smes and cyber security - eema · smes and cyber security why bother? dr daniel g. dresner minstisp...
TRANSCRIPT
![Page 1: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/1.jpg)
Visit www.iasme.co.uk or call 03300 882 752
SMEs and Cyber Security
Why bother?
Dr Daniel G. Dresner MInstISP
![Page 2: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/2.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Why should SMEs bother with cyber security?
• Why should you care?
• What can you do to care?
• How can you show you care?
• Where do you go from here…?
2
![Page 3: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/3.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Why should you care?
3
![Page 4: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/4.jpg)
Visit www.iasme.co.uk or call 03300 882 752
The challenge…
4
![Page 5: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/5.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Why should you care?
Of kill chains and food chains…
5
![Page 6: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/6.jpg)
Visit www.iasme.co.uk or call 03300 882 752
SMEs are the way to the big fish*
* or whales of course…
6
![Page 7: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/7.jpg)
Visit www.iasme.co.uk or call 03300 882 752
The after shock
Source: University of Texas
7
![Page 8: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/8.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Why should SMEs bother?
• Customers do not generally ask for assurance
• SMEs don’t understand the threat
• SMEs don’t understand what to do
• Experts are very expensive
• SME’s don’t hear of other SMEs being breached
• Much more urgent things to worry about
8
![Page 9: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/9.jpg)
Visit www.iasme.co.uk or call 03300 882 752
So what bothers you?
• Identity theft and resulting fraud
• Competitors knowing your plans
• Targeted attacks through multiple channels ‘APTs’
• Surface web…deep web…dark net
• Hacktivism
• Stolen blueprints
• Disrupted utilities
• Contaminated industrial processes
• Lost data in ‘the cloud’
• Surveillance and anonymity
• Destabilised financial markets
9
![Page 10: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/10.jpg)
Visit www.iasme.co.uk or call 03300 882 752
What can you do to care?
10
![Page 11: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/11.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Low level
threats
Rudimentary Insider threats Sophisticated
Advanced persistent threat/ targeted attack
Your attack surface
What’s to do…?
11
![Page 12: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/12.jpg)
Visit www.iasme.co.uk or call 03300 882 752
5 cyber essentials Starting with…
12
![Page 13: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/13.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Cyber essentials
• UK Government reviewed successful cyber attacks over last few years.
• A small number of technical measures would have meant most of these would not have been successful.
• Cyber Essentials scheme aims at getting all companies to implement these 5 most important controls.
• Mandated in UK Government contracts since October 2014.
13
![Page 14: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/14.jpg)
Visit www.iasme.co.uk or call 03300 882 752
1
2 3
4
5
P a t c h m a n a g e m e n t
I t i s b r o k e n ,
s o d o f i x i t
M a l w a r e p r o t e c t i o n
N o e x c u s e s !
Va c c i n a t e !
A c c e s s c o n t r o l
L e a s t p r i v i l e g e
S e c u r e c o n f i g u r a t i o n
O u t o f t h e b o x … i n t o t h e f i r e
B o u n d a r y w a l l s a n d I n t e r n e t g a t e w a y s
K e e p o u t t h e c a s u a l w a n d e r e r s
W h e n y o u ’ v e s e t u p t h e
Cyber Essentials … y o u ’ l l b e r e a d y t o a s s e s s
t h e r i s k …
![Page 15: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/15.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Anything else? Watch this space...
![Page 16: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/16.jpg)
Visit www.iasme.co.uk or call 03300 882 752
How can you show you care?
16
![Page 17: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/17.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Talk to IASME… How can you show you care?
17
![Page 18: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/18.jpg)
Visit www.iasme.co.uk or call 03300 882 752
It’s all about IASME • MoD recognise the IASME governance
certificate
• Biggest market share of basic level CE certifications
• IASME only AB on the original panel which defined Cyber Essentials
• IASME…designed for SMEs but also certifies the largest companies too BAE, KPMG, HoneyWell, FireEye etc.
• ~90 basic certifications/month (rising)
• Rolling out CE and IASME overseas.
– Training up local IT / security companies to be Certification Bodies and conduct the assessments
– Raise level of basic cyber security abroad
– Happy to discuss with any country
• Why IASME over other Accreditation Bodies?
– IASME help clients…no just ‘pass/ fail pay again’
– IASME assessment questions are free (others charge first)
– IASME CBs can help clients achieve it (others run a separate scheme to charge consultants)
– IASME is the lowest cost on the market – £300 including cyber insurance
– Some CBs charge £2,000
– IASME charges one price including optional Governance (recognised by MoD and others)
Choice of certification body:
APMG 2 QG 7 CREST 35 IASME 49
18
![Page 19: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/19.jpg)
Visit www.iasme.co.uk or call 03300 882 752
The scale of trust…
Self assessment Independent, third-party assessment
But it’s about doing good stuff – not the badge…
19
![Page 20: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/20.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Micro,255
Small,214
Medium,116
Large,90
SizeofcompaniescertifiedtoCyberEssentials
by IASME CBs
Note: ISO/IEC 27001 ≠ Cyber Essentials
20
![Page 21: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/21.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Where do you go from here…?
21
![Page 22: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/22.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Low level
threats
Rudimentary Insider threats Sophisticated
Advanced persistent threat/ targeted attack
Your attack surface
What’s to do…?
22
![Page 23: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/23.jpg)
Visit www.iasme.co.uk or call 03300 882 752
IASME Information Assurance for SMEs
Identify Protect Detect and Deter Respond and Recover
23
![Page 24: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/24.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Low level
threats
Rudimentary Insider threats Sophisticated
Advanced persistent threat/ targeted attack
Your attack surface
What’s to do…?
24
![Page 25: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/25.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Cyber essentials and IASME
EU agencies and companies enable security in your supply chains for £300 per participant with
25
![Page 26: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/26.jpg)
Visit www.iasme.co.uk or call 03300 882 752
ISO/IEC 27001
An international standard for information security
26
![Page 27: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/27.jpg)
Visit www.iasme.co.uk or call 03300 882 752
ISO/IEC 27001:2013
27
![Page 28: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/28.jpg)
Visit www.iasme.co.uk or call 03300 882 752
So…what will you do?
28
![Page 29: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/29.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Cyber security essentials
ISO/IEC 27001 IASME SOGP
Live ‘self-preservation’
response
Low level
threats
Rudimentary Insider threats Sophisticated
Advanced persistent threat/ targeted attack
Attack surface
Defence formation
Retaliation formation
29
![Page 30: SMEs and Cyber Security - EEMA · SMEs and Cyber Security Why bother? Dr Daniel G. Dresner MInstISP ... Why should SMEs bother? •Customers do not generally ask for assurance •SMEs](https://reader036.vdocuments.mx/reader036/viewer/2022062908/5adfa7ed7f8b9ab4688c6539/html5/thumbnails/30.jpg)
Visit www.iasme.co.uk or call 03300 882 752
Cyber essentials and IASME
EU agencies and companies enable security in your supply chains for £300 per participant with