Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Resilience: Managing Cyber Shocks

742 views

Published on

A presentation laying out the need for and the concepts behind cyber resilience.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Cyber Resilience: Managing Cyber Shocks

  1. 1. Cyber Resilience: Managing Cyber Shocks Phil Huggins
  2. 2. Why are we worrying about Cyber attacks? 2 “The focus on credit, market and liquidity risk over the last five years may have distracted attention from operational, and in particular cyber risks, among financial institutions and infrastructures. This is a rapidly rising area of risk with potentially systemic implications.” Andrew Haldane, Bank of England, 2013 “Current preventative and disaster recovery measures may not be able to stand up against a large-scale and co- ordinated attack” IOSCO, 2013 “DTCC expects cyber-attacks to escalate and become more sophisticated in the future.” DTCC, 2013
  3. 3. Why are we worrying about Cyber attacks? 3 Digital Growth Organisations are currently under attack. Those attacks have either succeeded or will succeed. What remains in question is: • Understanding your adversaries – preparation for the attack • Ability to identify that attack early – situational awareness • Understanding your critical assets – the damage the attack will cause • Ability to withstand that damage – the ability to re-establish normal operations DamageCaused Probability of Attack Core Asset Damage Serious Disruption Major Theft Data Breach Institutional Impact
  4. 4. What are the key issues? 4 • There is an undeclared war in cyber space • Cyber failure is silent • Risk analysis and modelling is deeply challenging • Cyber risk is systemic • Many firms are below the “cyber poverty line” • Effective practices are developing faster than standards
  5. 5. What is Cyber Resistance? 5 Consciously Secure DesignMature Controls Environment Good Cyber Risk Decisions Cyber Threat Hunting Experiential Learning & Threat Simulation Cyber Resistance Situational Awareness Technical Agility & Adaption
  6. 6. What is Cyber Resilience? 6 Security Initiative & Problem Solving Pace of Decision Making Diversity of Cyber Capacity Organisational Readiness & Business Problem Solving Cyber Resilience Situational Awareness Technical Agility & Adaption
  7. 7. Key ingredients in a successful cyber programme 7 Consciously Secure Design Mature Controls Environment Good Cyber Risk Decisions Cyber Threat Hunting Experiential Learning & Threat Simulation Security Initiative & Problem Solving Pace of Decision Making Diversity of Cyber Capacity Organisational Readiness & Business Problem Solving Cyber Resistance Cyber Resilience Situational Awareness Technical Agility & Adaption Specialist cyber practices Developing ahead of standards Organisational capabilities Cannot be driven from security
  8. 8. Key characteristics of successful cyber programmes 8 • Effectiveness – of the management of the risk • Appropriateness – to the risks the firm faces • Proportionality – to the scale and the margins of the firm • Feasibility – Of planned improvements in terms of timescales and the capability the firm currently has
  9. 9. Key takeaway 9 “Cyber is not a minority sport for technologists only.” Andrew Gracie, Bank of England, 2015
  10. 10. strozfriedberg.com THANK YOU Phil Huggins, Vice President phuggins@strozfriedberg.com T: +44 207 061 2299 ©2015 Stroz Friedberg. All rights reserved.

×