The Security Director's Practical Guide to Cyber Security
-
Upload
kevin-duffey -
Category
Business
-
view
174 -
download
5
Transcript of The Security Director's Practical Guide to Cyber Security
![Page 1: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/1.jpg)
www.CyberRescue.co.uk
Barrie MillettAdvisory Board30th Nov – 1st Dec 2016
Security Director’s Practical Guide to Cyber Security
Barrie Millett The UK Security Expo
![Page 2: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/2.jpg)
Why are we here? Topics
www.CyberRescue.co.uk
1. What the CEO needs their Security Director to do,to protect against Cyber Threats
2. How the Security Director can spot vulnerabilities the IT team are most likely to have missed
3. What the Security Director should know about Cyber Insurance
4. Surprises your CEO may suffer during the response to a major Cyber Attack
5. Why Security Directors must be ready to lead Recovery from major Cyber Attack
![Page 3: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/3.jpg)
Who are you? Typical Security Director Role
www.CyberRescue.co.uk
1. Protect assets, staff & reputation
2. Assess risk, vulnerabilities & issues
3. Define goals to mitigate risk
4. Promote security by design & security culture
5. Respond to Security Incidents
![Page 4: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/4.jpg)
Kevin Duffey – Managing DirectorExpert in commercial response to major cyber attacks•CEO Asia and UK Board Member at FTSE 100 company •Group GM at International SOS, global crisis management firm •Helped organisations respond to cyber attacks in 25 countries.
Barrie Millett – International AdvisorAward winning leader in risk mitigation and business continuity•Led security teams at blue-chip firms including E.ON and GE•Chair of Joint Risk Audit & Assurance Panel, Leicestershire Police•Expert in resilience for National Critical Infrastructure
Who are we?Facilitators for this Workshop
![Page 6: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/6.jpg)
Leading terrorism response
Severe weather events
Investigating criminal activity
transferable skills
![Page 7: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/7.jpg)
FBI data storage in 1942 = 10 million sets of fingerprints,
plus 23 million paper cards = 680 Gigabytes
Digital transformationof assets
![Page 8: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/8.jpg)
Digital transformationof assets
£600 storage device in 2016 a “memory stick” from HyperX,
stores 1,000 Gigabytes
![Page 9: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/9.jpg)
Exponential Risk to AssetsCyber Threats Annual Growth
125% Zero Day
71% DDoS
55% Spear Phish
29% Malware
21% SQLi
38% growth in reported crime
![Page 10: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/10.jpg)
Insurance: 52% of British CEOs think their company is insured for cyber risks. Just 2% of large businesses actually have stand alone cyber insurance in UK (March ‘15)
“The market for cyber insurance isn’t sustainable” (Sept ‘15)
Why businesses say they don’t have insurance (Nov ‘15) “Premiums too expensive” (52%) “Too many exclusions” (44%)
Companies with cyber insurance but not claimed = 81% (Mar ‘16)
£1m cyber policy costs £5k - 25k for “average” company (Apr ‘16)
Consider Cyber Insurance
![Page 13: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/13.jpg)
Staff Risks:•78% of staff don't obey info policy•63% of breaches involve passwords•41% of staff install apps on work PC•30% of phishing messages are opened•12% of staff download malicious s/ware
Supply Chain Risks:•41% of breaches affecting healthcare are caused by Third Parties•17% of breaches investigated by Kroll caused by Third Parties•AT&T, Home Depot, TalkTalk, and Target all suffered breaches via 3rd parties
Assess Risks beyond IT
![Page 14: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/14.jpg)
Staff Systems Suppliers
Work with HR, IT & Procurementto take a Hacker’s Eye View
![Page 16: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/16.jpg)
What to focus on in 2017?Typical Security Director Role
www.CyberRescue.co.uk
1. Protects cyber assets, staff & reputation
2. Assesses cyber risk, vulnerabilities & issues
3. Defines cyber goals to mitigate risk
4. Promotes cyber security culture
5. Responds to cyber Security Incidents
![Page 17: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/17.jpg)
What to focus on in 2017?Typical Security Director Role
www.CyberRescue.co.uk
1. Protects cyber assets, staff & reputation
2. Assesses cyber risk, vulnerabilities & issues
3. Defines cyber goals to mitigate risk
4. Promotes cyber security culture
5. Responds to cyber Security Incidents
![Page 18: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/18.jpg)
support CEOs to lead
www.CyberRescue.co.uk
Teams will be unnerved Many will never have tested a cyber attack responseInternal and external relationships will need to be managed
![Page 21: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/21.jpg)
Why are we here? Topics
www.CyberRescue.co.uk
1. What the CEO needs their Security Director to do,to protect against Cyber Threats
2. How the Security Director can spot vulnerabilities the IT team are most likely to have missed
3. What the Security Director should know about Cyber Insurance
4. Surprises your CEO may suffer during the response to a major Cyber Attack
5. Why Security Directors must be ready to lead Recovery from major Cyber Attack
![Page 22: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/22.jpg)
Part 2: Simulation (for attendees only): We will now simulate a Breach
![Page 23: The Security Director's Practical Guide to Cyber Security](https://reader036.fdocuments.us/reader036/viewer/2022062503/587b4eb61a28abff1a8b55e7/html5/thumbnails/23.jpg)
www.CyberRescue.co.uk
For similar material, follow Cyber Rescue on LinkedIn here.
Former Head of Resilience E.ON UKInternational Advisory Board Member Cyber Rescue [email protected]+ 44 7913 371249
Barrie Millett