Presented by Chitaranjan Kajwadkar Terminology:- Information Security v/s Cyber Security Security threats v/s Cyber Security threats Security events, incidents, IoC, compromise ,breach, data theft, attack Contain, Limit , Quarantine , Recover Disaster Recovery v/s Business Continuity

1. Continuity & Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
8th ME Business & IT Resilience Summit
March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE

2. Cyber Resilience
Tips and Techniques For Protection & Response
C Kajwadkar (C K)
Mumbai

3. 1: Get Right Connotation to words

4. Terminology
• Information Security v/s Cyber Security
• Security threats v/s Cyber Security threats
• Security events, incidents, IoC, compromise ,breach, data theft, attack
• Contain, Limit , Quarantine , Recover
• Disaster Recovery v/s Business Continuity
4

5. 2: Get Understanding of Concepts

6. A few Key Concepts
• Cyber Kill Chain
• Triage
• Golden Hour
• Patient Zero
6

7. Cyber Kill Chain
7

8. Cyber Kill Chain
• Reconnaissance
• Weaponisation
• Delivery
• Exploitation
• Installation
• Command & control
• Actions on objective
• Research, identification, and selection of targets
• Pairing remote access malware with exploit into a
deliverable payload (e.g. Adobe PDF and Microsoft
Office files )
• Transmission of weapon to target (e.g. via email
attachments, websites, or USB devices)
• Once delivered, the weapon’s code is triggered,
exploiting vulnerable applications or systems
• The weapon installs a backdoor on a target’s
system allowing persistent access.
• Outside service communicates with the weapons
providing “hands on keyboard access” inside the
target’s network.
• The attacker works to achieve the objective of the
intrusion, which can include exfiltration or
destruction of data, or intrusion of another target
8

9. 3: Get the Frame Work Right

10. 12
Five Primary Risk Management
Categories-
• Governance;
• Identification;
• Protection;
• Detection; and
• Response and Recovery.
Three Overarching Components-
• Testing;
• Situational awareness; and
• Learning and evolving.
Cyber Resilience Framework

11. 4: Cyber Crisis Management Plan

12. Cyber Crisis Management Plan
• Cyber Crisis Management Governance
• Identification and Validation
• Activation of Cyber Crisis Management Plan (CCMP)
• Response and Containment
• Communication
• Recovery
14

13. 5: Cyber Crisis Management Strategy

14. Defender’s tool Kit
• Detect
• Deflect
• Deny
• Disrupt
• Degrade
• …..
• ….
16

15. 6: Forensic Readiness

16. Log Collection, Storage, Analysis
• Change in perspective wrt Logs
• Conventionally and now
• Plethora of sources….
• More parameters for ‘Logging’
• Frequency of logging
• Rate & Size of logs
• Challenges of Storage, Analysis, Correlation, alert fatigue
• Meaningful outcome with superfast response
• Chain of Custody for forensics
18

17. 7: People Factor

18. ‘People’ factor in Cyber Security
• Culture across geographies is different, Plays role in its own way
• Human beings are ‘social’ by nature
• Official / social communications are part of life.
• Certain level of vulnerabilities will continue to exist
• We all appreciate that there is ‘no patch for human stupidity’
• Thus we have to find Systemic ways to deal with it.
• Despite best efforts, some silo’s will exist in organization
• Set processes to reduce gaps
• In routine BAU, we may tend to go on ‘Auto Pilot’
• What can help us get switch to ‘alert mode’ from BAU mode ?
20

19. ‘People’ factor in Cyber Security
• Newer skills are required in organization, including at Board level
• Cyber Strategy is as important as business strategy
• Implementation of Cyber Security may require plethora of tools
• POC, selection, implementation requires skills & mindset
• Post implementation, ‘day to day’ admin is also important
• Processes are as important as tools
• Do we have people who can set right processes
• Investigation of Cyber incident is a different ball game
• Event correlation, connecting missing dots play important role
• Planning for forensic requires hacker’s mind set. Do we ethical hackers ?
• Tests/Drills
• Have we planned for Red & Blue team? How effectively we can use them.
21

20. 8: Prepare For Targeted Attack

21. Preparing for Targeted Attacks
• Deep understanding of why would some one attack you
• Enhance capabilities to get early indicators reconnaissance
• Targeted threat intelligence
• Higher emphasis on insider threats
• Early Detection capabilities
• Active defense
• Active hunting
• Incident Response team with mind set of DGMO
• ….
23

22. 9: Future Proofing

23. The Crystal Ball ..Horizon 2025
4th Industrial Revolution: Higher Momentum
• Drivers : ML, AI ,IOT, WNS*,C2X*
• Dominance of Matured CPS*
*CPS Cyber Physical Systems
*WNS: Wireless Sensor Networks , *C2X : Car to Everything

24. The Crystal Ball ..Horizon 2025
• Newer Areas of Applications
• Smart Cities
• Agri , Green House Asset management
• Healthcare Management
• Navigation & Rescue
• Intelligent Transportation Systems (ITSs), C2X
• Machine Vision
• Biological Network Analysis
• Military Robotic Controls
• …

25. 10: ???

26. When Going Gets Tough, Tough Get Going…

27. Thank you

28. Continuity & Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
8th ME Business & IT Resilience Summit
March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE