Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

The CEO’s Guide to Cyberbreach Response

Download as PPTX, PDF
AT&T
AT&T

What to do before, during and after a cyberbreach. To read the full AT&T Cybersecurity Insights report, visit: www.att.com/cybersecurity-insights

Related slideshows

Firewall Webinar
Firewall WebinarFirewall Webinar
Firewall Webinar
 
Near Real-Time Outlier Detection and Interpretation
Near Real-Time Outlier Detection and InterpretationNear Real-Time Outlier Detection and Interpretation
Near Real-Time Outlier Detection and Interpretation
 
Enterprise Global Messaging
Enterprise Global MessagingEnterprise Global Messaging
Enterprise Global Messaging
 
1 of 17
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. The CEO’s Guide to Cyberbreach Response What to do before, during and after a cyberbreach June 2016
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Preparing for the inevitable 2
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.3 Preparing for the inevitable 62% of organizations acknowledged they were breached in 2015 alone Only 16% of passive companies have a strong incident response plan in place Bottom line: The inevitability of a cyberbreach, and its potential impact on your business, requires an up-to-date, effective incident response program
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.4 The importance of incident response The ongoing digitization of business operations and data helps companies to become more flexible, responsive and innovative. It also increases vulnerability to cyberattacks. 245,000 AT&T logged more than 245,000 DDoS alerts over a recent 12-month period
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.5 Four Types of Organizations The AT&T/IDC Global Cybersecurity Readiness survey identifies four levels of security preparedness: Progressive. This is the highest level of security readiness, in which C-level executives pay close attention to security and invest in a holistic, comprehensive prevention and response strategy. Proactive. Companies with above-average levels of security readiness realize the importance of IT security and have put in place basic steps to avoid breaches. Reactive. At companies with below-average levels of security readiness, C-level executives pay moderate-to-little attention to security while delegating security expertise and day-to-day management to IT. Passive. The least-prepared organizations are run by executives who take a hands-off stance. They tend to be unaware of most breaches and reactive in response to breaches they do detect. Progressive companies are better prepared for a breach % of companies that have a strong incident response plan that includes regular tabletop exercises and breach diagnosis Passive 16.3% Reactive 32.8% Proactive 47.6% Progressive 74.4%
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Before the breach The best offense is a good defense 6
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.7 Before the breach | Incident response plan Core components 1. Define all breach scenarios and their specific response steps 2. Outline preventative measures 3. Define stakeholders, roles, and responsibilities 4. Create internal and external communications templates 5. Specify response priorities 6. Maintain business continuity
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Putting the team together Incident response team structure Stakeholder Roles and responsibilities CEO/Senior leadership • Empowers people who provide support for initiatives to help reduce risk and mitigate the effects of an incident • Helps protect intellectual property, customer data, and compliance with data security regulations IT/Security • Determines the cause and the extent of the damage • Analyzes and interprets logs • Leads forensic evaluations • Coordinates recovery efforts and internal communication • Preserves evidence Legal • Provides legal guidance • Reviews press statements • Contact for outside legal representation or law enforcement Communications • Drafts press statements • Contact for the media and the public • Assesses potential public reaction in response to a security incident External organizations (as needed) • Provide expert help in incident response and forensics • Liaise with management on legal, regulatory, and service issues 8
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.9 Scenarios to include Procedures to include • DDoS attacks • Theft of customer information • Theft of employee information • Theft of intellectual property • Ransomware, malware, viruses • Social engineering of personnel • Contact incident response team • Escalate to senior leadership • Comply with regulatory or industry reporting obligations • Notify employees, customers, business partners, investors, media, law enforcement • Isolate and mitigate causes of the breach • Prevent recurrence of the breach Before the breach Create a healthy routine with regular education, testing and playbook updates
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.10 Before the breach Conduct regular tabletop exercises that answer these questions: 1. Has the breach been contained? 2. Have the affected systems been isolated? 3. Who will lead forensic evaluations? 4. Was company or customer data exposed? 5. How many records were accessed? 6. Have regulators been notified? 7. Will the public be notified? 8. What is our post-breach messaging?
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. After the breach Rapid response 11
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Rapid response The first 24 hours • Activate your incident response plan • Remove or isolate the infection • Assess legal implications • Determine root cause • Define critical business impact 12
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.13 Rapid response | Navigating breach communications When it comes to post-crisis messaging, there are a number of best practices to follow: • Respond quickly, but resist the instinct to over communicate • Rely on boilerplate statements that have been prepared in advance and preapproved by stakeholders • Focus on customers in your public messaging, and not so much on your company • Consider setting up a section of your website where customers, the press, and others can get up-to-date information about the cyberbreach and your company’s response to it • Promote a proactive message about the positive steps your company is taking in response to the breach
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Conclusion Your call to action 14
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Your call to action Preparation is the key to a robust breach response. To see to it that your organization can react quickly and limit damage you should: • Invest in prevention and detection technologies to help defend against day-to-day attacks • Build a response team that includes all key internal stakeholders, from the C-suite to first responders • Have a clear plan for the first 24 hours after breach detection • Conduct regular tabletop exercises • Establish protocols with your service providers on breach response 15
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.16 Your call to action Read the full report on cyberbreach response at www.att.com/cybersecurity-insights Get cybersecurity news, updates and advice from the AT&T Security Resource Center: SecurityResourceCenter.att.com
Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.

