HOW TO RUIN YOUR WEEKEND (AND BUSINESS) IN FEW SIMPLE STEPS presented at First 2017

by Przemek Jaroszewski,

Summary : The talk is an anonymized story of a real incident investigated by CERT Polska. On one sunny summer weekend, things started to go wrong for FastForward - a major logistic company. An apparent IT security incident led to a complete suspension of the company operations, and consequently ruined chain of supply for dozens of its customers. A thorough investigation revealed a number of minor shortcomings that could have been easily prevented. Combined, they triggered a sequence of events that resulted in a disaster causing major financial and reputational losses. The investigation results raised important questions about management of IT security and incident response in an enterprise that outsourced most of its IT operations, as well as about responsibilities of different business entities who contributed to the incident's root causes. It also demonstrated the often overseen benefits of network monitoring and information exchange. During the case study I will show steps that led from (scarce) evidence to conclusive opinions. Learning from FastForward's mistakes, security officers and incident responders will learn valuable lessons in the areas of risk assessment, contingency planning, security monitoring and communication. Proposed structure of the presentation:
Publicly visible signs of the incident
Identifying primary cause
Gathering evidence on contributing factors
Verifying hypotheses
Preventive measures that were not there
Aftermath & Public Communication
Conclusions