Good Cyber is Good Business

Size: px
Start display at page:

Download "Good Cyber is Good Business"

Transcription

1 In this white paper Cyber crime and espionage make headlines on almost a daily basis. This white paper from Thales UK asks whether there can be real P&L rewards for organisations that improve their cyber security. Can Good Cyber be Good Business? White Paper Good Cyber is Good Business The competitive advantage of cyber security Autumn 2013

2 Executive Summary Cyber security makes headlines on a daily basis. The threat posed by belligerent cyber actors is pervasive across the business landscape, from the very smallest to the largest organisations. More UK businesses than ever are facing the threat of losing confidential information through cyber attacks, according to recent researched backed by the UK Government The cyber security threat is global in reach, sophisticated in its execution, and operates on an industrial scale. It encompasses individual hackers, hacktavist pressure groups, industrial espionage, organised crime, and nation state actors, each posing a specific menace. More UK businesses than ever are facing the threat of losing confidential information through cyber attacks, according to recent researched backed by the UK Government. 1 The 2013 Information Security Breaches Survey found 93% of large businesses and 87% of small businesses experienced a cybersecurity breach within the last year. 2 The average cost of significant security breaches for small organisations was 35,000-65,000. For large organisations the equivalent cost was 450, ,000. Such attacks could prove catastrophic for the profitability, if not the viability, of a business. As a result of such reports, organisations are increasingly aware of the risk posed by cyber security. At a strategic level, they recognise the operational, financial, and reputation damage that can be caused by a significant cyber attack. Increasingly, they also understand the benefits of using third party expertise to assess their information risk, to audit their technical, operational and human vulnerabilities, and to help to reduce the risk of a significant cyber security breach. These cyber aware organisations increasingly understand that applying established standards, such as ISO27001, and guidelines, such as the SANS Critical Controls, as well as keeping up-to-date with developments such as the NIST Cyber Security Framework and UK s Cyber Security Maturity Model are some of the best techniques to identify and reduce their business risks. They know that, by using cyber security partners like Thales, best practice techniques will be applied by qualified security-cleared individuals (e.g. CLAS), and by teams that operate to independently verifiable standards (e.g. CREST). But even cyber-aware organisations can be unfamiliar as to how good cyber security can be good business. Concerns over risk and cost too often prevail over recognising how good cyber security can be a source of comparative advantage, a product differentiator, a brand asset, and a business opportunity. This approach requires bold and strategic thinking. This is how Thales sees cyber security. Thales shows it clients that, by taking a business benefits orientated approach, most organisations can articulate the positive financial impact of mitigating cyber risks, which in turn can empower business leaders to prioritise the benefits they wish to derive from good cyber security Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

3 By way of comparison, consider the evolution of Quality as a discipline. Historically, quality was considered as a necessary cost of doing business. Over time, however, the best run businesses have used a structured approach to quality to contribute to improved business performance. If good quality is good business, why should we not apply the same benefits approach and continuous improvement mentality to cyber security? Consider, for example, launching a new product in a safety critical industry. The product meets all of the necessary standards, but is also differentiated in the market by a level of built-in cyber assurance that is verified by a trusted third party. Consider the value of keeping your costs, negotiating margin, and price sensitivity secure, in advance of a major contract negotiation. Or consider the operational efficiency of remote, flexible working, or allowing employees to bring their own technology to work, or simply allowing the business to continue to use the internet in a flexible way, all whilst securely protecting key business information. A recent report found that more than half (58%) of European mid-sized firms say they would refuse to do business with a company that had suffered a data breach. 3 The same survey suggested that, even as European companies are experiencing a 50% per year increase in data breaches, their approach to information management is defined by confusion, inconsistency and double standards. This represents a clear opportunity to leverage competitive opportunity through cyber security. Let us remind ourselves of the size of the challenge. In 2011, UK organisations suffered some 44 million cyber attacks. The damage caused to UK businesses (e.g. in terms of IPR loss, operational outages, and direct financial theft) was at least 21bn, according to Government backed reports. 4 98% of these breaches involved external agents. As many successful attacks resulted from weaknesses in security culture and human failings, as from technology vulnerabilities. The cyber threat is here today, and the inadequate cyber defence posture of some organisations is already costing them dearly. As a result, the UK Government s Cyber Security Strategy, in place since 2011, is supported by 650 million of public investment to respond to what it has designated as a Tier One national security threat and improve the UK s cyber defences. But how should business respond? Good risk management requires a balance of understanding, investment and decision-making. Yet, as the cyber security threat rapidly evolves, it is often difficult for organisations to assess the extent to which they are vulnerable and what they should do to protect themselves. For business leaders focused on the implications of cyber risks on their bottom line, affordable cyber protection that is appropriate to the scale of their business and reflect the reality of the risks they face is essential Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

4 Accredited cyber security providers such as Thales are ready to help. Thales is a leading partner with Government as part of the Defence Cyber Protection Partnership (DCPP) to flow good practice into our supply chain. We are also supporters of the Government s Innovation Vouchers scheme to help SMEs boost their cyber security posture demonstrates a continued level of government commitment to investing in the principle that good cyber is good business. 5 Businesses should recognise that cyber security is not a product. It is not a firewall or a password. It is a journey and the attitude you take towards it. Recognise that good cyber can be good business. Start by understanding your vulnerabilities and how mitigating actions can help your business operational and financial performance. We can help you with this. Thales approach to cyber security enables business leaders and board level executives to prioritise improvements to their own cyber security, based on their risk appetite. Our approach puts boardrooms back in control of an arena typically seen as alien to the immediate business. This is a key shift: by articulating the financial benefits of addressing the cyber security risk, business leaders are able to take positive action, rather than focusing on the cost of addressing a theoretical risk. Thales is changing the conversation. We want to move on from recognise headline grabbing scare stories to talk about the material benefits of cyber security. In a world of sophisticated and pervasive cyber threats, managing your cyber security represents an opportunity to exploit a source of competitive advantage. Embracing good cyber security as a pillar of business as usual activity can be both a selling point to stakeholders and customers, and a way to reduce risk contingent reserves and insurance policies, directly improving your organisation s operational and financial performance. In a world of sophisticated and pervasive cyber threats, managing your cyber security represents an opportunity to exploit a source of competitive advantage With the right approach, focusing upon deriving the P&L benefits of mitigating cyber risks, aligned with appropriate technological responses and security architecture, business leaders can be empowered to prioritise the benefits they wish to derive from good cyber security and to manage the realisation of those benefits proving how good cyber security is also good business. 5. https://vouchers.innovateuk.org/cyber-security Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

