SlideShare a Scribd company logo

Worshipful Company of Information Technologists

Download as PPT, PDF
Kevin Duffey
Kevin Duffey

Distinguished leaders from IT and Business consider how to engage Boards on the cyber risks that come with digital opportunity.

1 of 37
www.CyberRescue.co.uk Page: 1 How would I respond to a Cyber Attack? 26th April 2017 Kevin.Duffey@CyberRescue.co.uk +44 79 20 76 65 30 For more information, contact Assistance@CyberRescue.co.uk or +44 (0)20 7859 4320 A censored set of slides shown to the Worshipful Company of Information Technologists. Boardroom Briefing on Cyber Security
www.CyberRescue.co.uk Page: 2 A word about Cyber Rescue www.CyberRescue.co.uk We help executives lead commercial recovery when digital defences fail Practice your Response with Executive Simulations Bespoke Commercial Response Plan Commercial Coach for Cyber Attack Response To find out more, click here or Assistance@CyberRescue.co.uk
www.CyberRescue.co.uk Page: 3 FBI data storage in 1942 = 10 million sets of fingerprints, plus 23 million paper cards = 680 Gigabytes Digital opportunity
www.CyberRescue.co.uk Page: 4 Digital transformation of assets £600 storage device in 2016 a “memory stick” from HyperX, stores 1,000 Gigabytes Digital opportunity and cyber risk
www.CyberRescue.co.uk Page: 5 Option 1: Show market risk
www.CyberRescue.co.uk Page: 6 Cyber Threats Annual Growth 125% Zero Day 71% DDoS 55% Spear Phish 29% Malware 21% SQLi 38% growth in reported crime Option 1: Show market risk Typical Executive Response: “OK, the market must fix the problem”
www.CyberRescue.co.uk Page: 7 Option 2: Show systems risk Client Typical Executive Response: OK, the IT Director must fix the problem
www.CyberRescue.co.uk Page: 8 Option 2: Show systems risk Staff Systems Suppliers
www.CyberRescue.co.uk Page: 9 Staff Risks: •78% of staff don't obey info policy •63% of breaches involve passwords •41% of staff install apps on work PC •30% of phishing messages are opened •12% of staff download malicious s/ware Supply Chain Risks: •41% of breaches affecting healthcare are caused by Third Parties •17% of breaches investigated by Kroll caused by Third Parties •AT&T, Home Depot, TalkTalk, and Target all suffered breaches via 3rd parties Assess Risks beyond IT
www.CyberRescue.co.uk Page: 10 Option 3: Simulate a Breach Typical Executive Response: OK, WE must work together on this
www.CyberRescue.co.uk Page: 11 Option 3: Simulate a Breach
www.CyberRescue.co.uk Page: 12
www.CyberRescue.co.uk Page: 13 Amy Pascal former CEO of Sony Pictures, February 2015 [Click on name for full interview] There was this horrible moment where I realized there was absolutely nothing at all that I could do.
www.CyberRescue.co.uk Page: 14 Robert Pera CEO of Ubiquiti, on “whaling”loss of $46.7m that his staff didn't tell him about, January 2016 I’ve been through stages of denial, disbelief, frustration.
www.CyberRescue.co.uk Page: 15 I am incredibly angry about this data breach. John Legere CEO, T-Mobile USA, on breach of T-Mobile customer data stored by Experian, October 2015
www.CyberRescue.co.uk Page: 16 The only crime that has been proven is the hack. That is the story. Ramon Fonseca founding partner of Mossack Fonseca ("Panama Papers"), April 2016
www.CyberRescue.co.uk Page: 17 The awful truth is that I don’t know. Dame Dido Harding CEO of Talk Talk, when asked if affected customer data was encrypted, October 2015
www.CyberRescue.co.uk Page: 18 Atiur Rahman, Bangladesh Bank Governor, after cyber thieves compromised their systems - 15th March 2016 It was like an Earthquake.
www.CyberRescue.co.uk Page: 19 CEOs struggle to visualize cyber response
www.CyberRescue.co.uk Page: 20 “Hands on your head” isn’t enough for adults Material for Earthquake Response. Slogan “Shake Out. Don’t Freak Out.”
www.CyberRescue.co.uk Page: 21 Companies should be thinking about decisions the CEO will need to make. Michael Vatis Director, FBI's National Infrastructure Protection Center, January 2016
www.CyberRescue.co.uk Page: 22 You are “blindsided” You weren’t told of other Security Incidents CEO (55%), HR (68%), Legal (72%). You are told of the Breach by an outsider Law Enforcement (41%), 3rd Parties (35%), Fraud Detection (14%) or Internal (10%). You are already weeks behind the attackers Average time to discovery of breach: 69 days (114 days in health, and 46 in all other sectors) Cyber Attacks are different from other business continuity challenges in the “paralysing ambiguity” of the situation.
