Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Countering Cyber Threats


Published on

A short 20 minute presentation given at C5 Financial Institutions Regulatory Disputes and Investigations in London on the 24th November 2015

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Countering Cyber Threats

  1. 1. Countering cyber-security threats Phil Huggins
  2. 2. Stroz Friedberg 2 Leading experts on cyber defence - pragmatic, evidence-driven, strategies and tactics that work World class response to digital trouble – and advice on how to prepare for cyber attacks Discrete global advisors when it matters
  3. 3. Regulators and policy makers are worried about cyber risk 3 “The focus on credit, market and liquidity risk over the last five years may have distracted attention from operational, and in particular cyber risks, among financial institutions and infrastructures. This is a rapidly rising area of risk with potentially systemic implications.” Andrew Haldane, Bank of England, 2013 “The normal drivers of change, from regulation and incentivisation through to insurance cover and legal liability, are still immature. And what’s also clear is that we cannot as a country allow this situation to continue.” Robert Hannigan, GCHQ, 2015
  4. 4. Responding to cyber risk and regulation 4 Regulators Curated markets for cyber capabilities Outcomes-based testing (CBEST) Cyber competent persons ? Primary legislation ? Boards Specialist cyber NED ? Dedicated cyber risk sub-committee Limits of fiduciary duty vs national security Capability sharing & Experience sharing
  5. 5. Digital business generates growth but increases exposure 5 Growth Time Cyber Risk
  6. 6. Cyber attacks are going to happen 6 Average breach cost £2.5m Average cost per record breached £101 Time to detect a breach 206 Days Time to contain a breach 69 Days Attacks completed in minutes 60% Attacks spread to second victim in one hour 40% Malware samples unique to target 70-90% Exploited vulnerabilities older than 1 year 99.9% New vulnerabilities exploited within 2 weeks 50% Organised crime attacks using crimeware 73% Activist attacks targeting web applications 61% Chance of 1 breach every 10 years 71%
  7. 7. Resistance to cyber attack is not enough. 7 95% of vulnerabilities patched is not enough $250m invested in cyber is not enough 1000+ cyber professionals is not enough Constant organisational change Competitive cyber job market Rapidly evolving cyber threat environment Increasingly fragile controls Failure is often silent
  8. 8. Cyber Security 8 Cyber hygiene matters Organisational culture really matters Technical agility matters They are necessary but are not enough anymore.
  9. 9. Preparation is key 9 Identify relevant cyber scenarios Gradually build capability Build situational awareness Prepare for attacks Consider key decisions before the emotion hits Develop muscle-memory Recover from attacks Learn from attacks
  10. 10. Prepare for attacks 10 Plan for incident response Define a crisis for your institution Identify critical personnel Write a communications plan Define responsibilities Review cyber risk scenarios Create a triage process Practice cyber crisis management Partner with experienced experts in advance Legal, technical & communications
  11. 11. Summary 11 Cyber attacks are going to happen More active regulation is spreading Don’t panic Prepare
  12. 12. Phil Huggins, Vice President T: +44 207 061 2299 ©2015 Stroz Friedberg. All rights reserved.