SlideShare a Scribd company logo

Whitepaper | Cyber resilience in the age of digital transformation

Nexon Asia Pacific
Nexon Asia Pacific

We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity.

Technology
1 of 6
Download to read offline
CYBER-RESILIENCE IN THE AGE OF DIGITAL TRANSFORMATION For organisations pursuing business growth and success, innovative technologies offer plentiful opportunities. Since success also depends on trust from consumers and customers, the credibility of an organisation becomes essential. As society becomes hyper-connected with machines “talking” to one another to generate a bigger digital footprint, and customers sharing more data and information, the need for assurance that all critical data and information are protected becomes paramount. We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity. There are many possible motives for anyone to launch a cyber attack, but what matters to an organisation are the likely consequences it has or does not have to bear after the attack. Organisations should aim to reduce security risk and vulnerability and facilitate faster, more effective response plans. But they also must understand how cyber attacks could have other impacts, including the reduction or loss of credibility and brand equity, disruption of critical operational processes and financial implications. WHAT DOES IT MEAN TO BE CYBER-RESILIENT? HOW CAN ORGANISATIONS PROTECT THEMSELVES IN A DYNAMIC THREAT ENVIRONMENT? WHITEPAPER
2 IMPACT OF CYBER ATTACKS The evolution of the security landscape is fast and complicated. Many studies carried out on cyber attacks over the years have noted the accelerated proliferation, increased level of sophistication and the change in targeting of attacks. According to the Australian Cyber Security Centre (ACSC) Threat Report1 , the Australian Signals Directorate (part of ACSC) responded to 1,095 cyber security incidents on government systems, “considered serious enough to warrant operation responses”, within just an 18-month period from January 2015 to June 2016. CERT Australia reported that, in Australia, the highest number of systems that were compromised were found in the sectors of energy and communications; the highest incident of Distributed Denial of Service (DDoS) activity was found in banking and financial services and the communications sector; and the most malicious emails were received by the energy sector and the mining and resources sector. But, this does not mean that other sectors are spared. In May 2017, a ransom attack demanding payment in Bitcoin was executed by cyber hackers who launched the WannaCry cryptoworm which encoded a target’s data. This was shortly followed by the Petya cyber attack that distributed a ransomware virus targeting computer servers across the globe. While these incidents received prominent news coverage in different media outlets, many more sophisticated, successful but unheard of attacks are still taking place every second of every day. The consequences of cyber attacks can be devastating to businesses and organisations to which consumers and customers have entrusted their personal data and information with – but also to the individuals affected. For businesses, enormous costs could be incurred as a consequence of a cyber attack, from business interruptions and the diversion of staff and resources, remediating and recovering systems and data, and the need to pay for public relations and media management. But they should also factor in the possible fines, and damage to reputation and consumer loyalty. The resources used to respond to a breach as a result of a cyber attack may far outweigh the investment required to implement suitable security controls. According to the 2016 ACSC Cyber Security Survey2 , the most common consequence of an attempt or successful breach resulted in loss of time either spent resolving the issue or the inability of staff to continue to work. Of those surveyed in the report, 39% of organisations also felt the financial impacts mainly derived from the further investment needed to prevent future incidents or the costs associated with external repair and recovery. In Australia, despite the Privacy Act 1988 3 that regulates how individuals’ information is being handled, consumers and customers are getting increasingly concerned about the storage of their private information which if stolen, could be leveraged to commit fraud, identity theft or wreak financial havoc through, for example, false credit card charges or more. In fact, cyber attacks can affect an entire country. As ASIC4 points out, they can ‘undermine businesses, destabilise fair, orderly and transparent markets and erode investor and financial consumer trust and confidence in the financial system.’ White paper: Cyber-resilience in the age of digital transformation 1 ACSC, 2016 Threat Report, https://www.acsc.gov.au/publications/ACSC_Threat_Report_2016.pdf. 2 ACSC, 2016 Cyber Security Survey, https://www.acsc.gov.au/publications/ACSC_Cyber_Security_Survey_2016.pdf. 3 Australian Government, Office of the Australian Information Commissioner, https://www.oaic.gov.au/privacy-law/. 4 ASIC, Building Resilience: The Challenge of Cyber Risk, http://download.asic.gov.au/media/4120903/speech-medcraft-acci-dec-2016-1.pdf of organisations surveyed have a process in place to identify critical systems and data. 43% 46% of these organisations regularly review and exercise these plans. of the organisations surveyed indicated they tend not to identify cyber security threats or vulnerabilities until after they have manifested into a compromise. %71 2016 ACSC CYBER SECURITY SURVEY2
