• Home

  • Documents

  • Changing your perspective We believe that confidence in ... security: Confidence in your digital...
2
Cyber security Confidence in your digital future www.pwc.com/riskassurance The executive summary series – paper No.5 We believe that confidence in your digital future is essential to the growth of your organisation. You need to be aware of your cyber security risks, able to assess which threats could actually affect your business goals and have the agility to deal with new threats as they arise. At the same time, advances in technology are enabling business ideas to flourish. In considering cyber security and the risks and opportunities it brings, your cyber risk management strategy needs to be at the heart of your business. Old security models are no longer appropriate. Changing your perspective Delivering value After losing a significant amount of cash via online banking transfers to one-off foreign suppliers, our international engineering and service company suspected they had experienced a cyber security breach rather than fraud. With malicious software ruled out, they suspected that insider threat was the root cause. We identified how the cyber criminals were able carry out the eCrime. Using a combination of activity timeline analysis, file recovery and reverse engineering, we diagnosed the nature of the crime, the chain of events leading to the breach and how they were able to manipulate a secure online banking payment process. Our global shipping conglomerate engaged us to create and deploy a large-scale information security programme including the development of a business case for creating a security operations centre (SOC). We reviewed and assessed their current security services, processes and controls across the business including IT functions. We provided recommendations and clarity on what a SOC does; the business need and benefits; scope of activities, roles, responsibilities and skill sets; implementation requirements, costs and timelines and developed an SOC operating model and deployment options (insourced vs outsourced). This telecommunications provider was keen to understand the effectiveness of their privacy strategy, especially against their competitors. We were asked to review how it had been implemented within the UK business and other business units across their global network. To gain a broad overview, we benchmarked information about how a number of global clients approached the implementation of their privacy programmes. We were asked to review two service suppliers who were providing security control services to a major central government department. Our role was to undertake a compliance review against the Cabinet Office Security Policy Framework, CESG IA policy, Good Practice Guides and ISO27001, to assess their level of compliance. We also reviewed the complete risk management and security culture of both suppliers, providing the department with recommendations to improve control. “Businesses now operate in an interconnected ecosystem and cyber security risks have evolved. Old security models are no longer fit for purpose.Marco Amitrano Global Assurance Markets Leader This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2014 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. www.pwc.com/riskassurance

Changing your perspective We believe that confidence in ... security: Confidence in your digital future How we can help We can help you shape a broader strategic response to cyber

  • Upload
    donhi

  • View
    214

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Changing your perspective We believe that confidence in ... security: Confidence in your digital future How we can help We can help you shape a broader strategic response to cyber

Cyber securityConfidence in your digital future

www.pwc.com/riskassurance

The executive summary series – paper No.5

We believe that confidence in your digital future is essential to the growth of your organisation.

You need to be aware of your cyber security risks, able to assess which threats could actually affect your business goals and have the agility to deal with new threats as they arise.

At the same time, advances in technology are enabling business ideas to flourish. In considering cyber security and the risks and opportunities it brings, your cyber risk management strategy needs to be at the heart of your business. Old security models are no longer appropriate.

Changing yourperspective

Delivering valueAfter losing a significant amount of cash via online banking transfers to one-off foreign suppliers, our international engineering and service company suspected they had experienced a cyber security breach rather than fraud. With malicious software ruled out, they suspected that insider threat was the root cause.

We identified how the cyber criminals were able carry out the eCrime. Using a combination of activity timeline analysis, file recovery and reverse engineering, we diagnosed the nature of the crime, the chain of events leading to the breach and how they were able to manipulate a secure online banking payment process.

Our global shipping conglomerate engaged us to create and deploy a large-scale information security programme including the development of a business case for creating a security operations centre (SOC).

We reviewed and assessed their current security services, processes and controls across the business including IT functions.

We provided recommendations and clarity on what a SOC does; the business need and benefits; scope of activities, roles, responsibilities and skill sets; implementation requirements, costs and timelines and developed an SOC operating model and deployment options (insourced vs outsourced).

This telecommunications provider was keen to understand the effectiveness of their privacy strategy, especially against their competitors. We were asked to review how it had been implemented within the UK business and other business units across their global network.

To gain a broad overview, we benchmarked information about how a number of global clients approached the implementation of their privacy programmes.

We were asked to review two service suppliers who were providing security control services to a major central government department. Our role was to undertake a compliance review against the Cabinet Office Security Policy Framework, CESG IA policy, Good Practice Guides and ISO27001, to assess their level of compliance.

We also reviewed the complete risk management and security culture of both suppliers, providing the department with recommendations to improve control.

“Businesses now operate in an interconnected ecosystem and cyber security risks have evolved. Old security models are no longer fit for purpose.”

