Mapping Unknown Risk

Uploaded on 2016-04-13 in FREE TO VIEW, TECHNOLOGY--Resilience

There used to be a “lurking” threat to our cyber security. It is no longer just lurking; companies and cyber attackers are now in an ongoing war. Its scale is enormous, and the techniques deployed by those fighting it are incredibly intricate.

The challenges it presents will be a part of everyday life for all individuals, entities, corporations and governments in the coming decades. However, even in this “new reality,” there are ways we can protect ourselves. In fact, there are ways in which we can “win.”

Cyber security is an issue born of the Internet-age. As the connectivity revolution creates tremendous opportunities for industry and economic development, it also poses new challenges for risk managers and insurers. With between ten and 20 billion devices currently connected to the internet (estimated to rise to 40 to 50 billion by 2020), there are tens of billions of access points at which cyber criminals can potentially enter a business’ enterprise system, an individual’s private information store or any government’s sensitive databases.

It is no surprise that Bristsh Prime Minister David Cameron set out an emphasis on cyber security in the government’s Strategic Defence and Security Review in November. His allocation of an extra £1.9 billion to be spent on cyber security should be a strong signal to all governments and corporations that this issue is centre-stage. It should be squarely on the agenda of every CEO and every Board across all industries. We must address it now or otherwise face severe consequences.

Cyber extortion and hacking have become significant challenges for companies. As criminals infiltrate company systems and charge a ransom for the return of sensitive information they are often not only harming the company’s reputation, damaging shareholder value and undermining the company’s work, but also affecting the lives of millions of consumers. With objects and devices increasingly connected there is also a high risk of hacking imperiling physical property and assets, even lives.

Earlier this year two hackers were able to infiltrate a Jeep Cherokee through its radio and remotely access its transmission, air conditioning and other systems. This caused the recall of 1.4 million vehicles, and isn’t the only instance of hackers gaining control of vehicles. Cyber security researchers found six flaws in Tesla’s Model S cars that made them vulnerable to hacking. These “white hat” hackers were able to manipulate the car’s speedometer to show the wrong speed, lock and unlock it, turn it on and off and bring it to a stop while driving.

This is particularly worrying given that Tesla is well regarded for having less vulnerable software than other automakers. The company has since issued a security patch preventing these breaches. These problems that were inconceivable half a decade ago are no longer science fiction; they are a business fact.

Increasingly companies should be concerned with covering the income lost through cyberattacks, not just with remedying data breaches.

What can companies do to prepare for unknowable future risk? The implications of the threat are so far-reaching that a vigilant attitude towards cyber security must be embedded within the culture of an organisation. This should be driven, led and prioritised by its Board and senior executives.

Risk managers must work with other key stakeholders across their organisation and with their insurance advisers to build a comprehensive cyber security strategy. This should include insurance cover that helps when hacking occurs, and access to education and tools that enhance existing security practices already developed by IT departments. The cyber-attack threat is changing and growing, but so is the protection and education provided by insurers, insurance advisers and cyber security experts.

Detailed scenario planning is essential. Organisations must highlight gaps, vulnerabilities and potential impacts on the business and plan what to do if the worst does happen. Good advice to any organisation is: do everything possible to improve your cyber-security, but also prepare to respond when a cyber-attack comes. Your company will be much better positioned to recover quickly.

Prospect: http://bit.ly/1nO005U

« Three Reasons To Revise Your Cyber Security Plans
Cybersecurity Un-Safe Investments in 2015 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

ProtonMail

ProtonMail

ProtonMail is an easy to use secure email service with built-in end-to-end encryption and state of the art security features.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.