3 White paper: Cyber-resilience in the age of digital transformation 5 ACSC, 2016 Cyber Security Survey. 6 McAfee, Achieve Resilient Cyber-Readiness Guide, https://www.mcafee.com/au/resources/solution-briefs/sb-achieve-resilient-cyber-readiness.pdf. POINTS OF VULNERABILITY The need for organisations to be cyber-resilient arises not only because of the evolving and proliferating external threats, but also the way our workplaces have changed over the years. While connectivity and the Internet bring huge benefits to our workplace (and lives), they represent a viable target for malicious actors. Shifts in the way people work and enjoy leisure, as well as the need to always stay connected through technologies have increased points of vulnerability. Every single connection between a network and an Internet-enabled device, system or network can represent a potential security threat. Our devices have become smaller, more powerful, and more connected through the use of applications. For example, an employee is more likely to send an email, communicate and collaborate through the use of their mobile phone, tablet or laptop while on the move than waiting to be back at their desk to perform the same tasks. There is also an unprecedented number of conversations and discussions about how organisations can use data and analytics to improve their bottom line. This means integrating systems and networks to facilitate data collection and amalgamation. All these represent potential points of vulnerability. When organisations are not protecting their critical infrastructure, data and information through the use of a proper plan, they would be exposed to risk. Accordingly to the ACSC 2016 Cyber Security Survey5 , ‘only 56% of organisations surveyed have a process in place to identify critical systems and data’ and ‘of the 71% of organisations with a response plan in place, fewer than half (46%) regularly review and exercise these plans’. Meanwhile, ‘a high proportion (43%) of organisations indicated they tend not to identify cyber security threats or vulnerabilities until after they have manifested into a compromise.’ All of this means that a new form of security and protection is needed to address this evolving landscape. It is no longer sufficient to simply be cyber-ready to prepare for security incidents. Organisations need to be cyber-resilient. BE CYBER-RESILIENT In this new age of digital transformation and disruption, old ways of looking at security deserve examination. While being cyber-ready means having the ability to detect, prevent and respond to cyber threats, cyber-resilience is about taking a step The foundation for cyber-resilience is the protected environment. So organisations need a clear definition of what are critical systems or assets, and how they should be protected. The value of the critical system or asset must be known. Details surrounding that system or asset, such as vulnerabilities and security controls that are protecting it, are required in order to have a comprehensive understanding of what needs to be done. MCAFEE6 further with a holistic view to understand how organisations can protect themselves from the many ways that cyber attackers could target them – and arm themselves with a strategy over a cycle of preparation, response and recovery to not only detect, withstand and recuperate after an attack, but continue to operate. How to be cyber-resilient? Cyber-resilient organisations identify their important assets and implement a framework to protect them. They identify critical assets that need to be protected in order to withstand security breaches that affect the integrity and confidentiality of data, or the availability and operation of critical online services or infrastructure. They continue to operate their business securely while addressing any security issues that may arise. There is no one single point technology or solution that can control the risks all cyber attacks pose. So cyber-resilience is about reducing risk to a level acceptable by key stakeholders, addressing incidents effectively, and then learning from them. It is about operating in a state of continuous learning and improvement, to learn from past incidents and adapt to the evolving landscape. Cyber-resilience is a combination of the big picture: leadership, framework, policies and procedures, while operationalising better security. It’s about using a risk-based approach that does not only hold IT accountable but spreads responsibility throughout the organisation. It’s making sure companies have the will and motivation, and then following through by allocating effort and resources to better their cyber security by implementing technical controls.
4 White paper: Cyber-resilience in the age of digital transformation STEPS TO CYBER-RESILIENCE Cyber-resilience is a continuous process of continual awareness: understanding what is on the network, who is on the network, and what is happening inside and outside the network. The steps to cyber-resilience involve the preparation of a planned response for cyber attacks, what to do in the case of cyber attacks, and what to do afterwards. ++ How can you monitor your environment? ++ What processes do you have in place if an attack happens? ++ Who is responsible to respond in your company? ++ Who are your critical stakeholders (including legal and communications)? ++ What are your critical systems? ++ Do you have a risk management plan? Standard operating procedures? System security plans? Are they up to date? ++ What kind of agreements do you have with your IT service providers in the case of a cyber attack? How will they respond? What kind of support can they give you? ++ How can you design and build a system so that it is cyber-resilient? ++ Who in your organisation needs to be activated to respond to a cyber attack? ++ How quickly and easily can they be marshalled? ++ Can you identify and isolate servers, workstations or devices that are infected or affected? ++ Who do you need to contact and how if the attack takes place outside of business hours? ++ Are all your cyber-resilience solutions up to date, so that you are not trying to respond to an attack in real time, based on information that is out-of-date? ++ Are you basing your response on actionable information, based on empirical data, that is as relevant as possible to achieve rapid incident response? ++ After cyber attacks have occurred, how do you improve and measure the risk management of your network? ++ Are you aware of and can comply with the NDB scheme ? ++ Which stakeholders do you need to report to? Have you got clear policies in place to do this? ++ Will you report the incident to the ACSC to help them to contain the threat and prevent similar attacks on other organisations? PLAN A RESPONSE RESPONDING TO A CYBER ATTACK AFTER A CYBER ATTACK STEPS TO CYBER RESILIENCE 7 Multiple domains of information and an enterprise framework that supports machine-to-machine data collection must be bridged for a cyber-resilient data strategy. A security operations centre framework must be built with scalable data collection capabilities. The management platforms must be interoperable, allowing integration with external intelligence and computerised decision support systems. A centralised management console is needed for discovery, prevention, detection, response, and audit, enriched with threat intelligence feeds. ++ Maintains a strong awareness of the changing landscape of security ++ Proactively identifies risks before they manifest ++ Creates and facilitates a strong security culture and awareness across the business ++ Recognises that everyone across the business has a role to play in the overall security and security posture of the organisation ++ Has clear response plans and procedures ++ Includes cyber-security in governance and reporting WHAT DOES A CYBER-RESILIENT ORGANISATION LOOK LIKE?8 7 Adapted from McAfee, Achieve Resilient Cyber-Readiness and the ACSC, 2016 Threat Report. 8 Adapted from ACSC, 2016 Cyber Security Survey.
