cyber resilience best practice. to discuss why cyber risk management is increasingly challenging how...
TRANSCRIPT
![Page 1: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/1.jpg)
CYBER RESILIENCE BEST PRACTICE
![Page 2: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/2.jpg)
To Discuss
• Why cyber risk management is increasingly challenging
• How everyone has a role to play in your cyber risk management
• Insight from the Board on cyber risks and its impact on cyber risk management
• Insight and ideas for managing your cyber risks
![Page 3: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/3.jpg)
Balancing opportunity and riskThe risks
$4.2 trillionestimated value of the internet economy in G20 economies by
2016
The opportunities
94%of businesses with 10+ employees are
online
936 exabytes
growth in global internet traffic from
2005-2015
13.5% to 23%projected rise in
consumer purchases via the internet from 2010-
2016
4.1%of GDP contributed
by internet
$445 billioncost of cyber-crime to the global economy
per year
44%increase in cyber incidents - 1.4 per
organization per week
90%of cyber attacks succeed because of the unwitting
actions of a member of staff$145
average cost paid for each lost or stolen file containing
sensitive or confidential information
![Page 4: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/4.jpg)
The Challenges….
“253 days is the average number of days it takes an organisation to realise that they have been successfully attacked.”
“90% of large UK organisations had a security breach in 2014 (an increase of 81% from 2013)”
“90% of all successful cyber-attacks rely on human vulnerability to succeed.”
“69% of all large organisations were attacked by an unauthorised outsider in 2014 (an increase of 55% from the previous year)”
“59% of UK businesses expect attacks to increase next year”
1 person can enable an attacker to compromise your systems and access your most valuable information.
![Page 5: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/5.jpg)
The Challenges - common client statements
“Why would anyone want to attack our organization?”
“We do not know what our most critical information
assets are in our organization.”
“We have our networks well protected by good
technology”
“Our current information/cyber security
training is ineffective in driving new behaviour's
across the organization.”
“We know we have already been attacked but do not
know how best to respond and recover effectively.”
“We do not know what good cyber resilience looks like for
our organization”
![Page 6: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/6.jpg)
![Page 7: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/7.jpg)
![Page 8: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/8.jpg)
![Page 9: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/9.jpg)
The Challenges – the hacking process
Process Tools
Reconnaissance Whois, NSLookup, Spyfu, EDGAR, Sam Spade, Google, DNS Lookup, ARIN, Wget, Dig, Traceroute
Scanning Ping, Nmap, Angry IP Scanner, Netcraft, Nikto, Nessus, ike-scan, RPCDump
Develop /select/deliver exploit
Metasploit, Rootkit (Hacker Defender, FU, Vanquish, HE4Hook)
Cover tracks Log eraser, Demon
![Page 10: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/10.jpg)
The Challenges... the Cyber Crime toolbox……
![Page 11: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/11.jpg)
![Page 12: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/12.jpg)
The Challenges
![Page 13: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/13.jpg)
Everyone has a role to play….
The challengeThe Human Factor
90%NEED TO INFLUENCE
AND ENABLE POSITIVE CHANGE IN USER BEHAVIOURS
![Page 14: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/14.jpg)
Insight from the Board.
We need to develop a coherent cyber resilience strategy
We need to know what our critical information assets are
We need a cyber smart workforce and partner network
We need to embed good practices across our
organization
We need to communicate and understand more effectively
across the organization
We need to understand how we will respond and recover from
attack more effectively
![Page 15: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/15.jpg)
Cyber Risk Management
Cyber Resilience is the ability for an organisation to resist, respond and recover from incidents that will impact the
information they require to do business.
![Page 16: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/16.jpg)
Cyber Risk Management
What does good look like?
![Page 17: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/17.jpg)
Cyber Risk Management
INFORMATION SECURITY
Confidentiality Integrity Availability Authenticity
People
Process
Technology
Security Policy
Regulatory Compliance
Staff Awareness Program
Access Control
Security Audit
Incident Response
Encryption, PKI
Firewall, IPS/IDS
Antivirus
![Page 18: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/18.jpg)
You need staff who are ‘risk aware’ of.:
Phishing Social engineering
Online safety
Social media BYOD
Removable data
Password safety
Personal information
Information handling
Remote and mobile
working
![Page 19: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/19.jpg)
Summary of business challenges
KEEP VALUE OF YOUR BUSINESS, IN YOUR BUSINESS
MAINTAIN REPUTATION
BALANCE OPPORTUNITIES AND RISKS
Need to identify and manage what good cyber
resilience looks like
Need to influence and enable positive change
in user behaviours
Need to communicate effectively during business as usual and during crisis
![Page 20: CYBER RESILIENCE BEST PRACTICE. To Discuss Why cyber risk management is increasingly challenging How everyone has a role to play in your cyber risk management](https://reader035.vdocument.in/reader035/viewer/2022062519/5697bfe11a28abf838cb3e81/html5/thumbnails/20.jpg)
QUESTIONS
AND ANSWERS?