The document discusses the growing cyber threats facing organizations from both private and state actors. It notes that cyber attacks are increasing in scale and sophistication, with no organization considered completely safe. Effective cyber security requires an outward-looking approach that crosses organizational and national boundaries through increased collaboration between both public and private sectors. However, many organizations still face barriers to effective cyber security including a need for new skills, integrating security into business operations, and a lack of board-level understanding and prioritization of the issues.
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
http://bit.ly/Cybersecurite-sept14
Etude mondiale de PwC, CIO et CSO réalisée en ligne du 27 mars 2014 au 25 mai 2014. Les résultats présentés ici sont fondés sur les réponses de plus de 9700 CEO, CFO, CIO, RSSI, les OSC, les vice-présidents et des directeurs de l'information et des pratiques de sécurité de plus de 154 pays.
35 % des répondants sont d'Amérique du Nord, 34 % d'Europe, 14 % d'Asie-Pacifique, 13 % en Amérique du Sud, et 4 % du Moyen-Orient et d’Afrique.
Public Relations Campaign for SecureWorks for IMC 618: PR Concepts & Strategy. Campaign is focused on increasing brand awareness among both big and small businesses as well as potential investors.
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
http://bit.ly/Cybersecurite-sept14
Etude mondiale de PwC, CIO et CSO réalisée en ligne du 27 mars 2014 au 25 mai 2014. Les résultats présentés ici sont fondés sur les réponses de plus de 9700 CEO, CFO, CIO, RSSI, les OSC, les vice-présidents et des directeurs de l'information et des pratiques de sécurité de plus de 154 pays.
35 % des répondants sont d'Amérique du Nord, 34 % d'Europe, 14 % d'Asie-Pacifique, 13 % en Amérique du Sud, et 4 % du Moyen-Orient et d’Afrique.
Public Relations Campaign for SecureWorks for IMC 618: PR Concepts & Strategy. Campaign is focused on increasing brand awareness among both big and small businesses as well as potential investors.
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...IJMIT JOURNAL
Cyber security is one of the burning issues in modern world. Increased IT infrastructure has given rise to enormous chances of security breach. Bangladesh being a relatively new member of cyber security arena has its own demand and appeal. Digitalization is happening in Bangladesh for last few years at an appreciable rate. People are being connected to the worldwide web community with their smart devices. These devices have their own vulnerability issues as well as the data shared over the internet has a very good chances of getting breached. Common vulnerability issues like infecting the device with malware, Trojan, virus are on the rise. Moreover, a lack of proper cyber security policy and strategy might make the existing situation at the vulnerable edge of tipping point. Hence the upcoming new infrastructures will be at a greater risk if the issues are not dealt with at an early age. In this paper common vulnerability issues including their recent attacks on cyber space of Bangladesh, cyber security strategy and need for data privacy policy is discussed and analysed briefly.
Cybersecurity Context in African Continent - Way ForwardGokul Alex
The slides from the presentation session by Gokul Alex on the Enigmatic Economy of Cyber Crimes and Cyber Attacks across the globe with the specific focus on African Continent ravaging countries such as South Africa, Nigeria, Kenya, etc. Cybersecurity issues are looming large and assuming larger significance in the post pandemic political economies. This presentation was delivered to the TAFFD Virtual Conference on Cybersecurity in July 2020 together with Red Team Hacker Academy and BeyondIdentity.
This research report studies the economic impact that Cyber Security attacks have on
society as a whole. The aim of this analysis is to examine the negative and positive
impact of these compromises on multiple entities. Our descriptive analysis focuses on
individuals, private and public organizations, costs, revenues, innovations, and jobs to
determine if proliferations of these attacks are either, negative or positive. Although this
paper draws upon the economic factors as result of cyber-attacks, it looks at the outlay
in its historical context of capital expenditures to private and public organizations due to
the increased number of compromises and factors of this paradigm helping to fuel the
growth of innovations or spawn a new industry as a whole
Wilton & Bain and Kaspersky Lab were delighted to host a lively, informative and convivial evening to discuss the challenges of Cybersecurity in today’s data age. We were joined by Paul Johnson CIO at Aldermore, one of the UK’s foremost challenger bank success stories, who provided an insight into the challenges faced by industry.
This research report studies the economic impact that Cyber Security attacks have on society as a whole. The aim of this analysis is to examine the negative and positive impact of these compromises on multiple entities. Our descriptive analysis focuses on individuals, private and public organizations, costs, revenues, innovations, and jobs to determine if proliferation's of these attacks are either, negative or positive. Although this
paper draws upon the economic factors as result of cyber-attacks, it looks at the outlay in its historical context of capital expenditures to private and public organizations due to the increased number of compromises and factors of this paradigm helping to fuel the growth of innovations or spawn a new industry as a whole.
By David F. Larcker, Peter C. Reiss, and Brian Tayan
Stanford Closer Look Series, November 16, 2017
The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.
We ask:
• What steps can the board take to prevent, monitor, and mitigate data theft?
• What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
• What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
• How difficult is it to find board candidates with these skills?
The Future of Security in Australia: a Think Tank Report by BlackBerry. This white paper from BlackBerry, the mobile-native software and services company dedicated to securing the Enterprise of Things, features the analysis and thoughts from a 10-expert roundtable late last year looking at trends in cyber and mobile security.
NEED FOR CRITICAL CYBER DEFENCE, SECURITY STRATEGY AND PRIVACY POLICY IN BANG...IJMIT JOURNAL
Cyber security is one of the burning issues in modern world. Increased IT infrastructure has given rise to enormous chances of security breach. Bangladesh being a relatively new member of cyber security arena has its own demand and appeal. Digitalization is happening in Bangladesh for last few years at an appreciable rate. People are being connected to the worldwide web community with their smart devices. These devices have their own vulnerability issues as well as the data shared over the internet has a very good chances of getting breached. Common vulnerability issues like infecting the device with malware, Trojan, virus are on the rise. Moreover, a lack of proper cyber security policy and strategy might make the existing situation at the vulnerable edge of tipping point. Hence the upcoming new infrastructures will be at a greater risk if the issues are not dealt with at an early age. In this paper common vulnerability issues including their recent attacks on cyber space of Bangladesh, cyber security strategy and need for data privacy policy is discussed and analysed briefly.
Cybersecurity Context in African Continent - Way ForwardGokul Alex
The slides from the presentation session by Gokul Alex on the Enigmatic Economy of Cyber Crimes and Cyber Attacks across the globe with the specific focus on African Continent ravaging countries such as South Africa, Nigeria, Kenya, etc. Cybersecurity issues are looming large and assuming larger significance in the post pandemic political economies. This presentation was delivered to the TAFFD Virtual Conference on Cybersecurity in July 2020 together with Red Team Hacker Academy and BeyondIdentity.
This research report studies the economic impact that Cyber Security attacks have on
society as a whole. The aim of this analysis is to examine the negative and positive
impact of these compromises on multiple entities. Our descriptive analysis focuses on
individuals, private and public organizations, costs, revenues, innovations, and jobs to
determine if proliferations of these attacks are either, negative or positive. Although this
paper draws upon the economic factors as result of cyber-attacks, it looks at the outlay
in its historical context of capital expenditures to private and public organizations due to
the increased number of compromises and factors of this paradigm helping to fuel the
growth of innovations or spawn a new industry as a whole
Wilton & Bain and Kaspersky Lab were delighted to host a lively, informative and convivial evening to discuss the challenges of Cybersecurity in today’s data age. We were joined by Paul Johnson CIO at Aldermore, one of the UK’s foremost challenger bank success stories, who provided an insight into the challenges faced by industry.
This research report studies the economic impact that Cyber Security attacks have on society as a whole. The aim of this analysis is to examine the negative and positive impact of these compromises on multiple entities. Our descriptive analysis focuses on individuals, private and public organizations, costs, revenues, innovations, and jobs to determine if proliferation's of these attacks are either, negative or positive. Although this
paper draws upon the economic factors as result of cyber-attacks, it looks at the outlay in its historical context of capital expenditures to private and public organizations due to the increased number of compromises and factors of this paradigm helping to fuel the growth of innovations or spawn a new industry as a whole.
By David F. Larcker, Peter C. Reiss, and Brian Tayan
Stanford Closer Look Series, November 16, 2017
The board of directors is expected to ensure that management has identified and developed processes to mitigate risks facing the organization, including risks arising from data theft and the loss of information. Unfortunately, recent experience suggests that companies are not doing a sufficient job of securing this data. In this Closer Look, we examine they types of cyberattacks that occur and how companies respond to them.
We ask:
• What steps can the board take to prevent, monitor, and mitigate data theft?
• What data, metrics, and information should board members review to satisfy themselves that management has taken proper steps to minimize cyber risks?
• What qualifications should a board member have in order to constructively contribute to boardroom discussions on cybersecurity?
• How difficult is it to find board candidates with these skills?
The Future of Security in Australia: a Think Tank Report by BlackBerry. This white paper from BlackBerry, the mobile-native software and services company dedicated to securing the Enterprise of Things, features the analysis and thoughts from a 10-expert roundtable late last year looking at trends in cyber and mobile security.
1
2
Cyber Research Proposal
Cybersecurity in business
Introduction
Because of today's international economy, securing a company's intellectual property, financial information, and good name is critical for the company's long-term survival and growth. However, with the rise in risks and cyber vulnerability, most businesses find it difficult to keep up with the competition. Since their inception, most companies have reported 16% fraud, 37.7% financial losses, and an average of over 11% share value loss, according to data compiled by the US security. Most corporations and governments are working hard to keep their customers and residents safe from harm. There are both physical and cybersecurity risks involved with these threats. According to a recent study, many company owners aren't aware of the full scope of cybersecurity. People who own their businesses must deal with various issues daily.
Nevertheless, steps are being taken to address these issues. Customers and the company are likely to be protected by the measures adopted. Cybersecurity is one of the most pressing issues facing organizations today. Leaks of a company's intellectual property and other secrets may have devastating effects on its operations, as competitors and rivals will do all in their power to stop them. is an excellent illustration of this. This is perhaps the most talked-about security compromise of the year [footnoteRef:3]. The firm was severely damaged because of this. [1: "Database security attacks and control methods."] [2:q "Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns."] [3: "The Equifax data breach: What cpas and firms need to know now." ]
Some individuals take advantage of clients by stealing highly important information to profit financially from their actions. For example, if the wrong individuals get their hands on your credit card information, you're in serious trouble since you might lose money. Some families lose all their resources, while others are forced to declare bankruptcy after being financially stable for a long period. Many of the findings of this study will be focused on cybersecurity and the sources of cybersecurity risks. The paper outlines a few of the issues and solutions that organizations may use to keep their operations and consumers safe from exploiting dishonest individuals.
Research question
According to the most recent study, more than 1500 companies have been exposed to some cybersecurity assault[footnoteRef:4]. This research details the specific types of attacks that have occurred. Organizational operations are affected, as is corporate governance, and the internal management of financial status is rendered ineffective due to these assaults. The question that will be investigated during the study is: [4: "Towards blockchain-based identity and access management for internet of things in enterprises."]
How doe ...
1
2
Cyber Research Proposal
Cybersecurity in business
Introduction
Because of today's international economy, securing a company's intellectual property, financial information, and good name is critical for the company's long-term survival and growth. However, with the rise in risks and cyber vulnerability, most businesses find it difficult to keep up with the competition. Since their inception, most companies have reported 16% fraud, 37.7% financial losses, and an average of over 11% share value loss, according to data compiled by the US security. Most corporations and governments are working hard to keep their customers and residents safe from harm. There are both physical and cybersecurity risks involved with these threats. According to a recent study, many company owners aren't aware of the full scope of cybersecurity. People who own their businesses must deal with various issues daily.
Nevertheless, steps are being taken to address these issues. Customers and the company are likely to be protected by the measures adopted. Cybersecurity is one of the most pressing issues facing organizations today. Leaks of a company's intellectual property and other secrets may have devastating effects on its operations, as competitors and rivals will do all in their power to stop them. is an excellent illustration of this. This is perhaps the most talked-about security compromise of the year [footnoteRef:3]. The firm was severely damaged because of this. [1: "Database security attacks and control methods."] [2:q "Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns."] [3: "The Equifax data breach: What cpas and firms need to know now." ]
Some individuals take advantage of clients by stealing highly important information to profit financially from their actions. For example, if the wrong individuals get their hands on your credit card information, you're in serious trouble since you might lose money. Some families lose all their resources, while others are forced to declare bankruptcy after being financially stable for a long period. Many of the findings of this study will be focused on cybersecurity and the sources of cybersecurity risks. The paper outlines a few of the issues and solutions that organizations may use to keep their operations and consumers safe from exploiting dishonest individuals.
