08 May Cyber Security and Threat Management

Executive Summary
The primary goal of this document is to inform organizations how to identify, prevent and minimize exposure to cyber security risks and vulnerabilities. The Cyber Assessment can be used to help Organization to develop policies and procedures and raise awareness of potential operational areas requiring more threat intelligence. Cyber Security in necessary as it helps in securing data, minimizing threats and safeguarding systems & applications. It enables a holistic view of compliance that aligns with multiple regulatory requirements. Corporations are increasingly exposed to cyber thefts caused by both internal and external security breaches. Cyber thieves are capable of exploiting enterprise weaknesses, personal information and corporate defenses to steal intellectual property, compromise corporate strategy, target customers, and manipulate confidential and regulated information. The impact of cyber-attack on organization’s brand, reputation and business operations can be catastrophic.

New statistics from polls in the ISACA 2017 State of Cyber security:

• 53% of Enterprises have experienced more attacks.
• 50% Organization has increased Security Budgets in 2017.
• 65% percent employ a Chief Information Security Officer (CISO) as compared to 50% in 2016.

Top three perceived ATTACKER MOTIVATIONS in 2017:

• 50% Financial Gain,
• 45% Disruption of Service
• 37% Theft of Personal Identifiable Information

Description
Cyber is a term relating to or characteristic of the culture of computers, information technology, and virtual reality. Cyber space is related to any business which communicates, learns and interacts with each other. The open communication is the root of most of the threat and vulnerabilities.

Cyber Security has been a priority of organizations. In today’s environment, internal or external in nature, attacks and threats are ever-increasing, which poses a critical risk to business operations. Organizations maintain thousands of networks & user devices which produce vast amounts of data. The Cyber Landscape continues to evolve fast and so is the Cyber Threat Landscape. It is clear most don’t have a good strategy to manage these threats. Cyber Security can be seen as an evolved version of IT Security or complete new version of security focusing on Espionage, Fraud, Spoofing, and Social Engineering.

Most Organizations have either drafted or have a cyber space or cyber strategy that details what mechanisms apply when attacked and what rights and rules are to be followed in defending the targets. The Cyber Security Strategy framework consists of 5 components which an organization need to build their rights and rule in Cyber Security and threat management space.

IDENTIFICATION: Identification of Assets, understanding of my business environment/processes, Process Governance, Data Privacy, Risk Recognition Framework.

PREVENT: User Awareness training, IT Security Architecture, Business Continuity Management Services, Infrastructure protection.

DETECT: Continuous Monitoring and Compliance, Technology Security Assessment, IT Controls Attestation, Incident Management Team.

REACT/RESPOND: Isolate the damage, Remediation, Mitigation, Stakeholders Communication

RECOVER: Identify and contain the breach, User Communication, Tighten up your defense, User Awareness Training, Thoughtful design of IT infrastructure.

Of course, even if you have these five attributes in place, you cannot be complacent. Most companies have focused on developing their cyber security framework. New ways of approaching your cyber systems will become a way of life. Preventing intrusion, keeping a check on internal or external threats, being prepared for action, responding rapidly and effectively to intrusions, recovery, if necessary, with measures you have put in place will keep you ahead of time and building resiliency. When these activities become ingrained in your organization then your prowess at managing cyber risks becomes a strategic asset. If you can do that, you can also master many of the other management challenges in our increasingly complex business environment.

What all customers shall do?
As the technology space is expanding and digitization is on rapid rise with the involvement of Chat bots/IOT in daily business, the management needs to make sure that their business exposure to the Cyber Threats needs to be assessed, measured and mitigated at all times to keep the LIGHTS – ON.
Below are some of the actions, the Senior Management can start with to keep the threat and exposure of the business to Cyber Crime World to a minimum.

• Streamlined Information Security Policy
• Strong End User Security Awareness Education/Training
• Security Devices such as Firewalls & Anti-Virus
• Security Event Monitoring tools such as IDS (Intrusion detection systems)/ IPS (Intrusion prevention systems)
• Regular IT Security & Data Assessment
• Incident Management Policy and Procedures
• Non-Disclosure Agreements with Employees/ 3rd Party Vendors

What CREATING VALUES offers…
CREATING VALUES is a Management Consulting Firm across Technology & Risk, People & Culture, Business Strategy and Brand Consulting.We offer a comprehensive Threat & Risk Assessment of the Technology landscape with the objective of identifying existing flaws that could be exploited to threaten the security of the network and data and the recommended actions on the identified flaws.

The Assessment serves as the basis of recommended actions to take in reducing risk to an acceptable level.
To know more about our work and progress achieved in our endeavors, please visit www.creatingvalues.in ; or connect with us at connect@creatingvalues.in.

~ This is a work of fiction. Names, characters, businesses, places, events, locales, and incidents are either the products of the author’s imagination or used in a fictitious manner. Any resemblance to actual persons, living or dead, or actual events is purely coincidental.