cyber security
play

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES - PowerPoint PPT Presentation

Sep 20, 2023 •481 likes •735 views

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

  1. CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019

  2. INTRODUCTION Cyber Security • The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorised use or modification, or exploitation (US Institute of Standards and Technologies - NIST). • Cyber security can be described as the digital or human measures you can take to reduce the risk and harm to your company's information and information based systems through theft, alteration or destruction. Cyber Risk and Fraud • Cyber risks arise from your company’s exposure to the rapidly increasing interconnectivity of information. The risks are indeed real, and it is perfectly sensible to assume these risks are emanating from people who have, or seek to have, access to your information or information-based systems both internally and externally with a view to committing fraud. 2 Date

  3. WHEN THINGS GO WRONG Causes Hacker attack Data breach Virus transmission Cyber extortion Employee sabotage Network downtime Human error 3 Date

  4. WHEN THINGS GO WRONG Effects British Airways: Suspect code that hacked fliers 'found‘ A cyber-security firm has said it found malicious code injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions. NHS 'could have prevented' WannaCry ransomware attack NHS trusts were left vulnerable in a major ransomware attack in May because cyber-security recommendations were not followed, a government report has said. At least 6,900 NHS appointments were cancelled as a result of the attack. Butlin's says guest records may have been hacked Holiday camp firm Butlin's says up to 34,000 guests at its resorts may have had their personal information stolen by hackers. 4 Date

  5. WHEN THINGS GO WRONG Impact Economic cost of cyber attack Reputational damage Legal consequences of cyber breach 5 Date

  6. IN THE NEWS Cyber security threat to banks has grown in last decade • Bank of England Governor Mark Carney says: "The third class of risk that is new in the last decade is risk related to cyber security. "The defences have to be in place and we also have to have plans if a bank were to be knocked out because of a cyber attack - how to we keep a system functioning and service to customers functioning in that event.“. BBC Sept 2018 Tory app security breach reveals MPs' numbers • Boris Johnson was among those whose details could be accessed through the party's conference app. BBC Sept 2018 Rise in cyber-attacks on NI universities • Universities and further education colleges in NI suffered 16 serious cyber-attacks in 2017/18 compared to three the year before. BBC Sept 2018 UK cyber-centre thwarts hostile hackers • The National Cyber Security Centre has combated about 1,200 attacks since it was created, it reveals. BBC Oct 2018 UK accuses Russian spies of cyber-attacks • Alleged attacks include raids on the World Anti-Doping Agency, when athletes' data was published, and the US Democratic Party. BBC Oct 2018 6 Date

  7. WHAT DO THE STATISTICS SAY? The Cyber Security Breaches Survey 2019 is an Official Statistic, measuring how organisations in the UK approach cyber security and the impact of breaches. 7 Date

  8. DRIVERS FOR CHANGE 8 Date

  9. AWARENESS OF GOVERNMENT CYBER SECURITY INITIATIVES AND ACCREDITATIONS 9 Date

  10. WHAT ARE ORGANISATIONS DOING ABOUT IT? 10 Date

  11. WHAT ARE ORGANISATIONS DOING ABOUT IT? 11 Date

  12. AVERAGE INVESTMENT IN CYBER SECURITY IN LAST FINANCIAL YEAR 12 Date

  13. WHAT ARE ORGANISATIONS DOING ABOUT IT? 13 Date

  14. THINK ABOUT WHAT YOU HAVE 14 Date

  15. SOME SPECIFIC CURRENT CYBER THREATS EXPERIENCED • Ransomware attacks • the attack encrypts the victim’s data and asks for money in exchange for the decryption key • Third parties being compromised • Cloud based services, third party data holders/processors • Phishing & Social Engineering attacks • CEO asking for an urgent payment to be made – or offering refund • A payment being asked to be processed to a different account than the one on file 15 Date

  16. THREAT LIFECYCLE Harden and isolate Proactive risk PREDICT PREVENT systems analysis Divert Predict attacks attackers Mobile user attacks Cloud Computer Baseline Prevent issues attacks systems Denial of Service Geolocation Remediate/ Detect attacks Make change/Learn issues High profile target spoofing Design/ Confirm and Model prioritize risk change Investigate/ Contain RESPOND DETECT Forensics issues 16 Date

  17. THREAT MONITORING-MANAGEMENT INTERACTION CONTINUOUS THREAT MONITORING Monitoring and Detection of Unauthorized Activities  Monitoring the company’s network and physical environments, IDS/IPS  Monitoring activity of third party service providers with access to network  Monitoring network for presence of unauthorized users, devices, connections and software  Using malicious code detection and data loss prevention software  Maintaining written incident alert thresholds BOARD AND MANAGEMENT INTERACTION  Normal routine updates from Management regarding the state of IT systems.  Key performance indicators such as how many breach notifications notices have been filed and IT department trends.  Updates on any initiates management such as employee training and outsourcing of key security functions.  Employee access to the Board  Whistleblower policy  Employee/customer hotline 17

  18. CYBERSECURITY TRAINING & TECHNOLOGY EMPLOYEE TRAINING Workforce  Are cybersecurity roles and responsibilities assigned and communicated to work force?  Regular training? Awareness of policy and reporting breaches  Employees to practice computer security best practices ( e.g ., use passwords with a mix of upper case and lower case letters, numbers and symbols)? TECHNOLOGY UPGRADE  Pace of Technology – Review and reassess data privacy and computer security policies and procedures • Are policies and procedures staying up to date with technological advances ( e.g ., do they address the plethora of mobile devices that are now available to employees)? • Are firewalls, anti-spam and anti-virus software updated regularly? • Are patches for the operating system and other software updated regularly? • Monitoring of computer system defenses to potential threats? 18

  19. INCIDENT RESPONSE AND RECOVERY INCIDENT RESPONSE  Review and reassess your data breach policy – Is it sufficiently detailed to provide guidance for what needs to be done immediately in the event of a security breach or a near miss? • Updated in light of GDPR? – Data breach investigation to discover and perform analysis? – Are key stakeholders represented on the team? – Data Breach team lead granted sufficient authority to quickly execute? – Lessons are learnt – Senior management and Board level awareness. RECOVERY PLAN  Business Continuity Plan – Review and reassess business continuity and disaster recovery plans • Business continuity plan cover a cyber attack or other type of computer disruption in addition to more commonly covered business disruptions, such as natural disasters and fire? • Test and re-test computer networks and systems 19

  20. CYBER SECURITY BEST PRACTICE BEST PRACTICES National Cyber Security Centre (NCSC)  Expert, trusted, and independent guidance for UK industry, government departments, the critical national infrastructure and private SMEs. International Standardization Organization (ISO) 27000 and 27001 Standards  Cyber Essentials  Cyber Security Information Sharing Partnership (CiSP) run by the NCSC BEST PRACTICES – Key Areas  Current environment practices should be measured against best practices in key areas: – Policy – Threat prevention • Perimeter, Insider and vendor. – Threat detection – Training and Awareness – Response 20

  21. THIRD PARTY CYBER SECURITY RISK & RECOVERY PLAN THIRD PARTY RISK AVERSION Third Party Vendors  Review and reassess the data privacy and computer security policies and procedures of third party service providers  Obtain and review Statement on Controls (SOC) reports from key third parties that process information  Review and reassess service contracts with third-party service provides to assure that privacy and computer security issues are adequately addressed  Review and reassess policies segregating network resources from 3 rd party accessible resources  Review and reassess policies regarding remote maintenance of network by 3 rd parties 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Welcome! Phishing And Ways To Combat It Phishing and ways to combat it Lance Bailey Systems

Welcome! Phishing And Ways To Combat It Phishing and ways to combat it Lance Bailey Systems

Conference 2018 Conference 2018 Welcome! Phishing And Ways To Combat It Phishing and ways to combat it Lance Bailey Systems Coordinator Genome Sciences Centre Don Devenney Information Technology Analyst Royal Roads University 2

222 views • 21 slides
Cyber Security Mark Danaj City of Fremont ICMA Conference Presenter Who am I? Why Am I

Cyber Security Mark Danaj City of Fremont ICMA Conference Presenter Who am I? Why Am I

Cyber Security Mark Danaj City of Fremont ICMA Conference Presenter Who am I? Why Am I Here? What will I accomplish? What can you learn from this presentation? Cyber Security Why is cyber security important? Who is

619 views • 23 slides
www.SNSTIPS.com Safe Computing / Networking Practices Computer should be placed in a common area

www.SNSTIPS.com Safe Computing / Networking Practices Computer should be placed in a common area

Parents Resource texted.ca netlingo.com thedoorsnotlocked.ca www.SNSTIPS.com Safe Computing / Networking Practices Computer should be placed in a common area in the home with easy access to everyone Facebook Settings 1) Secure ALL Your

88 views • 6 slides
Privately-held company founded in 1998 US Headquarters in New Jersey Global offices in USA,

Privately-held company founded in 1998 US Headquarters in New Jersey Global offices in USA,

Privately-held company founded in 1998 US Headquarters in New Jersey Global offices in USA, UK, China, India, Romania, Turkey, Japan and Ukraine 1400 employees (900 developers) Worldwide leader in SSL Security Internet Security

530 views • 35 slides
FACT Fraud Awareness for Commercial Targets Practical Advice on How to Protect Your Business or

FACT Fraud Awareness for Commercial Targets Practical Advice on How to Protect Your Business or

FACT Fraud Awareness for Commercial Targets Practical Advice on How to Protect Your Business or Not-for-profit Organization Against Fraud FACT: What is Fraud Fraud Awareness Awareness for Commercial Targets Commercial Targets? The FACT

621 views • 22 slides
26 October 2012 The Manager Companies ASX Limited 20 Bridge Street Sydney NSW 2000 (16 pages

26 October 2012 The Manager Companies ASX Limited 20 Bridge Street Sydney NSW 2000 (16 pages

Level 2, 66 Hunter Street Sydney NSW 2000 Tel: (61-2) 9300 3344 Fax: (61-2) 9221 6333 E-mail: pnightingale@biotron.com.au Website: www.biotron.com.au 26 October 2012 The Manager Companies ASX Limited 20 Bridge Street Sydney NSW 2000

385 views • 16 slides
SD-WAN Today and Tomorrow Balancing Lower Cost & Greater Agility Against the Perceived

SD-WAN Today and Tomorrow Balancing Lower Cost & Greater Agility Against the Perceived

SD-WAN Today and Tomorrow Balancing Lower Cost & Greater Agility Against the Perceived Risks of the Public Internet by Joel Stradling, Research Director, Global Managed and Hosted IT Services June 5, 2017 The Evolution of Enterprise IT

133 views • 12 slides
Quality metrics: Nutritional Labels for Code G. Ann Campbell @GAnnCampbell GenevaJug Why is

Quality metrics: Nutritional Labels for Code G. Ann Campbell @GAnnCampbell GenevaJug Why is

Quality metrics: Nutritional Labels for Code G. Ann Campbell @GAnnCampbell GenevaJug Why is this important? Software is Everywhere Software is everywhere https://www.lifewire.com/the-8-best-smart-home-products-4034624 Software is everywhere

580 views • 38 slides

More recommend