliance/ Risk
Committee
Page 15
© 2017 Jack Henry & Associates, Inc.®14© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Compliance / Risk Committee
• Board Representation• Executive Management• Information Technology• Compliance / BSA / Information
Security Officers• Human Resources• Business Unit Managers /
Representatives
Page 16
© 2017 Jack Henry & Associates, Inc.®15© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
PoliciesCompliance/
RiskCommittee
Page 17
© 2017 Jack Henry & Associates, Inc.®16© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Policies
• Information Security – Cyber-Security– Assignment of Responsibilities– Data Classification– Risk Management & Control – Vendor Oversight– Training– Incident Response– Program Review & Testing
Page 18
© 2017 Jack Henry & Associates, Inc.®17© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2018 Jack Henry & Associates, Inc.
Policies
• Tech Mgt & Responsibilities• Physical / Logical Security• Core Processing Services &
Security• Data Classification• Audit & Review• Education• Change Management
• Data Storage & Backup• Technology Usage (Wireless-
Email-VoIP-Remote Access-Mobile)
• Technology Management (Hardware/Software Inventory & Licensing-Patch Management-Lifecycle Management)
• Monitoring & Reporting
Page 19
© 2017 Jack Henry & Associates, Inc.®18© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Policies
Compliance/ Risk
CommitteeRisk/Vulnerability
Assessments
Page 20
© 2017 Jack Henry & Associates, Inc.®19© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Risk/Vulnerability Assessments• Information Security• IT Risk Assessment• E-banking
– Internet Banking – Authentication – Wires/ACH Origination – Remote Deposit Capture/Mobile Deposit Capture
• ID Theft Prevention– Fraud Alerts – Close Compromised Accounts
• External Penetration Testing• Internal Vulnerability Testing• Social Engineering Testing
Page 21
© 2017 Jack Henry & Associates, Inc.®20© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Risk/VulnAssessmentsPolicies
Compliance/ Risk
Committee
Business Continuity &
Incident Response
Plan
Page 22
© 2017 Jack Henry & Associates, Inc.®21© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2018 Jack Henry & Associates, Inc.
Business Continuity / Incident Response Plan TOCBusiness Continuity Plan TOC1. Team Information
1. BU Recovery Team - Recovery Organization Charts
2. Workspace & Equip. Summary - Facilities & Locations
2. Notifications1. Personnel Notification Script - Business
Unit Call List2. Call List Team Leaders – External/Internal
Notifications3. Recovery Tasks
1. Recovery Phases – Recovery Tasks for Rec. Team
4. Business Impact Analysis Reports5. Process & Resources Reports6. Recovery Forms7. Appendix
Incident Response Plan TOC
Page 23
© 2017 Jack Henry & Associates, Inc.®22© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Risk/VulnAssessmentsPolicies
Compliance/ Risk
Committee
Incident Handling & Reporting
Business Continuity &
Incident Response
Plan
Page 24
© 2017 Jack Henry & Associates, Inc.®23© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Incident Handling & Reporting
• Identify Roles & Responsibilities• Recognize & Identify Event• Inform Appropriate Personnel• Initiate Documentation Process• Assign Incident Severity Level• Contain & Eradicate Event• Implement Preventative
Measures
• Recover• Notify Law Enforcement /
Customers / Regulators• Establish Media Communications• Perform Forensic Follow-up
Analysis• Create Executive Report• Store Documentation & Evidence• Post Mortem Review
Page 25
© 2017 Jack Henry & Associates, Inc.®24© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Risk/VulnAssessmentsPolicies
Compliance/ Risk
Committee
Incident Handling & Reporting
Vendor Management
Business Continuity &
Incident Response
Plan
Page 26
© 2017 Jack Henry & Associates, Inc.®25© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Vendor Management
• Vendor Evaluation and Selection • Contract Negotiations• Service Level Agreements (SLA)• Risk Management• Ongoing Due Diligence• Contingency Planning / Termination
Page 27
© 2017 Jack Henry & Associates, Inc.®26© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Risk/VulnAssessmentsPolicies
Compliance/ Risk
Committee
Incident Handling & Reporting
Vendor Management
Security Awareness
Training
Business Continuity &
Incident Response
Plan
Page 28
© 2017 Jack Henry & Associates, Inc.®27© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Security Awareness Training
• For Employees, Board & Management & Customers– Social Engineering (Pre-text calling – Phishing)– Acceptable Use– Incident Response– BCP – ID Theft Prevention / Handling
