who caused the cyber security incidents. The first thing that we talked about was kind of negligent employees. So who is a negligent employees? Well, that someone who doesn't really have a good understanding of how cyber security incidents work. So good example, Here's this'll mean that
the basic user changed his password too
incorrect. So every time he typed in the wrong password, tells him his passwords and correct so kind of an extreme. But there are people who don't have a good understanding of how cyber security incidents were.
You're business partners. Maybe you're in partnership with the business or you're using some type of contractor and you've given them access to your proprietary information,
and they don't understand our have the same security policies that you did on. They might put your information at risk.
another example is going to be insider threats. We can already talked about Snowden kind of an extreme example that there may be others that maybe you terminated someone and they have some computer knowledge, and they put that logic bomb in your system that's going to delete all your dad are keep you from getting access.
Do that. So those inside her threats. Kind of the next one is going to be criminal. So here's an example of ah, of some ransomware. So they're gonna want to make money.
Um, maybe off your systems, because you had some user click on something or go somewhere they shouldn't have. And they're gonna try and get
um, you know, 3 $500 out of your hospitals now have come under attack from RANSOMWARE, and they're getting, you know, tens of thousands of dollars just to get access back to their patient information.
You're gonna have activists, terrorists, hacktivist. They're going to try and cause some type of damage to your system because they have a
political ideology that may differ from yours or they want to prove a point on terrorist. Obviously, the cyber plane is now becoming the next generation of warfare, and we're going to see a lot more cyber attacks happening instead of these
mass kinetic attacks and wars. Just because
cyber is something that is important and kind of
connects all of us throughout the world Now, bank on that we have a lot of our critical infrastructure That depends on cyber, and we're going to see a lot more that happen. And then we're gonna have competition from your business
ah, competitors with you. They may want to hack into your your systems to get your proprietary information so they can one up you
on and go ahead and get something the market before you do. And the nation states so kind of an example of what we had with nation states is stuxnet virus, where,
we essentially had an attack against Iran that interfered with some of their program of logic controllers and kind of setback some of their development. So these are just some examples of who causes cyber security incidents. There's obviously could be more
that these were just some of the basic examples
of who does that. So why is incident response necessary?
So we kind of already touched on this a little bit, but
again, cyber is kind of that next plane that next generation of warfare. And here's just some examples of how cyber threats are affecting the United States and U. S. Businesses.
The Justice Department has declared that China's espionage activities have so wide and scale that they constitute a national security emergency
this. China targets almost every sector in the US business,
so that's pretty significant. So if you're out there and you've got something that is worthwhile something that could go to market China may be trying to launch an attack against you so they can figure out how to build that. Make that better. And we'll talk about some of the Chinese threats.
Ah, little bit later on in this course.
So according to 60 minutes, the activity is actually costing us cos hundreds of billions of dollars in losses and more than two million jobs have been lost to these cyber of incidents occurring, so that that's pretty significant. So if we can prevent these or mitigate these after they've happened,
billions of dollars and actually put people or keep people in their jobs.
On the Center for Strategic and International Studies, C. S. I s estimated the likely annual cost of cyber crime and economic espionage to the world economy. More than $445 billion are almost 1% of the global income. So again, that's just a significant number
in terms of dollars of the
the magnitude of cybersecurity threats and then just in the United States of lone C s. I s estimated that the U. S. Lost about $100 billion in GDP in the year 2013. So
just kind of underscores
the significance of cyber threats. So here's a graphic explaining kind of of how much a cyber security incident can actually cost on organization. So we we have these known cost that we realize that we're gonna have to deal with when one of these incidents occur. So
one of the infographics here that the Lloyd has on their website shows the costs that are mostly well known. With more, these incidents occurs, you're gonna have that technical investigation gonna have to notify your customers that there's been a breach.
I'm gonna have to do something to get you back into regulatory compliance, depending on what type of organization.
More than likely, you're gonna have to be engaged in litigation. So you're gonna have to hire an attorney and those guys bill, usually in three minute increments, that's that's not cheap.
And then you're gonna have to provide some type of protection to your customers after that happens, like during the OPM hack we had essentially notifications set out to federal employees. That one. They've been hacked. Thio. Here's here's something that related to look at your credit and see it.
If someone's trying to open accounts in your name,
you're also gonna have to go on some type of public relations. Ah, circuit to kind of ameliorate those that bad publicity that you had. And then you're gonna have to figure out a way to improve your cybersecurity. So those air the above the surface of the better known cost of cybersecurity
that being said, there's gonna be some beneath the surface costed. And this is estimated, this is gonna be where 95% of your financial impact is going to occur. So the top, obviously those air very expensive. But the these underneath the surface attacks some things that you may not necessarily consider
are very important as well. So
your insurance is gonna go up. So
if you've had one of these cyber security incidents occur,
Andi, you've got an insurance coverage for more than likely. Just like when you have a car accident in your insurance company is gonna raise your rates.
when you take on some of these the cyber security incidents and try to mitigate them. You're gonna have an increased cost to raise your death,
and then you're gonna have an impact in operations or destruction. So that's kind of one of the drawbacks to having cyber security incidents. The bank's even going offline for 30 minutes for a bank could cost them millions of dollars.
And then you may have lost value in your contract, Rev it and you're gonna have an evaluation in your crate name so that you know, the target incident When they got when they were hacked and they lost customers credit card data, they took a hit to their business. And depending on what type of business you have,
your trade name is gonna be pretty viable. T I was reading somewhere where the actual
trademarked name of Coke asses actually worth more than the products that the company sells.
You could have loss of intellectual property, so if you make one specific thing you do it, you do it well and you do it better than anybody else. If someone would steal that,
it's lost. It's gone forever, and you no longer have the essentially the market share that you have. And then your customers could also lose faith in your ability to handle information. They may want to take their business somewhere else. So those are just some of the beneath the surface cost, which which
more than, like that, you're going to far outweigh the above the surface cost.
So what is the purpose of cyber incident response?
So it's going to be essentially a collage of things that that you're going to have to do. So you're gonna have to determine if the first if an incident has actually occurred, so that could actually be done by having some type of
Elektronik notifications and I d. S.
Um, that says, Hey, something has occurred. Or maybe you've gotten some type of virus alert from your virus detection software.
So after you have determined that a threat has hurt, you're gonna actually have to stop the threat to keep that damage from occurring over and over again.
The next thing that you're gonna have to do is you're gonna determine
how the threat actually occurred so you can go to the next step. Mitigator minimized the damage on dhe prevented from trying to happen again
So then we're gonna wanna have to counter that for ever.
And then lastly, we're gonna want to prevent that threat from re occurring or spreading.