2. Page 2
Cyber Attacks – The Cover Story
Cyber security is one of the most commonly talked about threat these days
as cyber crimes have reached an all time high…
3. Page 3
Cyber Attacks – The Headline News
The frequency and veracity of issues are rapidly increasing
4. Page 4
Cyber Security: No Industry is SPARED
RSA SECURITY
40m records, $60m loss
Dept. of Energy – 105,000
customer details leaked
Angry Birds - hacked
Global ATM heist –
$45m in 26 countries
Target Store
40m credit cards
NASA – 10,000
employee details
Montana Health
1.3m patient data
Nationwide Insurance
1m customer details
5. Page 5
Internet usage and population statistics
World
Population
Connected
Devices
6.3 billion
500 million
6.8 billion
11.2 billion
7.4 billion
28.4 billion
7.6 billion
50 billion
Connected
Devices per
person
0.08 1.64 3.83 6.58
More
connected
devices
than
people
2003 2013 2017 2020
Source: Cisco IBSG. April 2013
6. Page 6
Evolving Cyber threat landscape
Impact these incidents have on Organizations
Customer
Loss
Drop in
market cap
Brand
dilution
Regulatory
Impact
Operational
inefficiency
Financial
Loss
7. Page 7
And it has become a boardroom issue now
Board responsibility: Cyber Security moving
from server room to board room
8. Page 8
Changing the way organizations think
about information security
With so much at stake –
intellectual property,
customer, operations and
financial data, and
organizational reputation
– informed leaders are realizing that it is
time for a fundamental
rethink of how information
security is understood and
positioned within their organization
Increasing Cyber Risk
Board Responsibility
Potential Solutions
9. Page 9
Mock Cyberwar Game
Anticipating cyber attacks is the
only way to be ahead of cyber
criminals.
10. Page 10
Case study (1/4)
► Scenario
► You are executives of an e-commerce giant named AmazingKart.com
► CEO is being alerted by the media of a possible cyber attack on your
ecommerce portal. The CIO is completely alien to this news
► Your company network has been attacked by unknown hackers. The
attackers have posted on the web, purchase histories of one million
users along with their vital personal details and Credit card details
► As a result, sales are dropping and AmazingKart.com is taking a
drubbing by the media, as well as by competitors
► You as the CXOs of AmazingKart.com must figure out all the steps your
company needs to take, post-intrusion, to restore normal operations
11. Page 11
Case study (2/4)
► Expectations
► Find out how was the data leaked and impose corrective measures
► Draft a media release post the intrusion
► Contact all your affected patrons
► Use all the possible media channels to communicate including social
media
► Alert all your employees, especially the front desk
► Liaison with your business partners, bankers etc.
► Updates to the Board of Directors
12. Page 12
“Your website has been hacked WE OWN YOU!”
At 1920 hours, Friday
The CEO receives a text
Case study (3/4) – Chronology of events
Whom do you contact first? What would be your immediate steps?
https://www.AmazingKart.com
13. Page 13
At 2002 hours, Friday
IT department discovers a 3rd party VAS hosted on cloud went live without checks, the
website is inaccessible
IT dept. puts a website out of order message… How do you restore
the original website as backup is unavailable? Next steps
Case study (3/4) – Chronology of events
14. Page 14
Hackers discloses the hack before you by Tweeting about it
At 2005 hours, Friday
Case study (3/4) – Chronology of events
The hacker already warned you first about vulnerability, but you
ignored? Now what?
Do you know about your social media footprint? Do we track it
actively?
Unkn0wn Hack3r @UnkwHack Dec 26
ALL customers are in deep trouble – Personal and Card
details @AmazingKart ‘s data! bit.ly/akrt.ru #CapturedTheFlag
#CloseTheShop
2 mins
Unkn0wn Hack3r @UnkwHack Dec 26
Cough Cough! seems @AmazingKart is in trouble!
#vendors#customers
5 mins
15. Page 15
The media picks up the tweet and the news is published on online social forums. The
tweet goes viral
At 2015 hours, Friday
Case study (3/4) – Chronology of events
Do we have a social media strategy?
AmazingKart hacked!
The naked truth of ecommerce companies in India
Unknown Hacker Group claims via Twitter
AK – India’s leading ecommerce company hacked!
Client data leaked. Claims Unknown Hacker Group via
Twitter
AK – A leading ecommerce company
headquartered in Bangalore, India
seems to be hacked. The unknown
hacker group has taken responsibility
of this hack and claimed the same via
twitter. More news awaited.
AmazingKart Hacked! Millions
of customer data at risk
16. Page 16
Case study (3/4) – Chronology of events
At 2020 hours, Friday
Customer call centre and email queries hit the roof!
Customers panic as they come to know from media that their data,
credit card details have been compromised
17. Page 17
Case study (3/4) – Chronology of events
At 2030 hours, Friday
Business Partners start calling you and enquire about the hack, extent of damage/loss
Business partners are worried about their exposure to the cyber
attack, damage, loss?
18. Page 18
Case study (4/4) – Chronology of events
At 2045 hours, Friday
Query from the authorized bank and payment gateway enquiring about the hack, what do
you do?
Ask them to block all cards? Do you even have a list?
19. Page 19
Case study (4/4) – Chronology of events
At 0700 hours, Sat
The news of the hack is now published in all the leading business dailies. The Global team
calls up the CEO asking for an explanation…
Who’s face would be on that newspaper?
AmazingKart hacked!
Is critical customer data at risk?
Will the management speak?
20. Page 20
Case study (4/4) – Chronology of events
At 0800 hours, Sat
Emergency meeting called by the Board of Directors to assess the situation
What do you tell the board?
21. Page 21
Case study (4/4) – Chronology of events
At 0900 hours, Sat
You have a media statement to be made which has been pending for a day now.
The media news about hack has affected your brand image, Customer/Business partners
are unhappy…
Your pending press conference has to happen NOW, what and how
will you respond?
23. Page 23
Case study (4/4) – Chronology of events Do you think we were well
prepared for this cyber
attack?
Are we confident in having a
face to face media briefing
explaining the security
breach?
Have we already had a board
discussion about cyber
security?
24. Page 24
Key Takeaways
You will never have enough
time!
Even top executives with years of
experience in managing crisis aren't
always prepared to handle cyber
incidents.
Cyber security is a business issue
affecting the survival and reputation of
the company
Don’t forget your employees
While everyone is firefighting with
external agencies, organizations often
forget to communicate about the
cyber-attack situation to their own
employees.
Mock Drill - Not just one
time activity
People come and go, strategies
change, but in the end practice makes
perfect.
Not an IT Issue Only
25. Page 25
Thank You!
The more we sweat in
peace, the less we bleed in
war – Tsun Zu
Be Cyber secure!
Lets Connect
Lalit Kalra
Advisory Services, EY
Lalit.Kalra@in.ey.com