Cyber Security and the Impact on your Business
-
Upload
lucy-denver -
Category
Business
-
view
226 -
download
0
Transcript of Cyber Security and the Impact on your Business
![Page 1: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/1.jpg)
WELCOME TO:
CYBER SECURITYAND THE IMPACT ON YOUR BUSINESS
HOW DO YOU CURRENTLY BACK UP YOUR DATA?
ADD YOUR RESPONSE AT WWW.SLI.DO
JOIN USING THIS CODE:#5660
![Page 2: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/2.jpg)
WHO WE ARE
"Our mission is to make IT simple. Enabling our customers to succeed by delivering information technology services better than anyone else."
![Page 3: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/3.jpg)
CYBER SCAMS
What were the most prevalent cyber scams of 2016?
How much damage did they cause?
![Page 4: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/4.jpg)
Common frauds & scams in today’s digital marketplace
• Phishing• Vishing• Invoice Redirection• Bogus Boss• Overpayment Fraud
![Page 5: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/5.jpg)
PHISHING
Bogus emails which appear authentic and from legitimate sources• High volume• Fake links, websites, attachments
Tips to protect• Antivirus, Trusteer Rapport, spam filters and firewalls• Https://• Do not respond• Do not click links• Forward suspect emails to: [email protected]
![Page 6: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/6.jpg)
VISHINGVoice + Phishing = Vishing• Social engineering• Information jigsaws
Tips to protect• Question who is calling• Decline to provide personal information• Do not rely on Caller ID• Do not transfer money
![Page 7: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/7.jpg)
INVOICE REDIRECTIONSpecifically aimed at businessesThey research your business• Suppliers’ details• Payment profile
They attempt to issue a revised payment location controlled by fraudsters.Tips to protect• May begin with post going missing• Validate any requests• Dual-authorise changes• Systems, processes and checks
![Page 8: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/8.jpg)
CASE STUDY
![Page 9: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/9.jpg)
BOGUS BOSS• Email or text reportedly from your ‘boss’• Requests an urgent transfer of funds due to a situation or in
a light-hearted conversation• Fakes/spoofs internal email appearances
Tips to protect• Question the request• Validate the request• Speak to the person
![Page 10: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/10.jpg)
OVERPAYMENT FRAUD• Customer advises they have ‘mistakenly’ overpaid your bill
e.g. £40,000 instead of £4,000• Requests you keep the amount and return the difference• Original payment subsequently bounces
Tips to protect• Typically new clients• Do usual background and reference checks• Think about how you would treat a cheque• Strange type of payment - validate
![Page 11: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/11.jpg)
REMEMBER• Do not share user accounts• Install Trusteer Rapport software• Have up to date antivirus• Never give out your pin/password
Useful contactsEmail: [email protected] Fraud: 0345 300 3986Actionfraud: 0300 123 2040
![Page 12: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/12.jpg)
CRYPTOLOCKER
A type of Ransomware that stealthily encrypts all your files and deletes the originals, before demanding payment to reinstate your documents and data. Typically delivered via email or an insecure internet-enabled computer.
In 2016, 54% of UK businesses were hit by some form of Ransomware attack
![Page 13: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/13.jpg)
CRYPTOLOCKER
HOW RANSOMWARE CAN IMPACT YOUR BUSINESS
IF YOU GET IT RIGHT…Hotel in BelfastEmployees: ~500Type of Backup: untested, internally managedWhat happened: AAG brought in when Cryptolocker hit for the 3rd time in 2 weeksResponse: Engineer deployed within 4 hoursRecovery time: <48 hours for all systems; no downtime to booking or critical systemsCost to business: £negligible
IF YOU GET IT WRONG…Company in RotherhamEmployees: 149Type of Backup: untested, externally managedWhat happened: Cryptolocker got onto their network via an infected emailRecovery time: 14 days for critical systemsLast viable Backup: May 2016 (lost five months’ worth of data)Cost to business: £35,000 lost revenue
![Page 14: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/14.jpg)
WHY SHOULD I BACK UP?
• 6.2 million cyber attacks on UK businesses took place in 2015
• 33% of attacks were caused by an employee
• 3,200% - the increase in attack infrastructure used by cybercriminals in 2016
• 80% of CIOs and IT Directors surveyed had experienced a cyber attack
• 37% lost revenue
• 20% had to halt operations*
*540 individuals surveyed by Malwarebytes, 2016
![Page 15: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/15.jpg)
WHY SHOULD I BACK UP?
The typical cost to SMEs of a cyber
attack(PWC IOC Report, 2015)
70%
70% of businesses who suffer a major data loss
fail within one year
(PWC IOC Report, 2015)
75%
75% of businesses fail to successfully execute an
untested Disaster Recovery plan (PWC IOC Report, 2015)
£75k - £311k
![Page 16: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/16.jpg)
HOW SHOULD I BACK UP?
How do you back up? Let’s have a look at the results
Popular + unreliable
Less popular + more reliable
Becoming popular + most reliable
Optical Drive Disk-to-Disk Site-to-Site BackupTapes CloudUSB Hard Drive Site-to-Site + Cloud
How often do you test your Backup method?
![Page 17: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/17.jpg)
HOW SHOULD I BACK UP?
