Cyber Vulnerability - Get Your Report for 2015

security-vulnerability-Shutterstock-Andy-Dean-Photography.jpg

Executive Summary: Recently the growing tide of cyber attacks has begun to spawn a new awareness of the current cyber risks to business. This awareness is growing because of the news of attacks on corporates like Sony to JP Morgan to hacks on different government IT and database systems. And these attacks have affected everything from intelligence systems to health care records. And hackers have also attacked most corporates and more recently thousands of SMEs across the US and EU and this process is increasing.

These types of attacks and threats range and include the theft of intellectual property, data hacking, serious media communications and Public Relations issues resulting in customer mistrust, data theft, operational impairment, disgruntled employee hackers to external hacks and the systematic and continued exploitations of system vulnerabilities.

And in the last few months it has now become very apparent that all companies of all sizes need to take a new approach to their cyber vulnerability. And they can do so by looking at themselves through the eyes of their attackers. 
Recently it has become clear that cyber hacks can be undetected for weeks or even months giving the hackers time to move about with your systems architecture and to understand other vulnerable aspects of the cyber systems. Perimeter security at this point have become irrelevant and useless from a control perspective however the malware being used by the hackers has to communicate back to the attackers and monitoring tools have recently become more sophisticated and can be used to monitor the different types of systems traffic and this can be used to identify hacks.

To help counter the attacks and threats Security Risks Teams should be formed that include the CIO, Strategy, Security, IT and Development Directors and a team of independent analysts who should regularly report about cyber directly to the CEO and Main Board. 

Cyber security therefore needs to be a Main Board strategic concern and a team that includes the CIO/IT Director must report directly to the main board. An independent team must also be used to review and randomly check processes and procedures and data on a regular basis and this team should be independent of the IT department and its day-to-day operations. It should act as an independent audit team. 

In the Military this is known as turning the map around. The point is to get inside the mind of the hackers, and to see the situation as they do, in order to anticipate and prepare for what’s to come. To do this, businesses could use White Hat External Hackers (WHETs) to irregularly hack their systems and then use the information gained to continually secure and improve their cyber security and to engage with the opportunities that the hackers also see as being unused.
From a security viewpoint the independent external team must also be used to review and randomly check processes and procedures and data on a regular basis. 

The teams used would be similar to the Annual Financial Audits and this Cyber Security Audits Team should be independent of the IT department and its day-to-day operations.
 It should act as an independent audit team on an irregular basis throughout the year and it should use White Hat Hackers to delve deep into the electronic systems looking for current and potential problems. 
This team should frequently report to IT, senior management and the Board on changes of security and should produce current Cyber Reports. 

The Board, IT and Communications/PR should be registered and receive weekly Cyber News that is specific to the issues relating to the their industry and services to ensure they are fully aware of the issues that are affecting their industry, marketplace and clients.

This independent team should be reviewed by the Board and by internal IT management and the changes should be incorporated within the strategy and tactics.
And importantly these internal and external product/service development teams should frequently review cyber opportunities and these should be reported to the Board and changes incorporated within the organisation’s strategy and tactics.

The Board should also separately discuss worst-case scenarios with the CIO/IT Director and reviews should independently take place using the outside consultant teams as cyber crime is costing businesses around the world over $300 billion a year and the opportunities for business development are also being missed.    

For an Independent Cyber Vulnerability Report contact: info@cybersecurityintelligence.com

« NSA’s Public Spying Revealed by Snowden Is Ruled Illegal.
UK’s Internet Bandwidth Could Soon Be Choked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

Cyber 360

Cyber 360

Cyber 360 is a Cybersecurity contract and fulltime placement firm dedicated to identifying and hiring Cybersecurity professionals.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

ESTsecurity

ESTsecurity

ESTsecurity is a leading company in cyber security providing intelligent security solutions to make world more secure.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

Blue Lance

Blue Lance

Blue Lance is a global provider of cybersecurity governance solutions. Our software solutions automatically collect and store the information necessary for investigations, audit and compliance.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Ridge Security

Ridge Security

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.