CYBER RESILIENCE BEST PRACTICE

To Discuss

• Why cyber risk management is increasingly challenging

• How everyone has a role to play in your cyber risk management

• Insight from the Board on cyber risks and its impact on cyber risk management

• Insight and ideas for managing your cyber risks

Balancing opportunity and riskThe risks

$4.2 trillionestimated value of the internet economy in G20 economies by

2016

The opportunities

94%of businesses with 10+ employees are

online

936 exabytes

growth in global internet traffic from

2005-2015

13.5% to 23%projected rise in

consumer purchases via the internet from 2010-

2016

4.1%of GDP contributed

by internet

$445 billioncost of cyber-crime to the global economy

per year

44%increase in cyber incidents - 1.4 per

organization per week

90%of cyber attacks succeed because of the unwitting

actions of a member of staff$145

average cost paid for each lost or stolen file containing

sensitive or confidential information

The Challenges….

“253 days is the average number of days it takes an organisation to realise that they have been successfully attacked.”

“90% of large UK organisations had a security breach in 2014 (an increase of 81% from 2013)”

“90% of all successful cyber-attacks rely on human vulnerability to succeed.”

“69% of all large organisations were attacked by an unauthorised outsider in 2014 (an increase of 55% from the previous year)”

“59% of UK businesses expect attacks to increase next year”

1 person can enable an attacker to compromise your systems and access your most valuable information.

The Challenges - common client statements

“Why would anyone want to attack our organization?”

“We do not know what our most critical information

assets are in our organization.”

“We have our networks well protected by good

technology”

“Our current information/cyber security

training is ineffective in driving new behaviour's

across the organization.”

“We know we have already been attacked but do not

know how best to respond and recover effectively.”

“We do not know what good cyber resilience looks like for

our organization”

The Challenges – the hacking process

Process Tools

Reconnaissance Whois, NSLookup, Spyfu, EDGAR, Sam Spade, Google, DNS Lookup, ARIN, Wget, Dig, Traceroute

Scanning Ping, Nmap, Angry IP Scanner, Netcraft, Nikto, Nessus, ike-scan, RPCDump

Develop /select/deliver exploit

Metasploit, Rootkit (Hacker Defender, FU, Vanquish, HE4Hook)

Cover tracks Log eraser, Demon

The Challenges... the Cyber Crime toolbox……

The Challenges

Everyone has a role to play….

The challengeThe Human Factor

90%NEED TO INFLUENCE

AND ENABLE POSITIVE CHANGE IN USER BEHAVIOURS

Insight from the Board.

We need to develop a coherent cyber resilience strategy

We need to know what our critical information assets are

We need a cyber smart workforce and partner network

We need to embed good practices across our

organization

We need to communicate and understand more effectively

across the organization

We need to understand how we will respond and recover from

attack more effectively

Cyber Risk Management

Cyber Resilience is the ability for an organisation to resist, respond and recover from incidents that will impact the

information they require to do business.

Cyber Risk Management

What does good look like?

Cyber Risk Management

INFORMATION SECURITY

Confidentiality Integrity Availability Authenticity

People

Process

Technology

Security Policy

Regulatory Compliance

Staff Awareness Program

Access Control

Security Audit

Incident Response

Encryption, PKI

Firewall, IPS/IDS

Antivirus

You need staff who are ‘risk aware’ of.:

Phishing Social engineering

Online safety

Social media BYOD

Removable data

Password safety

Personal information

Information handling

Remote and mobile

working

Summary of business challenges

KEEP VALUE OF YOUR BUSINESS, IN YOUR BUSINESS

MAINTAIN REPUTATION

BALANCE OPPORTUNITIES AND RISKS

Need to identify and manage what good cyber

resilience looks like

Need to influence and enable positive change

in user behaviours

Need to communicate effectively during business as usual and during crisis

QUESTIONS

AND ANSWERS?