Cloud vs. Site-to-Site vs. Disk
The recommended Backup method is always down to your business needs. Typically, Cloud and/or Site-to-Site Backup
gives the best value and peace of mind
Capacity Security ReliabilityCloud Unlimited Very secure 99.99% uptimeSite-to-Site Flexible Secure More reliableDisk/USB Hard Drive
Limited Easily corruptible
Less reliable
Tape Limited Easily corruptible
Unreliable
![Page 18: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/18.jpg)
COST OF SECURING YOUR DATA
ANNUAL TURNOVER
MONTHLY REVENUE(21 WORKING DAYS)
£1 MILLION £82,677 £3 MILLION £248,031£5 MILLION £413,385£10 MILLION £826,770
CLOUD COST(DATA-DEPENDENT)
£150£250£350£500
% OF TURNOVER
0.007%0.001%0.0008%0.0006%
ANNUAL TURNOVER
COST OF 12 DAYS’ LOST BUSINESS
£1 MILLION £47,244£3 MILLION £141,732£5 MILLION £236,220£10 MILLION £472,440 *based on 254 working days per
year
![Page 19: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/19.jpg)
BACKUP & DISASTER RECOVERY
Backup refers to the copying and archiving of computer data so it may be used to restore the original after a data loss event.
Backup is different to Disaster Recovery:
• Backup is simply making one or more copies of your data in case the original is lost or damaged
• Disaster Recovery is restoring that data in the instance that the original is lost or damaged.
![Page 20: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/20.jpg)
Backup, Disaster Recovery and Cyber
Security
LEGAL ISSUES
![Page 21: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/21.jpg)
INTRODUCTION• Shulmans LLP• One of the fastest growing Commercial law firms in the UK• Providing a national service from a cost effective base in
Leeds• Experienced team with a focus on compliance, risk
management, technology and good business practice• Risk and Regulation• Strategy and Risk Management• Business Process Advice• Crisis Management and Regulator Response
![Page 22: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/22.jpg)
CHANGING LANDSCAPE• Increasingly connected world• Obsolete or vulnerable technology• Increasingly complex attacks• Rise of the Super-Regulator• ICO• National Cyber Security Centre (or similar)• HSE• Sector-specific regulation e.g. Financial Services
![Page 23: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/23.jpg)
RISK
What risks are we trying to avoid?• Injury• Financial Loss• Reputational Damage• IP & Confidential Information Loss• Regulatory Intervention/fines• Liability to third parties• Interference with operation/production• Maintaining services/data availability
![Page 24: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/24.jpg)
REGULATION
• Any interruption to business could expose you to claims e.g. that you are unable to carry out contracted services• ALWAYS good business sense to protect against this risk• In some sectors there are also specific obligations to put security
in place:• Personal Data• Cyber Security Directive• Financial Services• Payment card information
![Page 25: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/25.jpg)
PERSONAL DATA PROTECTION
• Specific regulation relating to personal data• Currently Data Protection Act 1998• General Data Protection Regulation in force 2018• Both contain obligations to have appropriate security measures“…the controller [and the processor] shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk…”• Stronger obligations for sensitive personal data• Stronger notification requirements in GDPR
![Page 26: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/26.jpg)
CYBER SECURITY DIRECTIVE• Will take effect in UK by May 2018• Impacts on operators of essential services and digital service
providers• Online marketplace, online search engine, cloud computing service• NOT hardware manufacturers/software developers/micro or small enterprises
• Security requirements“appropriate and proportionate organisational risk management measures including measures to prevent and minimise the impact of incidents that affect security of networks and information systems”
• Incident notification• Will require
• Risk management systems• Reporting processes
• Enforcement - fines?
![Page 27: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/27.jpg)
INCIDENT RESPONSE
• Legal obligations don’t just cover putting technical protection in place• Also cover how you respond to an incident – containment, recovery,
notification• Disasters do happen – need to plan ahead• Legal priorities
• Regulatory notification obligations• Contractual notification obligations• Potential liability to third parties• Are you able to pursue the perpetrator (especially for employee fraud) or
recover money/IP/assets?• Legal privilege
• Plan ahead so you can act fast!
![Page 28: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/28.jpg)
DIRECTORS’ LIABILITY
• s61 DPA• Directors’ duties• Regulatory obligations• ICO may request undertakings from directors
![Page 29: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/29.jpg)
CASE STUDY: EMPLOYMENT FRAUD
• Apparently loyal employees• Handed in notice, off sick• No apparent warning signs• But…
• Copied emails to home address• Used FTP File transfer software to transfer large files – difficult to
detect• Software, designs, clients, suppliers and pricing all copied
• Loss?• What did we do?
![Page 30: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/30.jpg)
WHAT NEXT?• I’m too busy!• Schedule time to review risks and strategy• Understand your risk profile• Formulate an action plan• Fit into your “business year”
• Who needs to be involved?• Board, key managers, staff, consultants, key suppliers• Lawyers and specialist consultants
![Page 31: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/31.jpg)
OUR SOLUTION• Data Protect Workshop with AAG and Shulmans
• A planned, time & cost controlled solution• Intro to other key business participants - high level summary of law and approach to risk assessment • Scoping questionnaire• Workshop:
• legal and technical • individual business needs• Board, management & operational
• Outputs – technical requirements, risk analysis & risk register, business knowledge, policies, procedures, training materials.
• Outputs - data protection policies, customer document and online policies, business continuity policy update, disaster recovery, cyber Incident response & cyber risk training. Delivered in physical and digital formats
• Outputs - high level summary for board, compliance protection & insurers/brokers • Layered approach to information, role specific (board, management and operational)• Annual review and access to ongoing technical and legal support.
• Available dates
![Page 32: Cyber Security and the Impact on your Business](https://reader031.fdocuments.in/reader031/viewer/2022030307/58e974951a28abd2148b5cfd/html5/thumbnails/32.jpg)
SUMMARY• If your business is important to you, it is worth protecting it with a Backup
& Disaster Recovery strategy that you can have confidence in
• Educate your staff of the latest cyber scams and types of Ransomware attacks
• Test your current Backup
• Review your Disaster Recovery plan
• Implement a responsibilities chart
• Book your Data Protect Workshop with AAG and [email protected] www.linkedin.com/company/aagsystems 0114 399 0995