Page 29
© 2017 Jack Henry & Associates, Inc.®28© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Program Components
Risk/VulnAssessmentsPolicies
Compliance/ Risk
Committee
Business Continuity &
Incident Response
Plan
Incident Handling & Reporting
Vendor Management
IncidentReporting
Audits & Testing
Page 30
© 2017 Jack Henry & Associates, Inc.®29© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Audits & Testing
Risk AssessmentsDefine ScopeControl Design and Operational Effectiveness TestingReportingRemediation Tracking
Page 31
© 2017 Jack Henry & Associates, Inc.®30© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Risk/VulnAssessmentsPolicies
Compliance/ Risk
Committee
Incident Reporting &
Handling
Vendor Management
Security Awareness
Training
Audits & Testing
Regulatory Exams
Information Security Program Components
Business Continuity &
Incident Response Plan
Page 32
© 2017 Jack Henry & Associates, Inc.®31© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Regulatory Exams
• FFIEC (Federal Financial Institution Examination Council)– OCC (Office of Comptroller Currency)– FRB (Federal Reserve Bank)– FDIC (Federal Deposit Insurance Corporation)– NCUA (National Credit Union Administration)– CFPB (Consumer Financial Protection Bureau)
Page 33
© 2017 Jack Henry & Associates, Inc.®32© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Risk/VulnAssessmentsPolicies
Compliance/ Risk
Committee
Incident Reporting Vendor
Management
Security Awareness
Training
Audits Regulatory Exams
Information Security Program Components
Business Continuity &
Incident Response Plan
Today’s Focus
Page 34
© 2017 Jack Henry & Associates, Inc.®33© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Detailed Status of InfoSec tasks
IS Ongoing Compliance Management – Status Report – Security Monitoring
Page 35
© 2017 Jack Henry & Associates, Inc.®34© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Detailed Status of InfoSec tasks
IS Ongoing Compliance Management – Status Report – BCP/Disaster Recovery
Page 36
© 2017 Jack Henry & Associates, Inc.®35© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Detailed Status of InfoSec tasks
IS Ongoing Compliance Management – Status Report – Vendor Management
Page 37
© 2017 Jack Henry & Associates, Inc.®36© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Detailed Status of InfoSec tasks
IS Ongoing Compliance Management – Status Report – Policies
Page 38
© 2017 Jack Henry & Associates, Inc.®37© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Remediation tracking
IS Ongoing Compliance Management – Status Report – Remediation Activities
Page 39
© 2017 Jack Henry & Associates, Inc.®38© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security Officer Responsibilities
Responsible for the Administration and Execution of the Information Security Program
Audits & Exams
Page 40
© 2017 Jack Henry & Associates, Inc.®39© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Maximizing Effectiveness
Page 41
© 2017 Jack Henry & Associates, Inc.®40© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Structure of Accountability
Skills and Expertise
Time Allocation
Governance Risk & Compliance
Effective Information
Security Program
Page 42
© 2017 Jack Henry & Associates, Inc.®41© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Examiners position on Information Security Officer (ISO)
Independent ISO or Committee
Sufficient knowledge and training
Separate InfoSec oversight from IT
Rightsized InfoSec program
Source: FFIEC Guidelines, 2006
Page 43
© 2017 Jack Henry & Associates, Inc.®42© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Examiners ISO methodologies
• Hire an ISO
• Appoint ISO Committee
• Outsource ISOAccepted by FFIEC
Page 44
© 2017 Jack Henry & Associates, Inc.®43© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Information Security
Program Position
Page 45
© 2017 Jack Henry & Associates, Inc.®44© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
What is your Bank’s Information Security Program Position?
Limited Information Security Program
Effective Information Security Program
Moderate Risk
Each organization should continually strive to move toward the Low Risk area
Semi-High
Semi-Low
Low Risk
High Risk
Page 46
© 2017 Jack Henry & Associates, Inc.®45© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
What is Business Continuity Planning?
Page 47
© 2017 Jack Henry & Associates, Inc.®46© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Business Continuity Planning is a proactive planning process that ensures critical services or products are delivered during a disruption.