5 Introduction Cyber security makes headlines on almost a daily basis - the threats and risks posed by espionage on a global scale, involving often state-sponsored, professional, highly focused and extremely adept belligerents. We read about the risks to even the mightiest nation states - their economies, critical assets, businesses both large and small, and their citizens; it seems that everyone is at risk and every day that passes the threats proliferate and the risks increase. The extent of what is going on is astonishing with industrial-scale processes involving many thousands of people lying behind both Statesponsored cyber espionage and organised crime The scale of the cyber threat was highlighted in June 2012 by Sir Jonathan Evans, MI5 s Director General, who commented: The extent of what is going on is astonishing with industrial-scale processes involving many thousands of people lying behind both State-sponsored cyber espionage and organised crime. 6 The popular focus on risk is both understandable and beneficial. Awareness of the threat is an essential first step. This white paper will begin, therefore, by discussing why cyber should be regarded as a business risk to reputation, operations and financial performance just as, for instance, people and processes commonly are. As a leading cyber security practitioner, Thales recognises that for business leaders focused on the implications of cyber risks and compliance on their bottom line, affordable cyber protection is essential. We also recognise that as the cyber threat rapidly evolves it is often difficult for organisations to assess whether they are vulnerable and what they should do to protect themselves. This is why Government, leading cyber security companies like Thales, and vulnerable organisations must come together to build the awareness, support and capability required to protect UK Plc. This white paper will discuss how and where this is happening. It will examine the support schemes and services available to SMEs and large companies alike from Government and cyber security companies, what they should look for from these, and how your organisation can maximise its benefit from these. What is less discussed, however, is whether cyber security can be a net contributor to a company s P&L. This paper will examine how far we can question the assumption cyber security is just an insurance cost and instead ask: can cyber security be a source of competitive advantage? Can Good Cyber be Good Business? 6. https://www.mi5.gov.uk/home/about-us/who-we-are/staff-and-management/director-general/speeches-by-the-director-general/ the-olympics-and-beyond.html#cyber Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

6 Why cyber security matters to you Cyber-security is a business risk and should be treated accordingly. Ask yourself, would you employ someone without interviewing him or her? Would you allow anyone off the street access to your business premises? Yet you are probably introducing technology into your organisation every week. Moreover, you are likely to be linking this technology to networks holding business critical information. You may be doing this in a world in which data is the new IP, brand reputation is a Tweet away from nil, and trust in your supply chain is paramount. The fallout from Sony s Playstation network being hacked, compromising the personal information of millions of users, is a case in point. Compelled to issue a public apology to anxious customers, hauled before the US Congress, and fined by UK regulators to the tune of 250,000, this example illustrates how damaging on a global scale the publicity from a successful cyber attack is. 7 All this from an attack which the UK Information Commissioners Office (ICO) duly judged to be preventable. 8 Risk is typically acknowledged to be a balance of understanding, investment and decision making this too is what good cyber security is all about. In today s business landscape, the protection of information assets is a key element in the long term competitiveness and survival of commercial organisations. In an environment where the survival of individual organisations is, at least, partially dependent on the security of critical national infrastructure or a supplier s intellectual property, all organisations must contribute to improved cyber security. With the internet becoming the mainstream communication and application platform, the greatest risk to your business is cyber risk, whether you realise it or not. If you have not studied cyber security, here it is in a nutshell: Cyber security is the act of protecting computer systems and data against loss, manipulation, damage and theft from malicious sources. This is achieved through hardening systems, applications and people against threats and ensuring processes apply these defences rigorously. There is no winning in this type of war, as the enemy is never-ending, constantly evolving and growing in number. It is simply a survive or lose scenario. For your side to survive, partners and clients alike need to trust your integrity and ability to deliver on promises, particularly regarding their security. In this battlefield, popular perceptions and rumour are more influential than the facts. If you are perceived to be insecure, you will lose business Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

7 A June 2013 report from the consultancy PriceWaterhouseCoopers and Iron Mountain, a storage and information management company, found that more than half (58%) of European mid-sized firms say they would refuse to do business with a company that had suffered a data breach. 9 With this in mind, you may be asking yourself the following questions: Surely our IT department has dealt with this? In truth, probably not and neither is it wholly their responsibility. Cyber security is a complex problem space with its own expert disciplines, both human and technological, that affect the safety of information and systems from various adversaries looking to steal, corrupt, damage, destroy or deny access to it. Can I afford to wait? Certainly not. Currently it is far more likely that an organisation has more people trying to penetrate its systems than it has people trying to prevent those intrusions. It may already be unknowingly compromised. Is the risk real? Yes. Public or private, big or small - if an organisation has something an attacker wants, they will target it. Furthermore, if an organisation, however small or remote, has affiliations to other interesting companies, countries or clients, it may be targeted to gain access to them via its networks and vice versa. Remember not all cyber attacks are aggressive in nature; some attackers lurk silently within an organisations networks, slowly and methodically siphoning valuable information and digging deeper, sometimes over the course of years. A Growing Risk More businesses than ever are facing the threat of losing confidential information through cyber attacks, according to research published in April 2013 by the Department for Business, Innovation and Skills (BIS) in conjunction with PwC and Infosecurity Europe. 10 The 2013 Information Security Breaches Survey showed that 93% of large businesses and 87% of small businesses across all sectors experienced a cyber security breach within the last year. This increase of over 10% has cost affected small businesses up to 6% of their turnover, when they could protect themselves for far less. The average cost of the worst security breach for small organisations was 35,000 to 65,000 and for large organisations was between 450,000 and 850,000. The vast majority of these were through cyber attack by an unauthorised outsider Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

8 The survey also showed that: The median number of breaches suffered was 113 for a large organisation (up from 71 a year ago) and 17 for a small business (up from 11 a year ago), meaning that affected companies experienced roughly 50% more breaches than on average a year ago Several individual breaches cost more than 1 million 78% of large organisations were attacked by an unauthorised outsider (up from 73% a year ago) and 63% of small businesses (up from 41% a year ago) 81% of respondents reported that their senior management place a high or very high priority on security, however many businesses leaders have not been able to translate expenditure in to effective security defences 84% of large businesses report staff-related cyber breaches (the highest figure ever recorded) and 57% of small businesses (up from 48% a year ago) 12% of the worst security breaches were partly caused by senior management giving insufficient priority to security According to Government Communications Headquarters (GCHQ), it is estimated that 80% or more of currently successful attacks can be prevented by simple best practice. This could be steps as straightforward as ensuring staff do not open suspicious-looking s or ensuring sensitive data is encrypted. 12 The Department for Business, Innovation & Skills (DBIS) has reported the example of a small London insurer, whose management team did not focus enough on security at their service provider, leading to a substantial data security breach. Information, such as announcements and business development reports, which they believed could only be accessed internally were actually being indexed by web crawlers and being made available in search rankings. It took nearly a month to detect the problem, and then systems had to be taken offline for a week to fix it. The report also cited a mid-sized energy company that suffered disk corruption in their storage area network. Unfortunately, it hadn t been designed with sufficient redundancy in place. As a result, it took nearly a month to restore service to business as usual, after several man-weeks of effort and tens of thousands of pounds spent. Following reports in the media of similar attacks, a large technology company discovered that hackers had accessed their website through a known vulnerability. The attack specifically targeted the organisation and was facilitated by the lack of priority placed on security. The company suffered significant adverse media coverage after taking a month to restore business as usual. 13 The cyber threat is real: there is a growing risk of disruption, information loss, reputational damage and material cost to your company s P&L Ibid Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

9 Awareness comes first The 2013 Information Risk Maturity Index, collated by PwC and Iron Mountain, suggests that, even as European companies are experiencing a 50% per year increase in data breaches, their approach to information management is defined by confusion, inconsistency and double standards. 14 The study found that, while 68% of companies recognise that a responsible attitude to information is critical to business success, 47% say their Board does not see data protection as a major issue and 43% say their employees hold the same view. This is not surprising when 26% of boards have not been briefed on any security risks in the last year, with 19% never having being briefed. But it is remarkably when a survey of US investors showed 70% are interested in reviewing public company cyber security practices, and almost 80% would not likely consider investing in a company with a history of breaches. 15 Still, some 42% of large firms do not provide any form of ongoing security awareness training. 16 This despite the National Fraud Authority claiming even minor changes to how people use the Internet, such as better password security, could prevent significant numbers of cyber security breaches. The UK Government recognises that this lack of awareness of the growing cyber threat is a major problem, and is working across Government departments and industry to flow awareness down and across the UK economy and populace. The Government s Cyber Security Strategy, in place since 2011, sets the four strategic aims of: Making the UK one of the most secure places in the world to do business in cyberspace and promote the national Prosperity Agenda Making the UK more resilient to cyber attack and better able to protect our interests in cyberspace Helping shape an open, vibrant and stable cyberspace that supports open societies Building the UK s cyber security knowledge, skills and capability. To help meet the objectives of the strategy, the Government has put in place a National Cyber Security Programme backed up by 650 million of Government investment over 4 years. Following on from the 10 Steps to Cyber Security guidance released in September 2012, which was aimed at larger businesses, in June 2013 the UK government announced a new campaign worth 4 million with the aim of increasing awareness of cyber security amongst consumers and small businesses Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

10 James Brokenshire MP, Minister for Security, gave the Home Office campaign the go-ahead as part of the government s National Cyber Security Programme. The aim is to educate people about how to protect themselves from the growing cyber threat. The pan-government campaign will be run with the help of the Cabinet Office, Department of Business, Innovation and Skills, and business industry specialists such as Get Safe Online. We know that cyber attacks are happening on an industrial scale and businesses are by far the biggest victims of cyber crime in terms of industrial espionage and intellectual property theft with losses to the UK economy running into the billions of pounds annually - Francis Maude, Cabinet Office Minister The digitisation of the UK economy has made our lives easier and has created huge opportunities, but it has also created individual security risks as well. If we are to meet these new challenges it s essential we step up our efforts to stay safe online, said Brokenshire. The threat of cyber crime is real and the criminals involved are organised and driven by profit. By making small changes British businesses can remain competitive in the global economy and consumers can have greater confidence using the internet. The new cyber security awareness campaign will commence in Autumn Government-Industry Partnership The UK Government has assessed the Cyber threat to British industry as a Tier One national security threat. This is based on both the huge cost to UK business and the threat to Ministry of Defence intellectual property held by industry, which has been subject to systemic espionage attack. This is has led the Government to cooperate with industry in the creation of the Defence Cyber Protection Partnership (DCPP), mandated by the Secretary of State for Defence and the Defence Supplier s Forum. This is a Government-industry partnership focused on improving cyber security in the Defence sector and its supply chain. It will do this through the following means: Setting standards and measurements Improving and increasing cyber security skills Information sharing on attacks and threats Supply chain communication and awareness It includes the UK s prime defence suppliers: BAE, BT, CGI/Logica, EADS, HP, Lockheed Martin, Rolls Royce, Selec-ES, and Thales. Thales is central player in the DCPP, leading the key activity stream of developing the Standards and Measurement framework to support and flow cyber security maturity through the MoD s supply chain. Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

