Cyber security Keeping your business resilient

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber security Keeping your business resilient"

Transcription

1 Intelligence FIRST helping your business make better decisions Cyber security Keeping your business resilient Cyber security is about keeping your business resilient in the modern technological age. It is about meeting the threat posed by a range of attacks perpetrated using the same online networks that are critical to the way we interact and do business. It is about how you deal with this particular risk to your organisation, and centres on corporate culture and behaviour not just technology. Cyber attacks are now endemic, but this doesn t mean your organisation is powerless. By being cyber secure you can take steps to protect what is valuable to your organisation, in terms of assets and reputation. This CBI Intelligence FIRST guide sets out why cyber security should be prominent in board discussions right now. Inside Page 3 Why cyber security matters to your business Page 4 What exactly is under threat? Page 5 How to become cyber secure Page 9 Actions for the board Don t give this to your CIO until you ve read it first March 2013

2

3 CBI Intelligence FIRST cyber security 3 Why cyber security matters to your business Changes to the way we do business have increased the risk Most companies now operate cross-border and have a strong presence in international markets. They have widely dispersed supply chains, operating multiple customer channels. And there has been a major shift in the way that we routinely share and store data, with a big emphasis on mobile working. The risk profile is changing Cyber attacks are now endemic, with over 90% of large companies likely to have suffered a breach in the year Some reports estimate that global companies are suffering 15,000 attacks a day, reaching ten times that for organisations such as a large global bank. (Sources: PwC Info Sec survey 2012/Financial Times, 24 January 2013) but complacency is threatening many businesses A BAE Systems Detica survey found that 61% of companies stated that it would take a cyber-attack on them or a competitor for their boards to properly address the risk: that s clearly too late. (Source: BAE Systems Detica 2012 Cyber Security Monitor) A cyber attack can have a major impact on investors, supply chains and customers. It can result in: Monetary theft by accessing financial systems Hackers accessing your systems to steal trade secrets or valuable intellectual property (IP) Business interruption by shutting down critical systems Loss of customer, employee or other commercially sensitive data Damage to brand through loss of customer trust or a malicious attack. Helpful analysis from the World Economic Forum shows that cyber attacks became the fourth most likely global risk in 2012 Cyber attacks as one of five headline global risks 4.03 Severe income disparity 4.03 Chronic fiscal imbalances 3.88 Rising greenhouse gas emissions 3.80 Cyber attacks 3.79 Water supply crises Very unlikely Almost certain Source: World Economic Forum

4 4 CBI Intelligence FIRST cyber security What is exactly under threat? If cyber attacks are a likely risk, what about their impact? The cost to businesses in the UK of cyber attacks has been calculated at around 21bn annually. (Source: The cost of cyber crime, Detica and the Cabinet Office) These breaches take a range of forms and the risk to your organisation may include threats to the following: The brand Valuables Systems Who are the hackers? It could be a range of actors including rival organisations, criminal gangs who have targeted public services in the past, or professional/state-sponsored hackers based in areas such as the former Soviet Union. Malicious codes or malware can be used to disrupt consumer-facing services. Example: a code injection hack on the operating system of a leading entertainment firm in the spring of The resulting cost was estimated to be in the region of $138m. Online malware can be used to steal trade secrets, valuable data or sensitive information with commercial implications. Example: The use of a virus called the Backdoor Trojan in 2011 to target the R&D and manufacturing data of 50 chemical and defence firms. Cyber attacks can also shut down the provision of crucial services through critical national infrastructure (CNI). Example: The oil firm Saudi Aramco was attacked in August 2012 by hackers, forcing the shut down of 30,000 workstations.

5 CBI Intelligence FIRST cyber security 5 It s time to become cyber secure: here s how to do it Treat it as a regular business risk: embed it as part of your on-going risk management activity. Get your governance structure right: You need to ensure that you have a designated member of staff or a risk team in place that is responsible and accountable for the risk of cyber attack alongside all other concerns on your risk register. Ensure your designated lead member of staff or risk team continually undertakes three critical tasks and keeps reporting back to the board: this is about making sure you can respond to the threat of cyber attack in a dynamic way. Three steps for your team: 1 Identify what is valuable to your organisation and assess the risk. The boards of all companies should consider the vulnerability of their own company to these risks as part of their normal corporate governance and they should require their key advisers and suppliers to do the same Jonathan Evans, head of MI5 Mansion House speech, June Ensure your internal processes around staff behaviour are adequate. Make sure your technology and software is properly robust and up to date. Let s look at these in more detail

6 6 CBI Intelligence FIRST cyber security 1 Identify what s valuable to your organisation and assess the risk The central question to ask here is cyber attacks are a risk to what? or what is properly valuable to the critical operations of this company? We are not just talking about information per se, but about all forms of data that are fundamental to the company s business model including datasets used for HR purposes, client services, product development and business planning. Your team will then be in a position to do the following: Identify what s valuable to the organisation and gauge whether there are any existing threats to be aware of (presenting this as part of a risk assessment exercise at the board meeting). Answer the question what is the figure that we could not stand to lose? This will help give you an awareness of value by quantifying what you could lose through inaction. It will also equip you to consider and justify the opportunity cost of allotting time and resources to mitigate the threat. Identify who currently has access to what kinds of data, trade secrets or valuable systems within the organisation and why this is the case: don t discount the possibility for internal doors to be left open either accidentally or even intentionally by staff or consultants. Last year for example, an Austrian-based employee of the Massachusetts wind-energy company American Superconductor stole intellectual property from the firm and sold it to the Chinese wind turbine manufacturer Sinovel for $1.5m (New York Times, 14 February 2012). 2

7 CBI Intelligence FIRST cyber security 7 2 Ensure your internal processes around staff behaviour are adequate Get the basics right Around 80% of the risk of cyber attack to your organisation can be mitigated through getting the basics right. 1 This means keeping security in mind when designing policies and processes for: Flexible working arrangements Bring your own device /the sharing of information via personal as well as professional devices User privileges: make sure access requirements and passwords for sensitive data are robust and secure. Influencing human behaviour and initiating a culture change from the top is vital With four out of ten people now using smartphones, 2 strict safety policies together with examples of good practice on the use of work information need to be evident from board members down. There s always scope to be innovative On passwords, for example, recent survey research from Microsoft confirms the obvious point that alphabetical passwords are either so easy to remember that they are frequently guessable or so difficult that they are rarely remembered. Many companies are therefore beginning to experiment with new forms of password security using pictorial and graphical prompts. Keeping staff educated is a key means of ensuring your firm is cyber secure Human error can lead to unforseen consequences cyber attackers are able to enter networks through planted USBs and other simple means. Employee awareness of the issues around cyber security is of vital importance and so a sense check of what employees know already is a useful step to continually repeat. 1 GCHQ estimate 2 OFCOM estimate

8 8 CBI Intelligence FIRST cyber security 3 Make sure your technology and software is properly up to date With online networks so central to our everyday activities, dealing with the threat of cyber attack means accepting this as an endemic risk and finding a way to manage it. But don t waste time trying to become the next Fort Knox. Cyber security requires up-to-date software with the right safety mechanisms to guard your company valuables or the critical networks your business operates. Additionally, it requires software that can help monitor and detect potential threats, with backup systems to ensure continued delivery for consumers and investors in the event of a cyber breach. If your risk team finds your existing systems are inadequate, investment in improvements may be necessary to protect your company valuables. Investment should be weighed against the valuation of the things you can t afford to lose. Advice on how to ensure your organisation s software systems are secure and crucially on how to adapt in the event of a cyber attack, is available from external consultancies together with computer emergency response teams (CERTs), which provide real-time data and information about how to respond to constantly evolving cyber threats. Becoming cyber secure means constantly adapting to developments in technology. With changes to the way we store commercially sensitive information, such as in the cloud, make sure your team knows the location of the server which holds your data (in terms of jurisdiction), and whether your data is secure. 3

9 CBI Intelligence FIRST cyber security 9 The crucial slide: actions for the board to cover in a meeting With these issues accounted for, make sure you address all angles by covering the following points in your board meeting: Consider 1 a risk assessment Do a fly-past exercise to determine the company s current state of health and your existing policies. Identify what data, information, or systems are valuable to your company operations. Make sure you get an accurate 23 assessment of what the risk to these valuables might be and gauge whether your risk team is aware of existing threats. Turn your attention to risk management Consider the crucial cost/benefit decisions to invest in improvements to internal networks. Decide whether any outside help or investment is required to strengthen your software mechanisms, your ability to detect threats, or for programmes such as staff training. Focus on resilience to protect your reputation Make sure you are prepared for the possibility of a cyber attack by having a contingency plan which ensures you can continue to deliver products and services. This will mean your ability to deliver for the people who matter is not damaged.

10 10 CBI Intelligence FIRST cyber security Learn more about cyber security The CBI s range of activity includes: Liaising with the UK government to convey industry s broad view of cyber security including messaging for the board and mechanisms for reporting attacks Monitoring regulatory developments in the EU, including the EU s cyber security strategy, which could impose new reporting requirements on businesses Raising the profile of cyber security in business through articles, speeches and roundtable events. Other important sources of information: Ten steps to cyber security guidance released by the UK government in September 2012: docs/0-9/ steps-to-cyber-security-executive.pdf Pathways to global cyber resilience document from the World Economic Forum: PathwaysToGlobalCyberResilience_Report_2012.pdf For more information please contact James Nation tel:

11 CBI Intelligence FIRST cyber security 11 >>>>>>>>>>>> Secure your networks and critical information, secure your reputation and your future success <<<<<<<<<<<<

12 Intelligence FIRST Intelligence FIRST brings together: The CBI s inside knowledge of up-coming changes in legislation and regulation Informed CBI commentary and analysis on significant public policy and other major developments Critical and timely economic and business trend assessments. If you have concerns about: How your business should prepare for major changes in legislation and regulation Where the economy is headed and how it will impact on your sector What the long-term legacies of the credit crunch and recession will be across the business landscape What you need to know for your business to manage the transition to a low-carbon economy Intelligence FIRST is here to help. Your account manager will keep you in touch as new Intelligence FIRST guides become available. Product code CAG_ENT_365

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

The UK cyber security strategy: Landscape review. Cross-government

The UK cyber security strategy: Landscape review. Cross-government REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape

More information

Assessing the strength of your security operating model

Assessing the strength of your security operating model www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013 Cyber-security: legal implications for financial institutions IAPP Europe Data Protection Intensive 2013 Vivienne Artz Managing Director and General Counsel, Citi Cyber threat landscape Kris McConkey Director,

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates What is Cyber Security? The First Cyber Attack The Threat Landscape The Energy Industry as a Target The Legal & Regulatory

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM

Cyber, Social Media and IT Risks. David Canham (BA) Hons, MIRM IIA South Event 16 th June 2015 Cyber, Social Media and IT Risks 1 st and 2 nd Line Perspective David Canham (BA) Hons, MIRM Agenda This evening we ll cover the following: Who, why and what? Traditional

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015 Maritime Insurance Cyber Security Framing the Exposure Tony Cowie May 2015 Table of Contents / Agenda What is cyber risk? Exposures - Should we be concerned about "Cyber"? Is Cyber covered under a Marine

More information

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)

More information

Cyber Security for audit committees

Cyber Security for audit committees AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach

More information

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES Cyber Attacks: How prepared are you? With barely a day passing without a reported breach of corporate information security, the threat to financial

More information

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

THE HUMAN COMPONENT OF CYBER SECURITY

THE HUMAN COMPONENT OF CYBER SECURITY cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the

More information

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014 Knowing Your Enemy How Your Business is Attacked Andrew Rogoyski June 2014 Why Cyber is the New Security 1986: Lawrence Berkeley NL discovers attempt to copy US Government Information on Arpanet 1988:

More information

Facing the Cyber Threat. The Information Risk Management Guide for Government Suppliers A valuable guide from Ascentor www.ascentor.co.

Facing the Cyber Threat. The Information Risk Management Guide for Government Suppliers A valuable guide from Ascentor www.ascentor.co. Facing the Cyber Threat The Information Risk Management Guide for Government Suppliers A valuable guide from Ascentor www.ascentor.co.uk What you will learn from this guide As a supplier to HM Government

More information

CYBER SECURITY Audit, Test & Compliance

CYBER SECURITY Audit, Test & Compliance www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit

More information

Cyber Risks and Insurance Solutions Malaysia, November 2013

Cyber Risks and Insurance Solutions Malaysia, November 2013 Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare

More information

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually

More information

Insurance implications for Cyber Threats

Insurance implications for Cyber Threats Lillehammer Energy Claims Conference Lillehammer March 7, 2014 Insurance implications for Cyber Threats How enterprises need to prepare for the inevitable JLT is one of the world s largest providers of

More information

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11 Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total

More information

How do we Police Cyber Crime?

How do we Police Cyber Crime? How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

Cyber Risk Management

Cyber Risk Management Cyber Risk Management A short guide to best practice Insight October 2014 So what exactly is 'cyber risk'? In essence, cyber risk means the risk connected to online activity and internet trading but also

More information

The Cancer Running Through IT Cybercrime and Information Security

The Cancer Running Through IT Cybercrime and Information Security WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Energy Cybersecurity Regulatory Brief

Energy Cybersecurity Regulatory Brief Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider

More information

Tackling the growing risk of cyber crime

Tackling the growing risk of cyber crime Financial Institutions Customer Industry Community Tackling the growing risk of cyber crime Discussion points for financial institutions Contents Introduction 3 The scale of cyber risk 4 Zurich survey

More information

SIEM is only as good as the data it consumes

SIEM is only as good as the data it consumes SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley

Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley Firstly, an apology + + = What shall we discuss What is Cyber Crime? What are the current threats? What is the capability of local and

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached

More information

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...

More information

Addressing Cyber Risk Building robust cyber governance

Addressing Cyber Risk Building robust cyber governance Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

CYBER LIABILITY RISKS SEMINAR Programme overview. THURSDAY 1 OCTOBER 2015 8.30am 1.00pm Green Park Conference Centre, Reading

CYBER LIABILITY RISKS SEMINAR Programme overview. THURSDAY 1 OCTOBER 2015 8.30am 1.00pm Green Park Conference Centre, Reading CYBER LIABILITY RISKS SEMINAR Programme overview THURSDAY 1 OCTOBER 2015 8.30am 1.00pm Green Park Conference Centre, Reading JLT Specialty (JLT) would like to invite you to a highly informative technical

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

CYBER-ATTACKS THE GLOBAL RESPONSE

CYBER-ATTACKS THE GLOBAL RESPONSE R E P R I N T CYBER-ATTACKS THE GLOBAL RESPONSE REPRINTED FROM: Risk, Governance & Compliance for Financial Institutions 2015 RISK GOVERNANCE & COMPLIANCE for F I N A N C I A L INSTITUTIONS 2 0 1 5 Visit

More information

POLICIES TO MITIGATE CYBER RISK

POLICIES TO MITIGATE CYBER RISK POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various

More information

PDSA Special Report. Is your Company s Security at Risk

PDSA Special Report. Is your Company s Security at Risk PDSA Special Report Introduction There is probably no such thing as a completely secure company. However, if you are not thinking about security in your company, you are running a big risk. We are not

More information

Cyber Risk & Insurance

Cyber Risk & Insurance Cyber Risk & Insurance The Risk Managers Forum Thursday 27 November 2014 One-day conference Grange City Hotel, 8-14 Cooper s Row, London EC3N 2QB Event sponsor Headline sponsor Cyber Risk & Insurance The

More information

Internet security: Shutting the doors to keep hackers off your network

Internet security: Shutting the doors to keep hackers off your network Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

Cyber Security Strategies for the Small Business Market

Cyber Security Strategies for the Small Business Market Cyber Security Strategies for the Small Business Market Solutions for Small Business Reports are designed to demonstrate how new technologies enabled by cable providers help small business owners and managers

More information

National Cyber Crime Unit

National Cyber Crime Unit National Cyber Crime Unit Kevin Williams Partnership Engagement & National Cyber Capabilities Programme Kevin.Williams@nca.x.gsi.gov.uk Official Problem or opportunity Office for National Statistics In

More information

Cyber Security Strategies for the Small Business Market

Cyber Security Strategies for the Small Business Market ThisIsCable for Business Report Series Cyber Security Strategies for the Small Business Market White Paper Produced by BizTechReports.com Editorial Director: Lane F. Cooper Research Assistant: Will Frey

More information

10 SMART MONEY FACTS YOU NEED TO KNOW ABOUT BUSINESS SECURITY

10 SMART MONEY FACTS YOU NEED TO KNOW ABOUT BUSINESS SECURITY 10 SMART MONEY FACTS YOU NEED TO KNOW ABOUT BUSINESS SECURITY In the age of connected business work follows your workforce. You now have to keep track of your company assets and employees around the clock.

More information

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security

More information

Data Breach ACC Case Study

Data Breach ACC Case Study Data Breach ACC Case Study Annelies Moens Head of Sales and Operations, Information Integrity Solutions NSW Right to Information/Privacy Practitioners Network Sydney, 21 November 2012 About IIS Building

More information

The Business Case for Information Security. White Paper

The Business Case for Information Security. White Paper The Business Case for Information Security White Paper Version 1.0 Background Creating a compelling business case for information security can be a challenge. It s sometimes difficult to identify or articulate

More information

The internet and digital technologies play an integral part

The internet and digital technologies play an integral part The Cyber challenge Adjacent Digital Politics Ltd gives an overview of the EU Commission s Cyber Security Strategy and Commissioner Ashton s priorities to increase cyber security in Europe The internet

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

How Secure is Your SCADA System?

How Secure is Your SCADA System? How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential

More information

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST

Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing

More information

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! Cybersecurity is all over the news. Target, University of Maryland, Neiman

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

The Recover Report. It s business. But it s personal.

The Recover Report. It s business. But it s personal. The Recover Report It s business. But it s personal. Executive summary The Recover Report The perpetrators This report examines a sample of 150 data theft cases handled by Mishcon de Reya. Our research

More information

10Minutes. on the stark realities of cybersecurity. The Cyber Savvy CEO. A changed business environment demands a new approach:

10Minutes. on the stark realities of cybersecurity. The Cyber Savvy CEO. A changed business environment demands a new approach: 10Minutes on the stark realities of cybersecurity The Cyber Savvy CEO Highlights Business leaders must recognise the exposure and business impact that comes from operating within an interconnected global

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry

Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Cyber Security: Threat & The Maritime Environment Cyber Security: now byting the maritime industry Templar Executives NIAS 2007 DHR 2008 IAMM 2008 1 st CSS 2009 2 nd CSS 2011 Advising Government & Industry

More information

Cyber Security & Digital Privacy What Family Offices Need to Know

Cyber Security & Digital Privacy What Family Offices Need to Know Cyber Security & Digital Privacy What Family Offices Need to Know Who s at risk? Executive Summary Protecting servers and filtering malicious emails rarely stay on the agenda for long in a small business

More information

REPORT. Next steps in cyber security

REPORT. Next steps in cyber security REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15

More information

Sytorus Information Security Assessment Overview

Sytorus Information Security Assessment Overview Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)

More information

Managing cyber risk the global banking perspective

Managing cyber risk the global banking perspective 1 Managing cyber risk the global banking perspective Speech given by Andrew Gracie, Executive Director, Resolution, Bank of England British Bankers Association Cyber Conference, London 10 June 2014 2 I

More information

Connect Smart for Business SME TOOLKIT

Connect Smart for Business SME TOOLKIT Protect yourself online Connect Smart for Business SME TOOLKIT WELCOME To the Connect Smart for Business: SME Toolkit The innovation of small and medium sized enterprises (SMEs) is a major factor in New

More information

ACE European Risk Briefing 2012

ACE European Risk Briefing 2012 #5 ACE European Risk Briefing 2012 IT and cyber risk respondent profiles The research was carried out between 13 April and 3 May 2012. The sample comprised 606 European risk managers, CROs, CFOs, COOs

More information

S. ll IN THE SENATE OF THE UNITED STATES

S. ll IN THE SENATE OF THE UNITED STATES OLL0 TH CONGRESS ST SESSION S. ll To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database

3 Email Marketing Security Risks. How to combat the threats to the security of your Email Marketing Database 3 Email Marketing Security Risks How to combat the threats to the security of your Email Marketing Database Email Marketing Guide June 2013 Security Threats PROTECTING YOUR EMAIL DATABASE FROM HACKERS

More information

Policing Together. A quick guide for businesses to Information Security and Cyber Crime

Policing Together. A quick guide for businesses to Information Security and Cyber Crime Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will

More information

HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES EU PROPOSED CYBERCRIME DIRECTIVE

HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES EU PROPOSED CYBERCRIME DIRECTIVE HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES OF THE PROPOSED CYBERCRIME DIRECTIVE? Dr Mark Abell, Graeme Payne and Joseph Jackson, Bird & Bird, London, UK Cybersecurity is arguably receiving more

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

Cyber security guide for boardroom members

Cyber security guide for boardroom members Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country

More information

The Danish Cyber and Information Security Strategy

The Danish Cyber and Information Security Strategy February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days) Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

Cyber security the facts

Cyber security the facts Cyber security the facts By Dr Carolyn Patteson, Executive Manager, CERT Australia The cyber threat is real and ever present and every business is at risk. Australia s security and intelligence agencies

More information

Things You Need To Know About DDoS Attacks

Things You Need To Know About DDoS Attacks Things You Need To Know About DDoS Attacks DDoS DDoS DDoS Those who are quiet aware of the term DDoS know what mess it can create and for those who don t know what it is, here is a small, quick definition

More information

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Global IT Security Risks

Global IT Security Risks Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most

More information