Page 48
© 2017 Jack Henry & Associates, Inc.®47© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Business ContinuityBusiness Unit Plans to
restore Critical Business Functions / Processes that the Business Units
are responsible for
Incident Response Plan used by the
Incident Response Team to prevent,
mitigate and recover from a cyber incident
Business Continuity Planning
encompasses Incident Response
Planning
Page 49
© 2017 Jack Henry & Associates, Inc.®48© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
People/ProcessesEmployeesMembersProcessesVendorsFire / PoliceUtilitiesRegulatorsPlans / ProceduresDocumentation
FacilitiesAlternate work areasRepaired facilitiesRecovery centersHospitalsShelter areasMobile Recovery UnitsOff-site storage facilities
TechnologySystemsServersApplicationsDataTelecommunications
Page 50
© 2017 Jack Henry & Associates, Inc.®49© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
People/Processes Facilities Technology
Lend
ing
Ret
ail
Ban
king
Ope
ratio
ns
Page 51
© 2017 Jack Henry & Associates, Inc.®50© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
RISK MONITORING
BU
SINESS
IMPAC
T AN
ALYSISRISK
ASSESSMENT
RIS
K
MAN
AGEM
ENT
BCP Lifecycle
Business Functions-Recovery Window-Resources-Contingency StrategiesDi-Impact
Threats-Natural -Human-Technical-Cyber Attacks
Documentation-Emergency Management Plans
-Crisis Management Plans-Business Unit Plans-Incident Response Plan
Plan Maintenance-Phased approach-Tabletop exercises-Mock drills-Functional testing
FFIEC BCP Guidelines
Page 52
© 2017 Jack Henry & Associates, Inc.®51© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Page 53
© 2017 Jack Henry & Associates, Inc.®52© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Process for Recovering from a Disaster Event
Page 54
© 2017 Jack Henry & Associates, Inc.®53© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Recovery Phases & Plan Execution
RECOVERY TIMELINE
Page 55
© 2017 Jack Henry & Associates, Inc.®54© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Recovery Phases & Plan Execution
CRISIS MANAGEMENT• Evacuation &
safety• Liaison• Stabilize• Incident
Response• Damage
assessment• Communications• Disaster
declaration
1
Page 56
© 2017 Jack Henry & Associates, Inc.®55© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Recovery Phases & Plan Execution
2CRISIS MANAGEMENT1
RELOCATE & RESTORE
• Notifications• Salvage• Establish
Command Centers
• Determine alternate workspaces
• Acquire resources
• Restore resources
Page 57
© 2017 Jack Henry & Associates, Inc.®56© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Recovery Phases & Plan Execution
2CRISIS MANAGEMENT1
RELOCATE & RESTORE
RECOVER BUSINESS FUNCTIONS3
• Recreate lost work
• Implement contingency strategies
• Resume business functions
Page 58
© 2017 Jack Henry & Associates, Inc.®57© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Recovery Phases & Plan Execution
2CRISIS MANAGEMENT1
RELOCATE & RESTORE
RECOVER BUSINESS FUNCTIONS3
REBUILD & RETURN4
• Repair or replace damaged equipment an/or facilities
• Formulate a plan for returning to normal operations
• Execute the plan
• Perform a debrief session
Page 59
© 2017 Jack Henry & Associates, Inc.®58© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Locations, Personnel,
Recovery Teams, Departments
Business Functions, Process, Resources
Vendors, External Contacts
IT & Application Recovery Procedures
Custom Documentation
Testing
BCP Maintenance/
TestingProcess
Page 60
© 2017 Jack Henry & Associates, Inc.®59© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Documentation
Emergency Management Plans• Evacuation procedures• Scenarios
Crisis Management Team Plan
Business Unit Recovery Team Plans
Page 61
© 2017 Jack Henry & Associates, Inc.®60© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Team Responsibilities
MANAGEMENT ADMINISTRATIVE DAMAGE ASSESSMENT
INFORMATION SYSTEMS
BUSINESS UNITS
CRISIS MANAGEMENT
BUSINESS UNIT RECOVERY
Business Units• Recover business functions
- Relocate to assigned workspaces- Acquire and restore resources - Recreate lost work- Implement Contingency Strategies
Page 62
© 2017 Jack Henry & Associates, Inc.®61© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Page 63
