Executive Playbooks for Cyber Crises - R3 annual summit

Please download to get full document.

View again

of 23
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Similar Documents
Information Report
Category:

Business

Published:

Views: 0 | Pages: 23

Extension: PDF | Download: 0

Share
Description
Chief Risk Officers, CISOs and Business Continuity Directors met at the annual summit on Resilience, Response & Recovery. These are the Workshop Slides from September 2019.
Transcript
  • 1. Assistance@CyberRescue.co.uk Annual Resilience, Response & Recovery Summit. Workshop Slides – London, Sept 2019 Cyber Crisis Play Books Breach at a key Supplier
  • 2. Assistance@CyberRescue.co.uk Breach Response Capability Maturity How ready are you?
  • 3. Assistance@CyberRescue.co.uk How ready are you?
  • 4. Assistance@CyberRescue.co.uk Participants will receive: Cyber Crisis Playbook for your Organisation Breach Probability Score for one of your Suppliers Cyber Vulnerabilities Report on one of your Suppliers
  • 5. Assistance@CyberRescue.co.uk Participants will receive: Cyber Crisis Playbook for your Organisation Breach Probability Score for one of your Suppliers Cyber Vulnerabilities Report on one of your Suppliers x 1 x 2 x 4 x 8 x16 Breach Probability After each vulnerability (or positive finding) is identified, the algorithm calculates risk of breach as compared to 1 million other monitored companies. 17th September 2019
  • 6. Assistance@CyberRescue.co.uk Participants will receive: Cyber Crisis Playbook for your Organisation Breach Probability Score for one of your Suppliers Cyber Vulnerabilities Report on one of your Suppliers
  • 7. Assistance@CyberRescue.co.uk Why focus on Supplier Breach? Annual Growth in number of sensitive records breached by Suppliers Analysis of 1,244 breaches by Identity Theft Resource Center, 2019 x1.95 x2.75 x9.85 x18.32 x433.25 LogScale
  • 8. Assistance@CyberRescue.co.uk Who is in charge? Leading business recovery from a major breach is a team sport. But you’ll fail, if your Playbook isn’t clear on who will “lead.” Leadership comes in two flavours: • the leader who is seen to make the really hard decisions (often the CEO) • the leader who does the hard work of response coordination (“Sherpa”).
  • 9. Assistance@CyberRescue.co.uk Write the name of your Crisis Coordinator (Sherpa) During the R3 conference in September 2019, 73 of the delegates used Slido to provide their details and decisions, which were then compiled into a bespoke Playbook for their organization. Details: Assistance@CyberRescue.co.uk
  • 10. Assistance@CyberRescue.co.uk Our account manager is on the phone… He wants to speak to you about an “issue”
  • 11. Assistance@CyberRescue.co.uk List some Suppliers you wouldn’t want that call from. Categories to think about when naming companies: • Payroll, Finance and Human Resources suppliers • Marketing, Communications and eCommerce agencies • Information Technology, Cloud & Telecoms providers • Outsourced Call Centre, Fulfilment and Distribution agencies • Board Governance, Audit and Business Continuity support
  • 12. Assistance@CyberRescue.co.uk Your 2 tasks when you’re told of “issue” First, smile. Second, categorise the situation, for example: 1. Anomaly 2. Incident 3. Issue 4. Concern 5. Crisis
  • 13. Assistance@CyberRescue.co.uk I will try to send you an email. Our S3 buckets were breached. The files include the most sensitive info on all your clients. If the report you receive is gobbledegook, say so. You need to assess and triage the business impacts.
  • 14. Assistance@CyberRescue.co.uk 1. In 1 hour 2. In 24 hours 3. In 48 hours 4. In 72 hours 5. In 7 days 6. In 28 days 7. ASAP How fast do you aim to tell customers?
  • 15. Assistance@CyberRescue.co.uk Who leads on (updating) your Comms? During the R3 conference in September 2019, 73 of the delegates used Slido to provide their details and decisions, which were then compiled into a bespoke Playbook for their organization. Details: Assistance@CyberRescue.co.uk
  • 16. Assistance@CyberRescue.co.uk Who will support your Breach Notification?
  • 17. Assistance@CyberRescue.co.uk Ransomware starts to hit company phones and computers.
  • 18. Assistance@CyberRescue.co.uk Who decides if you will pay Ransom? If you haven’t decided in advance who is qualified to make the hard decisions, an unqualified person will.
  • 19. Assistance@CyberRescue.co.uk How will Executives communicate?
  • 20. Assistance@CyberRescue.co.uk How will you document lessons?
  • 21. Assistance@CyberRescue.co.uk What EMAIL shall we send docs to? Cyber Crisis Playbook for your Organisation Breach Probability Score for one of your Suppliers Cyber Vulnerabilities Report on one of your Suppliers Privacy Policy: The only purpose that emails provided through this Workshop will be used for is to send the above documentation, unless you then request further information. All your data will be deleted in 30 days, by 17 Oct 2019.
  • 22. Assistance@CyberRescue.co.uk Thanks to Kevin Duffey, Chris Procter and all the expert participants. For your documents, contact Assistance@CyberRescue.co.uk
  • 23. Assistance@CyberRescue.co.uk Cyber Attack Executive Simulation Contact us for: • An executive simulation for your senior team • A bespoke response plan to help executives during a breach • A fully-automated score of your cyber security vs. your peers Assistance@CyberRescue.co.uk
  • Recommended
    View more...
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks
    SAVE OUR EARTH

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!

    x