www.CyberRescue.co.uk Page: 23 Authorities are “difficult” Who to call? 31 organisations fight cyber threats to Financial Services in UK. 68% of IoD Members are unaware of Action Fraud. What resources do they have? UK NCSP gives £30m pa to combat cyber crime, including £12m to NCEC. The ICO has 30 officers handling over 200,000 concerns & 1,000 cases per year. What do Authorities do? “4% of cyber crime dealt with appropriately by police.”
www.CyberRescue.co.uk Page: 24 There are a lot of opinions Who is in charge? The UK Parliament expressed its view on 20th June 2016 . What has been breached? Only 45% of security professionals are confident they can determine the scope of a breach. External forensics typically lasts 43 days. How soon to notify customers? 91% of consumers expect "24 hours or less." But 32% of consumers say their loyalty would diminish if they knew of a data breach.
www.CyberRescue.co.uk Page: 25 (International) Laws are complicated Click to view DLA Piper’s 425 page summary of Privacy and Breach Notification laws and other “response” documents
www.CyberRescue.co.uk Page: 26 Decisions imply a Budget Insurance Pays? 52% of UK CEOs believe they have cover, but <10% actually do. Some 81% of companies with cyber cover in USA have never claimed on it. Claims covered: In USA, 78% went on Crisis Services, 8% on Defence, 9% on Settlement, & 4% for Fines. Big Gesture? 53% of Breach Notifications offer Credit Monitoring, which is taken up by 10% of affected consumers.
www.CyberRescue.co.uk Page: 27 How to triage complaints? Irate consumers want to receive the global standard in call centre response, 80% of calls answered in 20 seconds. But volumes can be 100 times normal, with call duration x2 standard 4 mins. And in addition - - Social Media - Regulators - Suppliers - Press - Staff - Police - Shareholders You are overwhelmed
www.CyberRescue.co.uk Page: 28 Example Simulation Acme Ltd is a new subsidiary of Acme PLC. You employ 100 staff, with 50,000 customers. You have 10 key partners, eg suppliers. Your IT Director is away. You launch a new service “Acme Cares” in a week. Acme Ltd You work in the senior executive team of a medium-sized luxury hospitality business.
www.CyberRescue.co.uk Page: 29 Enjoy the Simulation Much will be uncertain during the exercise. That is deliberate. Paralysing ambiguity is a defining characteristic of cyber attacks. Decisions have consequences, as does failure to take prompt action. None of you will be evaluated. The exercise is safe and enjoyable. It is OK to make mistakes. Teamwork is key. Who? How? Why?
www.CyberRescue.co.uk Page: 30 Simulation Slides have been removed Please contact Cyber Rescue for a simulation of the decisions your executive team will need to make when hackers breach your defences. www.CyberRescue.co.uk +44 (0)20 7859 4320
www.CyberRescue.co.uk Page: 31 $4 million USD is the “average” total cost of a reported data breach (up 29% since 2013): more in Healthcare, Education & Finance. Abnormal churn following a breach ranges from 6.2% in Finance and 5.3% in Health to 0.1% in Public Sector. Cost is reduced most by: Incident Response Team (-10%), Encryption (-8%), Training (-6%). $158 USD is the average cost per lost or stolen record (up 15% since 2013). (June 2016) 53% of Breach Notifications included an offer of Credit Monitoring, which was taken up by 10% of those consumers. – March 2016
www.CyberRescue.co.uk Page: 32 55% pa increase in spear-phishing attacks on employees (April ‘16) 52% of IT professionals re-use personal passwords for business apps 41% of Millennials install apps on work PC without consulting IT 30% of Millennials email company info to a personal email address 30% of phishing messages are opened (April ‘16) 29% of companies with mandatory data protection training give an exception to CEOs (May ‘16) Cause of breach (March ‘16): - 48% Current Employee - 31% Outside Perpetrator - 17% Related Third Party - 4% Former Employee.
www.CyberRescue.co.uk Page: 33 Which attack to simulate?
www.CyberRescue.co.uk Page: 34 Keep your recovery plan simple If it’s >20 pages, it won’t be read
www.CyberRescue.co.uk Page: 35 the future? Massive growth in digital opportunities and cyber threats. Expectations on CEOs will rise: to have a detailed plan to reduce harm from cyber attack.
www.CyberRescue.co.uk Page: 36 How we help leaders like you www.CyberRescue.co.uk We help executives lead commercial recovery when digital defences fail Practice your Response with Executive Simulations Bespoke Commercial Response Plan Commercial Coach for Cyber Attack Response To find out more, click here or Assistance@CyberRescue.co.uk
www.CyberRescue.co.uk Page: 37 thank you www.CyberRescue.co.uk Kevin Duffey Managing Director 07920 766530