© 2017 Jack Henry & Associates, Inc.®62© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Cyber-Attack Recovery Process
Page 64
© 2017 Jack Henry & Associates, Inc.®63© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• Identify• Protect • Detect• Respond• Recover
Beyond Cybersecurity: Cyber Resilience
NIST Framework
Page 65
© 2017 Jack Henry & Associates, Inc.®64© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• People – Board awareness, Educate all stakeholders, Trusted Advisor Partnerships
• Processes – Cyber Risk Appetite Statement, Test Incident Response Plan with DR/BCP; Succession Plan
• Technology – Monitor transactions and layer services to prevent, detect and respond to attacks; partner with trusted TSPs
Defense in Depth
Page 66
© 2017 Jack Henry & Associates, Inc.®65© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Defense in Depth - TechnologyCore
Provider
WAN
Page 67
© 2017 Jack Henry & Associates, Inc.®66© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Gladiator Research
Threat Intelligence Process
US-CERT
FBI FS-ISAC
iSIGHT
NCFTA
PlatformVendorsJHA
3rd Party
OtherPartners
Identify current methods attackers are using to infiltrate networks and infect systems
Locate and track hostile domains, botnets, and hosts on the Internet
Reverse engineer malware to learn new behaviors and infection methods
Assess current financial fraud methods
Page 68
© 2017 Jack Henry & Associates, Inc.®67© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Incident Response Process
Cyber Incident
1.Report Incident
• Technical Support / Help Desk
2.Incident
Classification• Validation and Severity
of Incident
3.Notification/Escalation
• Who to contact, internal-external
4.Assessment
• Entry point of virus• Systems affected• Time to close incident• Regulatory - Law agencies
5.Documentation
• Phone conversations• System logs• Meeting minutes• Screen shots
6.Containment
• Shut down system• Disconnect from network• Monitor system/network• Set traps• Disable functions, etc.
Page 69
© 2017 Jack Henry & Associates, Inc.®68© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Incident Response Process7.
Protecting Evidence
• Preserving hard drives• Documenting incidents
8.Eradication &
Recovery• Anti-virus software• System rebuilds
9.Follow-up Analysis
• System monitoring• Sequence of events• Method of discovery• Lessons learned
10.Incident
Prevention• Technology• Policies, procedures• Training on security awareness• Technical configurations• Access permissions, logs, etc.
11Vendor
Management• Tier 1 vendors must report all Incidents• T1 vendors must have Incident Response Plans• T1 Vendors must have Business Continuity Plans
Page 70
© 2017 Jack Henry & Associates, Inc.®69© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Top Cyber Threats facing Financial Institutions
Page 71
© 2017 Jack Henry & Associates, Inc.®70© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Top Cyber Threats
Social Engineering
Encrypted Traffic
Malicious Code
Variants
Supply Chain
Infections
Patches/ Vulnerabilities Ransomware
Page 72
© 2017 Jack Henry & Associates, Inc.®71© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Honorable Mention
Internal Threats
Internet of Things(IOT)
Wireless/ Mobile
Page 73
© 2017 Jack Henry & Associates, Inc.®72© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Evaluating Your Business Continuity Program
Page 74
© 2017 Jack Henry & Associates, Inc.®73© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Evaluate your Business Continuity Program
Page 75
© 2017 Jack Henry & Associates, Inc.®74© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Evaluate your Business Continuity Program
Page 76
© 2017 Jack Henry & Associates, Inc.®75© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Gladiator Risk Mitigation Services
• Business Continuity
• Disaster Avoidance – Disaster Recovery
• Multilayered security to mitigate cybersecurity risk
• 24/7 security monitoring
• Provide visibility into security and controls
• Certified security and compliance staff
• Empower management oversight
• Protect your reputation
RISK Mitigation
Centurion -BC/DR
CoreDEFENSE
IT Regulatory Compliance Managed IT
Hosted Network Solutions
Page 77
© 2017 Jack Henry & Associates, Inc.®76© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2018 Jack Henry & Associates, Inc.
