SlideShare a Scribd company logo
1 of 3
Download to read offline
Cybersecurity & Data Protection 2018
EXPERT GUIDE
www.corporatelivewire.com
20 21December 2017 December 2017
Expert guide: Cybersecurity & Data Protection 2018
Over the last decade there has been an increasing fo-
cus on cyber incidents. As the legal landscape evolves,
companies have started to realise that there is a need
to steer risk managers towards reviewing and adapt-
ing their strategies to bear in mind cyber risks.
Taking the classic risk management repertoire (risk
acceptance, avoidance, limitation and transfer) as a
base, strategies have evolved from a responsive ap-
proach to a more proactive one.
In addition, today’s aggressive polymorphic cyber
risks have forced risk managers to consider “cyber
resilience”; a concept that is rapidly gaining recogni-
tion within the community.
Cyber resilience is the ability to continuously con-
duct business despite adverse cyber incidents. Peo-
ple are still confusing security (which is a static but
nevertheless important risk mitigation element)
with resilience, “the ability to prepare for and adapt to
changing conditions and withstand and recover rap-
idly from disruptions.”1
After talking it over with many Executive Directors,
CISOs, Risk Managers and hackers, I am convinced
that the appropriate and relevant balance between
security (prevention, detection, correction) and re-
silience (anticipation, adaptation, readiness) must be
struck by companies when considering cyber threats.
In this article, I have included a mix of what I con-
Finally, a smart and flexible patch management pro-
cess is also a key preventative element as it allows
the company to secure its perimeter and as such, de-
creases the opportunities for malicious actors to gain
access to the company’s network.
In a nutshell, preventative solutions are useful as
they can reduce the likelihood of an event occur-
ring. Companies should invest appropriately in these
types of measures.
“Make the hacker’s life hell!”
But what if someone gets into your system?
In this case, to minimise potential loss and damage,
another complementary strategy would be to set up
relevant protective elements that limit the impact of
potential human errors or make any cyber intrusion
more difficult to carry out.
sider to be today’s relevant and complimentary strat-
egies for minimising loss and damages in relation to
any type of cyber incident.
“Prevention is better than cure!”
Like a boxer twisting to avoid his opponent’s jabs,
the best strategy to minimise loss and damage aris-
ing from cyber events is to avoid them!
The importance of this strategy is often underesti-
mated, yet it is one of the most relevant when want-
ing to reduce cyber security incidents related to hu-
man error. For Cyence2
“most cyber events are driv-
en by human and behavioural factors” so we easily
understand how dedicated trainings and awareness
campaigns (IT security, data management, social
engineering risks...) could have a positive impact on
such a dramatic trend.
Being consistent and involving all employees is also
vital, so having, sharing and regularly reviewing an
information security policy (and other behavioural
policies) makes sense.
Furthermore, and as we constantly remind our cli-
ents, training people is also a way of reinforcing your
first and maybe best line of defence against a cyber
incident; so, do not underestimate the power and
importance of your staff.
Companies should make sure that their networks are
segregated in order to stop any virus from spreading
and, making lateral movements slow and difficult.
If appropriate, access and password management
processes should be designed so as to limit a hacker’s
progress in a defined system. Encryption technology
could render sensitive data useless should it fall into
enemy hands.
Obviously, the intention is not to encrypt all data but
rather those that a company considers non-public
information and of vital importance. For this, com-
panies should regularly carry out risk mapping ex-
ercises that include the crucial step of identifying,
localising and classifying data.
Fortunately for companies there are many protective
measures that can be taken, the ones mentioned here
above are just a few examples of useful available tools.
Spain
Strategies to minimise loss & damage
By Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC
Xavier Marguinaud
xmarguinaud@tmhcc.com
+34 93 530 7439
www.tmhcc.com
22 23December 2017 December 2017
Expert guide: Cybersecurity & Data Protection 2018
Spain
Protective measures need to be taken in order to make
a hacker’s job as difficult as possible.
“Enemy at the gates, prepare for battle!”
Concurrent to the protective strategy, companies
