respond, recover, thrive to a cyber breach channel islands ...€¦ · data breach figures 2020...
TRANSCRIPT
© 2020 Deloitte LLP. All rights reserved.
Respond, Recover, ThriveChannel Islands Advisory digital
transformation webinar series26 May 2020
Responding to a Cyber
Breach
© 2020 Deloitte LLP. All rights reserved.
Contents
01
03
02
Introduction
• Introducing your team today
• Recover and Thrive through digital transformation
Q&A
Main Presentation
• The first few hours of a data breach investigation
• Operational challenges of responding to a cyber incident
1
© 2020 Deloitte LLP. All rights reserved. 2© 2020 Deloitte LLP. All rights reserved.
Introduction
© 2020 Deloitte LLP. All rights reserved.
Our digitally themed webinars focus on Recovery as a journey highlighting how having a clear digital strategy in place is more important than ever
1 – Understand the Required
Mindset Shift
3 – Embed Trust as the
Catalyst to Recovery
2 – Identify and Navigate
the Uncertainties and
Implications
4 – Define the Destination, and
Launch Recover Playbook
OUR WEBINARS SUPPORT FIVE IMPERATIVES WITHIN “RECOVER” TO GUIDE THE BUSINESS FROM “RESPOND” TO “THRIVE”
R E C O V E R
R E S P O N D
T H R I V E
Future of Work
Understanding RPA, Cognitive &
Intelligent Documentation RPA – scaling and digital roadmap
CBS – Building digital workflows
5 – Learn From Others’ Successes
Cyber Response
Intelligence Services
Customer Support
Future of Work
True Voice
R E S I L I E N T L E A D E R S H I P : B U S I N E S S R E C O V E R Y F R O M C O V I D - 1 9
3
© 2020 Deloitte LLP. All rights reserved.
Shaping the Future through Digital Business
4
© 2020 Deloitte LLP. All rights reserved.
Shaping the Future through Digital Business
5
© 2020 Deloitte LLP. All rights reserved.
Shaping the Future through Digital Business
6
© 2020 Deloitte LLP. All rights reserved. 7© 2020 Deloitte LLP. All rights reserved.
The first few hours of a data
breach investigation
8© 2020 Deloitte LLP. All rights reserved.
Cyber attack trends
What attacks are the most prevalent?
COVID-19 attacks
How is the pandemic affecting cyber crime?
Real world incidents
Recent examples brought to life
Questions and answers
Agenda
9© 2020 Deloitte LLP. All rights reserved.
Cyber attack trends
10© 2020 Deloitte LLP. All rights reserved.
Organisations that have not historically been targets now find themselves in the crosshairs of a new generation of attackers. You know it is not if, but when…
Your threat landscape has changed dramatically over the last three years
Mining
Industrial Manufacturing
Shipping/ Logistics
Consumer goods
Healthcare & Pharma
Financial Services
Military / Defence
Incr
ease
d fo
cus
on
pro
tect
ion
With lower threat levels and fewer digital processes,
manufacturing industries focused more on recovery from
physical events (floods, disk failures etc.)
Industries targeted
Increased
focu
s on
recoverab
ility
Energy & Natural resources
Previously
Consumer goods/ Shipping/ Manufacturing/ Mining
Healthcare & Pharma
Financial Services
Military / Defence
Incr
ease
d fo
cus
on
pro
tect
ion
Increased
focu
s on
recoverab
ility
Energy & Natural resources
Now
11© 2020 Deloitte LLP. All rights reserved.
Overview
NCSC top 5 main incident trends (Oct 2018 – April 2019) Deloitte CIR top incident trends (Jan 19 to present)
Office 365
Ransomware
Phishing
Vulnerability scanning
Supply chain attacks
Office 36511%
Network Breach11%
Phishing or SPAM22%
AWS22%
Ransomware
34%
12© 2020 Deloitte LLP. All rights reserved.
Predictions for the future
PhishingInternet of Things
Cloud
Supply Chain Ransomware
Operational Technology
13© 2020 Deloitte LLP. All rights reserved.
COVID-19 Attacks
14© 2020 Deloitte LLP. All rights reserved.
COVID-19’s affect on the cyber world
COVID-19 targeted phishing campaigns
Following themes of treatment, unemployment benefits, company memos regarding employment etc.
