80 likes | 179 Vues
Distribute.IT – A Case Study. Background. Formed 2002 as a startup Web Services provider Domain name registrar Web/Server Hosting SSL Products SMS messaging ~10% Market Share - .au domain names Offices in Melbourne & Jakarta 30+ Employees 200,000+ domain name clients
E N D
Background • Formed 2002 as a startup • Web Services provider • Domain name registrar • Web/Server Hosting • SSL Products • SMS messaging • ~10% Market Share - .au domain names • Offices in Melbourne & Jakarta • 30+ Employees • 200,000+ domain name clients • 30,000+ hosting clients • 8-10 million SMS messages per annum • 3,000+ Resellers • Profitable, growing, cash flow positive business
Initial Breach June 3 – June 10, 2011 Network Lockdown Compliance Fri. 3/6 Fri. 10/6 4/6 8/6 5/6 6/6 9/6 7/6 Reconfigure Entire Network Breach Detected Customer Fallout
Major Breach June 11 – June 23, 2011 Network Rebuild Sat. 11/6 13/6 15/6 20/6 22/6 23/6 12/6 14/6 16/6 17/6 18/6 19/6 21/6 ~ 4:30 pm ‘Major’ Incident ~ 5:30 pm Shutdown entire network
Major Breach June 11 – June 23, 2011 Privacy Commissioner Governing Body Support (auDA, etc) First Servers come back online Government Media Banks Sale of Assets to Netregistry Compliance Approx. 96% of servers online Staff Loss Network Rebuild Media Sat. 11/6 13/6 15/6 20/6 22/6 23/6 12/6 14/6 16/6 17/6 18/6 19/6 21/6 ~ 4:30 pm ‘Major’ Incident Social Media Social Media AFP Complete Assessment Media Analysis Staff Loss Accreditations Client Comms Announcement Re: 4 servers Compliance Board Meeting ~ 5:30 pm Shutdown entire network Damage Mitigation AFP Meetings auDA ICANN nzDNC Liquidator Meetings Board Meeting Solvency? Insurance Customer Loss
Lessons Learnt • Cyber Security is not just an IT issue • Security is a Process – not a static position • Governance and Risk (Information Security Management)
What Now? • Cqr.com • Alex.Woerndle@cqr.com
Questions? DISCLAIMER OF LIABILITY While every effort is made to provide accurate and complete information, CQR Consulting Pty Ltd and/or Distribute.IT Pty Ltd and/or the presenters do not warrant or represent that the information in this presentation is free from errors or omissions or is suitable for your intended use. The information provided in this presentation may not be suitable for your specific situation or needs and should not be relied upon by you in substitution of you obtaining independent expert advice. Subject to any terms implied by law and which cannot be excluded, CQR Consulting Pty Ltd accepts no responsibility for any loss, damage, cost or expense (whether direct or indirect) incurred by you as a result of any error, omission or misrepresentation in information in this presentation. All information in this presentation is subject to change without notice. Reproduction (in whole or in part) of this presentation only with the prior written consent of the author(s).