SEIZE THE DATA. 2015

1 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SEIZE THE DATA. 2015 SEIZE THE DATA. 2015

Preparing for the inevitable Executive breach response Chris Leach, Chief Technologist Enterprise Security Services Mega trends SEIZE THE DATA. 2015

Regulatory and legal Rush to the cloud compliance

Changing workforce Emerging markets (retiring workers and generation “Z”) Targeted attacks Digital dam is about to burst cyber attack will cause significant and lasting damage to a major world economy through physical or economic impacts.

4 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SEIZE THE DATA. 2015 The Russian firm Kaspersky Shamoon - The virus has been Tamper serious vulnerability in Stuxnet, was designed to seek out discovered a worldwide cyber- noted as unique for having the Hotmail service which allowed HP cyber timeline certain industrial control systems attack dubbed “Red October,” that differing behavior from other hackers to access 13 million made by Siemens. Stuxnet took had been operating since at least malware cyber espionage hotmail accounts. In the same advantage of four zero-day 2007. Hackers gathered attacks. Shamoon is capable of period the services Yahoo and AOL vulnerabilities and appeared to be information through spreading to other computers on were affected by the Tamper Data targeted at a uranium enrichment vulnerabilities in Microsoft’s Word the network, through exploitation hack. program in Iran. and Excel programs of shared hard drives Heartland, was designed to seek out certain industrial control hackers had penetrated the systems made by Siemens. PlayStation network, stealing or Stuxnet took advantage of four misusing the personal information zero-day vulnerabilities and Cyber Cartels of at least 77 million users. Sony appeared to be targeted at a estimated that fallout from the Tamper Data Syrian Electronic Army continues uranium enrichment program in June 2012 Continuedhack cost at least $170 development million. of sophisticated to take down, hack and redirect Iran. .CN Wall Street Journal Websites and Aug 2013 cybercriminals, convergence of traditional- and cyber- internet facing traffic.

The most significant breach of crime Shamoon U.S. computer security occurred, Aug 2012 apparently when someone working with the Pentagon's Central Command inserted an Cyber Militia WSJ - SEA Facebook founder Mark infected flash drive into a military StuxNet Aug 2013 2010 Zuckerberg had his profile hacked laptop computer at a base in the Active use of cyberspace as a sub-nation-state battle into by an IT worker in Palestine. Middle East. Red October ground, terrorism… Apple Dec 2010 Evernote Aug 2011 2013

UK Revenue & Sony PSN Kernel.org Video Facebook Customs Heartland Dec 2010 Aug 2011 2013 2006 Cyber Altruism Conferencing 2009 Aug 2012

IndividualsBuckshot and groups driven by theirDigiNotar social Living TJ Maxx Yankee Sept 2011 Social 2010 conscience,Nov 2008 hacktivism, whistleblowing 2013

NASA Shuttle Yahoo AOL Estonia Dark GhostNet 2013 2010 Plans May 2007 Mar 2009 Dec 2006 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Loss/stolen data Rise of cybercrime Advanced persistent threat Professional hacktivism

5 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SEIZE THE DATA. 2015 Since we know it is a matter of “when” – not “if”

What steps can we take now to mitigate loss, operational impact and reputation damage? • Establish a game plan now • Train and involve executive management – include the board if possible • Include other disciplines in the plan – e.g. legal, HR, communications • Practice the plan and then do it again • Understand communications are critical • Internal to affected employees • External to key stakeholders and customers

6 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SEIZE THE DATA. 2015 Elements of a good breach plan

• Understand that you can never prevent a cyber-disaster… only mitigate its impact to an organization • Be clear on roles and responsibilities and who can declare the disaster • Consider major supplies and 3rd party service providers • Leverage multiple channels for communication in the plan (e.g. social media, email, cellular and satellite phones) • Consider the people side of the equation – expertise, work load, accessibility to a facility, etc.)

7 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SEIZE THE DATA. 2015 Where can I go for more information and help

• HP Assessment tool – to determine how prepared an organization is https://breach.hpsecurityassessment.com/

• HP Breach Response Playbook http://h20195.www2.hp.com/V2/getpdf.aspx/4aa5-5562enw.pdf

• Ponemon Institute Research on Breach Response http://h20195.www2.hp.com/V2/getpdf.aspx/4aa5-5310enw.pdf

8 © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SEIZE THE DATA. 2015 SEIZE THE DATA. 2015