11 This unprecedented Government-Industry cooperation goes beyond the Defence sector. In March 2013, the Government launched a new partnership between government and industry to share information and intelligence on cyber security threats. The Cyber Security Information Sharing Partnership (CISP) is part of the UK s cyber security strategy, established to help make UK businesses more secure in cyberspace. 18 Thales has been a prime mover in the creation of this partnership, which is being supported by the Security Service, GCHQ and the National Crime Agency. These organisations will work with industry analysts to produce and disseminate information on cyber threats facing the UK. It complements the work being carried out by the National Cyber Crime Unit, which tackles the most serious, organised and complex forms of cyber crime. 19 Cyber security is an increasing risk for small micro businesses and more and more, a barrier to growth... Information security should be part and parcel of good business pratice - Mike Cherry, National Policy Chairman at the Federation of Small Businesses The partnership includes the introduction of a secure virtual collaboration environment where government and industry partners can exchange information on threats and vulnerabilities in real time. The Cyber Security Information Sharing Partnership will be complemented by a Fusion Cell which will be supported on the government side by the Security Service, GCHQ and the National Crime Agency, and by industry analysts from a variety of sectors. They will work together to produce an enhanced picture of cyber threats facing the UK for the benefit of all partners. 20 If you would like to find out more about the CISP or if you are interested in applying to join, please contact Help is out there: Cyber Security grants for SMEs With many SMEs now primary targets for cyber attacks, the UK Government s Department for Business, Innovation and Skills (DBIS) announced in April 2013 that it would make available half a million pounds of funding to aid SMEs in developing their cyber security posture. Following an initial run until July 2013, the scheme has been re-opened and extended until October 2013, such was the positive uptake. The Innovation Voucher scheme represents an excellent, possibly unique opportunity for SMEs to assess their current IT operations and infrastructure, procure government-grade security and network architecture review services, and through implementation support. SMEs can apply for up to 5,000 in the form on an Innovation Voucher, which they may use to contract external cyber security companies and consultants to help them increase their cyber security awareness and defence systems. This could include, for example, vulnerability assessments and penetration tests. 18. https://www.gov.uk/government/news/government-launches-information-sharing-partnership-on-cyber-security 19. https://www.mi5.gov.uk/home/news/news-by-category/government/cyber-security-partnership-announced.html 20. https://www.gov.uk/government/news/government-launches-information-sharing-partnership-on-cyber-security Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

12 The 5,000 vouchers, distributed by the Technology Strategy Board, are only available to small and medium enterprises that do not have internal cyber security expertise, and must spend the grant through a new external supplier. David Willetts, Minister for Universities and Science said: Keeping electronic information safe and secure is vital to a business s bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents. The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race. Innovation Vouchers for cyber security can be used to secure specialist consulting and services to help: Businesses looking to protect new inventions and business processes Businesses looking to cyber audit their existing processes Businesses looking to move online and develop a technology strategy Business start-ups looking to develop an idea into a working prototype and needing to build cyber security into the business from the very beginning For example, this could include looking at: Bring your own device (BYOD) Integration of Cloud Environments WAN remote access (integration of multi-sites) Mobile workers Collaborative services Social media integration Prior to implementing change to any company s IT operations it is important to understand its cyber security posture and the potential impact on the company s overall cyber security, especially as the majority of innovation now includes an element of cyber integration. This is where the Innovation Vouchers should be put to use. Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

13 We recognise that it is difficult for SMEs with little or no experience of cyber security to know what to expect from their voucher or any investment in cyber security. Thales therefore recommends SMEs to look for introductory readiness reviews, including services such as: - Vulnerability Assessment - Security Architecture Review This type of service is intended to provide the cyber security expertise necessary to ensure that the implementation of the innovative changes by the SME improve the overall cyber security posture of the organisation. We advise SMEs to take a multiphase approach to maximise their Innovation Vouchers: 1. Initial engagement What is the security posture of the SME? Will your existing architecture support the proposed change? What are the potential difficulties of the proposed change? 2. Implementation Consultancy through implementation/integration of change Post-implementation Cyber security isn t a one-off event Through-life and on-going support/analysis to Cyber Security Activities For their 5,000 voucher, or any other initial investment in their cyber defences, SMEs should expect to receive the services of an accredited cyber security consultant. Typically, the consultant will deliver vulnerability assessment and architecture review reports to identify the greatest cyber security risks that could prevent the implementation of business change, providing clear description of those issues, their potential impact and how they can be resolved and/or prevented. To find out more about the Cyber Security Innovation Voucher scheme visit Good cyber, good business? For some forty years, Thales has been providing Information Assurance services to public and private sector customers, including government, critical national infrastructure operators, enterprise, and military. We are therefore long accustomed to thinking in terms of threats and risks, and their proliferation. However, we have also seen that as the problem space has evolved, so have the business opportunities to practitioners of good cyber security. Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