Recommended

Cyber Insights from 100 surveys
Cyber Insights from 100 surveysCyber Insights from 100 surveys
Cyber Insights from 100 surveys
Kevin Duffey
 
Cyber TPRM - the journey ahead
Cyber TPRM - the journey aheadCyber TPRM - the journey ahead
Cyber TPRM - the journey ahead
Kevin Duffey
 
Ensuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance SectorEnsuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance Sector
Kevin Duffey
 
Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022
Kevin Duffey
 
Best Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveysBest Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveys
Kevin Duffey
 
Breaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so LowBreaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so Low
Kevin Duffey
 
Cyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptxCyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptx
Kevin Duffey
 
Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022
Kevin Duffey
 

Recommended

Cyber Insights from 100 surveys
Cyber Insights from 100 surveysCyber Insights from 100 surveys
Cyber Insights from 100 surveys
Kevin Duffey
 
Cyber TPRM - the journey ahead
Cyber TPRM - the journey aheadCyber TPRM - the journey ahead
Cyber TPRM - the journey ahead
Kevin Duffey
 
Ensuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance SectorEnsuring Cyber Resilience in the Finance Sector
Ensuring Cyber Resilience in the Finance Sector
Kevin Duffey
 
Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022Breaches Anticipated in 2022 - November 1st, 2022
Breaches Anticipated in 2022 - November 1st, 2022
Kevin Duffey
 
Best Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveysBest Cyber Insights of 2022, from over 200 surveys
Best Cyber Insights of 2022, from over 200 surveys
Kevin Duffey
 
Breaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so LowBreaches Anticipated in 2022 as Cyber Security Posture so Low
Breaches Anticipated in 2022 as Cyber Security Posture so Low
Kevin Duffey
 
Cyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptxCyber Insurance - Best Insights of June 2022.pptx
Cyber Insurance - Best Insights of June 2022.pptx
Kevin Duffey
 
Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022Best Cyber Risk Insights from 100 reports published in year to March 2022
Best Cyber Risk Insights from 100 reports published in year to March 2022
Kevin Duffey
 
Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...
Kevin Duffey
 
Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022
Kevin Duffey
 
Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021
Kevin Duffey
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial Services
Kevin Duffey
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Kevin Duffey
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Kevin Duffey
 
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Kevin Duffey
 
Cyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and SuppliersCyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and Suppliers
Kevin Duffey
 
London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018
Kevin Duffey
 
Cyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 ExecutivesCyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 Executives
Kevin Duffey
 
