CSPIRT

2023 Program
Year 2022 Retrospective

 Team was formed and inaugurated.

 Familiarized ourselves with the Center for Internet Security Framework.
 Decided on VALCO’s Risk parameters.
 Developed our Risk Register
 Implemented selected Security Controls relevant to VALCO
 Completed CSA regulatory registration
 Worked on new VALCO ICT policy
 Cybersecurity Week
 Phishing Test (6.1% as against 5.3%)
 Incidents
Current Security Landscape

 According to Check Point Research the number of cyber attacks recorded in

2022 was 38% higher than the total volume observed in 2021. This trend
appears to be related to gaps in security created by the shift to remote work
and study.
 Global cyber attack volume peaked in Q4 2022, with an average of 1,168
weekly attacks per organization.
 The education/research (2,314), government (1,661), and healthcare (1,410)
sectors accounted for the highest volume of cyber attacks per organization on
a weekly basis.
 Africa faced the highest number of cyber attacks with 1,875 weekly attacks
per organization, followed by Asia Pacific with 1,691 attacks.
Why this matters

 The ransomware ecosystem is evolving and growing with smaller, more agile
criminal groups that form to evade law enforcement.
 Hackers are widening their aim to target business collaboration tools such as
Slack, Teams, OneDrive, and Google Drive with phishing exploits, taking
advantage of the increased use of these tools due to remote work.
 Academic institutions have become a popular target for cybercriminals due to
the rapid digitization they underwent in response to the COVID-19 pandemic.
 The healthcare sector is a lucrative target for hackers, who aim to retrieve
health insurance information, medical record numbers, and sometimes even
social security numbers.
AI-assisted cyber attacks

 In November 2022, OpenAI introduced ChatGPT which attracted significant

attention and interest in the potential uses of AI. However, it also highlighted
a new concern in the cybersecurity world, as it became clear that less skilled
hackers can easily use code generation capabilities to launch cyber attacks.
 An examination of multiple prominent underground hacking groups reveals
that there have been instances of cybercriminals utilizing OpenAI to create
harmful tools.
Bottom Line

 All of the above highlight the importance of having a strong cybersecurity

posture by.
 A readied CSPIRT.
 Continues cyber awareness training to employees.
 Implementing a proactive defense solution to stay safe from such threats.
CSPIRT Refresher Course

 What does prevention, incident response team do?

 The chief goals of an incident response team are to detect and respond to security
events and minimize their business impact. The prevention aspect is to prevent the
attack from happening at all.
Team Tasks

 Prepare for and prevent security incidents.

 Create the incident response plan.
 Test, update and manage the incident response plan before use.
 Perform incident response tabletop exercises.
 Develop metrics to analyze program initiatives.
 Identify security events.
 Contain security events, quarantine threats and isolate systems.
 Eradicate threats, discover root causes and remove affected systems from production
environments.
 Recover from threats and get affected systems back online.
 Conduct follow-up activities, including documentation, incident analysis and identifying how to
prevent similar events and improve future response efforts.
 Review and update the incident response plan regularly.
What Next

 Develop Incident Response Plan

 Technical Training on CSIRT
 A general Cyber Awareness Training for Plant
 Undergo a Cyber Simulated Attack