High utilisation of infrastructure
The pandemic has caused a spike in online activities causing many service providers to take action
Rapidly deployed services
New infrastructure has been rapidly deployed with functionality in mind and not security
Working from home becoming the new norm
This introduces new blind spots onto an organisation’s endpoint and network security
People are uncertain
Users are more likely to click on links, answer phone calls and make mistakes
15© 2020 Deloitte LLP. All rights reserved.
Real world incidents
16© 2020 Deloitte LLP. All rights reserved.
Malware
Analysis
Root cause
Analysis
Incident
Investigation
eDiscovery
Forensics incl.
Chain of
Custody
What are your first steps?
17© 2020 Deloitte LLP. All rights reserved.
Malware
Analysis
Root cause
Analysis
Incident
Investigation
eDiscovery
Forensics inc
Chain of
Custody
What are your first steps?
Insight, Co-
ordination and
Leadership
18© 2020 Deloitte LLP. All rights reserved.
Malware
Analysis
Root cause
Analysis
Incident
Investigation
eDiscovery
Forensics inc
Chain of
Custody
What are your first steps?
Insight, Co-
ordination and
Leadership
Regulator
Communications
Internal and
External
Communications
Legal
Counsel
Activities
Take-Down
Notice
19© 2020 Deloitte LLP. All rights reserved.
Malware
Analysis
Root cause
Analysis
Incident
Investigation
eDiscovery
Forensics inc
Chain of
Custody
What are your first steps?
Insight, Co-
ordination and
Leadership
Regulator
Communications
Internal and
External
Communications
Legal
Counsel
Activities
Take-Down
Notice
AD Recovery &
Hardening
System
Hardening
Technology
Rebuild
Service
Recovery
Priorities
Data
Recovery
Platform
migration
(e.g. O365)
Helpdesk
IT System
Recovery
Implement &
Test New
Security
Controls
20© 2020 Deloitte LLP. All rights reserved.
Malware
Analysis
Root cause
Analysis
Incident
Investigation
eDiscovery
Forensics inc
Chain of
Custody
What are your first steps?
Insight, Co-
ordination and
Leadership
Regulator
Communications
Internal and
External
Communications
Legal
Counsel
Activities
Take-Down
Notice
AD Recovery &
Hardening
System
Hardening
Technology
Rebuild
Service
Recovery
Priorities
Data
Recovery
Platform
migration
(e.g. O365)
Threat
Intelligence
Protective
Monitoring
Helpdesk
IT System
Recovery
Vulnerability
Management
Implement &
Test New
Security
Controls
21© 2020 Deloitte LLP. All rights reserved.
How do you prepare for the chaos of an incident?
“Give me six hours to chop down a tree and I will spend the first four sharpening the axe.”
Abraham Lincoln
Maturity Assessment Process Development
Training and Awareness Simulations
Threat Hunting
© 2020 Deloitte LLP. All rights reserved. 22© 2020 Deloitte LLP. All rights reserved.
Operational Challenges of
responding to a cyber incident
23© 2020 Deloitte LLP. All rights reserved.
Regulatory observations and challenges
What are the operational challenges?
Operational Complexity
Scaling your business to respond
Questions and answers
Agenda
24© 2020 Deloitte LLP. All rights reserved.
Current trendsand Regulatory considerations
25© 2020 Deloitte LLP. All rights reserved.
Predefined text levelsData Breach Figures 2020 projection
*
Average total cost of a data breach
$3.92M
Cost per lost
record
$150
By 2021 business will fall victim to ransomware attacks every
11 Seconds By 2021 Cyber crime estimated to cost the world annually
$6 trillion
Records breached in February 2020 hit 67% percent of data breach costs occurred in the first year and data breach costs in the second year were
22%
Global Averages and projections
By the end of 2020 the average cost of a data breach for a major organisation will exceed
$150 million
$623 million
The industry with the highest number of attacks by ransomware is the healthcare industry.
Attacks will quadruple by 2020.
By 2020, the estimated number of passwords used by humans and machines worldwide will
grow to 300 billion
83% of enterprise workloads will move
to the cloud by the year 2020.
Worldwide spending on cybersecurity is
forecasted to reach $133.7 billion in
2022
26© 2020 Deloitte LLP. All rights reserved.