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Kevin Duffey
 
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Kevin Duffey
 
Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...
Kevin Duffey
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
Kevin Duffey
 
Cyber Police in Greece helping CEOs
Cyber Police in Greece helping CEOsCyber Police in Greece helping CEOs
Cyber Police in Greece helping CEOs
Kevin Duffey
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
Kevin Duffey
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
Kevin Duffey
 
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crimeDanish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Kevin Duffey
 
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Kevin Duffey
 
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Kevin Duffey
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 

More Related Content

More from Kevin Duffey

Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...
Kevin Duffey
 
Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022
Kevin Duffey
 
Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021
Kevin Duffey
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial Services
Kevin Duffey
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Kevin Duffey
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Kevin Duffey
 
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Kevin Duffey
 
Cyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and SuppliersCyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and Suppliers
Kevin Duffey
 
London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018
Kevin Duffey
 
Cyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 ExecutivesCyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 Executives
Kevin Duffey
 
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Kevin Duffey
 
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Kevin Duffey
 
Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...
Kevin Duffey
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
Kevin Duffey
 
Cyber Police in Greece helping CEOs
Cyber Police in Greece helping CEOsCyber Police in Greece helping CEOs
Cyber Police in Greece helping CEOs
Kevin Duffey
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
Kevin Duffey
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
Kevin Duffey
 
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crimeDanish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Kevin Duffey
 
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Kevin Duffey
 
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Kevin Duffey
 

More from Kevin Duffey (20)

Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...Breaches Anticipated - because firms have weak cyber security visible to hac...
Breaches Anticipated - because firms have weak cyber security visible to hac...
 
Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022Cyber insurance insights - 17th feb 2022
Cyber insurance insights - 17th feb 2022
 
Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021Breaches anticipated in 2021 - Published 14th Jjune 2021
Breaches anticipated in 2021 - Published 14th Jjune 2021
 
Cyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial ServicesCyber Resilience: managing 3rd Party Risks in Financial Services
Cyber Resilience: managing 3rd Party Risks in Financial Services
 
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
Privacy & Security in Feb 2020: new Fintech regulations on Cyber Security at ...
 
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
Cyber Risk Measurement: what 25 CISOs & CROs plan for 2020
 
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
Keynote at Operational Resilience summit - Financial Services - 18th Nov 2019
 
Cyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and SuppliersCyber Resilience across Subsidiaries and Suppliers
Cyber Resilience across Subsidiaries and Suppliers
 
London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018London First - cyber attack simulation - 22nd May 2018
London First - cyber attack simulation - 22nd May 2018
 
Cyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 ExecutivesCyber Attack Simulation for 450 Executives
Cyber Attack Simulation for 450 Executives
 
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
 
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
Cyber attack response from the CEO perspective - Tallinn Estonia - Short Simu...
 
Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...Equifax breach - how to lose friends and customers...
Equifax breach - how to lose friends and customers...
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
 
Cyber Police in Greece helping CEOs
Cyber Police in Greece helping CEOsCyber Police in Greece helping CEOs
Cyber Police in Greece helping CEOs
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in Greece
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
 
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crimeDanish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
Danish National Cyber Crime Centre - Kim Aarenstrup - how to fight cyber crime
 
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
Danish Council for Digital Security - Rasmus Theede - Commmercial insights in...
 
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
Danish Centre for Cyber Security - Thomas Kristmar - CEOs leading recovery in...
 

Recently uploaded

Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
Auditing study material for b.com final year students
Auditing study material for b.com final year studentsAuditing study material for b.com final year students
Auditing study material for b.com final year students
narasimhamurthyh4
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
HARSHITHV26
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
Corey Perlman, Social Media Speaker and Consultant
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 

Recently uploaded (20)

Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
Auditing study material for b.com final year students
Auditing study material for b.com final year studentsAuditing study material for b.com final year students
Auditing study material for b.com final year students
 
Set off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptxSet off and carry forward of losses and assessment of individuals.pptx
Set off and carry forward of losses and assessment of individuals.pptx
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 

Worshipful Company of Information Technologists

  • 1. www.CyberRescue.co.uk Page: 1 How would I respond to a Cyber Attack? 26th April 2017 Kevin.Duffey@CyberRescue.co.uk +44 79 20 76 65 30 For more information, contact Assistance@CyberRescue.co.uk or +44 (0)20 7859 4320 A censored set of slides shown to the Worshipful Company of Information Technologists. Boardroom Briefing on Cyber Security
  • 2. www.CyberRescue.co.uk Page: 2 A word about Cyber Rescue www.CyberRescue.co.uk We help executives lead commercial recovery when digital defences fail Practice your Response with Executive Simulations Bespoke Commercial Response Plan Commercial Coach for Cyber Attack Response To find out more, click here or Assistance@CyberRescue.co.uk
  • 3. www.CyberRescue.co.uk Page: 3 FBI data storage in 1942 = 10 million sets of fingerprints, plus 23 million paper cards = 680 Gigabytes Digital opportunity
  • 4. www.CyberRescue.co.uk Page: 4 Digital transformation of assets £600 storage device in 2016 a “memory stick” from HyperX, stores 1,000 Gigabytes Digital opportunity and cyber risk
  • 6. www.CyberRescue.co.uk Page: 6 Cyber Threats Annual Growth 125% Zero Day 71% DDoS 55% Spear Phish 29% Malware 21% SQLi 38% growth in reported crime Option 1: Show market risk Typical Executive Response: “OK, the market must fix the problem”
  • 7. www.CyberRescue.co.uk Page: 7 Option 2: Show systems risk Client Typical Executive Response: OK, the IT Director must fix the problem
  • 8. www.CyberRescue.co.uk Page: 8 Option 2: Show systems risk Staff Systems Suppliers
  • 9. www.CyberRescue.co.uk Page: 9 Staff Risks: •78% of staff don't obey info policy •63% of breaches involve passwords •41% of staff install apps on work PC •30% of phishing messages are opened •12% of staff download malicious s/ware Supply Chain Risks: •41% of breaches affecting healthcare are caused by Third Parties •17% of breaches investigated by Kroll caused by Third Parties •AT&T, Home Depot, TalkTalk, and Target all suffered breaches via 3rd parties Assess Risks beyond IT
  • 10. www.CyberRescue.co.uk Page: 10 Option 3: Simulate a Breach Typical Executive Response: OK, WE must work together on this
  • 13. www.CyberRescue.co.uk Page: 13 Amy Pascal former CEO of Sony Pictures, February 2015 [Click on name for full interview] There was this horrible moment where I realized there was absolutely nothing at all that I could do.
  • 14. www.CyberRescue.co.uk Page: 14 Robert Pera CEO of Ubiquiti, on “whaling”loss of $46.7m that his staff didn't tell him about, January 2016 I’ve been through stages of denial, disbelief, frustration.
  • 15. www.CyberRescue.co.uk Page: 15 I am incredibly angry about this data breach. John Legere CEO, T-Mobile USA, on breach of T-Mobile customer data stored by Experian, October 2015
  • 16. www.CyberRescue.co.uk Page: 16 The only crime that has been proven is the hack. That is the story. Ramon Fonseca founding partner of Mossack Fonseca ("Panama Papers"), April 2016
  • 17. www.CyberRescue.co.uk Page: 17 The awful truth is that I don’t know. Dame Dido Harding CEO of Talk Talk, when asked if affected customer data was encrypted, October 2015
  • 18. www.CyberRescue.co.uk Page: 18 Atiur Rahman, Bangladesh Bank Governor, after cyber thieves compromised their systems - 15th March 2016 It was like an Earthquake.
  • 19. www.CyberRescue.co.uk Page: 19 CEOs struggle to visualize cyber response
  • 20. www.CyberRescue.co.uk Page: 20 “Hands on your head” isn’t enough for adults Material for Earthquake Response. Slogan “Shake Out. Don’t Freak Out.”
  • 21. www.CyberRescue.co.uk Page: 21 Companies should be thinking about decisions the CEO will need to make. Michael Vatis Director, FBI's National Infrastructure Protection Center, January 2016
  • 22. www.CyberRescue.co.uk Page: 22 You are “blindsided” You weren’t told of other Security Incidents CEO (55%), HR (68%), Legal (72%). You are told of the Breach by an outsider Law Enforcement (41%), 3rd Parties (35%), Fraud Detection (14%) or Internal (10%). You are already weeks behind the attackers Average time to discovery of breach: 69 days (114 days in health, and 46 in all other sectors) Cyber Attacks are different from other business continuity challenges in the “paralysing ambiguity” of the situation.
  • 23. www.CyberRescue.co.uk Page: 23 Authorities are “difficult” Who to call? 31 organisations fight cyber threats to Financial Services in UK. 68% of IoD Members are unaware of Action Fraud. What resources do they have? UK NCSP gives £30m pa to combat cyber crime, including £12m to NCEC. The ICO has 30 officers handling over 200,000 concerns & 1,000 cases per year. What do Authorities do? “4% of cyber crime dealt with appropriately by police.”