5 White paper: Cyber-resilience in the age of digital transformation MANAGED SECURITY A multitude of malicious cyber attacks are happening all the time and from all directions, attempting to attack multiple endpoints simultaneously to breach corporate networks or systems. It is clear that the magnitude of cyber security problems requires cyber security to be managed well. Individual, piecemeal and uncoordinated responses to incidents as they occur will be a challenge to assets protection. Therefore, a comprehensive framework is needed: one that identifies the risks that impose on assets and puts controls in place to ensure the confidentiality, integrity and availability of IT systems. At the same time, the framework will need to address the people, processes and technology required to implement the controls. Organisations have begun to realise the importance of security and started implementing security frameworks to better protect themselves. With the fast-evolving nature of cyber threats and scarce security expertise, managed security services provide the necessary framework, technology, experience and people to support organisations’ evolving security posture. Nexon’s managed security services provide organisations with the capacity to detect and investigate security incidents, contain them where they happen, and then restore them to the state they were in before the incident. Nexon’s managed security services are automated and simple, allowing organisations to be ahead of the game instead of floundering with manual processes. It integrates all security solutions, whether firewall or antivirus, IPS or gateway, so that they can be managed at a central location, through a single interface or through Nexon. Key components of Nexon’s managed security services include: ++ Managed end-point protection solution to cover anti-virus and malware, application blocking and control, web filtering and USB device control to provide protection through any possible cyber attack vectors. ++ Perimeter management solution, including next generation firewall with advanced threat prevention, zero-day threat prevention, edge category-based URL filtering and secure remote access. ++ Cloud-based email security and continuity to prevent spam and phishing attacks from reaching users, to protect users from URLs embedded in emails and to provide emergency inbox access. NOTIFIABLE DATA BREACHES (NDB) SCHEME9 The scheme, established in 2017, mandates organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify the Office of the Australian Information Commissioner (OIAC) and the individuals likely to be at risk of serious harm by a data breach. OTHER RESPONSIBILITIES INCLUDE: ++ Conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm ++ Recommend steps to minimise any damage from the data breach CONSEQUENCES OF NON-COMPLIANCE: If an organisation does not follow through on notifying clients in the case of security breaches, it may be required to either: ++ Pay compensation ++ Issue a public apology ++ Have their customers notified by the Privacy Commissioner If the situation is serious or repeated, the organisation could be fined up to $1.8 million. 9 Australian Government, Office of the Australian Information Commissioner, https://www.oaic.gov.au/.
6 SUMMARY Today’s landscape of cyber threats is more complex than ever because of the mobile nature of our workforce and a rapidly expanding data footprint. Organisations need to put resources and attention into planning and preparation, instead of a reactive response. Transition from a cyber-ready to cyber-resilient organisation means formulating a plan for detection, protection and response through an integrated and mature security framework, covering people, processes and technology. Being cyber-resilient today means making governance and policies, access and identity management, proactive threat management, infrastructure, and data controls an integral part of an organisation’s day-to-day security operations. It means deploying a managed security framework that covers all these aspects and controlling the risk to the organisation now and in the future. SECURITY IS NO LONGER AN OPTION. IT’S A NECESSARY DISCIPLINE, AND IT’S NEEDED TO MANAGE ALL ASPECTS OF AN ORGANISATION’S OPERATIONS, ON A CONTINUOUS AND ONGOING BASIS. To find out more about Nexon’s managed security services, call us at 1300 800 000, email us at enquiries@nexon.com.au or visit nexon.com.au/products/managed-security CONTACT US TODAY TO DISCUSS YOUR SECURITY NEEDS AND MOVE CLOSER TO BECOMING A CYBER-RESILIENT ORGANISATION. WHY NEXON? As an ISO 27001 certified organisation, Nexon’s managed security services are part of a comprehensive security framework designed to protect and securely store data and information. Services include endpoint, perimeter and email security functions within an integrated platform, enabling the safe use of applications while maintaining complete visibility and control. This allows customers and users to confidently pursue new technology initiatives like cloud and mobility, and to support key business transformation initiatives, while protecting organisations from cyber attacks — known and unknown. Nexon’s services are scalable and flexible and can be tailored to the size and risk appetite of organisations across various sectors. Collaborating with leading security providers, Nexon provides clients access to the expertise and threat intelligence required in a rapidly evolving regulatory and technology environment.

