Cyber ResilienceTips and Techniques For Protection & Response
1. Continuity & Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
8th ME Business & IT Resilience Summit
March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE
8. Cyber Kill Chain
• Reconnaissance
• Weaponisation
• Delivery
• Exploitation
• Installation
• Command & control
• Actions on objective
• Research, identification, and selection of targets
• Pairing remote access malware with exploit into a
deliverable payload (e.g. Adobe PDF and Microsoft
Office files )
• Transmission of weapon to target (e.g. via email
attachments, websites, or USB devices)
• Once delivered, the weapon’s code is triggered,
exploiting vulnerable applications or systems
• The weapon installs a backdoor on a target’s
system allowing persistent access.
• Outside service communicates with the weapons
providing “hands on keyboard access” inside the
target’s network.
• The attacker works to achieve the objective of the
intrusion, which can include exfiltration or
destruction of data, or intrusion of another target
8
16. Log Collection, Storage, Analysis
• Change in perspective wrt Logs
• Conventionally and now
• Plethora of sources….
• More parameters for ‘Logging’
• Frequency of logging
• Rate & Size of logs
• Challenges of Storage, Analysis, Correlation, alert fatigue
• Meaningful outcome with superfast response
• Chain of Custody for forensics
18
18. ‘People’ factor in Cyber Security
• Culture across geographies is different, Plays role in its own way
• Human beings are ‘social’ by nature
• Official / social communications are part of life.
• Certain level of vulnerabilities will continue to exist
• We all appreciate that there is ‘no patch for human stupidity’
• Thus we have to find Systemic ways to deal with it.
• Despite best efforts, some silo’s will exist in organization
• Set processes to reduce gaps
• In routine BAU, we may tend to go on ‘Auto Pilot’
• What can help us get switch to ‘alert mode’ from BAU mode ?
20
19. ‘People’ factor in Cyber Security
• Newer skills are required in organization, including at Board level
• Cyber Strategy is as important as business strategy
• Implementation of Cyber Security may require plethora of tools
• POC, selection, implementation requires skills & mindset
• Post implementation, ‘day to day’ admin is also important
• Processes are as important as tools
• Do we have people who can set right processes
• Investigation of Cyber incident is a different ball game
• Event correlation, connecting missing dots play important role
• Planning for forensic requires hacker’s mind set. Do we ethical hackers ?
• Tests/Drills
• Have we planned for Red & Blue team? How effectively we can use them.
21
21. Preparing for Targeted Attacks
• Deep understanding of why would some one attack you
• Enhance capabilities to get early indicators reconnaissance
• Targeted threat intelligence
• Higher emphasis on insider threats
• Early Detection capabilities
• Active defense
• Active hunting
• Incident Response team with mind set of DGMO
• ….
23
28. Continuity & Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
8th ME Business & IT Resilience Summit
March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE