Embed Size (px)
Citation preview
| 1
P R O T E C T I N G Y O U R B U S I N E S S F R O M E M E R G I N G C Y B E R T H R E A T S
C y b e r S e c u r i t y H e a l t h c h e c k
| 2
CUSTOMERS EXPECT TO INTERACT WITH YOU AND YOUR BUSINESS SAFELY ONLINE
Cyber attacks are increasing in regularity, scale and sophistication, posing a real threat to all firms.
Everyday customers trust you to protect their data, their identity and their money.
As a Board member you could be personally liable for a loss resulting from a cyber event. Boards must ensure that the business has in place a robust and independently verified cyber security framework. That’s where Huntswood and Gadhia Consultants come in.
| 3
62%
91%
DOES YOUR CURRENT SECURITY MODEL MEET REGULATORY STANDARDS?
IS YOUR FIRM’S CYBER SECURITY FRAMEWORK FIT FOR PURPOSE?
OF FIRMS HAVE SUFFERED AT LEAST ONE CYBER EVENT IN THE LAST 24 MONTHS THAT DISRUPTED THEIR BUSINESS*
OF BUSINESSES ARE NOT CONFIDENT THEIR CYBER-RELATED METRICS ARE ACTUALLY ACCURATE*
DIRECTORS CAN NOW BE HELD INDIVIDUALLY LIABLE FOR ANY LOSS
HAS YOUR FIRM BEEN SUBJECTED TO A CYBER ATTACK IN THE LAST 12 - 18 MONTHS?
WHEN DID YOU LAST RECEIVE INDEPENDENT ASSURANCE THAT YOUR CYBER SECURITY FRAMEWORK WAS FIT FOR PURPOSE?
*Measuring & Managing the Cyber Risks To Business Operations, December 2018, Ponemon Institute.
| 4
IN PARTNERSHIP WITH GADHIA CONSULTANTS, WE PROVIDE SOLUTIONS TO MEET YOUR FIRM’S NEEDS.
ULTIMATELY, WE PROTECT YOUR BUSINESS FROM CYBER ATTACKS AND THE DISTRESSING EFFECTS THEY CAN HAVE ON YOUR CUSTOMERS, YOUR COMPANY AND YOUR REPUTATION. We will ensure that your business has a robust cyber security strategy in place, that your people know how to manage a cyber incident and that your firm is operationally resilient enough to manage any future attacks. We do this by providing independent assurance on your strategy and placing cyber security specialists into your business to help deliver it.
HOW WE CAN HELP YOUR BUSINESS
DEVELOPING AND TESTING YOUR STRATEGY AND FRAMEWORK
Your cyber defence must be more than just reacting to events and attacks. Businesses must develop an integrated cyber security strategy with effective Board and executive oversight if they are to ensure a unified approach to mitigating cyber risk. All employees need to know how to spot the potential ‘red flags’ that could signal a cyber attack. 91% OF CYBER ATTACKS START WITH A PHISHING EMAIL* - How confident are you that your employees would recognise a cyber attack in a timely manner and know what to do?
1
*Enterprise Phishing Susceptibility and Resiliency Report, 2016, Cofense.
| 5
AUDITING AND VERIFYING YOUR CYBER SECURITY FRAMEWORK AGAINST REGULATORY REQUIREMENTS
Our audit process identifies strengths to be built upon and actions to be implemented. We then communicate this in a language that can be understood by technical teams, security teams and board members. We help rectify any inconsistencies in your organisation’s framework and prepare you for regulatory inspection. PROVIDING EXPERT INDEPENDENT ADVICE
Through understanding your security and threat environment, our team provide expert advice that is appropriate to your business and its commercial imperatives.
DEVELOPING AND TESTING YOUR STRATEGY AND FRAMEWORK
DEVELOPING A MEDIUM TO LONG-TERM CYBER STRATEGY
We will use our expertise and experience to work alongside your own senior executive team to develop a future looking cyber strategy that is specific to the needs of your business and will help protect your data, your people and your property from the most current and emerging global cyber threats. PLANNING YOUR CYBER SECURITY RESPONSE
We work with you to enhance, verify and plan your response to a cyber security incident so that when it happens, you are prepared.
