[vc_row][vc_column][vc_column_text][highlight2 textColor=”#368534″]Media Release[/highlight2] – 11th April 2016

Target. Adobe. AOL. eBay. What do these companies all have in common? These are all large companies that have been the victims of big security attacks over the last year. Over 145 million records were compromised in the case of online auction site eBay and Target dealt with more than 70 million breaches of their customer base. Unfortunately, all too often, organisations react to this type of event rather than proactively protect against it. Although some may argue, it’s hard to ‘get ahead’ of the hackers, there are steps you can take to reduce your vulnerability. Presented below are thoughts around the challenges of cybersecurity and managing your risk.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]For an effective cybersecurity program, an organization needs to coordinate its efforts throughout its entire information system. The most difficult challenge in cybersecurity is the ever-evolving nature of security risks themselves. Traditionally, organizations have focused cybersecurity resources on perimeter security to protect only their most crucial system components and defend against known threats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up. As a result, advisory organizations promote more proactive and adaptive approaches to cybersecurity. Similarly, the National Institute of Standards and Technology (“NIST”) issued the Cybersecurity framework in February 2014 that recommend a shift toward detection (continuous monitoring and real-time assessments), response and recovery based on a data-focused approach to security as opposed to the traditional perimeter-based model.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”MANAGING CYBER RISK” use_theme_fonts=”yes”][vc_column_text]The National Cyber Security Alliance (“NCSA”), through, recommends a top-down approach to cybersecurity in which corporate management leads the charge in prioritizing cybersecurity management across all business practices. NCSA advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation[/vc_column_text][vc_separator color=”sky” border_width=”3″][vc_column_text]are protected.” NCSA’s guidelines for conducting cyber-risk assessments focus on five key areas:[/vc_column_text][vc_column_text]
  • Identifying your organization’s “crown jewels” or your most valuable information requiring protection;
  • Identifying the threats and risks facing that information and their likelihood of occurrence;
  • Assessing the impact of the damage your organization would incur should that data be lost or wrongfully exposed;
  • Assessing the organization’s ability to recover from such an event and planning for timely and appropriate response; and
  • Detecting any nefarious activities (i.e. breach) on your network.
[/vc_column_text][vc_column_text]Organizations should evaluate the risk to electronic data containing details of employees, customers, suppliers, contracts, etc., when stored on removable media, mobile devices and hard drives. We would suggest deploying appropriate measures to safeguard all data stored on portable devices. The media should be encrypted and portable devices should employ a remote device wipe technology to remove data if lost or stolen.

Cyber risk assessments should also consider operations and any regulations that impact the manner in which your organization collects, stores and secures data. Assessing processes and technologies will help to establish the requirements of a mature cybersecurity program, but an organization must also focus on the people who touch those processes and technologies. The most robust cybersecurity program involving technology solutions will be limited without a high level of user adoption. Your employees need to understand the risks, embrace their responsibilities and act accordingly. Proper change management can aim to improve or create a governance framework, communication plans, job impact analysis and appropriate training/education to help ensure the success of the cybersecurity efforts[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”THINKMARBLE CAN HELP” use_theme_fonts=”yes”][vc_column_text]In conclusion, many organisations have not appropriately identified the risks and vulnerabilities of their environment, and therefore are failing to adequately safeguard customer, employee and other sensitive data. Unfortunately, the sentiment is often dismissive as they incorrectly assume ‘criminals don’t care about my small company’. That said, the metrics are alarming:[/vc_column_text][vc_column_text]

  • 60% of small to midsize businesses (SMBs) that experience a data breach will fail within 12 months; the statistic grows to 72% within 24 months;
  • 62% of attacks target SMBs;
  • 36% of SMBs have data security policies;
  • 26% of SMBs believe they have necessary in-house expertise;
  • £128,242 is the average cost of a cyber event for a SMB.
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]The criminals are agnostic to business size because here is the going rate on “the dark web” for data stolen from the healthcare industry. It’s relevant to retail and other industries as the data does exist inside of your systems.[/vc_column_text][vc_single_image image=”1582″ img_size=”full” alignment=”center” onclick=”link_image”][vc_column_text]And what happens when your organisation is not as prepared as you think? Recently, a company experienced a cyber-attack only to find out that the cyber insurance claim was denied for failure to meet policy requirements around internal controls.[/vc_column_text][vc_column_text]It is critically important in today’s world to assess your organisation’s current state of readiness regarding its ability to Identify, Protect, Detect, Respond, and Recover from a security incident and to take action to achieve your targeted level of readiness going forward. Thinkmarble can provide professionals who can help as they have valuable experience with cybersecurity, information technology general controls, risk and compliance assessments, remediation plans, change management, user adoption and more. A holistic approach to tackling a significant challenge enables us to help our clients to maintain a Position of Strength![/vc_column_text][/vc_column][/vc_row]

Any Questions?

To find out more about Products and Services, please complete the form below.