Recommended

Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Overview of Haystax Technology
Overview of Haystax TechnologyOverview of Haystax Technology
Overview of Haystax TechnologyHaystax Technology
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security reportGabe Akisanmi
 

Recommended

Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksStrategy&, a member of the PwC network
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
Overview of Haystax Technology
Overview of Haystax TechnologyOverview of Haystax Technology
Overview of Haystax TechnologyHaystax Technology
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Get Prepared
Get PreparedGet Prepared
Get PreparedHewlett Packard Enterprise Business Value Exchange
 
Alert logic cloud security report
Alert logic cloud security reportAlert logic cloud security report
Alert logic cloud security reportGabe Akisanmi
 
Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestHewlett Packard Enterprise Business Value Exchange
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseElizabeth Dimit
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010Scientia Groups
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportJeremiah Grossman
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security indexsukiennong.vn
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security InfographicBooz Allen Hamilton
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013- Mark - Fullbright
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsArgyle Executive Forum
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)Jeremiah Grossman
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
 
Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptxDolchandra
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 

More Related Content

What's hot

2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseElizabeth Dimit
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisitionChristopher Dorobek
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportJeremiah Grossman
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security indexsukiennong.vn
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015Jeremiah Grossman
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsArgyle Executive Forum
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)Jeremiah Grossman
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
 

What's hot (20)

Plan for the Worst; Fight for the Best
Plan for the Worst; Fight for the BestPlan for the Worst; Fight for the Best
Plan for the Worst; Fight for the Best
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident Response
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response Survey
 
Cyber Security index
Cyber Security indexCyber Security index
Cyber Security index
 
WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015WhiteHat’s Website Security Statistics Report 2015
WhiteHat’s Website Security Statistics Report 2015
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security Gap
 
Cyber Security Infographic
Cyber Security InfographicCyber Security Infographic
Cyber Security Infographic
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOsGlobal Megatrends in Cybersecurity – A Survey of 1,000 CxOs
Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs
 
WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)WhiteHat Security Website Statistics [Full Report] (2013)
WhiteHat Security Website Statistics [Full Report] (2013)
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
 

Similar to Whitepaper | Cyber resilience in the age of digital transformation

Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptxDolchandra
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Journal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docxJournal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docxchristiandean12115
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51Felipe Prado
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data SecurityRazor Technology
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxstirlingvwriters
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 

Similar to Whitepaper | Cyber resilience in the age of digital transformation (20)

Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptx
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Journal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docxJournal of Business Continuity & Emergency Planning Volume 7 N.docx
Journal of Business Continuity & Emergency Planning Volume 7 N.docx
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data Security
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docx
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 