More Related Content

The CEO’s Guide to Cyberbreach Response

  • 1. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. The CEO’s Guide to Cyberbreach Response What to do before, during and after a cyberbreach June 2016
  • 2. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Preparing for the inevitable 2
  • 3. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.3 Preparing for the inevitable 62% of organizations acknowledged they were breached in 2015 alone Only 16% of passive companies have a strong incident response plan in place Bottom line: The inevitability of a cyberbreach, and its potential impact on your business, requires an up-to-date, effective incident response program
  • 4. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.4 The importance of incident response The ongoing digitization of business operations and data helps companies to become more flexible, responsive and innovative. It also increases vulnerability to cyberattacks. 245,000 AT&T logged more than 245,000 DDoS alerts over a recent 12-month period
  • 5. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.5 Four Types of Organizations The AT&T/IDC Global Cybersecurity Readiness survey identifies four levels of security preparedness: Progressive. This is the highest level of security readiness, in which C-level executives pay close attention to security and invest in a holistic, comprehensive prevention and response strategy. Proactive. Companies with above-average levels of security readiness realize the importance of IT security and have put in place basic steps to avoid breaches. Reactive. At companies with below-average levels of security readiness, C-level executives pay moderate-to-little attention to security while delegating security expertise and day-to-day management to IT. Passive. The least-prepared organizations are run by executives who take a hands-off stance. They tend to be unaware of most breaches and reactive in response to breaches they do detect. Progressive companies are better prepared for a breach % of companies that have a strong incident response plan that includes regular tabletop exercises and breach diagnosis Passive 16.3% Reactive 32.8% Proactive 47.6% Progressive 74.4%
  • 6. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Before the breach The best offense is a good defense 6
  • 7. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.7 Before the breach | Incident response plan Core components 1. Define all breach scenarios and their specific response steps 2. Outline preventative measures 3. Define stakeholders, roles, and responsibilities 4. Create internal and external communications templates 5. Specify response priorities 6. Maintain business continuity
  • 8. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Putting the team together Incident response team structure Stakeholder Roles and responsibilities CEO/Senior leadership • Empowers people who provide support for initiatives to help reduce risk and mitigate the effects of an incident • Helps protect intellectual property, customer data, and compliance with data security regulations IT/Security • Determines the cause and the extent of the damage • Analyzes and interprets logs • Leads forensic evaluations • Coordinates recovery efforts and internal communication • Preserves evidence Legal • Provides legal guidance • Reviews press statements • Contact for outside legal representation or law enforcement Communications • Drafts press statements • Contact for the media and the public • Assesses potential public reaction in response to a security incident External organizations (as needed) • Provide expert help in incident response and forensics • Liaise with management on legal, regulatory, and service issues 8
  • 9. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.9 Scenarios to include Procedures to include • DDoS attacks • Theft of customer information • Theft of employee information • Theft of intellectual property • Ransomware, malware, viruses • Social engineering of personnel • Contact incident response team • Escalate to senior leadership • Comply with regulatory or industry reporting obligations • Notify employees, customers, business partners, investors, media, law enforcement • Isolate and mitigate causes of the breach • Prevent recurrence of the breach Before the breach Create a healthy routine with regular education, testing and playbook updates
  • 10. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.10 Before the breach Conduct regular tabletop exercises that answer these questions: 1. Has the breach been contained? 2. Have the affected systems been isolated? 3. Who will lead forensic evaluations? 4. Was company or customer data exposed? 5. How many records were accessed? 6. Have regulators been notified? 7. Will the public be notified? 8. What is our post-breach messaging?
  • 11. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. After the breach Rapid response 11
  • 12. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Rapid response The first 24 hours • Activate your incident response plan • Remove or isolate the infection • Assess legal implications • Determine root cause • Define critical business impact 12
  • 13. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.13 Rapid response | Navigating breach communications When it comes to post-crisis messaging, there are a number of best practices to follow: • Respond quickly, but resist the instinct to over communicate • Rely on boilerplate statements that have been prepared in advance and preapproved by stakeholders • Focus on customers in your public messaging, and not so much on your company • Consider setting up a section of your website where customers, the press, and others can get up-to-date information about the cyberbreach and your company’s response to it • Promote a proactive message about the positive steps your company is taking in response to the breach
  • 14. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Conclusion Your call to action 14
  • 15. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. Your call to action Preparation is the key to a robust breach response. To see to it that your organization can react quickly and limit damage you should: • Invest in prevention and detection technologies to help defend against day-to-day attacks • Build a response team that includes all key internal stakeholders, from the C-suite to first responders • Have a clear plan for the first 24 hours after breach detection • Conduct regular tabletop exercises • Establish protocols with your service providers on breach response 15
  • 16. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.16 Your call to action Read the full report on cyberbreach response at www.att.com/cybersecurity-insights Get cybersecurity news, updates and advice from the AT&T Security Resource Center: SecurityResourceCenter.att.com
  • 17. Presentation title here—edit on Slide Master © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.