Marco Amitrano Global Assurance Markets Leader

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PwC does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2014 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

www.pwc.com/riskassurance

Page 2: Changing your perspective We believe that confidence in ... security: Confidence in your digital future How we can help We can help you shape a broader strategic response to cyber

Cyber security: Confidence in your digital future

How we can help

We can help you shape a broader strategic responseto cyber risk by helping you understand your current capability and putting in place a focused plan to target investment in the right places. To do this, we focus on six key areas:

Four-stage processAssess – understanding your capabilities and maturity to help you prioritise your investment.

Build – designing and delivering cyber security improvement programmes.

Manage – managing and maintaining control of your business, enabling you to focus on strategic priorities.

Respond – rapid, global access to leading cyber incident containment, investigation and crisis management expertise.

What you gain

Below are the six confidences that will help you apply cyber security to the heart of your business.

Confidence in your people Fostering secure behaviours by designing processes, systems and roles with human vulnerability in mind.

Confidence in your technology Understanding the inherent risks of your technology and how to mitigate them.

Confidence in your connections Building an agile risk management framework, adept at keeping pace as your collaborative networks evolve.

Confidence to take risks Considering your interactions within the digital world and assessing where and how they impact your past, present and future.

Confidence during a crisis Protecting what’s important, detecting intruders and minimising your exposure when you are compromised.

Confidence in your priorities Recognising where key assets are, which are often intangible, and aligning them with your priorities.

Our point of viewOld security models are no longer adequate While cyber security risks have evolved, the traditional information security model – one that is technology- focused, compliance-based, perimeter-oriented and aimed at securing the back office – is no longer fit for purpose. Not only that, your cyber capability needs to provide continual insights and intelligence on the threats your business faces. Armed with this insight, you can anticipate and react dynamically to changes in your cyber threat profile.

Cyber security at the heart of your businessWhen looking beyond enterprise boundaries, you need to protect what matters most and ensure investment is allocated correctly. Cyber risk management in the business ecosystem is a complex issue, requiring your board and managers to engage, and sophisticated techniques, new skills and capabilities to be embedded in your people. It’s better to assume you will be attacked, ensure you can respond effectively and prepare for the worst. You cannot afford to be complacent – cyber security should be ‘front and centre in your business’.

Build trust into the fabric of your digital operationYour reputation is key. You need confidence in your operations and environment to allow you to unlock and prioritise opportunities and protect what matters most to you and your business.

Develop a clear risk appetiteCyber security should be treated as an enterprise-wide risk for which you need to develop a clear risk appetite to suit your specific business circumstances and associated action plan; and you need to see frequent assurance that risks are appropriately managed.

What’s on

your mind?

“According to the Global CEO Survey, one third of CEOs don’tthink a cyber attack would negatively impact their business.

Yet 61% of consumers would stop using a company’s productor services if an attack resulted in a known breach.”

2012 PwC Consumer Intelligence Series

When to act

There are logical triggers in your business activities that prompt action. These will almost always be times when you should talk to us. Here are some examples.

By involving us as early as possible in your strategic business planning cycle rather than waiting until an issue becomes a problem.

Changes to regulation or legislation that will affect your business.

Change in the form of new suppliers, new technology, acquisitions, new markets or a change in leadership.

Trends or developments in your market that are likely to affect your business and where it’s better to respond proactively.

What good looks like

Successful security models have the following characteristics.

You continually monitor your risk profile. You understand what matters to the success of your business. You realise this changes as you move forward with your business.

You understand in real time, the new threats within the digital landscape. You are fully aware of the risks you’re exposing the organisation to as you execute your strategic plan.

You understand how digital is changing the fabric of your business, introducing new threats and changing your risk profile.

Your eyes are fully open to digital threats.

You recognise boundaries have shifted: your business architecture has changed, so have the risks within your digital supply chain. You are aware that threats can come from within your organisation as well as from outside it.

The executive summary series – paper No.5

The digital age is bringing rapid change: new customer connections, tighter supply chain integration, new sourcing models; new ways of exploiting bulk data; faster R&D processes; mobility and much more.

Your digital world just got biggerBusinesses now operate in an interconnected ecosystem. As a result, securing critical data, transactions and operations means working beyond the walls of your enterprise. Businesses are completely dependent on digital business processes. This amplifies the impact of cyber attacks on every area of your business.

It’s not if, but whenScarcely a day goes by without mention of a new cyber crime in the newsfeeds. Businesses face a wide range of threats. Adversaries range from nation states and organised crime to hacktivists and insiders. It’s understandable why you may feel fearful – by the time you’ve strengthened your defences, you are probably already under attack. Would you know what to do if you are compromised? Are you prepared?

How do you survive and thrive?Cyber security is not just about protection – it’s exploiting the opportunities that the digital way of working brings. New technology such as cloud computing brings more efficiency, lower costs and greater consumer productivity, but it’s fraught with risks. If your cyber security is inadequate you won’t have the confidence to take risks that allow you to get ahead of the competition. Cyber breaches damage reputations and destroy trust – both are vital ingredients for success in the digital age.


