Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ATOS: Preparing your business to manage cyber incidents

542 views

Published on

ATOS: Preparing your business to manage cyber incidents

Published in: Business
  • Be the first to comment

  • Be the first to like this

ATOS: Preparing your business to manage cyber incidents

  1. 1. Drew Gibson | BRACE FOR IMPACT Preparing your business to manage cyber incidents
  2. 2. 2| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Cyber is more than an IT problem Organisations deal with it to varying degrees of success This is however industry or market dependent
  3. 3. 3| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Global number of attacks - unknown 2012 first time mentioned in WEF Global Risks Report It has been a known issue for many years The data says it all So why is it such an issue? first virus 1982 Elk Cloner (open to debate) US$315bn* Global cost of attacks over the past 12 months - Grant Thornton survey $ Recognition as an issue Ranking in 2016 report – out of top 10, Global spend on cyber-security estimated at 2015 2020 $75 bn $170 bn becoming more normalised
  4. 4. 4| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Cyber is more than an IT problem We know that cyber attacks are prolific and cost organisations millions So how do we prepare ourselves for the inevitable in a sustainable manner
  5. 5. 5| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Legal Obligations
  6. 6. 6| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos What if?
  7. 7. 7| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Hypothetically You were a UK based telecoms and internet provider So what?
  8. 8. 8| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Hypothetically Who had been hacked! Multiple times… How much data has gone?
  9. 9. 9| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Hypothetically And you hadn’t joined up your IT Security Team and your PR Department… How much data has gone? Publicly messaged customers accounts breached following forensic investigation cost of prevention estimated at (consultancy based) cost of remediation post incident at (reported) – who stayed, who went, who will go?
  10. 10. 10| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Hypothetically What could it do to your share price?
  11. 11. 11| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos So could this be you?
  12. 12. 12| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos So Rollback 6 months…
  13. 13. 13| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos What could you have done? What could have prevented or reduced the impact of the data breach ▶ Technical protection ▶ The Legal protection ▶ Enhanced/Better IT Security procedures ▶ Joined up business processes ▶ Better understanding of vulnerability and victimhood ? ?
  14. 14. 14| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos What could you have done? Using the technology to protect you ▶ Monitoring ▶ Inner protection as well as external
  15. 15. 15| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos What could you have done? IT processes and procedures But are these sufficient protection on their own and do they really consider the customer’s view point
  16. 16. 16| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos What could you have done? Legal aspects are you braced for impact
  17. 17. 17| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos What could you have done? Do the business processes match the IT Security processes ▶ It is not necessarily about the breach, but how it is managed ▶ lack of communications ▶ Well intentioned, but misleading communications – potentially 4 million customers v 156,000 actual 4 million potential 156,000 actual 16,000
  18. 18. 18| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos What could you have done? Psychologically are you braced for impact ▶ how does the rest of the world view you – the victim or part of the problem ▶ Were you irresponsible with people’s data ▶ So what did you really save by not investing in better data protection measures ▶ Consumers understanding about their data – they can give it away with ease, but you have to protect it in a way that they don’t have to. ▶ The assumption that you will treat all their data in confidence ▶ It might not be you – have you been negligent in who you have engaged to look after the data ▶ Or to transfer it?
  19. 19. 19| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos The Perception
  20. 20. 20| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Stealing money from a cash machine So what is the difference
  21. 21. 21| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Cyber is more than an IT problem So did these organisations understand the attacks impacts? This is however industry or market dependent
  22. 22. 22| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos The Costs
  23. 23. 23| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos The costs are simple to articulate. McKinsey/World Economic Forum report, Increased Cyber Security Can Save Global Economy Trillions (2014) stated: But they still don’t provide a clear definition of cyber or its issues 8 Months is the average time that an advanced threat goes unnoticed on a victims network US 3$ Trillion is the total global impact of cyber-crime 2.5 Billion exposed records as a result of a data breach in the past five years, (2009-2014) 1 in 5 organisations have experienced an Advanced Persistent Threat (APT) attack In 2013 there was a in breaches being identified and reported and it is growing 62% increase
  24. 24. 24| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Studies into perceptions and actual costs of cyber attacks Often not the share price, but the hidden costs that result from a cyber attack
  25. 25. 25| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos The Costs Do Cyber Attacks effect share prices?
  26. 26. 26| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos The Solution
  27. 27. 27| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Understand how you define “cyber” Understand that you are comparing the same thing, only differently So how do organisations define what it relates clearly? ClearUnclear Low Understanding of the term Cyber Abilitytodefine thetermCyberHigh Developgreaterunderstandinga towhatdefinitionsmeanin relationtovulnerabilities Provide greater clarity as to what cyber refers to and what it does not Vagueness of Definitions Muddled Definitions Coherence of Definitions Confusion of Definitions Move to greater coherence of definitions 1 2 3 4
  28. 28. 28| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Understand how you define “cyber” Understand that you are comparing the same thing, only differently Current issue in achieving greater coherence of definitions So need to define what it relates clearly. ClearUnclear Low Understanding of the term Cyber Abilitytodefine thetermCyberHigh Developgreaterunderstandinga towhatdefinitionsmeanin relationtovulnerabilities Provide greater clarity as to what cyber refers to and what it does not Vagueness of Definitions Muddled Definitions Coherence of Definitions Confusion of Definitions 1 2 3 4
  29. 29. 29| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Questions
  30. 30. 30| BRACE FOR IMPACT Preparing your business to manage cyber incidents | ©Atos Thank you Drew Gibson MSc Principal Consultant – Operational Risk and Cyber Resilience, Atos Consulting +44 (0) 7894 437 705 drew.gibson@atos.net

×