mitigation starts now
TRANSCRIPT
![Page 1: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/1.jpg)
Mitigation starts nowDI Daniel Lawrence, NPCC National Cyber PROTECT Coordinator
1/11/2016
![Page 2: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/2.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Mitigation starts now
DI Daniel LawrenceNPCC National Cyber PROTECT Coordinator
![Page 3: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/3.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Objectives
• Incident Handling – Are you ready?
• Reporting Cyber Incidents
• Assessment of the Incident (who takes precedence)
![Page 4: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/4.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Incident Handling – Are you ready?
![Page 5: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/5.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Cyber breaches and attacks over the past year:• 65% of large firms • 1 in 4 of all businesses
What is at risk?• Your money• Your data (e.g. customer details, intellectual property,
confidential emails)• Your day-today operations (e.g. customer website, internal
systems)• Your business’ reputation
The cyber threat: are you a target?
![Page 6: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/6.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Things to think about
• Tell the organisations that can help
• Ensure you have a business continuity plan for when things go bad
• Think about messaging, both internally and externally
• Know your network and what normal looks like
• Do you know what information you are holding and how quickly you can find out what has gone?
![Page 7: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/7.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Not just a problem for the IT department
Will require a response from staff across teams:
• Legal• HR• Communications/Media• C-level staff• Business Continuity
![Page 8: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/8.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Incident Handling Model
![Page 9: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/9.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
• Understand the risks facing your business
• Assemble the correct team
• Understand your network topology
• Develop and test an incident handling plan
• Establish effective forensic readiness
![Page 10: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/10.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
• Ensure you have key points of contact
• Agree a decision log format
• Exercise the incident handling team
• Drive user awareness
• Agree internal and external communications & reporting structures
![Page 11: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/11.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
• Detect events as they happen
• Use data feeds to provide context
• Understand the affected asset
• Make proportionate response recommendations
![Page 12: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/12.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
• Understand the attack
• Preserve evidence
• Consider appropriate clean-up actions
• Initiate internal communications
![Page 13: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/13.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
• Activity will depend on the nature of the incident
• Implement alongside your Business Continuity Plan
• Ensure full visibility and agreement of system owner
• Ensure shared understanding on briefings
• Establish a feedback loop
![Page 14: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/14.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
• Maintain the feedback loop
• Identify when systems can be reintroduced
• Focus on preventing a recurrence
• Maintain communications
• Ensure a shared understanding of the end state
![Page 15: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/15.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
• Treat incidents as learning opportunities
• Complete relevant documentation
• Learning lessons is an ongoing process
• Consider implications for all elements of your business
• Share what you have learned – on CiSP!
![Page 16: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/16.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Reporting Cyber Incidents & Cyber Crime
![Page 17: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/17.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Historic / incident that has passed• Action Fraud – actionfraud.police.uk• 0300 123 2040
Crime in Action• 101 / 999
Local to National * * *
![Page 18: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/18.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Information Sharing and CiSPNeed to Know → Need to Share
![Page 19: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/19.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
![Page 20: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/20.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
CiSP is a joint government and industry initiative to share cyber threat information, hosted by CERT-UK
Free to join – funded by UK government
Current membership stands at over 6500 individuals and under 2500 organisations
The ‘Fusion Cell’ stimulates discussion and sharing on the platform and provides all source assessment
Sharing is based on Traffic Light Protocol
CiSP produces a range of products/outputs including alerts and analysis papers for organisations
![Page 21: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/21.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Different products for differing cyber maturity
![Page 22: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/22.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
CiSP Homepage
![Page 23: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/23.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
CiSP Environment
Group
Private Secret
Space
Open to every member with no restrictions
Restriction either by membership (group) or by subject (space)
All groups are private (members only) but their existence is public. Only members can view content in a private group. Secret groups are private but invisible to non-members.
![Page 24: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/24.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Spaces and Groups
![Page 25: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/25.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
You can be anonymous…
…but think carefully if you need to be.
![Page 26: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/26.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Discuss – Disseminate – Analyse
![Page 27: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/27.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Structured Incident Reports
Future developments
![Page 28: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/28.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Enhanced 2FA
![Page 29: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/29.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
A New Homepage
![Page 30: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/30.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
From the board to the frontline…
![Page 31: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/31.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
Evoke behaviour change
Cannot be done in isolation
End user / employee awareness is not the panacea…. Board level responsibility
There needs to be technical solutions as the most educated will still ‘click the link’ or ‘open the attachment’…
Top to bottom review of processes is key
Role of PROTECT is to raise awareness to those identified as being most vulnerable to exploitation.
![Page 32: Mitigation starts now](https://reader036.vdocuments.us/reader036/viewer/2022062414/5872eb591a28abfa548b7157/html5/thumbnails/32.jpg)
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]