HOW SHOULD WE MEASURE CONSUMER · PDF fileHOW SHOULD WE MEASURE CONSUMER CONFIDENCE (SENTIMENT)? Evidence from the Michigan ... Consumer Confidence Index issued ... durable

HOW SHOULD WE MEASURE CONSUMER · PDF fileHOW SHOULD WE MEASURE CONSUMER CONFIDENCE (SENTIMENT)? Evidence from the Michigan ... Consumer Confidence Index issued ... durable

Documents
Help your child smile with confidence

Help your child smile with confidence

Documents
ARE WE AT THE TIPPING POINT TO REIMAGINE THE FUTURE UTILITY · advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets

ARE WE AT THE TIPPING POINT TO REIMAGINE THE FUTURE UTILITY · advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets

Documents
Running on confidence - sanyo-steel.co.jp · Running on confidence Our corporate philosophy is based on “Confidence-based Management,” and ... Since our founding we have gained

Running on confidence - sanyo-steel.co.jp · Running on confidence Our corporate philosophy is based on “Confidence-based Management,” and ... Since our founding we have gained

Documents
Confidence Interval. Assignment # 2 Briefly describe following with the help of examples: Point Estimation of Parameters Confidence Intervals Students’

Confidence Interval. Assignment # 2 Briefly describe following with the help of examples: Point Estimation of Parameters Confidence Intervals Students’

Documents
2017 WORKSHOP INFO - Nottingham Schools · This stimulating, relaxed workshop will explore ways that This practical workshop aims to develop confidence and we can help children to

2017 WORKSHOP INFO - Nottingham Schools · This stimulating, relaxed workshop will explore ways that This practical workshop aims to develop confidence and we can help children to

Documents
Confidence in caring · Confidence in caring is designed to help nurses, carers and care planners to do this. It offers a framework of best practice guidelines to help carers focus

Confidence in caring · Confidence in caring is designed to help nurses, carers and care planners to do this. It offers a framework of best practice guidelines to help carers focus

Documents
Webcast slides and Q&A Summary - EY - US … · services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding

Webcast slides and Q&A Summary - EY - US … · services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding

Documents
Help My Kids Start the School Year With Confidence

Help My Kids Start the School Year With Confidence

Documents
HELP WHEN WE NEEDED IT MOST - Samaritans · HELP WHEN WE NEEDED IT MOST. ... *Calls are free from landlines and some mobile providers. ... “ Samaritans gave us the confidence to

HELP WHEN WE NEEDED IT MOST - Samaritans · HELP WHEN WE NEEDED IT MOST. ... *Calls are free from landlines and some mobile providers. ... “ Samaritans gave us the confidence to

Documents
HELP YOUR CHILD DEVELOP CONFIDENCE ... - Child Success Center€¦ · HELP YOUR CHILD DEVELOP CONFIDENCE TO TAKE ON NEW FRIENDSHIPS & LEARNING EXPERIENCES Start Dates: July 20, July

HELP YOUR CHILD DEVELOP CONFIDENCE ... - Child Success Center€¦ · HELP YOUR CHILD DEVELOP CONFIDENCE TO TAKE ON NEW FRIENDSHIPS & LEARNING EXPERIENCES Start Dates: July 20, July

Documents
Self-Confidence Toolkit and ompanion Workbook For…€¦ · impact on our self-confidence. Comparing ourselves to others is one way we gain and lose confidence. To be more confidence

Self-Confidence Toolkit and ompanion Workbook For…€¦ · impact on our self-confidence. Comparing ourselves to others is one way we gain and lose confidence. To be more confidence

Documents
Turnkey Cannabis Solutions - rhizosciences.com · turnkey packages to help entrepreneurs easily enter new markets with confidence. We offer 3 turnkey cannabis production solutions

Turnkey Cannabis Solutions - rhizosciences.com · turnkey packages to help entrepreneurs easily enter new markets with confidence. We offer 3 turnkey cannabis production solutions

Documents
INVEST WITH CONFIDENCE - Hartford Homes · INVEST WITH CONFIDENCE NEW TO BUY-TO-LET? NO PROBLEM! WE CAN HELP CONTACT US TODAY CONSISTENTLY STRONG RENTAL MARKET IN IOM 5% regular rental

INVEST WITH CONFIDENCE - Hartford Homes · INVEST WITH CONFIDENCE NEW TO BUY-TO-LET? NO PROBLEM! WE CAN HELP CONTACT US TODAY CONSISTENTLY STRONG RENTAL MARKET IN IOM 5% regular rental

Documents
TRADE NET LEASE WITH CONFIDENCE - 420 Propertyzpanelhostdatazadminpublic...B+E is a modern investment brokerage firm, specializing in net lease real estate and 1031 exchanges. We help

