digital resilience flipbook
Post on 22-Jan-2017
52 Views
Preview:
TRANSCRIPT
A clear & present danger
Building the intelligence to create a digital fortress to protect your customer and your business
#DigitalByDesign
The British and American financial systems were recently tested to see how well they could stand up
to attacks by hackers in the wake of the Sony, TalkTalk and United States Office of Personnel Management
security breaches. The biggest banks in the UK and US faced a simulated major cyber attack from the
Building a digital fortress to protect your customers and
your business
3
Bank of England and its US counterparts this month, as officials probed the industry’s ability to withstand assaults from hackers looking to steal data or cripple the financial sector.
What you don’t hear about is the constant and relentless bombardment that has resulted in 90% of large businesses reporting an information security breach. This perspective was further underpinned by a recent PwC study that recorded a 38% increase in detected
information security incidents.The business risk has also been exacerbated by rapidly changing technology, IOT effects,
digital disruption and the need for changing business models. There is now a growing awareness that this topic needs to be at the
forefront of the board’s agenda.
Bearing this background in mind, we recently discussed
with our clients how SMEs and large organisations could build and sustain a Digital Fortress in order to establish a digital resilience that would protect their customers and their own business. We also discussed how our clients
could leverage UK Government initiatives that will see it invest nearly $1Bn in the promotion of cyber security.
53% of organisations say that lack of skilled resources is one of the main obstacles that challenge their information security (EY)
#DigitalByDesign
To become a business leader in the digital environment requires that the customer and digital strategy is placed at the core of your business strategy. It also means that protecting client or customer information is the essential element within that digital strategy. Recent studies continue to show that a significant number of businesses still
don’t have a digital strategy and therefore probably do not have a robust digital resilience strategy.
A recent McKinsey report cites that nearly 80% of technology executives surveyed stated that their organisations could not keep up with the attackers’ increasing sophistication, and most organisations
recognise that there is significant room for improvement when it comes to digital resilience.
56% of organisations say that it is unlikely or highly unlikely that their organisation would be able to detect a sophisticated attack (EY)
5
This has created the need to view digital resilience through an operational excellence lens in order to create a “Digital Fortress” that we call the Digital
Resilience Operational Network Ecosystem or DRONE©. The foundation of this model includes a real-time risk management to protect customers’
sensitive and business critical information.
The model also needs to recognise an ever growing IOT presence and its security
Digital Fortress: Digital Resilience Operational
Network Ecosystem
37% say that real-time insight on cyber risk is not available (EY)
91% have adopted a risk-based cybersecurity framework (PwC)
58% of organisations do not have a role or department focused on emerging technologies and their impact on information security (EY)
#DigitalByDesign
ramifications.
Another critical aspect within the DRONE© model is the need to harness not just Big Data, but also the Right Data in order to facilitate the early recognition of potential internal and external threats. This DRONE© model
also calls for the need to establish a security excellence centre (SEC) that will provide real-time insight into cyber risks. A recent KPMG study indicated that only 65% of organisations had a cyber security team or responsible executive in place. Another study showed that only 20% of
36% have a security stratecy for the Internet of Things (PwC)
Fewer than 20% of organisations have real time insight on cyber risks readily available (EY)
7
organisations have real-time insight into cyber risks. Another critical characteristic of the SEC is the integration of a well-defined advanced authentication, identity and access management (IAM) programme.
The holistic resilience strategy model
(DRONE©) also recognises the role that the board plays in establishing the right oversight, both inside and outside an organisation. There is hard evidence which suggests that a key threat comes from within organisations, therefore enhancing employee awareness
is a key aspect of the model.
20% have published sources of cyber attacks on their sector peers readily available (EY)
Nearly two thirds of organisations do not have well-defined and automated IAM programs (EY)
45% of boards participate in the overall security strategy (PwC)
#DigitalByDesign
The author of ‘The Black Swan’, Nassim Nichols Taleb, described Black Swan events as an outlier that carries an extreme impact. He said human nature makes us concoct explanations for these events after
they have occurred, despite their outlier status, in an attempt to make them explainable and predictable. Therefore, managing these kind of cyber Black Swan events requires a blueprint
in order to deliver sustainable digital resilience, and it is essential to incorporate the simple Who, What, Where, When and How principles into the model.
John ChambersCEO, Cisco
There are two types of companies: those who have been hacked, and those who don’t yet know they have
been hacked.
Establishing a Digital Fortress (DRONE) by
managing Black Swan events
11
To assist you in establishing the next tangible steps that are required to build the foundations of a Digital Fortress, you need to: Leverage UK
government investments, the ISO27001 standards and
the US National Institute
Standards and Technology framework
Measure and rate your current digital resilience
process
Develop a digital strategy that incorporates
digital resilience (DRONE©) as
a priority
Enhance employee
communications and awareness
to improve transparency and
eradicate silos
Develop a ‘C Suite’ governance
process to manage real-time risk from
both inside and outside the
organisation
Collaborate with your partners to acquire a deep
knowledge of best in class practices
Appoint a Chief Information
Security Officer (CISO) who will support you in
building the road map and scorecard to
digital resilience
Frequently test your Resilience
and Crisis Management
Model
Who?
What?
Where?When?
How?
The Digital Fortress: DRONE© (Digital Resilience Operational Network Ecosystem)
#DigitalByDesign
Strategy Alignment
Physical & Environmental Security
Employee Processes
Partners & Suppliers
Business Continuity
Incident management
Operations management
13
The Digital Fortress: DRONE© (Digital Resilience Operational Network Ecosystem)
Strategy Alignment
Governance
Organisation
Policies & Procedures
Real-Time Risk Management
Measurement & Compliance
Access Control
top related