More from Nexon Asia Pacific

Infographic: Why hybrid cloud? Advantages of using hybrid cloud
Infographic: Why hybrid cloud? Advantages of using hybrid cloudInfographic: Why hybrid cloud? Advantages of using hybrid cloud
Infographic: Why hybrid cloud? Advantages of using hybrid cloudNexon Asia Pacific
 
More flexibility. More freedom in the cloud.
More flexibility. More freedom in the cloud. More flexibility. More freedom in the cloud.
More flexibility. More freedom in the cloud. Nexon Asia Pacific
 
How technology powers an agile business. A guide for small businesses.
How technology powers an agile business. A guide for small businesses.How technology powers an agile business. A guide for small businesses.
How technology powers an agile business. A guide for small businesses.Nexon Asia Pacific
 
CLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVER
CLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVERCLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVER
CLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVERNexon Asia Pacific
 
Disaster Recovery as a Service
Disaster Recovery as a ServiceDisaster Recovery as a Service
Disaster Recovery as a ServiceNexon Asia Pacific
 
Developing a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC EventDeveloping a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC EventNexon Asia Pacific
 
Cathie Reid, Epic Digital - Microsoft and Nexon Aged Care Roundtable
Cathie Reid, Epic Digital - Microsoft and Nexon Aged Care RoundtableCathie Reid, Epic Digital - Microsoft and Nexon Aged Care Roundtable
Cathie Reid, Epic Digital - Microsoft and Nexon Aged Care RoundtableNexon Asia Pacific
 

More from Nexon Asia Pacific (7)

Infographic: Why hybrid cloud? Advantages of using hybrid cloud
Infographic: Why hybrid cloud? Advantages of using hybrid cloudInfographic: Why hybrid cloud? Advantages of using hybrid cloud
Infographic: Why hybrid cloud? Advantages of using hybrid cloud
 
More flexibility. More freedom in the cloud.
More flexibility. More freedom in the cloud. More flexibility. More freedom in the cloud.
More flexibility. More freedom in the cloud.
 
How technology powers an agile business. A guide for small businesses.
How technology powers an agile business. A guide for small businesses.How technology powers an agile business. A guide for small businesses.
How technology powers an agile business. A guide for small businesses.
 
CLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVER
CLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVERCLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVER
CLOUD-BASED BACKUP AND DISASTER RECOVERY. MANAGE. PROTECT. RECOVER
 
Disaster Recovery as a Service
Disaster Recovery as a ServiceDisaster Recovery as a Service
Disaster Recovery as a Service
 
Developing a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC EventDeveloping a cloud strategy - Presentation Nexon ABC Event
Developing a cloud strategy - Presentation Nexon ABC Event
 
Cathie Reid, Epic Digital - Microsoft and Nexon Aged Care Roundtable
Cathie Reid, Epic Digital - Microsoft and Nexon Aged Care RoundtableCathie Reid, Epic Digital - Microsoft and Nexon Aged Care Roundtable
Cathie Reid, Epic Digital - Microsoft and Nexon Aged Care Roundtable
 

Recently uploaded

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Recently uploaded (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 