Research question
According to the most recent study, more than 1500 companies have been exposed to some cybersecurity assault[footnoteRef:4]. This research details the specific types of attacks that have occurred. Organizational operations are affected, as is corporate governance, and the internal management of financial status is rendered ineffective due to these assaults. The question that will be investigated during the study is: [4: "Towards blockchain-based identity and access management for internet of things in enterprises."]
How doe ...
Not Prepared for Hacks
U.S. News & World Report Weekly.
(May 30, 2014):
From Educators Reference Complete.
Copyright:
COPYRIGHT 2014 U.S. News and World Report, L.P.. All rights reserved.
http://www.usnews.com/
Full Text:
Data breaches are up and businesses aren't ready to deal with them
By Tom Risen
Hacking increased so much this past year that approximately half of U.S.
adults had their information stolen and less than half of U.S. companies have
taken enough precautions to protect consumer data, according to two studies
released this week.
Recent months have been filled with reports about hackers stealing credit
card data, online account passwords and other personal information from
consumers. These included data breaches of networks at retailers like Target
and Michaels, along with the Heartbleed security bug that made software
vulnerable to spying and online theft. Last week, in one of the latest major
security incidents, eBay urged its users to change their passwords
"because of a cyberattack that compromised a database containing
encrypted passwords and other non-financial data."
Approximately 110 million people, or 47 percent of adults, in the United
States have had their personal information exposed by such attacks, according
to a new study from CNNMoney and cybersecurity research firm the Ponemon
Institute. Attacks will likely become more frequent as Internet and mobile
device use grows, the report cautioned.
To make matters worse, companies are lagging behind trying to protect
themselves, according to PricewaterhouseCoopers' 2014 U.S. State of
Cybercrime Survey published Wednesday. Less than half of companies in the
survey took necessary steps to protect themselves. Only 38 percent
prioritized security investments based on the risks to their businesses, and
only 31 percent have a security strategy for the rapidly growing mobile
sector.
Businesses are unprepared in part because of poor cybersecurity training at
colleges, says Alan Paller, co-chair of the U.S. Department of Homeland
Security's Task Force on CyberSkills, which advises how to train
cybersecurity professionals. Security training was not provided for new
employees at 54 percent of the businesses in the PricewaterhouseCoopers
survey. "Colleges are creating people who can tell you about security
but they cannot fix the system," says Paller, founder of the SANS
Institute cybersecurity training organization.
Many cybersecurity specialists with practical computer expertise "are
not coming out of academia," Paller adds. Rather, "they are a lot
of self ...
Input on threat images against information societySomerco Research
As a lobbyist at the European Parliament where I follow the ITRE committe I send draft proposals.
Abstract: More and more countries have taken the leap from being industrial societies to being information
societies. Societies are becoming increasingly dependent upon information technology, and thereby it
is important to reduce vulnerabilities in the information infrastructure and combat threats against such
an information society.
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
globalaviationairospace.com
Cyber security for telecommunications companies
The rewards and risks of the cloud, devices, and data
The fastest growing sources of security incidents, increase over 2013
Security strategies for evolving technologies
Strategic initiatives to improve cybersecurity
Cybersecurity, a priority for leaders today. Not only operational and financi...Andrea Mennillo
Today the battlefield for security has expanded into the technological sphere. Every digital process, resource, database or virtual platform is vulnerable to cyberattacks. The problem has global significance.
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks ESADE
The process of globalization, the emergence of new powers, and the increasing relevance of non-state actors are creating a multipolar and interconnected world. In the international arena, political and ideological diversity among the most relevant parties, diffusion of power, and the impact of changing global economics have added complexity to the geopolitical landscape. Businesses now operate in a much more difficult, heterogeneous environment.
This publication has been prepared by Zurich Insurance Group Ltd and ESADE.
Section 1: Emerging technologies will fundamentally change the nature of cyber risk.
Section 2: An inadequate global cyber governance framework.
Section 3: Toward a new governance framework: challenges and opportunities.
Omlis Data Breaches Report - An Inside Perspective Omlis
The rise in digital and mobile financial services has introduced an onset of increased data breaches over the last few years. The digital revolution has undermined the traditional framework used to regulate financial institutions, which has led to areas of vulnerability within their security systems.
In the report, Data Breaches: An Inside Perspective, Omlis conducted in-depth interviews with experienced cyber security professionals to understand why TFIs (traditional financial institutions) aren't adequately addressing security weaknesses.
In our research, the discussions centered on the types of security systems employed by TFIs, personal and industry-wide attitudes to security, and the types of security measures used to prevent breaches.
The findings indicate that TFIs current preference towards technology creates an increasingly complex system with associated vulnerabilities and ultimately it requires greater manual input for maintenance and updates.
There are also issues related to the attitudes of employees and difficulties implementing comprehensive and in-depth incident strategies.
Taking this into account, the report suggests a new direction for TFI's security systems to provide secure, innovative solutions.
Similar to Delusions of-safety-cyber-savvy-ceo (20)
Roy P. Benavidez was born on August 5, 1935 in Lindenau near Cuero, Texas. He enlisted in the United States Army in June 1955 and served in Germany, Korea, Vietnam, and the United States.