  • 24. www.CyberRescue.co.uk Page: 24 There are a lot of opinions Who is in charge? The UK Parliament expressed its view on 20th June 2016 . What has been breached? Only 45% of security professionals are confident they can determine the scope of a breach. External forensics typically lasts 43 days. How soon to notify customers? 91% of consumers expect "24 hours or less." But 32% of consumers say their loyalty would diminish if they knew of a data breach.
  • 25. www.CyberRescue.co.uk Page: 25 (International) Laws are complicated Click to view DLA Piper’s 425 page summary of Privacy and Breach Notification laws and other “response” documents
  • 26. www.CyberRescue.co.uk Page: 26 Decisions imply a Budget Insurance Pays? 52% of UK CEOs believe they have cover, but <10% actually do. Some 81% of companies with cyber cover in USA have never claimed on it. Claims covered: In USA, 78% went on Crisis Services, 8% on Defence, 9% on Settlement, & 4% for Fines. Big Gesture? 53% of Breach Notifications offer Credit Monitoring, which is taken up by 10% of affected consumers.
  • 27. www.CyberRescue.co.uk Page: 27 How to triage complaints? Irate consumers want to receive the global standard in call centre response, 80% of calls answered in 20 seconds. But volumes can be 100 times normal, with call duration x2 standard 4 mins. And in addition - - Social Media - Regulators - Suppliers - Press - Staff - Police - Shareholders You are overwhelmed
  • 28. www.CyberRescue.co.uk Page: 28 Example Simulation Acme Ltd is a new subsidiary of Acme PLC. You employ 100 staff, with 50,000 customers. You have 10 key partners, eg suppliers. Your IT Director is away. You launch a new service “Acme Cares” in a week. Acme Ltd You work in the senior executive team of a medium-sized luxury hospitality business.
  • 29. www.CyberRescue.co.uk Page: 29 Enjoy the Simulation Much will be uncertain during the exercise. That is deliberate. Paralysing ambiguity is a defining characteristic of cyber attacks. Decisions have consequences, as does failure to take prompt action. None of you will be evaluated. The exercise is safe and enjoyable. It is OK to make mistakes. Teamwork is key. Who? How? Why?
  • 30. www.CyberRescue.co.uk Page: 30 Simulation Slides have been removed Please contact Cyber Rescue for a simulation of the decisions your executive team will need to make when hackers breach your defences. www.CyberRescue.co.uk +44 (0)20 7859 4320
  • 31. www.CyberRescue.co.uk Page: 31 $4 million USD is the “average” total cost of a reported data breach (up 29% since 2013): more in Healthcare, Education & Finance. Abnormal churn following a breach ranges from 6.2% in Finance and 5.3% in Health to 0.1% in Public Sector. Cost is reduced most by: Incident Response Team (-10%), Encryption (-8%), Training (-6%). $158 USD is the average cost per lost or stolen record (up 15% since 2013). (June 2016) 53% of Breach Notifications included an offer of Credit Monitoring, which was taken up by 10% of those consumers. – March 2016
  • 32. www.CyberRescue.co.uk Page: 32 55% pa increase in spear-phishing attacks on employees (April ‘16) 52% of IT professionals re-use personal passwords for business apps 41% of Millennials install apps on work PC without consulting IT 30% of Millennials email company info to a personal email address 30% of phishing messages are opened (April ‘16) 29% of companies with mandatory data protection training give an exception to CEOs (May ‘16) Cause of breach (March ‘16): - 48% Current Employee - 31% Outside Perpetrator - 17% Related Third Party - 4% Former Employee.
  • 34. www.CyberRescue.co.uk Page: 34 Keep your recovery plan simple If it’s >20 pages, it won’t be read
  • 35. www.CyberRescue.co.uk Page: 35 the future? Massive growth in digital opportunities and cyber threats. Expectations on CEOs will rise: to have a detailed plan to reduce harm from cyber attack.
  • 36. www.CyberRescue.co.uk Page: 36 How we help leaders like you www.CyberRescue.co.uk We help executives lead commercial recovery when digital defences fail Practice your Response with Executive Simulations Bespoke Commercial Response Plan Commercial Coach for Cyber Attack Response To find out more, click here or Assistance@CyberRescue.co.uk
  • 37. www.CyberRescue.co.uk Page: 37 thank you www.CyberRescue.co.uk Kevin Duffey Managing Director 07920 766530