Whitepaper | Cyber resilience in the age of digital transformation

  • 1. CYBER-RESILIENCE IN THE AGE OF DIGITAL TRANSFORMATION For organisations pursuing business growth and success, innovative technologies offer plentiful opportunities. Since success also depends on trust from consumers and customers, the credibility of an organisation becomes essential. As society becomes hyper-connected with machines “talking” to one another to generate a bigger digital footprint, and customers sharing more data and information, the need for assurance that all critical data and information are protected becomes paramount. We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity. There are many possible motives for anyone to launch a cyber attack, but what matters to an organisation are the likely consequences it has or does not have to bear after the attack. Organisations should aim to reduce security risk and vulnerability and facilitate faster, more effective response plans. But they also must understand how cyber attacks could have other impacts, including the reduction or loss of credibility and brand equity, disruption of critical operational processes and financial implications. WHAT DOES IT MEAN TO BE CYBER-RESILIENT? HOW CAN ORGANISATIONS PROTECT THEMSELVES IN A DYNAMIC THREAT ENVIRONMENT? WHITEPAPER
  • 2. 2 IMPACT OF CYBER ATTACKS The evolution of the security landscape is fast and complicated. Many studies carried out on cyber attacks over the years have noted the accelerated proliferation, increased level of sophistication and the change in targeting of attacks. According to the Australian Cyber Security Centre (ACSC) Threat Report1 , the Australian Signals Directorate (part of ACSC) responded to 1,095 cyber security incidents on government systems, “considered serious enough to warrant operation responses”, within just an 18-month period from January 2015 to June 2016. CERT Australia reported that, in Australia, the highest number of systems that were compromised were found in the sectors of energy and communications; the highest incident of Distributed Denial of Service (DDoS) activity was found in banking and financial services and the communications sector; and the most malicious emails were received by the energy sector and the mining and resources sector. But, this does not mean that other sectors are spared. In May 2017, a ransom attack demanding payment in Bitcoin was executed by cyber hackers who launched the WannaCry cryptoworm which encoded a target’s data. This was shortly followed by the Petya cyber attack that distributed a ransomware virus targeting computer servers across the globe. While these incidents received prominent news coverage in different media outlets, many more sophisticated, successful but unheard of attacks are still taking place every second of every day. The consequences of cyber attacks can be devastating to businesses and organisations to which consumers and customers have entrusted their personal data and information with – but also to the individuals affected. For businesses, enormous costs could be incurred as a consequence of a cyber attack, from business interruptions and the diversion of staff and resources, remediating and recovering systems and data, and the need to pay for public relations and media management. But they should also factor in the possible fines, and damage to reputation and consumer loyalty. The resources used to respond to a breach as a result of a cyber attack may far outweigh the investment required to implement suitable security controls. According to the 2016 ACSC Cyber Security Survey2 , the most common consequence of an attempt or successful breach resulted in loss of time either spent resolving the issue or the inability of staff to continue to work. Of those surveyed in the report, 39% of organisations also felt the financial impacts mainly derived from the further investment needed to prevent future incidents or the costs associated with external repair and recovery. In Australia, despite the Privacy Act 1988 3 that regulates how individuals’ information is being handled, consumers and customers are getting increasingly concerned about the storage of their private information which if stolen, could be leveraged to commit fraud, identity theft or wreak financial havoc through, for example, false credit card charges or more. In fact, cyber attacks can affect an entire country. As ASIC4 points out, they can ‘undermine businesses, destabilise fair, orderly and transparent markets and erode investor and financial consumer trust and confidence in the financial system.’ White paper: Cyber-resilience in the age of digital transformation 1 ACSC, 2016 Threat Report, https://www.acsc.gov.au/publications/ACSC_Threat_Report_2016.pdf. 2 ACSC, 2016 Cyber Security Survey, https://www.acsc.gov.au/publications/ACSC_Cyber_Security_Survey_2016.pdf. 3 Australian Government, Office of the Australian Information Commissioner, https://www.oaic.gov.au/privacy-law/. 4 ASIC, Building Resilience: The Challenge of Cyber Risk, http://download.asic.gov.au/media/4120903/speech-medcraft-acci-dec-2016-1.pdf of organisations surveyed have a process in place to identify critical systems and data. 43% 46% of these organisations regularly review and exercise these plans. of the organisations surveyed indicated they tend not to identify cyber security threats or vulnerabilities until after they have manifested into a compromise. %71 2016 ACSC CYBER SECURITY SURVEY2