On May 2, 1968, in an area west of Loc Ninh, Republic of Vietnam, Staff Sergeant Benavidez was monitoring a twelve-man Special Forces Reconnaissance Team, as part of the Detachment B-56, 5th Special Forces Group (Airborne), 1st Special Forces. The team came under heavy enemy gunfire and requested emergency extraction. Staff Sergeant Benavidez volunteered to return to the area and assisted with extracting the troops. Under considerable automatic weapon and grenade fire, and severely wounded in the head, legs, abdomen, and back, Benavidez redirected the troops, retrieved classified documents from the dead team leader, and helped load the dead and the wounded on a helicopter that minutes later crashed due to the pilot becoming mortally wounded. Despite his life-threatening injuries, Benavidez secured the safety of the soldiers and began calling in aircraft for another extraction attempt, which was finally successful. Because of Benavidez’s feats of valor and bravery beyond the call of duty, the lives of at least eight men were saved. On July 24, 1968 Benavidez was awarded the Distinguished Service Cross for valor, the Army’s second highest honor. Upon learning that his Commander had twice recommended him unsuccessfully for the Congressional Medal of Honor, Master Sergeant Roy Benavidez and his supporters supplied the Department of the Army with additional eye-witness testimonies of his actions on May 2, 1968 and with the support of other military personnel and elected officials, Master Sergeant Roy Benavidez was finally awarded the Congressional Medal of Honor on February 24, 1981 by President Ronald Reagan.
During and after his career in the military, Benavidez was active in veteran issues. After receiving the Congressional Medal of Honor, Benavidez was in great demand as a speaker to schools, military and civic groups. He was honored throughout the country and received letters from students, service personnel, and citizens throughout the world. He was the subject of numerous articles and his life and experiences were chronicled in three books. Medal of Honor Recipient, Master Sergeant Roy P. Benavidez died on November 29, 1998 at Brooke Army Medical Center in San Antonio, Texas at the age of 63.
Benavides is a true legend worthy of enormous respect. Thank you to Treadstone71 for make me aware of the giant anamoing men and trailblazer. RIP, Sir!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4
Delusions of-safety-cyber-savvy-ceo
1. Delusions of
safety?
The Cyber Savvy CEO: Getting
to grips with today’s growing
cyber-threats
http://www.pwc.co.uk/cybersavvyceo
Secure Information
is Power
2.
3. Delusions of safety? 1
2 It’s time for CEOs to gain a clear understanding of the
threats on the Internet
4 Where is the pain today?
10 Six steps to the cyber-ready organisation
13 Rising to the challenge: an agenda for business and
government
15 About PwC’s Information and Cyber Security Team
Contents
4. In June 2011, Nintendo joined fellow online games company Sony and US-based
defence contractor Lockheed Martin in confirming that it was among the latest
targets of cyber-attacks. The announcement came just days after the UK’s Chancellor
of the Exchequer, George Osborne, told an international conference that British
government computers are now on the receiving end of over 20,000 malicious email
attacks every month1
. The message is clear: no organisation in any sector is safe –
and the threat is growing.
Nobody can say the world had not been warned. In January 2011 the World
Economic Forum named cyber attacks as one of the top five threats facing the
world—alongside planetary risks posed by demographics, scarcity of resources,
concerns over globalisation, and weapons of mass destruction. Far from suggesting
that fears over cyber threats may be over-hyped, the WEF highlighted the danger that
they were actually being underestimated.
A few days later, UK Foreign Secretary William Hague proposed that Britain host an
international summit on cyber security. Addressing the Munich Security Conference,
he said: “The Internet, with its incredible connective power, has created opportunity
on a vast and growing scale…but there is a darker side to cyberspace that arises from
our dependence on it.”
As Mr Hague spoke, police across the world were continuing their efforts to track
down the members of the hacktivist collective who unleashed disruptive attacks
against a number of companies that had withdrawn services from WikiLeaks,
including Mastercard, PayPal and Visa.
Against this backdrop, this paper examines why entering the cyber environment
represents a seismic shift in the security landscape for all organisations. We will also
highlight some of the structures, actions and capabilities that organisations can apply
to achieve sustainable success in the cyber age.
Security is a key enabler in
the cyber world
Operating securely in the
cyber environment is among
the most urgent issues facing
business and government
leaders today. Achieving this
requires two assets. The first
is an understanding of online
operating and business models:
how many people know how
Google makes money? The
second is an ability to protect
and support those models.
Far from being a barrier to
participating in the cyber world,
effective security is a critical
enabler for any organisation
seeking to realise the benefits of
taking activities online.
It’s time for CEOs to gain a
clear understanding of the
threats on the Internet
1 http://nakedsecurity.sophos.com/2011/05/16/uk-government-under-cyber-attack-says-
chancellor-george-osborne/
5. Delusions of safety? 3
“The cyber world continues
to represent a powerful and
effective way for HMRC to
engage with and support its
customers. It does however
also present a series of new
challenges and risks which need
to be fully understood.”
— Jeff Brooker, Director — Security and
Information, HMRC, the UK government’s
main tax-collecting authority
Our PwC / ISF QuickPoll: the view from the front line
PwC worked with the Information Security Forum (ISF)—the world’s
leading independent authority on information security—to conduct an
online QuickPoll with PwC’s clients and ISF’s Members. We refer to the
findings at relevant points throughout this paper.
All the respondents are senior decision-makers in information security,
representing a blend of public and private sector organisations. The
findings provide a snapshot of current concerns and perceptions among
the professionals charged with leading the fight against cyber attacks.
Unprecedented opportunities
The growing threat reflects the explosion of online services in all sectors. Across
the world, more and more private and public sector organisations are capitalising
on web, mobile and social media platforms to improve their performance and serve
customers more effectively. Online interactions bring a blend of four key benefits:
lower costs to serve, higher speed to market, greater customer loyalty, and—in the
case of the private sector—the potential for higher revenue growth.
These benefits are seeing the cyber revolution gain momentum at breathtaking
speed. Some 10% of consumer spending in the UK is now transacted via the
Internet2
, and 115 million Europeans will be using mobile banking services by 20153
.
The public sector around the world is also reaping massive benefits. In 2009, 65% of
enterprises in the EU obtained information or downloaded official forms from public
authorities’ websites4
. More than half of these businesses returned the completed
forms, saving time and money on both sides. And in 2010, nearly 100 million US
taxpayers submitted their tax returns online5
.
The darker side
As usage of online services increases, so do the scale and sophistication of
cyber attacks, directed against targets ranging from countries’ critical national
infrastructure (CNI) and the global financial system, to less obvious targets such as
mining companies.