should work on efficient detection and event escala-
tion solutions and procedures.
Of course, detection is key in any comprehensive cy-
ber resilience strategy as it is what would naturally
link protective measures to the company’s response to
an attack. For this an active Intrusion Detection Sys-
tem (IDS), also known as Intrusion Preventive System
(IPS) is recommended. This kind of device or soft-
ware application monitors networks or systems for
malicious activity. It not only reports an intrusion to
an administrator or Security Information and Event
Management (SIEM) system but also takes automated
actions in order to contain the intrusion (blocks traf-
fic, drops malicious packets, resets connection etc.).
Obviously, a serious mistake would be to only moni-
tor traffic approaching the perimeter of the company’s
network (in a battle analogy this would be the forti-
fication), whilst overlooking internal traffic (perhaps
the enemy is already in the courtyard or dungeon?).
footprint should also consider having local relays in
addition to a centralised Computer Emergency Re-
sponse Team (CERT), as response is time critical. For
this very same reason, it is highly recommendable to
draw up an Emergency Response Plan (ERP) for im-
mediate decisions and actions as well as a Business
Continuity Plan (BCP) to manage more complex
situations and more impacting incidents (network
redundancy, Backups or other Business Interruption
counter-measures...).
Furthermore, companies should always keep in
mind that “the supreme art of war is to subdue the
enemy without fighting”4
. For this, anticipation is
key. Companies should have recourse to threat intel-
ligence (to understand trends and anticipate future
behaviour and modus operandi) and other risk ana-
lytical reports. In my opinion not enough companies
have this presently.
Last but not least, on the list of ways to be cyber
ready, another way to anticipate a potential intrusion
would be “empathy”. Companies should try to un-
derstand what an external hacker or an insider could
achieve, by performing white box or black box pen-
etration tests.
Detection of course is good, but knowing how to react
is better. Having a regularly tested and reviewed esca-
lation protocol along with clear incident management
guidelines is no longer a luxury but a necessity.
A recent study3
has highlighted a direct and very
often significant correlation between the ability to
quickly identify and contain a cyber event and the
cost of the incident. So whilst the need to detect an
incident is really important, the ability to contain the
incident is even more so.
A company’s readiness for potential cyber incidents
is of utmost importance and this demonstrates both
a reassuring level of humility and maturity. Investing
in this “being ready” strategy could take on different,
but nonetheless complementary, forms.
Companies should have an in-house or outsourced,
dedicated cyber incident response team. This would
definitely be a game changer in case of a cyber in-
cident, as knowledgeable, experienced and trained
people would be more efficient and straight-to-the-
point when analysing, taking decisions and imple-
menting solutions.
Those companies that have a large geographical
There are, of course, many strategies that can help
minimise loss and damage. In this article I have out-
lined some of the more proven measures that cur-
rently exist and should be implemented in order to
be a more cyber resilient company. However, the cy-
ber landscape is constantly evolving and risk manag-
ers should factor in cyber risks and stay abreast of
developments as well as count on an expert insurer
who can advise and offer complete coverage; one that
contemplates the before, during and after scenarios
of a cyber incident.
Xavier Marguinaud is Underwriting Manager – Cy-
ber, overseeing and coordinating Tokio Marine HCC’s
Cyber strategy for EMEA, APAC and LATAM. Previ-
ously, Xavier worked at Marsh as NZ Cyber Risk Spe-
cialty Head and as Financial Lines Senior Risk Advi-
sor as well as Cyber Product Champion in France. He
launched his career in the Risk and Insurance depart-
ment of Publicis Groupe.
1. US Department of Homeland Security, What is Security and Resilience, www.
dhs.gov
2. Cyence, Cyber threats: People, Process and Technology, www.cyence.net
3. Ponemon Institute Research report, 2017 Cost of Data Breach Study.
4. Sun Tzu, The Art of War.
Companies should always keep in mind that “the supreme
art of war is to subdue the enemy without fighting”4
.
For this, anticipation is key. Companies should have
recourse to threat intelligence (to understand trends and
anticipate future behaviour and modus operandi)