Editor's Notes

  1. Please contact us if you’d like to protect your Reputation, Revenues and Company Value
  2. It’s the data storage system the FBI used in 1942 To hold a lot less data than fits on a modern memory stick. Choosing pictures that tell stories is really important. For example, some people compare a data breach to an earthquake. There is some value in that approach, because…
  3. This memory stick holds 1,000 Gigabytes Who here can visualise what that looks like? We find it helpful to show CEOs this picture, of just 600 Gigabytes
  4. “Everyone thinks they have a plan, until they get punched in the face.” Mike Tyson said that. So did Vicki Gavin – the award winning CISO of The Economist Group – and many others who work in cyber resilience. The quote applies at two levels: CEOs genuinely think they have a plan. For example, the UK Government found that more than half of UK CEOs think they have cyber insurance,Insurance Brokers say the actual figure is closer to 2%. Where a plan does exist, it is inadequate. Typically it covers only technical response, Technical forensics and Technical remediation Such response is necessary but not sufficient for Full Recovery That includes the Reputation, the Revenues and indeed the Roles that executives are responsible for. Technical incident response plans don’t support Executives through the shock that is often disorientating, and the uncertainty that often leads to decision paralysis or Reckless Hyper Activity After a Breach it’s fine to feel Anger, Depression, Self-Pity or Betrayal, but then Executives need a plan of action. Famously, they don’t always. Amy Pascal didn’t have a plan.
  5. “There was this horrible moment, where I realized there was absolutely nothing at all that I could do.” There was actually – of course - a huge amount to do. Which she’d have learnt by role playing a cyber attack – Engaging with law enforcement, the media staff and talent customers and suppliers investors and regulators finance, operations, HR, customer service, IT and many more. But there’s so much to do, it’s hard to get past emotions Robert Pera did a service by sharing his feelings.
  6. “Denial, Disbelief, Frustration.” Those are the emotions he described to shareholders, after the FBI told him they’d seen his company’s money going into a bank account they were watching. Pera blamed “a couple individuals who displayed incredibly poor judgment and incompetence” But those “couple of individuals” made 14 wire transfers, over 17 days, totalling over $46m without checking in person with the “colleague” who supposedly was emailing instructions to send the cash to new bank accounts in China, Russia, Poland and other countries. As CEO, Pera could have created a culture in which staff talk to executives when asked to do strange things a control system that checks new payments to new bank accounts a training platform that educates staff about the risks of phishing, whaling and other attacks. It’s obvious Pera was feeling enormous anger. That anger is even more intense when a breach can be blamed on a supplier.
  7. John Legere, was “incredibly angry” when data on his 15 million customers was breached by one of his suppliers, the data processor, Experian. Experian’s costs for that breach – so far - are $20 million plus the loss of one of their largest customers, T-Mobile. But executives can do more than trust that their data will be safe, they can make efforts to verify. In the future, it won’t be enough for Executives to say they are angry. They must insist on a procurement approach that does more than ask providers to promise to keep data safe. For just $20,000, it is possible to automatically identify which of your providers - has failed to patch their systems, - has failed to keep passwords safe, - has failed to XXX. At Cyber Rescue, we offer that $20,000 service. We also help CEOs role play and plan for the consequences of a breach. A cyber attack is a crime. The attacked CEO might expect sympathy. An obvious example of a CEO who expected sympathy is Ramon Fonseca? He said…
