Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Convince your board - cyber attack prevention is better than cure


Published on

The business case for cyber attack prevention for organisations concerned about the rise in cyber crime and the risk to their data. Includes cyber security tips and resources.

Published in: Business
  • Login to see the comments

  • Be the first to like this

Convince your board - cyber attack prevention is better than cure

  1. 1. Why an ounce of prevention could be worth a ton of cyber attack cure
  2. 2. Ascentor: Convince Your Board Are you concerned about the growing threat of cyber crime? 2 Then this Slideshare is for you. It has been prepared by Ascentor as the first of a series of “Convince Your Board” presentations. We help organisations stay safe through information risk management – and equip suppliers to deliver projects and bid for contracts more successfully. Our public and private sector customers rely on our pragmatic and business focused approach to their cyber security and information assurance challenges. The concept is to use any of the slides as you see fit - with the aim of convincing your board of the importance of topics related to Information Risk Management. Ascentor - May 2017 Please note: This Slideshare is provided free of charge and for information purposes only. Any steps taken as a result of the information contained are at your own risk.
  3. 3. Ascentor: Convince Your Board The threat 3 Cyber attacks are on the increase 68% of large UK businesses hit by cyber breach or attack in past year (April 2017) Cyber Security Breaches Survey Over 45% of all micro/small businesses identified a cyber security breach or attack in the last year (April 2017) Cyber Security Breaches Survey Seven out of ten attacks involved viruses, spyware or malware that could have been prevented Department of Culture, Media & Sport Alarming rise in ransomware attacks (Jun 16): ➡ 3,500% increase in the criminal use of net infrastructure that helps run ransomware attacks ➡ Spear-phishing attacks a common delivery method. BBC Technology News An ounce of prevention could be worth a ton of cyber attack cure.
  4. 4. Ascentor: Convince Your Board The costs 4 It’s not just the big names facing crippling costs Cyber attacks cost UK firms £30bn in 2016 Infosecurity Magazine “The TalkTalk compromise on 21 October 2015 cost TalkTalk an estimated £60m and the loss of 95,000 customers, as well as a sharp drop in their share price.” National Cyber Security Strategy 2016-2021 Research by insurer RSA found the cost of a breach could be between £75,000 and £311,000 for SMEs. What’s more, their research found 28 per cent would go out of business if faced with an unexpected cost of £50,000. How do you put a price on the loss of customers and their goodwill?
  5. 5. Ascentor: Convince Your Board Businesses identifying breaches 5 Businesses that hold electronic personal data on their customers are more likely to have had breaches than those that do not (51% compared with 37%). Cyber Breaches Survey 2017
  6. 6. Ascentor: Convince Your Board Types of security incident 6 54% increase in exfiltration incidents ICO Exfiltration is the unauthorised transfer of data from a computer. It may be carried out by someone with physical access to a computer or through malicious programming over a network. DDOS is a Distributed Denial of Service attack. It involves multiple computers which send repeated requests to a target system causing it to fail.
  7. 7. Ascentor: Convince Your Board The impact - what actually happens 7 Cyber Breaches Survey 2017
  8. 8. Ascentor: Convince Your Board Do the basics right – the top 4 8 Passwords: Change default passwords! – Complete list of default passwords: passwords Example: SOHO (small office/home office) routers are seen as particularly soft targets by cyber criminals, as they are typically used by small organisations without dedicated security staff. Various exploits can be used to compromise routers, though these are sometimes unnecessary as the default login credentials are commonly left unchanged. A compromised router may allow the attacker to spy on user browsing activity, and could also be used to redirect DNS traffic to a malicious server. NCSC Weekly Threat Report – 24 Feb 17 80% of cyber related breaches can be prevented by applying the most basic of cyber security controls
  9. 9. Ascentor: Convince Your Board Patch to avoid exploitation 9 Patching: Patch any Internet facing systems as soon as possible – preferably automatically. A patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, with such patches usually called bug fixes, and improving the usability or performance. Example: Cisco regularly issues security updates. Exploitation of vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of- service condition. Users and administrators are encouraged to review Cisco Security Advisories and apply the necessary updates. Here is an example of one such update release, from March 2017. Vulnerability exploits
  10. 10. Ascentor: Convince Your Board Employees and ex-employees 10 Privileged Users: Restrict access to the minimum, revoke accounts and don’t allow normal business with a privileged account. Example: A disgruntled former system administrator at a US paper and packing manufacturing company was recently sentenced to 34 months in prison for causing the company $1.1 million worth of losses.
 His network accesses were not revoked when he was fired in 2014, enabling him to establish a VPN connection to the industrial plant. NCSC Weekly Threat Report – 24 Feb 17 Ex-employee threats to business
  11. 11. Ascentor: Convince Your Board Avoid infection 11 Anti-Virus: Install AV products on all servers and desktops and keep them up-to-date! Deploy antivirus and malicious code checking solutions to scan inbound and outbound objects at the network perimeter. Where host based antivirus is used it may be sensible to use different products to increase overall detection capability. Any suspicious or infected malicious objects should be quarantined for further analysis Defence in depth: • Patched vulnerabilities • Malware detection • Restricted privileges • Strong passwords
  12. 12. Ascentor: Convince Your Board Conclusion: The Opportunity 12 Cyber security is an opportunity for your business and a positive challenge for the Board of Directors. Get it right and you’ll build confidence and trust with both customers and partners - leading to better sales results. It will help not only protect your information from risks, it will also act to strengthen your whole business. You’ll save money through more efficient controls, more effective architectures and appropriate levels of protection. You will be more likely to achieve your mission and goals because business operations will be more predictable. Robust information risk management will set your business apart.
  13. 13. Ascentor: Convince Your Board Additional information 13 Ascentor’s guide to Cyber Essentials Ascentor’s Board’s Guide to Information Risk GCHQ’s Ten Steps to Cyber Security SANS CIS Critical Security Controls Do more than just the basics to stay ahead and strengthen your business Ascentor can help If you’d like to discuss how our consultants could advise on any aspect of cyber security, please contact Dave James, MD at Ascentor. Email: Office: 01452 881712 Web: You might also like to keep in touch with Ascentor by receiving our quarterly newsletter and following us on LinkedIn and Twitter.