14 There is a danger of seeing cyber security solely through a cost lens. But there is an alternative view, with precedent, which suggests that with the right focus and motivation, implementing good cyber security can be good business. The precedent is in Quality disciplines in engineering and manufacturing where Good Quality in Good Business. Historically, Quality was considered a cost of going business, whereas over time it has come to be acknowledged to be both a differentiator and contributor to positive P&L impact. But with cyber we do not have the luxury of the year journey that British industry embarked upon in the case of Quality. Let us remind ourselves of the size of the challenge. In 2011, UK organisations suffered some 44 million cyber attacks. The damage caused to UK businesses (e.g. in terms of IPR loss, operational outages, and direct financial theft) was at least 21bn, according to Government backed reports % of these breaches involved external agents. As many successful attacks resulted from weaknesses in security culture and human failings, as from technology vulnerabilities. The cyber threat is here today, and the inadequate cyber defence posture of some organisations is already costing them dearly. In the face of this growing threat, the UK Government has put in place a Cyber Security Strategy, supported by 650 million of public investment to respond to what it has designated as a Tier One national security threat and improve the UK s cyber defences. But how should business respond? As a result of such reports, organisations are increasingly aware of the risk posed by cyber security. At a strategic level, they recognise the operational, financial, and reputation damage that can be caused by a significant cyber attack. Increasingly, they also understand the benefits of using third party expertise to assess their information risk, to audit their technical, operational and human vulnerabilities, and to help to reduce the risk of a significant cyber security breach. These cyber aware organisations increasingly understand that applying established standards, such as ISO27001, and guidelines, such as the SANS Critical Controls, as well as keeping up-to-date with developments such as the NIST Cyber Security Framework and UK s Cyber Security Maturity Model are some of the best techniques to identify and reduce their business risks. They know that, by using cyber security partners like Thales, best practice techniques will be applied by qualified security-cleared individuals (e.g. CLAS), and by teams that operate to independently verifiable standards (e.g. CREST). But even cyber-aware organisations can be unfamiliar as to how good cyber security can be good business. Concerns over risk and cost too often prevail over recognising how good cyber security can be a source of comparative advantage, a product differentiator, a brand asset, and a business opportunity. This approach requires bold and strategic thinking. This is how Thales sees cyber security. Thales shows our clients that, by taking a business benefits orientated approach, most organisations can articulate the positive financial impact of mitigating cyber risks, which in turn can empower business leaders to prioritise the benefits they wish to derive from good cyber security Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

15 But what does good cyber security look like? First and foremost it is an understanding of nature of the cyber security: that the constantly evolving threat environment is such that you can soon fall behind the curve and are no longer secure. That is not a firewall or password or any other product. Cyber security is a journey. It is about first understanding your vulnerabilities, then putting in place the technologies and security architecture, practices, policies, and training to support the constant monitoring and mitigation of risks to your people, processes, and information from cyber attacks. Thales can help you this. Good cyber security is also about the attitude you take towards it. It is about understanding that there are financial and operational benefits to be had from strategic investments in your cyber defences. There remains a gulf between an intellectual recognition of cyber as a problem and an instinctive sense for most business leaders that it is somebody else s problem. How do we bridge this gulf? The answer is by moving the conversation away from headline grabbing scare stories to talk about the material benefits of cyber security. In a world of sophisticated and pervasive cyber threats, managing your cyber security represents an opportunity to exploit a source of competitive advantage. Embracing good cyber security as a pillar of business as usual activity can be both a selling point to stakeholders and customers, and a way to reduce risk contingent reserves and insurance policies, directly improving your organisation s operational and financial performance. Embracing good cyber security as a pillar of business as usual activity can be a selling point when talking to customers, suppliers, and shareholders. Trust is the cornerstone of any client/customer relationship. Demonstrating responsibility by protecting your all important people, places and information bolsters this trust with a resultant positive effect on revenue. Consider, for example, launching a new product in a safety critical industry. The product meets all of the necessary standards, but is also differentiated in the market by a level of built-in cyber assurance that is verified by a trusted third party. Consider the value of keeping your costs, negotiating margin and price sensitivity secure, in advance of a major contract negotiation. Indeed, a recent report from Iron Mountain, a storage and information management company, and PwC found that more than half (58%) of European mid-sized firms say they would refuse to do business with a company that had suffered a data breach. It also suggested that, even as European companies are experiencing a 50% per year increase in data breaches, their approach to information management is defined by confusion, inconsistency and double standards. 22 This represents a clear opportunity to leverage competitive opportunity through cyber security Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

16 Or consider the operational efficiency of remote, flexible working, or allowing employees to bring their own technology to work, or simply allowing the business to continue to use the internet in a flexible way, all whilst securely protecting key business information. Good risk management requires a balance of understanding, investment, and decision-making. Yet, as the cyber security threat rapidly evolves, it is often difficult for organisations to assess the extent to which they are vulnerable and what they should do to protect themselves. For business leaders focused on the implications of cyber risks on their bottom line, affordable cyber protection that is appropriate to the scale of their business and reflect the reality of the risks they face is essential. Accredited cyber security providers such as Thales are ready to help. Thales is a leading partner with Government as part of the Defence Cyber Protection Partnership (DCPP) to flow good practice into our supply chain. We are also supporters of the Government s Innovation Vouchers scheme to help SMEs boost their cyber security posture demonstrates a continued level of government commitment to investing in the principle that good cyber is good business. 23 Unlocking the potential of cyber security requires both an appropriate approach and offering. Many cyber-security companies offer a consultancy approach to assess cyber-security risk. Cyber security companies traditionally assess the potential business costs of cyber attacks, and to apportion value to the benefit of cyber defence. The security response must be appropriate to the organisations needs in terms of affordability and rigour. We recognise that every organisation is at a different stage of maturity in managing their cyber security risk. To reflect this, Thales offers a modular approach that enables customers to have access to a comprehensive cyber assurance service, while only paying for those components that are pertinent to their business. Typically, a starting point on a customer s journey to cyber protection (and accreditation if required) will be a Vulnerability Assessment and/or Penetration Test, which identifies critical information in the business, how they could be exploited, and suggest actions for mitigating these risks. Next steps could be comprehensive, holistic security assessments, taking into account physical security. After all, your business could have the highest spec network security, only to allow an external agent to walk freely into the premises and pull the plug. Your business may also need to comply with certain standards, such as future UK Ministry of Defence cyber security requirements for companies in its supply chain. Third party consultants can help you understand your security requirements and the most appropriate and commercially effective way for you to meet these. In addition, business leaders should look for cyber security practitioners focused on explaining and realising material P&L benefits and shareholder value for their organisation, underpinned by the necessary blend of expertise and capability. 23. https://vouchers.innovateuk.org/cyber-security Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