  8. “The only crime that has been proven is the hack. That is the story.” But of course the story that the media focussed on as they read the Panama Papers that had been breached from his law firm Was the illegal tax evasion and money laundering the law firm appeared to have facilitated. If the executives at Mossack Fonseca had role played the consequences of a data breach it would have been obvious they’d get little public sympathy. At Cyber Rescue, we have Members, who have realised through our role play exercises that while what they do is really good work the media might choose not to be sympathetic to a breach. So having role-played a breach, our Members our members do much more to encrypt, segment, tokenise, limit access to and otherwise protect their clients data. By role-playing and planning the consequences of a breach Executives at least understand what protections they have in place. They don’t need to find themselves on national TV and having to say
  9. “The awful truth is that I don’t know” It is not a great answer to the question “Do you know if your customer’s sensitive information was encrypted?” Dido Harding was faced with several questions that could have been anticipated. For example, “did TalkTalk implement Cyber Essentials before this breach.” Role playing such a question in advance makes it obvious that an investment of less than £1k to get the certificate the Government recommends is worth making even if you’re already doing everything needed technically. Cyber attacks are not just a technical issue, they are an expected challenge of doing digital business So, companies need to be expecting a breach. And as the FBI says…
  10. It was like an Earthquake! And actually, that’s an interesting analogy. What would you do if there was a major earthquake. If you are a child…
  11. …CEOs struggle to visualise effective cyber response. Putting your hands on your head is a start, but we actually want more from our leaders. As Group General Manager at International SOS I was responsible for evacuating thousands of people during events like The Arab Spring, the eruptions of the Eyjafjallajökul volcano in Iceland and the Japanese earthquake that destroyed the Fukushima nuclear plant. My career has been based on helping leaders anticipate the future including the consequences of disasters And it’s the consequences that often do more damage than the event.
  12. For example, a mature response to an earthquake anticipates all the decisions and resources needed when an earthquake can be followed by: Landslide Tsunami Fire Radiation Leak Water Shortage Food Shortage Shelter Shortage Transport Problems and so on
  13. “Companies should be thinking about the decisions the CEO will need to make” During and immediately after a major cyber attack is discovered. And that’s where we in this room have a responsibility We have to help CEOs to anticipate and really visualise the consequences of cyber attack. People say that “out of sight is out of mind” and what does data look like? These days, if it has any physical appearance, perhaps it looks like this.
  14. Passions can run high, because although we all know a breach is “inevitable,” most CEOs aren’t mentally prepared. And the “paralysing ambiguity” of an attack you can’t physically see is very disorientating.
  15. CEOs then think about calling for help And there are some excellent individuals at the many organisations that help fight cyber attacks. But it can be difficult to navigate the various authorities during a crisis.
  16. Similarly, it can be difficult to navigate internally
  17. And the legal picture is certainly not simple, especially for businesses that operate in more than one State.
  18. Yet decisions have to be made including to put dollars against specific actions.
  19. How much, for example, should be invested in the Surge capability needed to communicate with all Stakeholders?
  20. The future will bring many digital opportunities, but the bar of expectations will also be raised not just for good cyber security, but also for good commercial response.
  21. Please contact us if you’d like to protect your Reputation, Revenues and Company Value
  22. Thank you.