One of the most alarming attacks was the Stuxnet computer virus that emerged
in mid-2010. This malicious software (malware) program was created with the
aim of sabotaging Iran’s nuclear programme, by increasing the speed of uranium
centrifuges to breaking-point and simultaneously shutting off safety monitoring
systems. Commercial cybercriminals are mounting equally sophisticated attacks.
Such examples underline how opportunities and risks in the cyber world have risen
to a new level. We will now look at the characteristics of the cyber domain that make
it such a break with the past, and examine where the threats are at their greatest.
2 http://press.kelkoo.co.uk/uk-online-shoppers-are-the-biggest-spenders-in-europe.html
3 http://www.pwc.co.uk/eng/services/digitaltransformation.html
4 http://epp.eurostat.ec.europa.eu/statistics_explained/index.php/E-government_statistics
5 http://www.irs.gov/efile/index.html
6. PwC4
There are two main reasons why
operating in the cyber domain represents
such a radical departure from operating
in the traditional physical world.
First, cyber has no boundaries.
Indeed, it has the effect of destroying
or dissolving any boundaries that
were there before. And second,
its opportunities and risks are
asymmetric. The cost and effort
involved in developing a piece of
malware are far below what would be
required to develop a physical weapon
with the same scale and scope of impact.
In combination, the low barriers to entry
and absence of boundaries make cyber
attacks hugely unpredictable, since they
can come from virtually everywhere—
including from thousands of computers
worldwide in a coordinated attack on
one target. As our QuickPoll global
illustrates, these factors mean most
organisations are now subject to attack.
Where is the pain today?
Our PwC / ISF QuickPoll: Financial cyber-crime leads
the way
Of the PwC clients and ISF Members we interviewed in our online survey,
85% said their organisation had suffered a cyber-attack of some sort in
the past six months. Half of these attacks were financial in nature, while
activism and espionage were also relatively common.
Has your organisation suffered from any of the following cyber
incidents in the last 6 months (tick all that apply)?
Financial crime
Espionage
Activism
Warfare
Terrorism
Cyber security: looking outwards…
Similarly, cyber security represents a break with the past. Traditional IT security
developed from technical origins in the 1980s to become information security in the
2000s. But all too often, information security has remained an inward-looking set of
processes and behaviours, seeking to reinforce and protect the external boundaries
that used to make up the perimeter of an organisation.
In the cyber domain there are no boundaries. When they participate in the cyber
world, organisations plug their internal systems, information and processes into the
cyber domain. Although the perimeter is still protected by measures such as firewalls,
the boundary has become porous. So cyber security needs to be outward-looking,
crossing boundaries of all kinds—organisational, national, physical, technological—
while still protecting the data that represents the valuable assets of the organisation.
7. Delusions of safety? 5
…and collaborating
This outward-looking stance demands greater collaboration between organisations
across both the public and private sectors. In our view, it is no coincidence that PwC’s
14th Annual Global CEO Survey, published in January 2010, reveals an intensifying
focus on collaboration via technology. Of the 1,201 business leaders we interviewed
worldwide, some 54% are putting technology investment into growth initiatives
that will support collaboration, including mobile devices and social media. And 77%
expect to change their business strategies over the next three years in response to
consumers’ growing use of these means of communication.
The shared nature of cyber threats means cyber security is a particular focus
for collaboration, not least between business and government. Public-private
organisations, industry bodies, regulators and third-party suppliers all have useful
roles to play in sharing information and experiences. Threat horizon workshops
can be conducted at an organisational, industry, supply chain or public-private
level. And cyber crisis simulation exercises—often conducted jointly with other
organisations—are useful ways to sharpen people’s awareness, decision-making
skills, and understanding of their roles.
Experience shows that collaboration on cyber risks within the private sector and
between the private and public sectors can face challenges around competitive
confidentiality, and raise concerns that too much information is flowing one way. As
the graphic below shows, information security professionals feel that public-private
collaboration in this area is not yet working effectively. But there is no doubt that
collaboration to address these shared threats should ultimately benefit organisations
in all sectors.
“Business in the cyber
world means a disruption of
traditional perimeter thinking.
Users go mobile with new
technology while attribution
to a geographical location
disappears. At the same time
collaboration, communication
and cooperation across logical
company borders increases.
The task of cyber security is to
enable users doing their business
securely, everywhere, on every
device, with everyone.”
— Dr. Gunter Bitz, MBA, CISSP, CPSSE Head
of Product Security Governance at SAP AG,
a global leader in business management
software.
Our PwC / ISF QuickPoll: Collaboration between public and
private sectors to address cyber threats is not yet effective
When we asked our sample of PwC clients and ISF Members how effectively business
and public sector organisations are working together in their local market to address
cyber threats, their responses showed there is still a long way to go. Only one
respondent rated the effectiveness of public-private collaboration at four out of five,
and none gave it five out of five.
In your local market, how effectively are business and public sector
organisations working together to address cyber threats?
1 = Lesser extent
2
3
4
5 = Greater extent
8. PwC6
Secure information is power
Against this background, the axiom “information is power” has gained even deeper
resonance. With so much more data to store, access and analyse to create valuable
insights and intelligence, companies know that information is now a greater source
of power than ever before—but only if it is secure. The ongoing escalation in the
security threats to information is illustrated in the timeline of advances and attacks
in Figure 2, highlighting that the business and political communities are effectively
engaged in an ongoing arms race with cyber attackers.
Different organisations often have their
own specific way of categorising cyber
threats. In PwC’s view, there are five
main types of cyber attack, each with
its own distinct – though sometimes
overlapping – methods and objectives.
They are:
Financial crime and fraud – This
involves criminals – often highly
organised and well-funded – using
technology as a tool to steal money and
other assets. The stolen information may
sometimes be used to extort a ransom
from the target organisation.
Espionage – Today, an organisation’s
valuable intellectual property includes
corporate electronic communications
and files as well as traditional IP such as
R&D outputs. Theft of IP is a persistent
threat, and the victims may not even
know it has happened – until knock
off products suddenly appear on the
market, or a patent based on their R&D
is registered by another company. These
crimes may be carried out by commercial
competitors or state intelligence services
seeking to use the IP to advance their
R&D or gain business intelligence.