17 Thales approach to cyber security enables business leaders and board level executives to prioritise improvements to their own cyber security, based on their risk appetite. Our approach puts boardrooms back in control of an arena typically seen as alien to the immediate business. This is a key shift: by articulating the financial benefits of addressing the cyber security risk, business leaders are able to take positive action, rather than focusing on the cost of addressing a theoretical risk. With the right approach, focusing upon deriving the P&L benefits of mitigating cyber risks, aligned with appropriate technological responses and security architecture, business leaders can be empowered to prioritise the benefits they wish to derive from good cyber security and to manage the realisation of those benefits proving how good cyber security is also good business. Cyber standards and measurement Faced with such a critical issue as defining critical information within a business and exploring security vulnerabilities, organisations need to ask carefully which suppliers can one trust and how can one differentiate suppliers who have market leading Cyber Security capabilities? How can we be sure that the recommended Cyber Security practices are up there with the best? A starting point is to choose an organisation familiar with sector-wide evaluations against a framework which clearly articulates what good cyber security looks like, is based on a continuous assessment of recognised best of breed standards, advice and guidance and takes sector-specific regulations into account. Thales sees the concept of cyber security maturity as the best solution. This means organisational maturity against a framework must be evaluated in a consistent manner and demands for an organisation s attainment of minimum maturity levels should be considered as a routine risk-assessed requirement for all new supplier engagements. In order to ensure proportionality and avoid simplistic, compliance-driven decisions, all cyber-related investments should be based on a firm understanding of business benefit and risk to all stakeholders, including suppliers and customers. This approach requires a holistic approach. For example, in order to ask suppliers to meet or exceed a level of maturity based on a burden of expectation, the commissioner of services must itself have reached a level of maturity in understanding such that cyber security risks are managed alongside all other risks, opportunities and business objectives. This approach requires a cyber security framework, which: 1. Builds on existing standards, guidance and regulations 2. Provides clear expressions of what good cyber security looks like 3. Provides an organisational basis for cyber security maturity 4. Recognises differing expectations for different industry sectors Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

18 5. Enables the specification of a risk-assessed, burden of expectation 6. Ensures that compliance levels are assessed uniformly 7. Ensures that cyber security is driven by business benefits Fortunately, this shift of emphasis is reinforced by significant developments in the Government arena related to cyber standards and measurement. The UK Ministry of Defence is working with their supply chain in a joint MoD-industry project known as the Defence Cyber Protection Partnership (DCPP). Thales, on behalf of industry and the MoD, is leading the development of a standards and measurement framework that will give clear guidance on levels of cyber defence expected of suppliers. It will allow organisations to compare and contrast their own compliance regimes with those required in the MoD Supply Chain. Providing such a standards framework allows for the broader business community to develop expectations of behaviours from their peers. This is the cyber equivalent of social pressure to wear a seat belt, or not to drink and drive. In some respects, it is pushing against an open door. A recent report from Iron Mountain, a storage and information management company, and PwC found that more than half (58%) of European mid-sized firms say they would refuse to do business with a company that had suffered a data breach. 24 Organisational maturity in cyber security can be the basis for driving progress in the defence posture of UK Plc. It will provide a considered mechanism to allow boards to make sensible, informed assessments of the balance of risk and affordability of mitigating those risks. It will help companies included in its remit unlock the financial and operation benefits of Good Cyber. A call to action Our experience has shown us that doing nothing is not an option. Cyber security companies are here to help you equip your organisation to meet the cyber threat at a cost and rigour appropriate to your organisation. The constantly evolving threat environment is such that you can soon fall behind the curve and are no longer secure. Cyber-security is a journey. Thales recommends you begin by understanding what actually needs to be protected, understanding your particular threats and understanding your vulnerabilities. Start by contacting an accredited cyber security provider to review your options Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

19 About Thales Whenever critical decisions need to be made, Thales has a role to play. World-class technologies and the combined expertise of 65,000 employees in 56 locally based country operations make Thales a key player in assuring the security of citizens, infrastructure and nations in all the markets we serve aerospace, space, ground transportation, security and defence. Thales is a leading supplier of security technologies to secure your people, places and information. For more than 40 years, Thales has delivered state of the art physical and cyber security solutions to commercial, critical national infrastructure, government and military customers. In all, Thales delivers cyber security projects across 50 countries, with a global network of 1,500 information security specialists working with SME and research partners that provides it with deep expertise and the agility to deliver industryleading solutions across the complete cyber spectrum. Thales believes that Good Cyber is Good Business. Thales will help you refocus your security spend to defend your organisation and prevent significant loss of revenue and reputation. Thales will ensure your competitive advantage is maintained by being able to demonstrate resilient and secure use of cyberspace. Why Thales? Thales is a world leader in providing modular, integrated cyber security solutions to protect your people, places and information: Cyber incident response Audit, assessment and compliance Virtual enterprise and network simulation and testing System integration and assurance Training and skills We are here to help - a Cyber Security partner you can trust: Global network of 1,500 information security specialists, building upon 40 years of experience Extensive domain knowledge of enterprise, defence, transport and energy sectors Trusted to secure 19 of the 20 largest banks and 80% of payment transactions worldwide Contact Us Thales UK Ltd, Mountbatten House, Basing View, Basingstoke RG21 4HJ, UK Tel: +44 (0) Website: THALES UK LTD. This document and any data included are the property of Thales UK Ltd. No part of this document may be copied, reproduced, transmitted or utilised in any form or by any means without the prior written permission of Thales UK Limited having first been obtained. Thales has a policy of continuous development and improvement. Consequentially the equipment may vary from the description and specification in this document. This document may not be considered as a contract specification. Graphics do not indicate use or endorsement of the featured equipment or services. Good Cyber is Good Business: The competitive advantage of cyber security - Autumn

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

The Human Component of Cyber Security

The Human Component of Cyber Security www.thalescyberassurance.com In this white paper Humans, their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions,