BREACH INVESTIGATION AND POST-EVENT MANAGEMENT
We provide an independent investigation of any cyber security breach to identify how to improve systems and procedures, providing reassurance to customers and regulators. GOLD TEAM TESTING
We test organisations’ incident management framework and ensure that the senior leadership team know how to manage all elements of dealing with a major incident.
| 6
FINDING THE RIGHT PEOPLE TO MANAGE YOUR CYBER SECURITY STRATEGY
IF YOUR FIRM HAS BEEN THE TARGET OF CYBER HACKERS, WE CAN
PROVIDE SPECIALIST INDIVIDUALS RANGING FROM REMEDIATION
PROFESSIONALS TO A LARGE TEAM IN ORDER TO CONTAIN A CYBER ATTACK
AND GET YOUR BUSINESS BACK TO NORMAL AS QUICKLY AS POSSIBLE.
WE CAN RECRUIT BOTH PERMANENT AND INTERIM CYBER SECURITY
INDIVIDUALS. WE HAVE RECRUITED CYBER SECURITY PROFESSIONALS AT ALL LEVELS FROM ANALYSTS TO
DIRECTORS.
2
| 7
A publicly quoted business lost control of one of its critical payment websites during a major marketing event. This was only signalled to the CEO when the outage was shared on social media. We subsequently learnt that staff had been dealing with technical issues prior to the event, without escalating them to the Board. The timing of the outage suggested a hostile attack, but after thorough investigation, this was excluded. Working with the senior leadership team, we established a crisis response team and provided the necessary structure and meeting discipline throughout the incident, acting as a source of specialist advice and helping to ensure effective lines of communication between stakeholders. We also worked alongside the internal IT team and specialist external support teams to manage the analysis of data, assessment of various risks and the presentation of facts back to the Board so that a remediation plan could be agreed and tested. As a result of this successful crisis management, negative press and consumer action was limited. Instead, the business could continue to maintain operational resilience. The root cause of the issue was identified with only minor impact to business processes. In addition, the route back to ‘business as usual’ was controlled and directed in a transparent, risk-assessed environment. The business was therefore able to present a clear and informed decision-making process to the regulators in its follow-up interview.
CASE STUDY
| 8
CYBER SECURITY ANALYSIS AND ASSESSMENT - TYPICAL APPROACH
PHASE 1
SETUP
PHASE 2
DESKTOP REVIEW (ONSITE)
⚫ Agreeing what is in / out of scope, expected outcomes and timescales
⚫ Understanding the size of the business, number of different sites, partner organisations and recent acquisitions
⚫ Confirming any regulatory or compliance requirements
⚫ Confirming sponsor and client communication channels and processes
for providing updates
⚫ Review of business plan and the role of security in delivering business advantage
⚫ Review of the current threat / risk landscape, strategy, policies, standard operating procedures, incident ‘playbooks’ and management information packs
⚫ Identification of key areas of vulnerability and ‘test’ hypotheses
⚫ Review of existing policies and procedures against best practice and regulatory
guidance and standards
| 9
CYBER SECURITY ANALYSIS AND ASSESSMENT - TYPICAL APPROACH
PHASE 3
SITE VISIT
PHASE 4
REPORT PREPARATION
PHASE 5
POST-ENGAGEMENT REVIEW
⚫ Review of progress on suggested remediation / action plan
⚫ Report preparation and shaping of initial findings, including identification of evidence based findings and recommendations
⚫ Initial socialisation of findings and setting expectations with client
⚫ Board presentation to share findings, evidence and recommendations
⚫ Suggested remediation / action plan delivered
⚫ Meeting key contacts and building a supportive, collaborative team
⚫ Interviews with key individuals including the COO, CRO, CTO, CSO and / or CISO, Head of Information Security, SIRO, and appropriate board members
⚫ Cross-organisational focus groups to explore the security policy and approach, and how these are used in day-to-day business
⚫ Review of security culture, threat awareness and
level of diligence
| 10
COMPREHENSIVE UNDERSTANDING
OF CYBER SECURITY AND FINANCIAL
CRIME, FROM BOTH REGULATORY AND
OPERATIONAL PERSPECTIVES
WHY CHOOSE HUNTSWOOD AND GADHIA CONSULTANTS?
PROVEN EXPERIENCE IN LEADING AND
CO-ORDINATING THE NATIONAL RESPONSE TO
ECONOMIC CRIME, INCLUDING
CYBER-ENABLED CRIMES
EXPERIENCE OF WORKING WITH EXECUTIVES IN SHAPING AND
DEVELOPING FIRMS’ CYBER SECURITY STRATEGIES AND
GOVERNANCE FRAMEWORKS
OUR SOLUTIONS ARE NEVER
‘ONE-SIZE-FITS-ALL’ – INSTEAD, WE TAILOR OUR APPROACH TO YOUR INDIVIDUAL
NEEDS
| 11
ABOUT HUNTSWOOD We help firms govern, transform and operate their businesses to drive better outcomes.
