24
DIGITAL TRANSFORMATION Managing cyber risk Jeremy Swinfen Green, Charlotte Childs 07855 341 589 [email protected]

Digital transformation: introduction to cyber risk

Embed Size (px)

Citation preview

DIGITAL TRANSFORMATIONManaging cyber risk

Jeremy Swinfen Green, Charlotte Childs07855 341 589

[email protected]

A “tier 1” threat

The risk from digital (computer) technology to

efficiency, revenue, profitability or existence

of an organisation

Managing cyber risksWhat is cyber risk?

Cyber risk Information risk

Cyber risks aregrowing

The IT departmentJust information Your organisation

Managing cyber risksA holistic approach

• The IT department • Just information • Your organisation

OutsidersInsiders

Inside outers

Managing cyber risksWho cause the risks?

• Outsiders: the traditional enemy• Insiders: the new enemy)• Inside outers: the hidden enemy

*Fines of up to 5% of global turnover?

Managing cyber risksYou can’t stop the hackers…

• So just protect the crown jewels*oPersonal dataoCredit card dataoStrategic information

Managing cyber risksInsiders – the biggest risk

• Losing devices that contain corporate information• Leaking strategic information accidentally• Stealing data for personal gain• Foolishly compromising log-in details

Managing cyber risksWhy do people show risky behaviour?

• Ignorance of the risk• Hard to use systems• Social pressure• Habit• Transferring responsibility• Belief• Personal

• Empower your communicationsoMultiple platformsoPersonalisationo Incentives (and sanctions)oChanges to the rules

Managing cyber risksAwareness is not enough

• Lack of knowledge• Lack of belief• Personal gain• Cognitive overload

Managing cyber risksUnderstanding motives

• Experience of cyber risk• Roles• Age• Gender

Managing cyber risksDealing with difference

• Social or outside pressure• Fun and immediate gratification• Delegation – not my problem• I’m in control• Trusting other people• It won’t affect me (it never has before)• No one will know it is me so why should I worry

Managing cyber risks“Irrational” people

• Nudging• Anchoring• Present bias• Authority figures• Community action• Loss aversion

Managing cyber risksDealing with irrational people

Hidden dangers from Inside Outers

• Bring your own device• Bring your own cloud• Internet of Things• Connecting outside the office • Disposing of devices• Social media risk

Managing cyber risksThink beyond the network

• Identify known risks; imagine unknown risks• Prioritise• Identify existential risks• Document• Review

Managing cyber risksIdentify the risks

• Avoid• Transfer• Mitigate• Accept

Managing cyber risksManage the risks

• Prepare responses• Monitor for attacks• Educate staff • Test plans• Plan for after the incident

Managing cyber risksPlan for the inevitable

• Detect and verify• Assess and report• Respond• Iterate

Managing cyber risksRespond to incidents

• Insurance costs• New business opportunities• Reputation• Employee morale• Avoidance of costs associated with risk events

Managing cyber risksIdentify the payback – but avoid FUD*

*Fear, uncertainty and doubt as a way of persuading people

• Holistic• Appropriate• Agile• Engaging• Led effectively

Managing cyber risksKey management concepts

THANK YOU

Jeremy Swinfen-Green, Charlotte Childs

[email protected] 341 589