Warfare – This can take place between
states, or may involve states attacking
private sectors organisations, especially
critical national infrastructure (CNI)
such as power, telecoms and financial
systems. The Stuxnet attack on Iran’s
nuclear programme was a particularly
dramatic example. In May 2010, the
US appointed its first senior general
specifically in charge of cyber warfare.
Terrorism – This threat overlaps with
warfare. Attacks are undertaken by
(possibly state-backed) terrorist groups,
again targeting either state or private
assets, often CNI.
Activism – Again this may overlap
with some other categories, but the
attacks are undertaken by supporters of
an idealistic cause – most recently the
supporters of WikiLeaks. Organisations
need to anticipate these threats by
thinking through how activists might
view particular actions they take.
Who are the attackers – and what’s motivating them?
9. Delusions of safety? 7
Figure 2: A timeline of cyber risks and rewards
Source: PwC Analysis
This escalation has made cyber security a key board-level risk issue and its
importance is also increasingly recognised by investors and regulators. In February
2010, the semiconductor manufacturer Intel became the first company to disclose a
“sophisticated incident” of computer hacking in its 10-K filing to the US Securities
and Exchange Commission.
As governments and companies face up to the threats to their data, they know they
are now up against a global, sophisticated and well funded cybercrime industry. A
few years ago, many incidents consisted of hackers sending out a mass attack and
seeing where it stuck. Today, many attacks are managed against a solid business
case and specific objectives, tailored to a specific organisation, and developed using
a network of third-party specialists including R&D specialists, cryptographers,
programmers and list suppliers.
2000
The "I Love You" worm infects millions
of computers worldwide.
2002
The term “shatterattack” is coined in a
paperby Chris Paget and is a process by
which Windows security can be bypassed.
This paperraises questions about how
securable Windows could everbe.
2007
Announcement ofat least 45.7 million
consumercredit and debit cards numbers
stolen from off-price retailers including T.J.
Maxx and Marshalls.
Estonia knocked off the internet and all
internal communication shut down due to
cyberattack.
2010
Stuxnet malware, with the purpose of
targeting Iran's nuclearprogramme, is
discovered.
Wikileaks posts classified documents
relating to the wars in Afghanistan and
Iraq as well as US State Department
diplomatic cables.
2011
The social networking site Facebook
reaches a $50 billion valuation ahead
of its anticipated IPO in 2012.
2008
The trend of internet use via mobile
devices continues with the release of
the Apple iPhone 3G.
2006
The social networking site Twitter, which
allows users to post and read short
messages, begins.
2005
The video sharing website YouTube begins.
2001
The estimated numberofinternet
users worldwide passes 500 million.
2009
Sixty-five percent ofEU enterprises
are downloading official forms from
public authorities' websites
continuing the trend of e-government
service usage.
2001
The “Code Red” worm's widespread
infection causes billions ofdollars in
damages related to productivity losses and
clean up costs.
2011
Sony suffers a major data breach where
customers’ personal information is stolen.
Risks
Rewards
KEY
10. PwC8
Key barriers to effective cyber security
To defend themselves effectively against increasingly sophisticated attacks, many
organisations need to overcome a number of entrenched barriers. Four are especially
prevalent:
A need for new skills and insights:• To use a military analogy, the migration
to cyber is as disruptive as moving from horses to tanks. In today’s world, a
15 year-old hacker might have a better understanding of security risks than a
seasoned leader. The people engaged in securing cyberspace face a need to keep
raising their game faster than the attackers.
Integrating security into the business:• Cyber security used to be pigeon-
holed as an IT issue, creating a communications gap between business managers
and security professionals. Awareness is now growing that cyber security is
not only a technical issue, but a core business imperative. PwC’s Global State
of Information Security Survey 2011 confirms that executive recognition of
security’s strategic value is now more closely aligned with the business than with
IT, with the single most common reporting channel for chief information security
officers (CISOs) now being to the CEO rather than the chief information officer
(CIO). Since 2007, the proportion of CISOs reporting to the CIO rather than CEO
has fallen by 39 per cent.
Our PwC / ISF QuickPoll: There is little awareness of cyber risks
below middle management levels
Our research suggests that the challenges of creating and embedding a cyber risk-aware culture,
and of ensuring aligned responses at all levels, are increased by a relative lack of awareness
of cyber-risks lower down the organisation. Of PwC clients and ISF Members we surveyed,
only 29% said people at all levels of their organisations were aware of cyber risks. Even more
worryingly, 14% of respondents said nobody at any level was aware of these risks.
How aware are your people at all levels of cyber risks?
Not aware
Senior management only
Senior and middle management
All levels
Don't know/Not applicable
11. Delusions of safety? 9
Consistent, aligned and connected responses at every level of the•
organisation: Traditional organisational structures tend to be too slow and
rigid to enable the speed and flexibility of response needed in the cyber world.
Faced with attackers who move quickly and unpredictably, organisations
need to be able to move information and decisions up, down and across their
structures fast and flexibly. Unless it is applied in a way that acknowledges and
factors in new and emerging threats, even the the ISO/IEC 27001 information
security standard may not help to support the necessary degree of agility and
responsiveness.
Creating a cyber risk-aware culture:• A cyber attack can gain entry via any
node on an organisation’s network—including a third-party supplier, customer
or business partner. This means everyone involved in the organisation’s cyber-
linked activities shares direct responsibility for security, and that awareness of
cyber risks needs to be an integral part of every decision and action. Yet we are in
an era when many younger employees access social networks in the workplace,
and when organisational cultures can change rapidly. Significantly, our QuickPoll
of PwC clients and ISF Members reveals a worrying lack of knowledge of
what customers and employees are saying about their organisations on social
networking sites, and of what employees are actually allowed to say online.
These findings underline the need for a security-aware culture, greater risk
awareness and clear policies continually reinforced by the tone from the top.
1 = No knowledge
2
3
4
5 = Detailed knowledge
Our PwC / ISF QuickPoll: Organisations are unclear about
what is being said about them online—and their employees
are unclear about what they are allowed to say
When we asked PwC clients and ISF Members whether their organisations knew
what their customers and employees are saying about them on social networking
sites, their responses were spread evenly across a range from a lack of awareness
to full awareness. This same lack of clarity applies to employees’ knowledge of
what they are allowed to say online. Only 9.5% of our respondents are confident
that their employees have a detailed knowledge of this — the same proportion as
say they have no knowledge.
