Mapping Unknown Risk

Uploaded on 2016-04-13 in FREE TO VIEW, TECHNOLOGY--Resilience

There used to be a “lurking” threat to our cyber security. It is no longer just lurking; companies and cyber attackers are now in an ongoing war. Its scale is enormous, and the techniques deployed by those fighting it are incredibly intricate.

The challenges it presents will be a part of everyday life for all individuals, entities, corporations and governments in the coming decades. However, even in this “new reality,” there are ways we can protect ourselves. In fact, there are ways in which we can “win.”

Cyber security is an issue born of the Internet-age. As the connectivity revolution creates tremendous opportunities for industry and economic development, it also poses new challenges for risk managers and insurers. With between ten and 20 billion devices currently connected to the internet (estimated to rise to 40 to 50 billion by 2020), there are tens of billions of access points at which cyber criminals can potentially enter a business’ enterprise system, an individual’s private information store or any government’s sensitive databases.

It is no surprise that Bristsh Prime Minister David Cameron set out an emphasis on cyber security in the government’s Strategic Defence and Security Review in November. His allocation of an extra £1.9 billion to be spent on cyber security should be a strong signal to all governments and corporations that this issue is centre-stage. It should be squarely on the agenda of every CEO and every Board across all industries. We must address it now or otherwise face severe consequences.

Cyber extortion and hacking have become significant challenges for companies. As criminals infiltrate company systems and charge a ransom for the return of sensitive information they are often not only harming the company’s reputation, damaging shareholder value and undermining the company’s work, but also affecting the lives of millions of consumers. With objects and devices increasingly connected there is also a high risk of hacking imperiling physical property and assets, even lives.

Earlier this year two hackers were able to infiltrate a Jeep Cherokee through its radio and remotely access its transmission, air conditioning and other systems. This caused the recall of 1.4 million vehicles, and isn’t the only instance of hackers gaining control of vehicles. Cyber security researchers found six flaws in Tesla’s Model S cars that made them vulnerable to hacking. These “white hat” hackers were able to manipulate the car’s speedometer to show the wrong speed, lock and unlock it, turn it on and off and bring it to a stop while driving.

This is particularly worrying given that Tesla is well regarded for having less vulnerable software than other automakers. The company has since issued a security patch preventing these breaches. These problems that were inconceivable half a decade ago are no longer science fiction; they are a business fact.

Increasingly companies should be concerned with covering the income lost through cyberattacks, not just with remedying data breaches.

What can companies do to prepare for unknowable future risk? The implications of the threat are so far-reaching that a vigilant attitude towards cyber security must be embedded within the culture of an organisation. This should be driven, led and prioritised by its Board and senior executives.

Risk managers must work with other key stakeholders across their organisation and with their insurance advisers to build a comprehensive cyber security strategy. This should include insurance cover that helps when hacking occurs, and access to education and tools that enhance existing security practices already developed by IT departments. The cyber-attack threat is changing and growing, but so is the protection and education provided by insurers, insurance advisers and cyber security experts.

Detailed scenario planning is essential. Organisations must highlight gaps, vulnerabilities and potential impacts on the business and plan what to do if the worst does happen. Good advice to any organisation is: do everything possible to improve your cyber-security, but also prepare to respond when a cyber-attack comes. Your company will be much better positioned to recover quickly.

Prospect: http://bit.ly/1nO005U

« Three Reasons To Revise Your Cyber Security Plans
Cybersecurity Un-Safe Investments in 2015 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Zertificon Solutions

Zertificon Solutions

Zertificon is a leader in professional email encryption and data security.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node

NSW Cyber Security Innovation Node is part of a national network designed to foster and accelerate cyber capability and innovation across Australia.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

Infrassist Technologies

Infrassist Technologies

We're Infrassist - a trusted white label Managed IT & Professional Services partner for MSP businesses.