Cyber risk scenarios for effective IT risk assessment
There is an urgent need for innovative solutions in the pursuit of the current cyber risks controls. The cost and consequences of any cyber-breach are increasing, and the continued operation, and business are at stake. Management is overwhelmed by the news of a cyber-risk attack and the data disruption that follows.
The 2015 Cost of Data Breach Study: Global Analysis, from the Ponemon Institute, claims that malicious attacks are the root-cause of 47 percent of data breaches, up from 42 percent last year, and that the associated costs to businesses have increased 23 percent since 2013.)
Cyber experts claim that there are two types of companies about Cyber breaches, those that know and those that don't know that they have been violated. The most common phrase amongst the experts is that if your business has not already been hacked; it is just a matter of time before it is compromised.
The best defense is a good offense
Therefore however unsettling the It and cyber risk are to the regular business, there is no such approach as business as usual. Management just cannot look the other way. On the other hand, businesses now have more options to help build data and IT resilience and face the cyber threats thru scenario planning.
A scenario exercise starts with a simple risk matrix scenario on probability and impact exercise and by selecting a number if different cyber breach/threat scenario that could have a catastrophic effect on the organization. Based on the need in the organization for Cyber Resilience, identify the actors who pose a significant threat to the organisation as well as the time required to spot the failure and the time needed for recovery. This beginning of a scenario exercise is only possible if the business, management, and the organization is committed and has adopted a holistic approach to the management of cyber risk. While failures are unavoidable, cyber resilience prevents systems from completely collapsing.
At the IT and cyber security day on the 19th october 2015, at the Technical University of Denmark, we will go thru the follwing main componenets of a cyber threat;
- Objective and Intent: Copy, Destroy, Injure, Proceeds, Non-hostile, Hostile
- Access Skill Level: Internal, External, None, Minimal, Operational, Adept
- Resources used: Individual, Club, Contest, Team, Organisation, Government
- Limits: Code of Conduct, Legal, Extra-legal (minor), Extralegal (major)
- Visibility: Overt, Covert, Clandestine, Don't Care
- Outcome: Acquisition / Theft, Business Advantage, Damage, Embarrassment, Technical Advantage
Due to the continuos publicity of the many compnaies that are hacked in almost all parts of the world, companies continually expanding their IT and cyber risk management expertise and support. During the IT and cyber security day on the 19th october 2015, at the Technical University of Denmark we will address the reexamining of how IT security policies can be structured to address the current cyber risks that are specific to various industries.
The correct use of cyber security arsenal like firewalls, antivirus software are updated and embedded Security solutions are being used more proactively in the hunt for those bad guys and individuals and are increasingly aware of their personal and corporate responsibility to protect the cyber borders and the employees.
However in order to give access comfort, the cyber security trend must shift from protective to detective security. Traditional protective measures like firewalls, antivirus software are still a major part of the cyber security arsenal. They function well if they are regularly updated and are embedded with processes that detect the hacker's presence and refuse access once and for all. However training and guidance on how employees can support the correct use of these firewall is often lacking. Restrictions to adjust the firewall must be coupled with IT and cyber risk management practices to protect the enterprise.
The 2015 Cost of Data Breach Study: Global Analysis, from the Ponemon Institute further documents that the board level involvement in cyber risk management can reduce the cost of a data breach by $5.50 per record-and insurance protection can further reduce the cost by $4.40 per record.
Benchmark the set of IT challenges
During the IT and cyber security day on the 19th october 2015, at the Technical University of Denmark the participants from vaious industries will get together and share their experiences so others in the group can learn from them and use that insight to look for those types of behaviors, and hunt for the cyber threats.
During the workshop session, we will discuss key challenges & strategy with peers to develop team expertise & professional skills, as well as to advance debate & approaches for IT and Cybersecurity threats and breaches. The focus of the IT and Cybersecurity roundtable, discussions & group work, will be facilitated by established practitioners to benchmark with a set of IT challenges as you in a 'hands on', proactive & inspirational when they return to their environment on IT and cyber security issues.
Next newsletter: Part II: How cyber fits into the holistic risk picture