Mapping Unknown Risk

There used to be a “lurking” threat to our cyber security. It is no longer just lurking; companies and cyber attackers are now in an ongoing war. Its scale is enormous, and the techniques deployed by those fighting it are incredibly intricate.

The challenges it presents will be a part of everyday life for all individuals, entities, corporations and governments in the coming decades. However, even in this “new reality,” there are ways we can protect ourselves. In fact, there are ways in which we can “win.”

Cyber security is an issue born of the Internet-age. As the connectivity revolution creates tremendous opportunities for industry and economic development, it also poses new challenges for risk managers and insurers. With between ten and 20 billion devices currently connected to the internet (estimated to rise to 40 to 50 billion by 2020), there are tens of billions of access points at which cyber criminals can potentially enter a business’ enterprise system, an individual’s private information store or any government’s sensitive databases.

It is no surprise that Bristsh Prime Minister David Cameron set out an emphasis on cyber security in the government’s Strategic Defence and Security Review in November. His allocation of an extra £1.9 billion to be spent on cyber security should be a strong signal to all governments and corporations that this issue is centre-stage. It should be squarely on the agenda of every CEO and every Board across all industries. We must address it now or otherwise face severe consequences.

Cyber extortion and hacking have become significant challenges for companies. As criminals infiltrate company systems and charge a ransom for the return of sensitive information they are often not only harming the company’s reputation, damaging shareholder value and undermining the company’s work, but also affecting the lives of millions of consumers. With objects and devices increasingly connected there is also a high risk of hacking imperiling physical property and assets, even lives.

Earlier this year two hackers were able to infiltrate a Jeep Cherokee through its radio and remotely access its transmission, air conditioning and other systems. This caused the recall of 1.4 million vehicles, and isn’t the only instance of hackers gaining control of vehicles. Cyber security researchers found six flaws in Tesla’s Model S cars that made them vulnerable to hacking. These “white hat” hackers were able to manipulate the car’s speedometer to show the wrong speed, lock and unlock it, turn it on and off and bring it to a stop while driving.

This is particularly worrying given that Tesla is well regarded for having less vulnerable software than other automakers. The company has since issued a security patch preventing these breaches. These problems that were inconceivable half a decade ago are no longer science fiction; they are a business fact.

Increasingly companies should be concerned with covering the income lost through cyberattacks, not just with remedying data breaches.

What can companies do to prepare for unknowable future risk? The implications of the threat are so far-reaching that a vigilant attitude towards cyber security must be embedded within the culture of an organisation. This should be driven, led and prioritised by its Board and senior executives.

Risk managers must work with other key stakeholders across their organisation and with their insurance advisers to build a comprehensive cyber security strategy. This should include insurance cover that helps when hacking occurs, and access to education and tools that enhance existing security practices already developed by IT departments. The cyber-attack threat is changing and growing, but so is the protection and education provided by insurers, insurance advisers and cyber security experts.

Detailed scenario planning is essential. Organisations must highlight gaps, vulnerabilities and potential impacts on the business and plan what to do if the worst does happen. Good advice to any organisation is: do everything possible to improve your cyber-security, but also prepare to respond when a cyber-attack comes. Your company will be much better positioned to recover quickly.

Prospect: http://bit.ly/1nO005U

« Three Reasons To Revise Your Cyber Security Plans
Cybersecurity Un-Safe Investments in 2015 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

ES2

ES2

ES2 is a consulting organisation specialising in Enterprise Security and Solutions Services.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

TAC Security (TAC Infosec)

TAC Security (TAC Infosec)

TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Bitdefender

Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.