Do your employees know what they are allowed and what they are not
allowed to say when they are on-line?
12. PwC10
Six steps to the cyber-
ready organisation
To address the threats we have described, many public and private sector
organisations will need to transform their mindset towards cyber as well as their
capabilities. There are six steps that organisations can take to reshape themselves for
the cyber world.
1. Clarify roles and responsibilities from the top down
As we have already highlighted, the CEO needs to come to grips with the threats
from the Internet—that’s why we have introduced the concept of the cyber savvy
CEO. In the future, we believe that leadership by a CEO who truly understands the
risks and opportunities of the cyber world will be a defining characteristic of those
organisations—whether public or private sector—that realise the benefits and
manage the risks most effectively.
While many organisations have historically pursued cyber security in response
to regulatory pressures, the real benefit lies in enabling the business to seize the
opportunities—whether these involve driving growth by selling through new
channels, or delivering public services at higher quality and lower cost. Leadership
by a cyber savvy CEO will enable the organisation to understand these opportunities
and realise them securely and sustainably through effective security.
Our PwC / ISF QuickPoll: Cyber responsibilities are split
between ‘risks’ (CRO) and ‘opportunities’ (CIO)—with
neither area owned by the CEO
According to our survey, organisations are continuing to divide ownership and
accountability for cyber risks and opportunities at board level.
Cyber opportunities are overseen by a wide variety of C-level executives in
different organisations, with the CIO being the single most common owner (in
six out of the 21 respondent organisations), In contrast, cyber risks are usually
owned either by the Chief Risk Officer (CRO) or Chief Information Security Officer
(CISO).
Significantly, the CEO is still relatively uninvolved in either area, owning cyber
opportunities in two of the 21 organisations, and cyber risks in only one.
“Making your firm cyber-ready
is not easy, and requires an
organisation-wide initiative which
only comes with a shift in top
management attitude. Introducing
the role of ‘Cyber Savvy CEO’ is a
signal to that effect. That, however,
is only the beginning not the
end of a synchronized firm-wide
initiative to position it better in a
fast changing market.”
— Ajay Bhalla, Professor of Global Innovation
Management, Cass Business School, London
13. Delusions of safety? 11
Our PwC / ISF QuickPoll: KPIs to manage cyber risks and
rewards are not yet in place
None of the PwC clients or ISF Members participating in our poll rated their
organisation’s measurements and KPIs on cyber risks and rewards as meriting
a score of five out of five. Most felt the current status of these measure to be
middling at best.
Ask yourself to what extent your organisation has measurements and key
performance indicators that enable you to properly manage the balance of risks
and rewards in the cyber world?
In our QuickPoll, we asked: to what extent does your organisation have
measurements and key performance indicators that enable you to
properly manage the balance of risks and rewards in the cyber world?
2. Reassess the security function’s fitness and readiness for
the cyber world
Organisations already have IT security functions that may be doing a good job in
protecting against traditional threats. As new risks emerge, the focus needs to be
upgrading or transforming the existing capabilities to deal with them. Rather than
creating something new from scratch, this means building on the existing base to
ensure that the organisation’s responses to its security needs fully encompass cyber
security.
3. Achieve 360-degree situational awareness
To align its security function and priorities as closely as possible with the realities of
the cyber world, the organisation also needs a clear understanding of its current and
emerging cyber environment. This demands situational awareness (see information
panel), which is a prerequisite for well-informed and prioritised decisions on cyber
security actions and processes.
Achieving situational awareness can be a particular challenge for large public
sector organisations, which may have to scan an economy-wide landscape, and for
multinationals with global opportunities and exposures. Our research among PwC
clients and ISF Members indicates that situational awareness is currently being
undermined by a lack of measurements and KPIs to support effective management of
cyber threats and opportunities.
Situational awareness:
know the landscape—and
the behaviours
Situational awareness—a term
drawn from military strategy—
means knowing the landscape
surrounding your own position,
including actual and potential
threats.
Detailed investigations of
cyber incidents can also help
organisations develop situational
awareness. Knowing exactly
what happened, when and how,
helps organisations identify
root causes and remedies, and
provides valuable intelligence
about the motivations,
psychology and behaviour
of attackers. Perhaps the
organisation is contemplating an
acquisition or project that might
attract the attention of activists
with cyber-attack capabilities.
Situational awareness should
flag such risks.
1 = Lesser extent
2
3
4
5 = Greater extent
14. PwC12
4. Create a cyber incident response team
As we noted earlier, traditional organisational structures may have the unintended
effect of hampering the quick and decisive responses needed in the cyber
environment. Many organisations will already have an incident response team but
the speed and unpredictability of cyber threats mean this may need to be adapted
and streamlined, in order to enable information, intelligence and decisions to flow
more quickly up, down and across the business, from board level to IT and business
operations, and sometimes to and from other organisations.
A well-functioning cyber incident response team means an incident spotted
anywhere in the business will be tracked, risk-assessed and escalated. Decisions
and actions can then be made quickly, and forensic cyber investigations and/or
external specialists brought in as necessary. Rather than leaving senior management
wondering whether an incident is actually a threat —‘Do we really have a
problem?’— the team will channel the right technical, business and insight quickly to
the relevant decision-makers.
5. Nurture and share skills
To make the most of its situational awareness and information stack, an organisation
will also need to invest in cyber skills. However, as we noted earlier, these are
in short supply. A recent survey by the SANS institute found that 90 per cent of
companies had experienced difficulty recruiting people with the cyber security
skills they needed and yet amongst the same employers, nearly 60 per cent said they
planned to create more jobs in cyber security in the next few years.
Given the restricted supply line of new cyber-savvy talent, it is up to employers to find
new ways of inspiring those with the skills and desire to keep our businesses safe. For
example, the most valuable technical expertise and insight may well be found among
younger employees at the lower levels of the organisation. Some organisations may
even want to consider more radical approaches, such as putting younger employees
on a board committee focused on cyber security.
6. Take a more active and transparent stance towards threats
The unpredictable and high-profile nature of cyber threats tends to engender a
defensive mindset. But a number of cyber-savvy organisations are now getting onto
the front foot by adopting a more active stance towards attackers, pursuing them
more actively through legal means, and communicating more publicly about their
cyber threats, incidents and responses.