More information

The UK cyber security strategy: Landscape review. Cross-government

The UK cyber security strategy: Landscape review. Cross-government REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape

More information

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

CYBER STREETWISE. Open for Business

CYBER STREETWISE. Open for Business CYBER STREETWISE Open for Business As digital technologies transform the way we live and work, they also change the way that business is being done. There are massive opportunities for businesses that

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

THE HUMAN COMPONENT OF CYBER SECURITY

THE HUMAN COMPONENT OF CYBER SECURITY cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the

More information

Resilience and Cyber Essentials

Resilience and Cyber Essentials Resilience and Cyber Essentials Richard Bach Assistant Director Cyber Security Talk outline Why Cyber Essentials: the Policy context What is Cyber Essentials: Scheme background How the Scheme works: accreditation,

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity

Faculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity Faculdade de Direito, Lisboa, 02-Jul-2014 The Competitive Advantage of Cybersecurity Thales Key highlights (I) A global company with 65,000 employees and 14,2 billion in revenues, R&D 2,5 billion * We

More information

Security Accreditation: Not Just a Tick in a Box

Security Accreditation: Not Just a Tick in a Box www.thalescyberassurance.com In this white paper Security accreditation is too often approached as a box ticking exercise. There is an opportunity cost here little acknowledged. This white paper from Thales

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Cyber security Keeping your business resilient

Cyber security Keeping your business resilient Intelligence FIRST helping your business make better decisions Cyber security Keeping your business resilient Cyber security is about keeping your business resilient in the modern technological age. It

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

Report to the Public Accounts Committee on mitigation of cyber attacks. October 2013

Report to the Public Accounts Committee on mitigation of cyber attacks. October 2013 Report to the Public Accounts Committee on mitigation of cyber attacks October 2013 REPORT ON MITIGATION OF CYBER ATTACKS Table of contents I. Introduction and conclusion... 1 II. How government bodies

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May 2014. Dear Sir or Madam,

Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET. 7 th May 2014. Dear Sir or Madam, Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET 7 th May 2014 Dear Sir or Madam, The Federation of Small Businesses (FSB) welcomes the opportunity to respond to this consultation

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

SMALL BUSINESS REPUTATION & THE CYBER RISK

SMALL BUSINESS REPUTATION & THE CYBER RISK SMALL BUSINESS REPUTATION & THE CYBER RISK Executive summary In the past few years there has been a rapid expansion in the development and adoption of new communications technologies which continue to

More information

SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE MORE FOCUS, LESS RISK.

SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE MORE FOCUS, LESS RISK. SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE Cyberspace the always-on, technologically hyperconnected world offers unprecedented opportunities for connectivity,

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Business Opportunity Enablement through Information Security Compliance

Business Opportunity Enablement through Information Security Compliance Level 3, 66 King Street Sydney NSW 2000 Australia Telephone +61 2 9290 4444 or 1300 922 923 Business Opportunity Enablement through Information Security Compliance Page No.1 Business Opportunity Enablement

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

Room for improvement. Building confidence in data security. March 2015

Room for improvement. Building confidence in data security. March 2015 Building confidence in data security March 2015 Businesses have no choice but to engage online with users from external organisations and mobile workers; that is the way the world now operates. Transacting

More information

Cyber Security for audit committees

Cyber Security for audit committees AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have

More information

Sytorus Information Security Assessment Overview

Sytorus Information Security Assessment Overview Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)

More information

CYBER-ATTACKS THE GLOBAL RESPONSE

CYBER-ATTACKS THE GLOBAL RESPONSE R E P R I N T CYBER-ATTACKS THE GLOBAL RESPONSE REPRINTED FROM: Risk, Governance & Compliance for Financial Institutions 2015 RISK GOVERNANCE & COMPLIANCE for F I N A N C I A L INSTITUTIONS 2 0 1 5 Visit

More information

The internet and digital technologies play an integral part

The internet and digital technologies play an integral part The Cyber challenge Adjacent Digital Politics Ltd gives an overview of the EU Commission s Cyber Security Strategy and Commissioner Ashton s priorities to increase cyber security in Europe The internet

More information

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle Close the security gap with a unified approach Detect, block and remediate risks faster with end-to-end visibility of the security cycle Events are not correlated. Tools are not integrated. Teams are not

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of

More information

Central Sponsor for Information Assurance. A National Information Assurance Strategy

Central Sponsor for Information Assurance. A National Information Assurance Strategy Central Sponsor for Information Assurance A National Information Assurance Strategy A NATIONAL INFORMATION ASSURANCE STRATEGY i Foreword Information and communications technology is changing the way that

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

Procurement Policy Note Use of Cyber Essentials Scheme certification

Procurement Policy Note Use of Cyber Essentials Scheme certification Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT

More information

Good morning. It s a pleasure to be here this morning, talking with the NZISF. Thank you for this opportunity.

Good morning. It s a pleasure to be here this morning, talking with the NZISF. Thank you for this opportunity. Speech Notes for New Zealand Information Security Forum 11 April 2013 Paul Ash, Manager National Cyber Policy Office Department of Prime Minister and Cabinet CYBERSECURITY: WHY IT MATTERS FOR NEW ZEALAND

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

www.pwc.co.uk Information Security Breaches Survey 2013

www.pwc.co.uk Information Security Breaches Survey 2013 www.pwc.co.uk Information Security Breaches Survey 2013 Agenda and contents About the survey Security breaches increase External versus insider threats Understanding and communicating risks Implementation

More information

MSc Cyber Security. identity. hacker. virus. network. information

MSc Cyber Security. identity. hacker. virus. network. information identity MSc Cyber Security hacker virus QA is the foremost provider of education in the UK. We work with individuals at all stages of their careers, from our award-winning apprenticeship programmes, through

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

The Cancer Running Through IT Cybercrime and Information Security

The Cancer Running Through IT Cybercrime and Information Security WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:

More information

The UK Cyber Security Strategy. Report on progress December 2012. Forward Plans

The UK Cyber Security Strategy. Report on progress December 2012. Forward Plans The UK Cyber Security Strategy Report on progress December 2012 Forward Plans We are at the end of the first year of meeting the objectives outlined in the National Cyber Security Strategy. A great deal

More information

Internet security: Shutting the doors to keep hackers off your network

Internet security: Shutting the doors to keep hackers off your network Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Can security conscious businesses really adopt the Cloud safely?