TRADE NET LEASE WITH CONFIDENCE - 420 Propertyzpanelhostdatazadminpublic...B+E is a modern investment brokerage firm, specializing in net lease real estate and 1031 exchanges. We help

Documents
Changing your perspective Culture and behaviour risk ... · Cultures and behaviours: Creating confidence in your biggest asset How we can help We can help you develop a stronger culture

Changing your perspective Culture and behaviour risk ... · Cultures and behaviours: Creating confidence in your biggest asset How we can help We can help you develop a stronger culture

Documents
We promote confidence under construction We promote confidence under construction

We promote confidence under construction We promote confidence under construction

Documents
WE HELP YOU GROW - gfsdeliver.com...customers & boost sales WE HELP YOU GROW WITH CONFIDENCE So you can grow your business. SIMPLIFY DESPATCH We help you: REDUCE COSTS BOOST CUSTOMER

WE HELP YOU GROW - gfsdeliver.com...customers & boost sales WE HELP YOU GROW WITH CONFIDENCE So you can grow your business. SIMPLIFY DESPATCH We help you: REDUCE COSTS BOOST CUSTOMER

Documents
Prospectus - huttonrudbyprimary.co.uk€¦ · “At Hutton Rudby Primary School we work together to have fun, help friends, share, build confidence and be respectful. Our teachers

Prospectus - huttonrudbyprimary.co.uk€¦ · “At Hutton Rudby Primary School we work together to have fun, help friends, share, build confidence and be respectful. Our teachers

Documents
IPSE Confidence Index - Trinity College, Dublin · Freelancer Business Confidence Index Business confidence improved on last quarter, but outlook is still bleak In quarter two we

IPSE Confidence Index - Trinity College, Dublin · Freelancer Business Confidence Index Business confidence improved on last quarter, but outlook is still bleak In quarter two we

Documents
Do we REALLY Lack Confidence???

Do we REALLY Lack Confidence???

Documents
taxexmm1.htm - SEC.gov | HOME service We help investors, along with their financial advisors, make informed investment decisions with confidence. Putnam Tax Exempt Money Market Fund

taxexmm1.htm - SEC.gov | HOME service We help investors, along with their financial advisors, make informed investment decisions with confidence. Putnam Tax Exempt Money Market Fund

Documents
Get SpeechClass and help your students speak with confidence

Get SpeechClass and help your students speak with confidence

Documents
improve lives. - YellowBotmedia.yellowbot.com/documents/1uaZ-4hUxuE_o--/Brochure... · Patient Satisfaction Commitment We believe new dentures will help renew confidence in your appearance,

improve lives. - YellowBotmedia.yellowbot.com/documents/1uaZ-4hUxuE_o--/Brochure... · Patient Satisfaction Commitment We believe new dentures will help renew confidence in your appearance,

Documents
Help your colleagues gain confidence in teaching to the core3pf92a428h7y2o2e1d3olqk2-wpengine.netdna-ssl.com/wp... · 2018-12-06 · Help your colleagues gain confidence in teaching

Help your colleagues gain confidence in teaching to the core3pf92a428h7y2o2e1d3olqk2-wpengine.netdna-ssl.com/wp... · 2018-12-06 · Help your colleagues gain confidence in teaching

Documents
Trust and Confidence - Broadridge Advisor · Trust and Confidence If you are tired of second guessing your investment decisions, we can help. Since 1977, we have been providing families

Trust and Confidence - Broadridge Advisor · Trust and Confidence If you are tired of second guessing your investment decisions, we can help. Since 1977, we have been providing families

Documents
Help foster financial confidence...Worksite Financial Solutions is a guidance-based, beginning-to-end retirement solution designed to help your employees create confidence in their

Help foster financial confidence...Worksite Financial Solutions is a guidance-based, beginning-to-end retirement solution designed to help your employees create confidence in their

Documents
Literacy & Social Emotional Learning · Literacy & Social Emotional Learning. We need to help supply ALL students with the confidence, composure, and skills to be successful at the

Literacy & Social Emotional Learning · Literacy & Social Emotional Learning. We need to help supply ALL students with the confidence, composure, and skills to be successful at the

Documents
Communicate with confidence · We’ll help you make the move to Cloud Work with minimal disruption and uncompromising security. We make sure you can communicate with confidence

Communicate with confidence · We’ll help you make the move to Cloud Work with minimal disruption and uncompromising security. We make sure you can communicate with confidence

Documents
Unstoppable Confidence - royaltyfreeproducts.com€¦  · Web view“Unstoppable Confidence” will help you break through all barriers and fixed notions you have about yourself

Unstoppable Confidence - royaltyfreeproducts.com€¦  · Web view“Unstoppable Confidence” will help you break through all barriers and fixed notions you have about yourself

Documents