Centurion BCP Services
• Enterprise-Wide BCP– Deluxe Engagement– Remote Engagement– Plan Maintenance Service
• BCP Software– COPE (Centurion’s Online Planning Expert)– SQL Database
• BC / DR Plan Reviews– DR Testing Assistance i.e., Replication Testing
• Mock Disaster Drills– Natural and Manmade Disasters– Cyber Attack
Page 78
© 2017 Jack Henry & Associates, Inc.®77© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Gladiator Risk Mitigation Services
• Business Continuity
• Disaster Avoidance – Disaster Recovery
• Multilayered security to mitigate cybersecurity risk
• 24/7 security monitoring
• Provide visibility into security and controls
• Certified security and compliance staff
• Empower management oversight
• Protect your reputation
RISK Mitigation
Centurion -BC/DR
CoreDEFENSE
IT Regulatory Compliance Managed IT
Hosted Network Solutions
Page 79
© 2017 Jack Henry & Associates, Inc.®78© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
BCP/DR Support Organizations Websites• www.centuriondr.com
– Centurion Disaster Recovery • www.ready.gov
– US Department of Homeland Security• www.drj.com
– Disaster Recovery Journal (free magazine)• www.ffiec.gov
– Federal Financial Institutions Examination Council’s site• www.redcross.org
– American Red Cross• www.fema.gov
– Federal Emergency Management Agency• www.citizenscorps.gov/cert/
– Community Emergency Response Team• http://www.operationhope.org/effak/effak_english.pdf• Emergency Financial First Aid Kit – Supported by Operation Hope & FEMA
Page 80
© 2017 Jack Henry & Associates, Inc.®79© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Gladiator Cyber-Attack Mock Drill
Page 81
© 2017 Jack Henry & Associates, Inc.®80© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• Provide an interactive experience based on decisions associated with a cyber incident.
• Better understand your financial institution’s vulnerability toward cyber incidents.
• Assess your financial institution’s Incident Response Plan (IRP).
• Identify the major milestones associated with a cyber incident.
• Collaborate with your peers to share approaches to dealing with cyber incidents.
Cyber Incident Response Drill Objectives
Page 82
© 2017 Jack Henry & Associates, Inc.®81© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• This is a test exercise, based on the probability of a real-world scenario.
• Treat scenario details as fact.
• Think about how your bank’s cyber program would measure up to a similar, but real incident.
• Consider what improvements may be required to your IRP resulting from the drill.
Cyber-Attack Drill Information
Page 83
© 2017 Jack Henry & Associates, Inc.®82© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• You will be assigned to the Incident Response Team (IRT) of The Financial Institution of Madison.
• Your team will be given a scenario resulting in a cyber incident to The Financial Institution of Madison.
• Please assume the role that you are assigned to as an Incident Response Team Member.
• As the IRT your team must adhere to the appropriate steps required to navigate through the cyber incident.
Cyber-Attack Drill Information
Page 84
© 2017 Jack Henry & Associates, Inc.®83© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Incident Response Drill Challenges
Situational events that your IRT has to make decisions on
Share ideas and learn from your peers
Challenges are derived from real-world situations
Poll Everywhere will display team challenge results
Creates group discussion and collaboration
Page 85
© 2017 Jack Henry & Associates, Inc.®84© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• $757 million in assets
• Main office is located in downtown Madison, WI
• 9 additional branch office locations throughout Madison
• 211 employees and 511,000 customers
Financial Institution of Madison Bank Profile
Page 86
© 2017 Jack Henry & Associates, Inc.®85© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• Core processing – Outsourced• Windows® infrastructure runs at main office• VMware Snapshots taken once per day and replicated off-
site at another branch twenty-five miles away• Uses a MPLS common network between branches• Thirty days of historical backups
Financial Institution of Madison Technology Profile
Page 87
© 2017 Jack Henry & Associates, Inc.®86© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
• More information will be provided during the class section to maintain the overall integrity of the exercise
• Be prepared to play an active role on the Incident Response Team that you are assigned to
• Regardless of your current role at your bank, the drill will provide insight to the fact that cyber-security is the responsibility of all employees
Gladiator Cyber-Attack Mock Drill
Page 88
© 2017 Jack Henry & Associates, Inc.®87© 2017 Jack Henry & Associates, Inc.®© 2018 Jack Henry & Associates, Inc.
Tom Williams
Jack Henry & Associates
(Gladiator Division)Business Continuity-Cyber Security Strategy Manager
313-318-3839
[email protected]