Can security conscious businesses really adopt the Cloud safely? Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

BT Assure Rethink the Risk

BT Assure Rethink the Risk BT Assure Rethink the Risk Analyst and Consultant Update May 2012 BT Assure. Security that matters Today's agenda Introductions Neil Sutton Vice President, Global Portfolio 3 Minutes BT Assure Overview

More information

Seven Simple steps. For Mobile Device Management (MDM) 1. Why MDM? Series

Seven Simple steps. For Mobile Device Management (MDM) 1. Why MDM? Series Series Seven Simple steps For Mobile Device Management (MDM) Mobile device management (MDM) has become a necessity across the globe due to the ever expanding and developing world of technology; Technavio

More information

CEOP Relationship Management Strategy

CEOP Relationship Management Strategy Making every child child matter matter... everywhere... everywhere CEOP Relationship Management Strategy Breaking down the barriers to understanding child sexual exploitation Child Exploitation and Online

More information

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database 3 Email Marketing Security Risks How to combat the threats to the security of your Email Marketing Database Email Marketing Guide June 2013 Security Threats PROTECTING YOUR EMAIL DATABASE FROM HACKERS

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

CONSULTING IMAGE PLACEHOLDER

CONSULTING IMAGE PLACEHOLDER CONSULTING IMAGE PLACEHOLDER KUDELSKI SECURITY CONSULTING SERVICES CYBERCRIME MACHINE LEARNING ECOSYSTEM & INTRUSION DETECTION: CYBERCRIME OR REALITY? ECOSYSTEM COSTS BENEFITS BIG BOSS Criminal Organization

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

ETI PERSPECTIVE 2020: A FIVE YEAR STRATEGY

ETI PERSPECTIVE 2020: A FIVE YEAR STRATEGY ETI PERSPECTIVE 2020: A FIVE YEAR STRATEGY Introduction This document is the final and Board approved version of ETI s strategic directions based on the ETI Board meeting discussion of 12 th March 2015.

More information

Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate

Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate Contents Message from the Director 3 Cyber Security Operations Centre 5 Cyber Security Strategy 7 Conversation

More information

Cyber Security Management

Cyber Security Management Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

The battle to contain fraud is as old as

The battle to contain fraud is as old as 22 SPONSORED FEATURE COMBATTING DIGITAL FRAUD Combatting digital fraud Combatting digital fraud has become a strategic business issue for today s CIOs. The battle to contain fraud is as old as business

More information

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response

More information

Building a Sustainable MOD and Defence Industry: Challenges and Opportunities

Building a Sustainable MOD and Defence Industry: Challenges and Opportunities Building a Sustainable MOD and Defence Industry: s and Opportunities James Perry and Dr Anna Stork BMT Isis Ltd Abstract Sustainability can be defined as meeting the needs of the present generation without

More information

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer

More information

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? Most businesses know the importance of installing antivirus products on their PCs to securely protect

More information

Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary

Is cyber security now too hard for enterprises? Cyber security trends in the UK. Executive Summary Is cyber security now too hard for enterprises? Executive Summary Sponsors The creation and distribution of this study was supported by CGI, cybx and Fujitsu/Symantec. Premium sponsors: Gold sponsor: 2

More information

Protecting your business interests through intelligent IT security services, consultancy and training

Protecting your business interests through intelligent IT security services, consultancy and training Protecting your business interests through intelligent IT security services, consultancy and training The openness and connectivity of the digital economy today provides huge opportunities but also creates

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity

More information

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

THALES. www.thalesgroup. corn

THALES. www.thalesgroup. corn THALES www.thalesgroup. corn c Understanding cyber security is a challenge faced by all businesses and organisations around the world. New threats emerge on a daily basis and it can be difficult to understand

More information

Gaining the upper hand in today s cyber security battle

Gaining the upper hand in today s cyber security battle IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper

More information

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue. Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues

More information

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies

More information

CYBER SECURITY STRATEGY AN OVERVIEW

CYBER SECURITY STRATEGY AN OVERVIEW CYBER SECURITY STRATEGY AN OVERVIEW Commonwealth of Australia 2009 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without

More information

REPORT. Next steps in cyber security

REPORT. Next steps in cyber security REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15

More information

Examining the Evolving Cyber Insurance Marketplace

Examining the Evolving Cyber Insurance Marketplace Prepared Testimony and Statement for the Record of Ola Sage Founder and CEO e-management Hearing on Examining the Evolving Cyber Insurance Marketplace Before the Senate Committee on Commerce, Science,

More information

CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION

CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION In the ever-evolving technological landscape which we all inhabit, our lives are dominated by

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

The Recover Report. It s business. But it s personal.

The Recover Report. It s business. But it s personal. The Recover Report It s business. But it s personal. Executive summary The Recover Report The perpetrators This report examines a sample of 150 data theft cases handled by Mishcon de Reya. Our research

More information

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who

More information

Threat Intelligence. Benefits for the enterprise

Threat Intelligence. Benefits for the enterprise Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value

More information

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK

More information

ISSA-UK 5173. Information Security for Small and Medium Sized Enterprises

ISSA-UK 5173. Information Security for Small and Medium Sized Enterprises ISSA-UK 5173 Information Security for Small and Medium Sized Enterprises March 2011 OVERVIEW Purpose This paper, prepared by a working group of the ISSA (UK), sets out recommendations on information security

More information