ThecyberresiliententerpriseAndrewBycroft,CyberResilienceStrategistandCEO,TheSecurityArtist

Risktoyourbusiness

Risktocybercriminals

Increased numberoftargetsIncreased perceptionofsuccessIncreased rewardforsuccessDecreased barriertoentryDecreased fearofattribution

resiliencecyber

Hewasjustfounddeadinatrainingfacilitylockerroom.Shotinthehead.

Wasitfatal?Yes. Howfatal?Completely.

©ColumbiaPictures2006

Yourbusinessreliesuponassets,ifnotdiscoveredandclassified

exposevulnerabilities,ifnotdiscoveredandremediated

tothreats,ifnotpredictedandprevented

thatleadtoattacks,ifnotdetectedandrespondedto

whichcausebreaches,ifnotconfirmedandrecoveredfrom

resultinginimpacts totheresiliencyofyourbusiness

Company

Community

Cosmos

Yourcompany

Partners,Customers,Suppliers

Partners/customers/suppliersofpartners/customers/suppliers

Digital

Physical

Social

Company

Community

Cosmos

Design

ImplementationOperation

Management

Company

Community

Cosmos

Political

Economic

SocialTechnological

Environmental

Legal

Company

Community

Cosmos

Access

Copy

TheftModification

Disruption

Destruction

Company

Community

Cosmos

Confidentiality

Integrity

Availability

Company

Community

Cosmos

Operational

Physical

PersonalLegal

Reputational

Financial

Company

Community

Cosmos

Assets Vulnerabilities Threats Attacks Breaches Impacts

• Emailservers• Software• Cables• Racks• Powersupplies• Network

infrastructure• Internet

connection• Emailadmins• Salesteam• ISPinfrastructure• ISPadmins• Tapebackup

server• Tape

• Singlesupplierofnetworks

• Singlesupplierofpower

• OSbufferoverflow

• Perishabletape• Onlyoneemail

admin• Overworked

networkadmins• Tapebackupsnot

tested• Onesalesteam

memberisagambler

• Malware• Spam• Environmental• Brownouts• Powerloss• Network

disruption• DDoS• Illness• Cyberattackers

recruitingmules• ISPgoesoutof

business

• Social engineering• Cyberespionage• Sabotage• Staffabsence• Insiderabuse• Insidemisuse• Destructionofkey

sites

• Dataloss• Unavailabilityof

keyresources• Unavailabilityof

keysites

• Lossofproductivity

• Lossofcontracts• Lossofclients• Lossofprospects• Lossofrevenue• Badpublicity• Legalaction• Sharepricedrop

Startwithabusinessprocess – sales

Assets Vulnerabilities Threats Attacks Breaches Impacts

• Storageservers• Food

technologists• Qualitycontrol

staff• Network

infrastructure• Internet

connection• Google

infrastructure• Googleadmins• Dropbox

infrastructure• Dropboxadmins• Power

infrastructure

• Unpatchedfileserver

• Poorpasswords• Untrainedusers• Poorscreening

processes• Misconfigured

firewall

• Phishing• Malware• Targetedattack• Compromiseof

cloudstorage(Google DriveandDropbox)

• Theftofbiscuitrecipes

• Theftofcustomercontactdetails

• Theftofcreditcarddetails

• Insiderthreat• Sabotage

• IP theft• Customerdata

loss• Modificationof

recipeprograms

• Lossofcontracts• Lossofclients• Lossofprospects• Lossofrevenue• Badpublicity• Legalaction• Product recall

Startwithadollarvalue– $1M

Questions?AndrewBycroft,CyberResilienceStrategistandCEO,TheSecurityArtist