Clearly, these responses must stay within the law—so it is important to ensure that
well-meaning employees do not take things too far by hacking back. The CEO and
board should also be clear about the organisation’s stance on prosecuting or suing
attackers, and must be sure the business has the necessary evidence to support any
legal action. By taking a more active stance against attacks on its commercial or
national interests, the organisation can show that it takes attacks seriously and will
strive to bring offenders to justice.
15. Delusions of safety? 13
“We are promoting an initiative
for an organisation-wide
cultural shift towards greater
cyber security awareness.
We have identified a step up
in dispersed attacks and are
preparing ourselves accordingly.
It is anticipated that this threat
will become more severe and
impact more industries, and we
certainly put much importance
on an organisation approach to
cyber security.”
—Itzik Kochav, Chief of Data Protection at
Clalit Healthcare, one of Israel’s leading
health service organisations.
Rising to the challenge: an
agenda for business and
government
The threats from the Internet represent a massive challenge shared by the public and
private sectors worldwide. It is also a challenge that neither can tackle effectively on
its own.
In today’s interconnected world, the government’s ability to deliver efficient, reliable
and secure services is a critical factor in business confidence. And governments want
a robust and vibrant public sector to generate growth and employment. Neither
sector’s objectives can be achieved without using the cyber environment—which
demands cyber security.
To meet the imperatives of the cyber era, we believe that most public and private
sector organisations will need to adopt new structures, roles and governance, while
also engaging in close and continuing collaboration around the cyber agenda with
other organisations.
Having the courage to let go…
This in turn demands a new mindset focused not on protecting the organisational
entity itself but its wider ecosystem, while still ensuring the organisation’s critical
information assets are secure. Embracing the cyber world means opening up systems
and processes to external suppliers, customers, partners and employees, and
accepting culturally and psychologically that the old boundaries are being swept
away.
This is a major change. Traditionally, organisations have exercised control within
their perimeters by prohibiting some behaviours and monopolising power at the
centre. These approaches worked in the old world of physical supply chains. But they
have the effect of inhibiting the speed and flexibility needed in the cyber world.
16. PwC14
Our PwC / ISF QuickPoll: Organisations are moving from
restrict-and-control to monitored trust
According to our research, most organisations have moved away from managing
people by restricting what they do, and are instead managing them on the basis of
trust and monitoring. This appears to be a sensible response to the advent of the
cyber world. Yet other findings – notably on the relative lack of awareness of cyber
risks at the lower kevels of organisations – cast into doubt whether organisations’
workforces are really ready for such an approach.
Do you manage your people by restricting what they do, or by trusting
and monitoring them?
Restricting
Trusting and monitoring
…and move from proscriptive rules to monitored trust
This means companies need to let go of the old levers of power. Their security against
cyber threats is critically dependent on their interconnected supply chains, and
on the people working in them understanding the threats and behaving the right
way. So organisations must move away from rules-based prohibition and control,
and towards monitored empowerment and trust, at all levels from the individual
employee to the supply chain to the collaborative business partner or government.
Governments: achieving win-wins through collaboration
For their part, governments themselves can play a further critical role in
strengthening cyber security, by bringing different stakeholders together to
achieve win-wins through greater collaboration across sectoral and national
boundaries. The most efficient and effective way to tackle a shared threat is through
shared information, which can both heighten awareness and avoid the need for
organisations to reinvent the wheel. Governments are ideally placed to foster this
collaboration.
Time for the cyber savvy CEO to step up
Today, more and more organisations in all sectors are seizing the opportunities
created by the Internet. In PwC’s view, the only way to do this securely and
sustainably is by ensuring that cyber awareness and responsiveness are infused into
every employee, every decision and every interaction. It’s time for CEOs to make this
happen.
17. Delusions of safety? 15
The PwC Information and Cyber Security team has over 30 years’ experience in all
aspects of security, from espionage to governance risks. Our globally based team
understands and speaks business language, we know when and how best to involve
experts in legal, IT, business continuity, disaster recovery, crisis management,
fraud, forensic and human resources. This wide range of know-how means we can
help your organisation to devise a dynamic and forward-thinking security strategy
that identifies the security risks you face, and offers practical and effective ways of
ensuring they are addressed. PwC were recognised by Forrester in 2010 as a leader
in Information Security and Risk.
About PwC’s Information
and Cyber Security Team
Setting direction
Security strategy development, organisational design,
management reporting.
Creating a sound
framework of control
Risk, policy and privacy
review, regulatory compliance
assessment, data loss
prevention, awareness
programmes.
Building in Resilience
Business continuity
management, disaster recovery,
crisis management.
Managing incidents
Incident response review,
corporate and regulatory
investigations, forensic
investigation and readiness,
crisis response.
Building secure systems and infrastructure
Security architecture, network security, cloud computing
security, identity and access management solutions, ERP
security.
Managing Exposure
Penetration testing,
vulnerability scanning and
remediation, continuous and
global threat monitoring.
Security
Strategy
Security
Governance
and
Control
Threat and
Vulnerability
Management
Architecture,
Network
security
and
Identity
People
Process
Technology
Incident
Response and
Forensic
Investigation
Business
Continuity
Management
18. PwC16
A special thank you to Fox-IT in the Netherlands, who made a
significant contribution to the content of this paper.
Grant Waterfall
United Kingdom
grant.waterfall@uk.pwc.com
+44 (0)20 780 42040
William Beer
United Kingdom
william.m.beer@uk.pwc.com
+44 7841 563 890
Otto Vermeulen
Netherlands
otto.vermeulen@nl.pwc.com
+31 88 792 63 74
Ed Gibson
USA
ed.gibson@us.pwc.com
+1 (703) 918 3550
Nick C Jones
PwC Public Sector Research Centre United Kingdom
David Moloney
PwC United Kingdom
Clare Geldart
PwC United Kingdom
Sarah Nolton
PwC United Kingdom
Andrew D Miller
PwC United Kingdom
Ariel Litvin
PwC Israel
If you would like to discuss any of the issues
raised in this report, please speak to your
PricewaterhouseCoopers contact listed below
Contributors
The following individuals in PwC contributed to the
production of this report.