Cyber Security - Is It Identity Theft or Identity Gift? – Part 2

Last week I shared with you the morning’s events at ‘Ever Been Hacked… Off?’, organised by the Milton Keynes Business Resilience Forum (MKBRF) and held at Bletchley Park. Before I move on, for all you tech geeks and historians out there, what a great facility – I would highly recommend the tour of The National Museum of Computing.

Getting back to the event itself, when we came to the end of part one we had listened to a speech from the Protection of National Infrastructure (no names, pictures or tweets ‘On Her Majesty’s Secret Service’ – don’t forget), and heard about the Tier 1 threats to the UK’s national security from the Cyber Security Assistant Director, Digital Economy Unit from the Dept. Culture, Media and Sport.

We moved on after refreshments to ‘Why you need integrated information security and business continuity built into everyday commercial processes’, from a former Lieutenant Colonel in the British Army (only 27 years) with experience in a number of executive roles all focusing on physical and cyber security.

What are the Principles of Security? To us mere mortals a great question, so here is the definition:

1. Protect Life
2. Protect Property
3. Protect Forensic Evidence
4. Return Life to Normal

It was then very cleverly translated into the Principles of Information Assurance - don’t forget this is a cyber event:

1. Confidentiality
2. Integrity
3. Availability
4. Privacy
5. Ethics

This can be neatly translated into DIGITAL TRANSFORMATION - which of the above policies and contingency plans do you have in your business?

We then explored the THREAT and RISK in our digital lives, but before we could do that we needed to understand what CYBER is. It was broken down into two elements:

• CYBERSPACE ‘encompasses all forms of networked, digital activities; this includes the content of actions conducted through digital networks’.
• CYBER SECURITY ‘embraces both the protection of UK interests in CYBERSPACE and also the pursuit of wider UK interests through the exploitation of many opportunities that CYBER SPACE offers’.

So what are the threats and risks?

                                THREAT = Product of capability x Intent

                                RISK = Threat x Impact x Probability

These lead to the challenges that our businesses face, and the message was repeated over and over again: it’s not if you have been hacked, it’s when. So the challenges:

                                > THREATS and RISKS lead to

                                > CAPABILITIES that lead to

                                > NEW DEPENDENCIES that lead to

                                > NEW BEHAVIOURS IN PEOPLE and all that leads to

                                > DIGITAL TRANSFORMATION

It now all comes down to the planning - like everything else in our businesses, we also need to manage our IT / people / risks and threats, which again can be translated into the Key Resilience Features of Digital Commerce:

                                 > Governance, Risk and Compliance

                                 > Encryption

                                 > Identity

                                 > Management

                                 > Recovery and Continuity

But what does this all mean in financial terms should our systems and business be breached or hacked?

• Cost to a small business is typically £75K - £311K
• Cost to a large organisation is typically £1.46M - £3.14M

Source: www.exponential-e.com

The average Cost per record hacked is about £130, but significantly larger for small breaches:

*Source Verizon 2015 DBIR

It’s the reputational damage that we need to take into account as well as the monetary value. Can any business really afford the reputational damaging following a breach or a hack:

Are you getting the picture?

After lunch we were then treated to what can only be described as a controlled test by the Cyber Team of PwC, proving just how easy it is to hack into someone’s business – think Stuxnet and you’re there!

What they refer to is social engineering and the ability to obtain data so easily to breach a business using openly sourced information from social media accounts. This involves setting up emails that by all accounts could very easily appear to come from any one of your friends!

In summary, at SilverDisc we see the importance of cyber security and business continuity, and importantly the cost of failure to adequately manage cyber security and business continuity. It is SilverDisc’s intention to bring this ‘Ever Been Hacked… Off? Event to Northants and for the benefit of surrounding counties, to help businesses Deter, Protect, Detect, React and Recover from cyber-attacks! I look forward to seeing you there.