More Related Content

What's hot

Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
Clear Technologies
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton
Reenergize
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Polsinelli PC
 

What's hot (20)

RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
Convergence of Security Risks
Convergence of Security RisksConvergence of Security Risks
Convergence of Security Risks
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research
 
Dynamic Defense
Dynamic DefenseDynamic Defense
Dynamic Defense
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
 
Whitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcingWhitepaper - Data Security while outsourcing
Whitepaper - Data Security while outsourcing
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the Trees
 
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk program
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
 
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
 
2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton2012 Reenergize the Americas 3B: Charles Hamilton
2012 Reenergize the Americas 3B: Charles Hamilton
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
Breach Response Matters: Effectively Handling Health Care Cyber Security Inci...
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 

Similar to Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec

eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
Charmaine Servado
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 

Similar to Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec (20)

What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
 
For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10For Corporate Boards, a Cyber Security Top 10
For Corporate Boards, a Cyber Security Top 10
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Cyber Security Audit.pdf
Cyber Security Audit.pdfCyber Security Audit.pdf
Cyber Security Audit.pdf
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Protect Your Digital Privacy | Cyberroot Risk Advisory
Protect Your Digital Privacy | Cyberroot Risk AdvisoryProtect Your Digital Privacy | Cyberroot Risk Advisory
Protect Your Digital Privacy | Cyberroot Risk Advisory
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
CISO-Fundamentals
CISO-FundamentalsCISO-Fundamentals
CISO-Fundamentals
 
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdf
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdfFour Crucial Steps CISOs Should Consider During Uncertain Times.pdf
Four Crucial Steps CISOs Should Consider During Uncertain Times.pdf
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite  defining and understanding risk in the moder...White paper cyber risk appetite  defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
What Every CISO Should Learn From the Target Attack
What Every CISO Should Learn From the Target AttackWhat Every CISO Should Learn From the Target Attack
What Every CISO Should Learn From the Target Attack
 

Recently uploaded

Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot ReportFuture of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Dubai Multi Commodity Centre
 
What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...
AnaBeatriz125525
 
zidauu _business communication.pptx /pdf
zidauu _business  communication.pptx /pdfzidauu _business  communication.pptx /pdf
zidauu _business communication.pptx /pdf
zukhrafshabbir
 

Recently uploaded (20)

India’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdfIndia’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdf
 
Potato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdfPotato Flakes Manufacturing Plant Project Report.pdf
Potato Flakes Manufacturing Plant Project Report.pdf
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
 
LinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptxLinkedIn Masterclass Techweek 2024 v4.1.pptx
LinkedIn Masterclass Techweek 2024 v4.1.pptx
 
Stages of Startup Funding - An Explainer
Stages of Startup Funding - An ExplainerStages of Startup Funding - An Explainer
Stages of Startup Funding - An Explainer
 
The Inspiring Personality To Watch In 2024.pdf
The Inspiring Personality To Watch In 2024.pdfThe Inspiring Personality To Watch In 2024.pdf
The Inspiring Personality To Watch In 2024.pdf
 
Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)Special Purpose Vehicle (Purpose, Formation & examples)
Special Purpose Vehicle (Purpose, Formation & examples)
 
Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...
Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...
Unleash Data Power with EnFuse Solutions' Comprehensive Data Management Servi...
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
 
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot ReportFuture of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
Future of Trade 2024 - Decoupled and Reconfigured - Snapshot Report
 
USA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdfUSA classified ads posting – best classified sites in usa.pdf
USA classified ads posting – best classified sites in usa.pdf
 
Unveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptx
Unveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptxUnveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptx
Unveiling the Dynamic Gemini_ Personality Traits and Sign Dates.pptx
 
Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)Inside the Black Box of Venture Capital (VC)
Inside the Black Box of Venture Capital (VC)
 
Evolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdfEvolution and Growth of Supply chain.pdf
Evolution and Growth of Supply chain.pdf
 
What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...What is social media.pdf Social media refers to digital platforms and applica...
What is social media.pdf Social media refers to digital platforms and applica...
 
