2. Top Cybersecurity Facts 2018
Source:(CSO from IDG)
• Cyber crime damage costs to hit $6 trillion annually
by 2021
• Cybersecurity spending to exceed $1 trillion from
by 2021
• Human attack surface to reach 6 billion people by
2022
• Cybersecurity Ventures expects ransomware
damage costs will rise to $11.5 billion in 2019 and
that a business will fall victim to a ransomware
attack every 14 seconds by that time.
2
3. Incidents Types
Nuclear Power
Steal Plants
Solar Power
ATM Account Thefts
Stock Exchanges
Payment Card Accounts
Theft of email addresses, passwords
Attacks on government sites ( websites defacement)
Financial companies
Power Grids
World most trusted news organizations
Zero day threats
Advanced Pertinent Threats
Ransomwares
3
5. Incident Handling Cycle
PHASE 1:
PLANNING AND ORGANISATION
Decision
Making
Triage
If Incident is
valid?Incident is
detected
Documentation Improvement
Create Incident Response
Team
Training
Incident Management Strategy
Risk Assessment
Compliance
Crisis Management Plan
Security Tools
Yes
RecoveryEradication
All data is
stored
Crisis
Management
Plan
Containment strategy –
time consuming or incident
cannot be contained?
Choose
Containment
Strategy
Containment and
Business
Continuity
Analysis of
Incident
LAYER 1: PREPARATION LAYER 2: IDENTIFICATION
LAYER 4: REVIEW
LAYER 3: RESPONSE
Ends
No
Yes
Yes
No
Legal Aspects
Prosecution?
Legal
Procedures
No
Assessment
5
6. Incident Handling Procedures in
Organisations
General Procedure……
• Log the incident
• Inform the appropriate people
• Release of Information
• Follow-up Analysis
6
7. Incident Handling Procedures in
Organisations
Incident Specific Procedure…… ( Virus family)
• Isolate the system
• Log all actions
• Notify appropriate people
• Identify the problem
• Contain the virus ( family…..)
• Inoculate the System
• Return to a Normal Operating Mode
• Follow-up Analysis
7
8. Incident Handling Procedures in
Organisations
Incident Specific Procedure…… ( Hacking)
• Identify Problem
• Notify appropriate people
• Identify Hacker/Cracker
• Log all actions
• Notify CERT
• Follow-up
8
9. Incident Handling Procedures in
Organisations
Reporting Channels ( How it works in the country)
• CERT
• Law Enforcement
• DPPs Office
• ISPs
9