  • 3. 3 White paper: Cyber-resilience in the age of digital transformation 5 ACSC, 2016 Cyber Security Survey. 6 McAfee, Achieve Resilient Cyber-Readiness Guide, https://www.mcafee.com/au/resources/solution-briefs/sb-achieve-resilient-cyber-readiness.pdf. POINTS OF VULNERABILITY The need for organisations to be cyber-resilient arises not only because of the evolving and proliferating external threats, but also the way our workplaces have changed over the years. While connectivity and the Internet bring huge benefits to our workplace (and lives), they represent a viable target for malicious actors. Shifts in the way people work and enjoy leisure, as well as the need to always stay connected through technologies have increased points of vulnerability. Every single connection between a network and an Internet-enabled device, system or network can represent a potential security threat. Our devices have become smaller, more powerful, and more connected through the use of applications. For example, an employee is more likely to send an email, communicate and collaborate through the use of their mobile phone, tablet or laptop while on the move than waiting to be back at their desk to perform the same tasks. There is also an unprecedented number of conversations and discussions about how organisations can use data and analytics to improve their bottom line. This means integrating systems and networks to facilitate data collection and amalgamation. All these represent potential points of vulnerability. When organisations are not protecting their critical infrastructure, data and information through the use of a proper plan, they would be exposed to risk. Accordingly to the ACSC 2016 Cyber Security Survey5 , ‘only 56% of organisations surveyed have a process in place to identify critical systems and data’ and ‘of the 71% of organisations with a response plan in place, fewer than half (46%) regularly review and exercise these plans’. Meanwhile, ‘a high proportion (43%) of organisations indicated they tend not to identify cyber security threats or vulnerabilities until after they have manifested into a compromise.’ All of this means that a new form of security and protection is needed to address this evolving landscape. It is no longer sufficient to simply be cyber-ready to prepare for security incidents. Organisations need to be cyber-resilient. BE CYBER-RESILIENT In this new age of digital transformation and disruption, old ways of looking at security deserve examination. While being cyber-ready means having the ability to detect, prevent and respond to cyber threats, cyber-resilience is about taking a step The foundation for cyber-resilience is the protected environment. So organisations need a clear definition of what are critical systems or assets, and how they should be protected. The value of the critical system or asset must be known. Details surrounding that system or asset, such as vulnerabilities and security controls that are protecting it, are required in order to have a comprehensive understanding of what needs to be done. MCAFEE6 further with a holistic view to understand how organisations can protect themselves from the many ways that cyber attackers could target them – and arm themselves with a strategy over a cycle of preparation, response and recovery to not only detect, withstand and recuperate after an attack, but continue to operate. How to be cyber-resilient? Cyber-resilient organisations identify their important assets and implement a framework to protect them. They identify critical assets that need to be protected in order to withstand security breaches that affect the integrity and confidentiality of data, or the availability and operation of critical online services or infrastructure. They continue to operate their business securely while addressing any security issues that may arise. There is no one single point technology or solution that can control the risks all cyber attacks pose. So cyber-resilience is about reducing risk to a level acceptable by key stakeholders, addressing incidents effectively, and then learning from them. It is about operating in a state of continuous learning and improvement, to learn from past incidents and adapt to the evolving landscape. Cyber-resilience is a combination of the big picture: leadership, framework, policies and procedures, while operationalising better security. It’s about using a risk-based approach that does not only hold IT accountable but spreads responsibility throughout the organisation. It’s making sure companies have the will and motivation, and then following through by allocating effort and resources to better their cyber security by implementing technical controls.
  • 4. 4 White paper: Cyber-resilience in the age of digital transformation STEPS TO CYBER-RESILIENCE Cyber-resilience is a continuous process of continual awareness: understanding what is on the network, who is on the network, and what is happening inside and outside the network. The steps to cyber-resilience involve the preparation of a planned response for cyber attacks, what to do in the case of cyber attacks, and what to do afterwards. ++ How can you monitor your environment? ++ What processes do you have in place if an attack happens? ++ Who is responsible to respond in your company? ++ Who are your critical stakeholders (including legal and communications)? ++ What are your critical systems? ++ Do you have a risk management plan? Standard operating procedures? System security plans? Are they up to date? ++ What kind of agreements do you have with your IT service providers in the case of a cyber attack? How will they respond? What kind of support can they give you? ++ How can you design and build a system so that it is cyber-resilient? ++ Who in your organisation needs to be activated to respond to a cyber attack? ++ How quickly and easily can they be marshalled? ++ Can you identify and isolate servers, workstations or devices that are infected or affected? ++ Who do you need to contact and how if the attack takes place outside of business hours? ++ Are all your cyber-resilience solutions up to date, so that you are not trying to respond to an attack in real time, based on information that is out-of-date? ++ Are you basing your response on actionable information, based on empirical data, that is as relevant as possible to achieve rapid incident response? ++ After cyber attacks have occurred, how do you improve and measure the risk management of your network? ++ Are you aware of and can comply with the NDB scheme ? ++ Which stakeholders do you need to report to? Have you got clear policies in place to do this? ++ Will you report the incident to the ACSC to help them to contain the threat and prevent similar attacks on other organisations? PLAN A RESPONSE RESPONDING TO A CYBER ATTACK AFTER A CYBER ATTACK STEPS TO CYBER RESILIENCE 7 Multiple domains of information and an enterprise framework that supports machine-to-machine data collection must be bridged for a cyber-resilient data strategy. A security operations centre framework must be built with scalable data collection capabilities. The management platforms must be interoperable, allowing integration with external intelligence and computerised decision support systems. A centralised management console is needed for discovery, prevention, detection, response, and audit, enriched with threat intelligence feeds. ++ Maintains a strong awareness of the changing landscape of security ++ Proactively identifies risks before they manifest ++ Creates and facilitates a strong security culture and awareness across the business ++ Recognises that everyone across the business has a role to play in the overall security and security posture of the organisation ++ Has clear response plans and procedures ++ Includes cyber-security in governance and reporting WHAT DOES A CYBER-RESILIENT ORGANISATION LOOK LIKE?8 7 Adapted from McAfee, Achieve Resilient Cyber-Readiness and the ACSC, 2016 Threat Report. 