Cyber

Resilience

Thought Generators

About Digital Jewels

The 1st & ONLY* ISO 27001-ISMS, ISO 9001-QMS & PCIDSS QSA

Professional Services Firm in Africa

Strengthening IT Governance, Risk & Compliance across Africa.

IT GRCGlobal Best Practice

Track Record

• The evolving threat landscape

• Tales from the trencheso When the big boss says jump ( Whaling attack ) o Wanna Cry ? ( Ransomware attack )o Bragging Rights (Script kiddies or Hacktivists) o The Millennial Thief ( Social Media Identity theft ) o The Danger from within ( Insider threat )

o Understanding Cyber Resilience

o Thought Generators

https://appbugs-wp-static.s3.amazonaws.com/uploads/2017/01/top_cybersecurity_threats-2.png

A look at some Cyber attacks

2017 Trustwave Global Security Report

Investigation across 21 countries

Most Breached Environments:

Corporate & Internal Networks= 43%

POS Incidents=31%

E-commerce=26%

63% of breaches targeted CHD… CEO Fraud Scams cost

companies $3.1billion between 2013-2016

The most common exploit kits in the world –Angler, Magnitude &

Nuclear- disappeared or went private in 2016, leading to a

shakeup of the exploit kit market

Av. time btw intrusion & detection – 16days for int.

detected breaches, 65 days for breaches ext. detected/reported

breaches

83% of malware samples examined used obfuscation while 36% used encryption

99.7% of web applications displayed at least one

vulnerability; 77% of the vulnerabilities detected involved

session management & 10% were classified as high-risk or

critical

Difficulties in Defending against Attacks: Ease, Impact, Incentive

2017 BCI Horizon Scan Report - Top 10 Threats 2017 BCI Horizon Scan Report - Top 10 Threats

2017 BCI Horizon Scan Report - Top 10 Disruptions

The Skill Gap

A growing Interconnected world

Gartner, Inc.

forecasts that 8.4 billion connected things will be in use worldwide in 2017, and will reach 20.4 billion by 2020.

“Any sufficiently advanced technology is indistinguishable from magic.” Futurist and novelist Arthur C. Clarke

2Cyber Tales From The Trenches

#1. When the big Boss says jump ( Whaling - attack )

Whaling:Whaling is derived from the analogy with a ‘big phish’. It is a formof phishing attack which targets specific individuals with an aim ofattempting to steal money, sensitive financial information orpersonal details about employees from a company.

What Happened:

Target: Senior management who have a level of power or authority within the company such as the CEO, COO or CFO.

•An email was sent from the ‘MD’ to the CFO of a Regional

financial Institution in Sub-Saharan Africa to send a

significant dividend payment to one of the organization’s

directors who had requested this urgently from a remote

location.

•The fraudsters sent an email that looked all too real

requesting a wire transfer, created a mimic domain and researched to find out who is

in charge and who could initiate transfer.

•The CFO had arranged for the money to be sent and thought to call his MD to

confirm but was shocked to hear his response: ‘He never sent the email’

#2. The Danger from within ( Insider threat - attack )

Who could become an insider threat?: Anyone with authorized access to company resources, who uses that access, either knowingly or unknowingly, to harm the organization.

What Happened:• In 2013 there was a cyberattack on Target, in which criminals stole

the payment card numbers of some 40 million customers and thepersonal data of roughly 70 million.

• What’s less well known is that although the thieves wereoutsiders, they gained entry to the retail chain’s systems by usingthe credentials of an insider: one of the company’s refrigerationvendors

Impacts :• This tarnished the company’s reputation, caused its profits to

plunge, and cost its CEO and CIO their jobs.

How attractive does your company look to malicious insiders?

#3. Bragging Rights (malicious or mischievous attacks)

Why would a website be hacked: Websites are regularly hacked for mischievous or malicious purposes. It is common for the attackers to claim ‘bragging rights’ by putting their stamp on the website.

What Happened:• March 2017, The website of GN Bank was reportedly hacked

by a Philippines hacker identified as Cybermoon. The websitereportedly displayed “Magician Hacktivist Philippines, Hackedby Cybermoon” & played the barbie girl theme song on thewebsite.

Impact :• This tarnished the Banks reputation

How easily can you be hacked? How

prepared are you for a hack?

Ransomware - what it is:

Ransomware - a malicious program that locks a computer's files until a ransom is paid.

What Happened:• The Wannacry ransomware attack is an ongoing cyberattack of

the WannaCry ransomware computer worm targeting Microsoft Windows Operating system.

• The attack started on Friday, 12 May 2017, infecting more than230,000 computers in 150 countries, with the softwaredemanding ransom payments in the cryptocurrency bitcoin in 28languages.

• It shut down big hospitals and organizations. In the UK, the NHSwas hit hard, but by Saturday morning the majority of the 48affected health trusts in England had their machines back inoperation.

#4. Wanna Cry ? (Ransomware attack)

• Ransome: 300 dollars in bitcoin in order toregain control

• The scariest part of this attack, is that it isbeing repeated.

• Are you susceptible?

#5. The Millennial Thief ( Social Media Identity theft )

Social Media Identity Theft: Identity theft occurs when someone uses another's personally identifying information, e.g. name, ID #, credit card #, without permission, to commit fraud or other crimes.

What Happened:Scammers created a fake Facebook account to solicit for funds. DR. MENSAH OTABIL DOES NOT SOLICIT FOR FUNDS ON SOCIAL MEDIA. Beware of fraudulent accounts and people impersonating Mensa Otabil. The Facebook account has a VERIFIED CHECKMARK by his name. Please share this information with all your friends. Thank you!

• Reputational Damage

• Do you monitor your online identity?

#5. The Millennial Thief (Social Media Identity theft)

Social Media Identity Theft: Identity theft occurs when someone uses another's personally identifying information, e.g. name, ID #, credit card #, without permission, to commit fraud or other crimes.

What Happened:

• On the 29th of April The iconic actor shared the RMD shares 12 fake accounts impersonating him on Facebook, warns fans.

• Busted Fake ‘Ooni of Ife’ dupes two US-based ladies of N.6m using Facebook and WhatsApp.

Impacts• Reputational Damage

3Cyber

Resilience: a 21st Century Strength

The imaginary

environment in

which

communication

over computer

networks

occurs.

Cyberspace?

People

Information Layer

Cyber Identity

Physical Infrastructure

Geographical Layer

Definitions….

• the interdependent network of information technology infrastructures, and includes technology “tools” such as the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries.

“Cyber”

• analysis, warning, information sharing, vulnerability reduction, risk mitigation and recovery efforts for networked information systems.

“Cybersecurity”

• Not just bigger locks, accepting that failures will occur, the objective is to restore normal operations and ensure that assets and reputations are protected

“Resilience”

• the ability of systems and organizations to withstand cyber events, measured by the combination of mean time to failure and mean time to recovery.

• the ability to operate the business processes in normal and adverse scenarios without adverse outcomes. Specifically, resiliency strengthens the firm’s ability to identify, prevent, detect and respond to process or technology failures and recover, while reducing customer harm, reputational damage and financial loss.

“Cyber resilience”, an additional dimension of cyber risk management,

Cyber Resilience

A fusion of Information

Security and Business

Continuity Strategies

Withstanding Attacks or

Failures (Intentional or

Otherwise), and in such events

to re-establish itself quickly

back to operational mode

- Cyber Resilience within the Cyber Risk Context

WEF

Maturity Model:

Where are you?

WEF

CIS

CIS

The Framework Forest

The place of standards & frameworks• PCIDSS

• ISO27001

• ISO22301

• ISO31000

Information Security

• ISO22301

• BS OHSAS 18000

• ISO27001

• Data Centre Tiers

Business Continuity

• ITIL

• COBIT

• ISO20000

• CMMI

ITSM

• COBIT

• COSO

• CMMI

• ISO15504

• ISO38500

• TOGAFGRC

• PRINCE2

• PMP

• ISO 21500

• COBIT

• SFIA

Project/Change /People Mgt

Bringing Clarity to Chaos – Cyber Resilience Strategy

RECOVER

RESPONDResponse PlanningCommunicationsAnalysisMitigation

DETECTAnomalies and EventsSecurity Continuous MonitoringDetection Processes RECOVER

Recovery PlanningImprovementCommunications

PREVENTAccess ControlAwareness TrainingData SecurityMaintenance

IDENTIFYAsset

Business

Risk Assessment

Governance

Risk Management Strategy

Cyber Resilience: Benefits

More secure processes

and systems

Strong controls with

a strong control

environment

A solid risk culture

Digitized and automated processes

What are the challenges?

How to be Cyber Resilient?

Thought Generators• Do we understand the threat landscape?/ Can we

comprehend the vastness of the threat landscape?• Are we fighting yesterdays battle & losing todays

wars?• Are we ignoring the role of employees?• Do we understand where our organization stands

today?• Can Cyber resilience become a competitive

advantage for us?• What is the reality for today? Leading practices

Thank You