Insurance & Cyber Vulnerability - Get Your Report for 2016

Uploaded on 2015-12-07 in Directors Reports

Executive Summary: Recently the growing tide of cyber attacks has begun to spawn a new awareness of the current cyber risks to business. This awareness is growing because of the news of attacks on corporates like Sony to JP Morgan to hacks on different government IT and database systems. 

And these attacks have affected everything from intelligence systems to health care records. Hackers have also attacked most corporates and more recently thousands of SMEs across the US and EU and this process is becoming more focused.

These types of attacks and threats range and include the theft of intellectual property, data hacking, serious media communications and Public Relations issues resulting in customer mistrust, data theft, operational impairment, disgruntled employee hackers to external hacks and the systematic and continued exploitations of system vulnerabilities.

And in the last few months it has now become very apparent that all companies of all sizes need to take a new approach to their cyber vulnerability. And they can do so by looking at themselves through the eyes of their attackers. Recently it has become clear that cyber hacks can be undetected for weeks or even months giving the hackers time to move about with your systems architecture and to understand other vulnerable aspects of the cyber systems. Perimeter security at this point have become irrelevant and useless from a control perspective however the malware being used by the hackers has to communicate back to the attackers and monitoring tools have recently become more sophisticated and can be used to monitor the different types of systems traffic and this can be used to identify hacks.

To help counter the attacks and threats Security Risks Teams should be formed that include the CIO, Strategy, Security, IT and Development Directors and a team of independent analysts who should regularly report about cyber directly to the CEO and Main Board. 

Cyber security therefore needs to be a Main Board strategic concern and a team that includes the CIO/IT Director must report directly to the main board. An independent team must also be used to review and randomly check processes and procedures and data on a regular basis and this team should be independent of the IT department and its day-to-day operations. It should act as an independent audit team. 

In the Military this is known as turning the map around. The point is to get inside the mind of the hackers, and to see the situation as they do, in order to anticipate and prepare for what’s to come. 

To do this, businesses could use White Hat External Hackers (WHETs) to irregularly hack their systems and then use the information gained to continually secure and improve their cyber security and to engage with the opportunities that the hackers also see as being unused. From a security viewpoint the independent external team must also be used to review and randomly check processes and procedures and data on a regular basis. 

The teams used would be similar to the Annual Financial Audits and this Cyber Security Audits Team should be independent of the IT department and its day-to-day operations. The Team should act as an independent audit unit on an irregular basis throughout the year and it should use White Hat Hackers to delve deep into the electronic systems looking for current and potential problems. This team should frequently report to IT, senior management and the Board on changes of security and should produce current Cyber Reports. 

The Board, IT and Communications/PR should be registered and receive weekly Cyber News that is specific to the issues relating to the their industry and services to ensure they are fully aware of the issues that are affecting their industry, marketplace and clients.

This independent team should be reviewed by the Board and by internal IT management and the changes should be incorporated within the strategy and tactics and importantly these internal and external product/service development teams should frequently review cyber opportunities and these should be reported to the Board and changes incorporated within the organisation’s strategy and tactics.

The Board should also separately discuss worst-case scenarios with the CIO/IT Director and reviews should independently take place using the outside consultant teams as cyber crime is costing businesses around the world over $300 billion a year and the opportunities for business development are also being missed.

For an Independent Cyber Vulnerability Report contact: info@cybersecurityintelligence.com

 

« Organisations Lack Maturity in Monitoring
The Current Chinese Cybercriminal Underground »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

Relyum

Relyum

Relyum provides innovative solutions for networking, synchronization and cybersecurity in critical systems.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

CyberHub

CyberHub

CyberHub is an educational platform that offers professional courses and knowledge sharing through articles and videos to help students discover their potential in cybersecurity.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.