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
8 Questions B2B Commercial Teams Can Ask To Help Product Discovery
 
zidauu _business communication.pptx /pdf
zidauu _business  communication.pptx /pdfzidauu _business  communication.pptx /pdf
zidauu _business communication.pptx /pdf
 
IPTV Subscription UK: Your Guide to Choosing the Best Service
IPTV Subscription UK: Your Guide to Choosing the Best ServiceIPTV Subscription UK: Your Guide to Choosing the Best Service
IPTV Subscription UK: Your Guide to Choosing the Best Service
 
FEXLE- Salesforce Field Service Lightning
FEXLE- Salesforce Field Service LightningFEXLE- Salesforce Field Service Lightning
FEXLE- Salesforce Field Service Lightning
 
Salesforce in Life Sciences - Best Ways to Leverage The CRM for Clinical Trials
Salesforce in Life Sciences - Best Ways to Leverage The CRM for Clinical TrialsSalesforce in Life Sciences - Best Ways to Leverage The CRM for Clinical Trials
Salesforce in Life Sciences - Best Ways to Leverage The CRM for Clinical Trials
 

Xavier Marguinaud in Corporate Livewire Cyber Security Expert Guide 2017 Dec

  • 1. Cybersecurity & Data Protection 2018 EXPERT GUIDE www.corporatelivewire.com
  • 2. 20 21December 2017 December 2017 Expert guide: Cybersecurity & Data Protection 2018 Over the last decade there has been an increasing fo- cus on cyber incidents. As the legal landscape evolves, companies have started to realise that there is a need to steer risk managers towards reviewing and adapt- ing their strategies to bear in mind cyber risks. Taking the classic risk management repertoire (risk acceptance, avoidance, limitation and transfer) as a base, strategies have evolved from a responsive ap- proach to a more proactive one. In addition, today’s aggressive polymorphic cyber risks have forced risk managers to consider “cyber resilience”; a concept that is rapidly gaining recogni- tion within the community. Cyber resilience is the ability to continuously con- duct business despite adverse cyber incidents. Peo- ple are still confusing security (which is a static but nevertheless important risk mitigation element) with resilience, “the ability to prepare for and adapt to changing conditions and withstand and recover rap- idly from disruptions.”1 After talking it over with many Executive Directors, CISOs, Risk Managers and hackers, I am convinced that the appropriate and relevant balance between security (prevention, detection, correction) and re- silience (anticipation, adaptation, readiness) must be struck by companies when considering cyber threats. In this article, I have included a mix of what I con- Finally, a smart and flexible patch management pro- cess is also a key preventative element as it allows the company to secure its perimeter and as such, de- creases the opportunities for malicious actors to gain access to the company’s network. In a nutshell, preventative solutions are useful as they can reduce the likelihood of an event occur- ring. Companies should invest appropriately in these types of measures. “Make the hacker’s life hell!” But what if someone gets into your system? In this case, to minimise potential loss and damage, another complementary strategy would be to set up relevant protective elements that limit the impact of potential human errors or make any cyber intrusion more difficult to carry out. sider to be today’s relevant and complimentary strat- egies for minimising loss and damages in relation to any type of cyber incident. “Prevention is better than cure!” Like a boxer twisting to avoid his opponent’s jabs, the best strategy to minimise loss and damage aris- ing from cyber events is to avoid them! The importance of this strategy is often underesti- mated, yet it is one of the most relevant when want- ing to reduce cyber security incidents related to hu- man error. For Cyence2 “most cyber events are driv- en by human and behavioural factors” so we easily understand how dedicated trainings and awareness campaigns (IT security, data management, social engineering risks...) could have a positive impact on such a dramatic trend. Being consistent and involving all employees is also vital, so having, sharing and regularly reviewing an information security policy (and other behavioural policies) makes sense. Furthermore, and as we constantly remind our cli- ents, training people is also a way of reinforcing your first and maybe best line of defence against a cyber incident; so, do not underestimate the power and importance of your staff. Companies should make sure that their networks are segregated in order to stop any virus from spreading and, making lateral movements slow and difficult. If appropriate, access and password management processes should be designed so as to limit a hacker’s progress in a defined system. Encryption technology could render sensitive data useless should it fall into enemy hands. Obviously, the intention is not to encrypt all data but rather those that a company considers non-public information and of vital importance. For this, com- panies should regularly carry out risk mapping ex- ercises that include the crucial step of identifying, localising and classifying data. Fortunately for companies there are many protective measures that can be taken, the ones mentioned here above are just a few examples of useful available tools. Spain Strategies to minimise loss & damage By Xavier Marguinaud, Underwriting Manager - Cyber at Tokio Marine HCC Xavier Marguinaud xmarguinaud@tmhcc.com +34 93 530 7439 www.tmhcc.com