Breach notification requirements during the coronavirus crisis
A legal perspective
The ICO’s approach to regulatory action will follow the theme of reasonableness, empathy, and pragmatism according to ICO’s latest guidance*. Five key points with regard to the enforcement of regulatory action:
1. Data Breach Notifications: 72 hour threshold remains but ICO will recognise that the current crisis may affect this reporting time period and will assess on a case by case basis.
2. Investigations: ICO continues to conduct investigations into serious non-compliance but may give organisations more time to respond.
3. Fines: The ICO will consider the economic impact of the ongoing crisis on organisations, which means we will see a drop in the level of fines issued by the ICO.
4. ICO reaffirms its commitment to take strong regulatory action against any organisation breaching data protection laws to take advantage of the current crisis.
https://ico.org.uk/media/about-the-ico/policies-and-procedures/2617613/ico-regulatory-approach-during-coronavirus.pdf
The JOIC states that “As our Island responds to Coronavirus, we would like to reassure our community our office is continuing to operate and provide all of our regulatory functions as normal..”
1. Timescales– Statuary deadlines will not be extended, however, there is recognition of the challenges and delays that the crisis may cause
2. Communication (DSARS and breaches)–Communication to data subjects must continue, although, they are likely to understand the difficulties your business is facing. “You should ensure that you continue to communicate with the data subject, explaining any delays and advising them when you hope to respond to their request”
3. Existing legislation and legal obligations continue to apply - the data protection legislation provisions remain unchanged.
https://www.inforights.im/organisations/covid-19/
27© 2020 Deloitte LLP. All rights reserved.
Fast-evolving, complicated and involve ransom demands
Complex stakeholder environment with high expectations
Victim vs. villain
Facts are often unknown resulting in confusion
Uncompromising timeframes
Technical response but non-technical audience
Data Breach characteristics
28© 2020 Deloitte LLP. All rights reserved.
Additional COVID-19 ChallengesLockdown Challenges
Customers – what additional support might they need? What sensitivities are there for customers currently?
Financial difficulty / Healthcare challenges
Complexity – Response requires large scale operational infrastructure and technical expertise. In house or third party.
Can you manage this in the current conditions?
Scale – Can you scale up your capacity to respond to a surge in calls, when many of your are unavailable? (furloughed / working reduced hours / unwell / childcare)
Continuity – To what extent can you continue to operate effectively with you BAU core functions under the current crisis conditions and manage an additional large scale incident?
29© 2020 Deloitte LLP. All rights reserved.
Managing operational complexity
30© 2020 Deloitte LLP. All rights reserved.
Operational realities of a breachA limited view of what you need to consider
Operational challenges
31© 2020 Deloitte LLP. All rights reserved.
SOC
Tech Response
IMT
Customercentre
Comms
SocialSensing
Credit monitoring
Forensics
Insurance
Threat intelligence
Dark web monitoring
ID Protection
Privacy Legalcounsel
Vendors
PR support
Investor Relations
Board
Markets
Cyber Incident Response
DPO
Customers
Regulator
A complex stakeholder environment
Exec CMT
32© 2020 Deloitte LLP. All rights reserved.
Ensure your customers feel informed and supported
The challenge – a good customer experience
How should you support your
Customers in the event of a Data
Breach?
Communications
Develop customer messages and the customer engagement strategy
Capacity & Capability
Provide guaranteed, retained engagement capacity using our trained and prepared call handlers
Speed
Provide customer notification without ‘undue delay’ informing customers by letter, email or other means
Identity Protection & Repair
Provide identity protection and repair services with multiple layers of professional multilingual customer responders
Professional Expertise
Upscale quickly with a dedicated team of experts to explain the ID risks and remediation options, assist with protection and identity repair
33© 2020 Deloitte LLP. All rights reserved.
For further information please contact
Nick O’Kelly Head of Cyber Incident ResponseDeloitteEmail: [email protected]: +44 20 7007 0136
Simeon MossDirector, AdvisoryDeloitteEmail: [email protected]: +44 20 7007 6317
Angus BromheadCustomer Breach SupportDeloitteEmail: [email protected]: +44 20 7007 3046
Steve BarreyDirector, Risk AdvisoryDeloitteEmail: [email protected]: +44 20 7007 7971
This publication has been written in general terms and we recommend that you obtain professional advice before acting or refraining from action on any of the contents of this publication. Deloitte LLP accepts no liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 1 New Street Square, London, EC4A 3HQ, United Kingdom.
Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NSE LLP do not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.
© 2020 Deloitte LLP. All rights reserved.