Be Prepared. For Anything
Why Resilience Fails Presented by Dan Solomon, Director
Common Challenges
Exercising Your Response – Building Your Resilience © Optimal Risk 2015. All rights reserved
Resilience
Detection
ResponseRecovery
Preparedness
Technology
MethodsProcedures
Vulnerabilities
IT
PhysicalHuman
Awareness
Threat
SelfRisk
Planning
Doctrinal
Operational
Tactical
Be Prepared. For Anything
How Resilience Fails
Exercising Your Response – Building Your Resilience © Optimal Risk 2015. All rights reserved
Resilience
Detection
ResponseRecovery
Preparedness
Technology
MethodsProcedures
Vulnerabilities
IT
PhysicalHuman
Awareness
Threat
SelfRisk
Planning
Doctrinal
Operational
Tactical
Modes of Failure
Points of Failure
Characteristics of Failure
Human
Technology Failure
Recognition
Process Failure
ManagementFailure
IT
Interpretation
Taking Decisions
Taking Action
Inappropriate Response
Inappropriate
Planning
Physical
Complacency
Dealing with the
Unexpected
Be Prepared. For Anything
Why Resilience Fails
© Optimal Risk 2015. All rights reservedExercising Your Response – Building Your Resilience
Symptoms of Delusion
Insurance
Compliance
Silver Bullets
Cultural MyopiaAccepting Mediocrity
Analytical Bias
Perspectives on ‘Cold War’
Ignorance
Information Assurance
LeadershipRisk-Informed
Intelligence
Reactive approach Vulnerability Scanning
Analytical Failure
Formalised Policy & PlanningBoard-level Consensus
Outdated methodsBudgets
Forewarning
Tackling Uncertainty
Ineffective Capability
Misaligned StrategyConverged Threat Awareness
Complacency
Competing Priorities
Inertia
Silos
Cost
Assessing Probabilities
Risk
Outdated Assumptions
Dealing with Complexity
Be Prepared. For Anything
Why is it so difficult?
Exercising Your Response – Building Your Resilience
• Attackers will create and exploit complexity and fault linesComplexity:Multiple teams, Complex management & Planning
• Attacker Perspective: The disjoint offers open doorsIntegration: Technologies with Methodologies with Procedures
• Attackers will seek to exploit a lack of ‘depth’Escalation: Scenario understanding, Familiarity, Agility
• Attackers have the upper-hand and retain the initiativeAnticipation: Insight – Foresight - Awareness
• Attackers are quicker – and will exploit your ‘bias’Interpretation: Intelligence, Analysis, Learning, and its Application
© Optimal Risk 2015. All rights reserved
Be Prepared. For Anything
Resilience Organisation
Exercising Your Response – Building Your Resilience © Optimal Risk 2015. All rights reserved
Identification
Defence
Response
Recovery
CISO and Security
Leadership
Crisis Management
Team
Cyber Defence
Operations Centre
Forensic Team
Cyber Incident
Response Centre
Risk Team
Maintain the ability to resist, react, and manage attacks
Resolve weaknesses in awareness, decision making, communication, and working practices
Remediate problems through technology, processes and people
Develop knowledge, capabilities, understanding, and awareness
Sustain focus and consensus around security priorities
Be Prepared. For Anything
Exercising Your Response – Building Your Resilience © Optimal Risk 2015. All rights reserved
Assessing Maturity
‘See in the dark’, improvise and win
Proactive analysis and think like a hacker
Risk aware, and handle the basics ‘by the book’
Pre-scripted processes, compliance tools, reliant on external experts
Ad hoc, unguided, reliant on external expertsReactive
Compliant
Risk Focused
Anticipatory
Innovative
• Monitor• Recognize• Assess• Triage• 1stResponse
• Intentions• Intelligence• Scenarios• Interdependencies• Business Impact• Escalation
• Risk Analysis• Threat
Assessment• Organisation &
Management• Security Controls
Framework• Testing &
Readiness
• Deployment• Playbooks• Containment• Eradication• Logging• Recovery Respond
and Recover
Plan and Prepare
Identify and
Recognize
Interpret and Analyze
Adapt and
Learn
Upgrade
Assimilate
Investigate
Review
Be Prepared. For Anything
War Games
A cyber war game simulates a ‘real world’ cyber attack
The attack escalates over a number of phases to test technology, methods, procedures and decision- making
The process will exercise the organization's ability to resolve incidents and manage crises
The aim: Learn from experience.
Exercising Your Response – Building Your Resilience © Optimal Risk 2015. All rights reserved
Red Team simulates:4 scenarios over 2 days
Goal-based to simulate:different types of threat-actor
White Team oversightfeeds the process
Observers and Monitors in all locations record performance and assess processes
Real-time mentoring and feedback = on-the-job learning
Be Prepared. For Anything
The more common?
Exercising Your Response – Building Your Resilience
Concerns
• Skills and Experience
• Lack of ‘Maturity’
• Security Testing Only?
• Desk-top ‘exercise’
• Proper ‘expert’ scrutiny?
• Lack of Familiarity!
• Lack of Options!
© Optimal Risk 2015. All rights reserved
• Lack of Intelligence
• Too many signals or noise
• Early Warning?
• Pinning Hopes on Technology
• Coping with the familiar
• Analytical Bias
• Obsession with ‘The Probable’
• Lack of Options
Be Prepared. For Anything
Be Prepared
Exercising Your Response – Building Your Resilience © Optimal Risk 2015. All rights reserved
Service-led Security Process
• Cyber Resilience Assessment
• Business Impact Analysis
• Information Security Strategy
• Cloud Security Strategy
• A Security Control Framework
• Business Continuity Planning
• Incident Response Maturity
• SOC or CDOC Evaluation
uncertainty is the essence of war, surprise its rule
Embrace the attackers view
Accelerate your Maturity
Practice makes Perfect
Develop a Preoccupation with Causes of Failure
A Commitment to Proactive Defence
Be Prepared. For Anything
Be Prepared. For Anything
Dan SolomonDirector, Cyber Risk & Security Services
Email: [email protected]
Advanced Cyber Defence Services
Ask us about a Pre-ActiveTM Approach to Cyber Defense on stand B5