  • 3. 22 23December 2017 December 2017 Expert guide: Cybersecurity & Data Protection 2018 Spain Protective measures need to be taken in order to make a hacker’s job as difficult as possible. “Enemy at the gates, prepare for battle!” Concurrent to the protective strategy, companies should work on efficient detection and event escala- tion solutions and procedures. Of course, detection is key in any comprehensive cy- ber resilience strategy as it is what would naturally link protective measures to the company’s response to an attack. For this an active Intrusion Detection Sys- tem (IDS), also known as Intrusion Preventive System (IPS) is recommended. This kind of device or soft- ware application monitors networks or systems for malicious activity. It not only reports an intrusion to an administrator or Security Information and Event Management (SIEM) system but also takes automated actions in order to contain the intrusion (blocks traf- fic, drops malicious packets, resets connection etc.). Obviously, a serious mistake would be to only moni- tor traffic approaching the perimeter of the company’s network (in a battle analogy this would be the forti- fication), whilst overlooking internal traffic (perhaps the enemy is already in the courtyard or dungeon?). footprint should also consider having local relays in addition to a centralised Computer Emergency Re- sponse Team (CERT), as response is time critical. For this very same reason, it is highly recommendable to draw up an Emergency Response Plan (ERP) for im- mediate decisions and actions as well as a Business Continuity Plan (BCP) to manage more complex situations and more impacting incidents (network redundancy, Backups or other Business Interruption counter-measures...). Furthermore, companies should always keep in mind that “the supreme art of war is to subdue the enemy without fighting”4 . For this, anticipation is key. Companies should have recourse to threat intel- ligence (to understand trends and anticipate future behaviour and modus operandi) and other risk ana- lytical reports. In my opinion not enough companies have this presently. Last but not least, on the list of ways to be cyber ready, another way to anticipate a potential intrusion would be “empathy”. Companies should try to un- derstand what an external hacker or an insider could achieve, by performing white box or black box pen- etration tests. Detection of course is good, but knowing how to react is better. Having a regularly tested and reviewed esca- lation protocol along with clear incident management guidelines is no longer a luxury but a necessity. A recent study3 has highlighted a direct and very often significant correlation between the ability to quickly identify and contain a cyber event and the cost of the incident. So whilst the need to detect an incident is really important, the ability to contain the incident is even more so. A company’s readiness for potential cyber incidents is of utmost importance and this demonstrates both a reassuring level of humility and maturity. Investing in this “being ready” strategy could take on different, but nonetheless complementary, forms. Companies should have an in-house or outsourced, dedicated cyber incident response team. This would definitely be a game changer in case of a cyber in- cident, as knowledgeable, experienced and trained people would be more efficient and straight-to-the- point when analysing, taking decisions and imple- menting solutions. Those companies that have a large geographical There are, of course, many strategies that can help minimise loss and damage. In this article I have out- lined some of the more proven measures that cur- rently exist and should be implemented in order to be a more cyber resilient company. However, the cy- ber landscape is constantly evolving and risk manag- ers should factor in cyber risks and stay abreast of developments as well as count on an expert insurer who can advise and offer complete coverage; one that contemplates the before, during and after scenarios of a cyber incident. Xavier Marguinaud is Underwriting Manager – Cy- ber, overseeing and coordinating Tokio Marine HCC’s Cyber strategy for EMEA, APAC and LATAM. Previ- ously, Xavier worked at Marsh as NZ Cyber Risk Spe- cialty Head and as Financial Lines Senior Risk Advi- sor as well as Cyber Product Champion in France. He launched his career in the Risk and Insurance depart- ment of Publicis Groupe. 1. US Department of Homeland Security, What is Security and Resilience, www. dhs.gov 2. Cyence, Cyber threats: People, Process and Technology, www.cyence.net 3. Ponemon Institute Research report, 2017 Cost of Data Breach Study. 4. Sun Tzu, The Art of War. Companies should always keep in mind that “the supreme art of war is to subdue the enemy without fighting”4 . For this, anticipation is key. Companies should have recourse to threat intelligence (to understand trends and anticipate future behaviour and modus operandi)