When our clients need support, it almost always involves customer considerations, it is often multi-channel and always requires an approach that is compliant with regulation.
In our engagement with clients we are, above all else, collaborative and always at the forefront in the development of innovative, tailored and transformative solutions. These typically combine people, processes and technology to drive better customer, commercial, and regulatory outcomes.
ADVISORY SERVICES
ACROSS A RANGE OF
INDUSTRIES
DRIVE BETTER OUTCOMES
TO
OPERATIONAL EXCELLENCE
COST & EFFICIENCY
MITIGATE RISK
CUSTOMER EXPERIENCE
PROCESSPEOPL
E
TECHNOLOGY
WE COMBINE
WE HELP CLIENTS GOVERN, TRANSFORM AND
OPERATE THEIR BUSINESSES
RESOURCING SOLUTIONS
AS A PARTNER OF CHOICE FOR
UNDERPINNED BY TECHNOLOGY PLATFORMS AND INNOVATION
Our services include resourcing and outsourcing solutions, backed up by an expert advisory capability. We have a solid reputation for being easy to work with, which has been earned through continuous improvement and consistency in exceeding our clients' expectations throughout all stages of delivery.
| 12
ABOUT GADHIA CONSULTANTS SUPPORTING BOARD AND EXECUTIVE DECISION MAKING
Established by Dame Jayne-Anne Gadhia, our consultants know what it means to lead a business; the pressures, priorities and problems. We help board members and senior executives to find answers to the most difficult questions. Gadhia Consultants listen carefully to define the critical question and then working with our clients we bring commercial pragmatism, urgency and a commitment to succeed to find the answer.
WHEN YOU LEAD A BUSINESS, YOU NEED PEOPLE AROUND YOU THAT SHARE YOUR VALUES, WORRY FOR THE BUSINESS AND MAKE THINGS HAPPEN. I ESTABLISHED GADHIA CONSULTANTS TO SHARE THAT BURDEN AND PROVIDE THE PRACTICAL SUPPORT THAT BOARDS AND SENIOR TEAMS NEED. DAME JAYNE-ANNE GADHIA
@Huntswood
Search ‘Huntswood’
T: 0333 321 7811
W: huntswood.com
GET IN TOUCH
| 13
Mike is a Managing Partner at Gadhia Consultants and manages the strategy practice. Mike has provided consultancy support
and specialist advice to a range of blue-chip clients including De Beers Diamonds, Starbucks, BSB Sky, EDF, Total Exploration
and Production, Tullow Oil, North Caspian Operating Company (Kazakhstan) and Virgin Money.
Mike is also Chairman of the technology firm Airbox, providing
mission support, location tracking and control to UK Special Forces, UK Armed Forces, emergency services and policing. He is a member of the Advisory Board to Kina, a specialist firm providing
environmental, social and governance to support businesses across Africa.
Stephen is a Senior Partner at Gadhia Consultants, providing specialist advice on cyber security, strategy and crisis management.
Before joining the Gadhia Group, Stephen was the Chief Information Security Officer and then Chief Security Officer at Virgin Money where he was responsible for all issues of Cyber and Information Security as well as
IP, Physical and VIP event security.
Stephen is a fully qualified Senior Information Risk Officer (SIRO), having completed and passed the GCHQ-accredited training programme.
Stephen was the UK’s first National Policing lead for Economic Crime and,
during his thirty-year policing career, specialised in counter-terrorism as well as fraud and other cyber and economic crime.
He also created Europe’s first specialist Intellectual Property Crime Unit and was the UK’s national liaison officer for the EU on matters of Fraud
and Cyber-enabled Fraud.
Stephen is a member of the Global Cyber Alliance’s strategic advisory committee and works with several FinTech startup companies providing
specialist cyber security advice.
MIKE PECKHAM FRGS, FRSA, MA MANAGING PARTNER
STEPHEN HEAD SENIOR PARTNER - CYBER SECURITY PRACTICE
| 14
HUNTSWOOD.COM
HUNTSWOOD CTC LIMITEDABBEY GARDENS
ABBEY STREETREADING
BERKSHIRE RG1 3BA