8 Adapted from ACSC, 2016 Cyber Security Survey.
  • 5. 5 White paper: Cyber-resilience in the age of digital transformation MANAGED SECURITY A multitude of malicious cyber attacks are happening all the time and from all directions, attempting to attack multiple endpoints simultaneously to breach corporate networks or systems. It is clear that the magnitude of cyber security problems requires cyber security to be managed well. Individual, piecemeal and uncoordinated responses to incidents as they occur will be a challenge to assets protection. Therefore, a comprehensive framework is needed: one that identifies the risks that impose on assets and puts controls in place to ensure the confidentiality, integrity and availability of IT systems. At the same time, the framework will need to address the people, processes and technology required to implement the controls. Organisations have begun to realise the importance of security and started implementing security frameworks to better protect themselves. With the fast-evolving nature of cyber threats and scarce security expertise, managed security services provide the necessary framework, technology, experience and people to support organisations’ evolving security posture. Nexon’s managed security services provide organisations with the capacity to detect and investigate security incidents, contain them where they happen, and then restore them to the state they were in before the incident. Nexon’s managed security services are automated and simple, allowing organisations to be ahead of the game instead of floundering with manual processes. It integrates all security solutions, whether firewall or antivirus, IPS or gateway, so that they can be managed at a central location, through a single interface or through Nexon. Key components of Nexon’s managed security services include: ++ Managed end-point protection solution to cover anti-virus and malware, application blocking and control, web filtering and USB device control to provide protection through any possible cyber attack vectors. ++ Perimeter management solution, including next generation firewall with advanced threat prevention, zero-day threat prevention, edge category-based URL filtering and secure remote access. ++ Cloud-based email security and continuity to prevent spam and phishing attacks from reaching users, to protect users from URLs embedded in emails and to provide emergency inbox access. NOTIFIABLE DATA BREACHES (NDB) SCHEME9 The scheme, established in 2017, mandates organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify the Office of the Australian Information Commissioner (OIAC) and the individuals likely to be at risk of serious harm by a data breach. OTHER RESPONSIBILITIES INCLUDE: ++ Conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm ++ Recommend steps to minimise any damage from the data breach CONSEQUENCES OF NON-COMPLIANCE: If an organisation does not follow through on notifying clients in the case of security breaches, it may be required to either: ++ Pay compensation ++ Issue a public apology ++ Have their customers notified by the Privacy Commissioner If the situation is serious or repeated, the organisation could be fined up to $1.8 million. 9 Australian Government, Office of the Australian Information Commissioner, https://www.oaic.gov.au/.
  • 6. 6 SUMMARY Today’s landscape of cyber threats is more complex than ever because of the mobile nature of our workforce and a rapidly expanding data footprint. Organisations need to put resources and attention into planning and preparation, instead of a reactive response. Transition from a cyber-ready to cyber-resilient organisation means formulating a plan for detection, protection and response through an integrated and mature security framework, covering people, processes and technology. Being cyber-resilient today means making governance and policies, access and identity management, proactive threat management, infrastructure, and data controls an integral part of an organisation’s day-to-day security operations. It means deploying a managed security framework that covers all these aspects and controlling the risk to the organisation now and in the future. SECURITY IS NO LONGER AN OPTION. IT’S A NECESSARY DISCIPLINE, AND IT’S NEEDED TO MANAGE ALL ASPECTS OF AN ORGANISATION’S OPERATIONS, ON A CONTINUOUS AND ONGOING BASIS. To find out more about Nexon’s managed security services, call us at 1300 800 000, email us at enquiries@nexon.com.au or visit nexon.com.au/products/managed-security CONTACT US TODAY TO DISCUSS YOUR SECURITY NEEDS AND MOVE CLOSER TO BECOMING A CYBER-RESILIENT ORGANISATION. WHY NEXON? As an ISO 27001 certified organisation, Nexon’s managed security services are part of a comprehensive security framework designed to protect and securely store data and information. Services include endpoint, perimeter and email security functions within an integrated platform, enabling the safe use of applications while maintaining complete visibility and control. This allows customers and users to confidently pursue new technology initiatives like cloud and mobility, and to support key business transformation initiatives, while protecting organisations from cyber attacks — known and unknown. Nexon’s services are scalable and flexible and can be tailored to the size and risk appetite of organisations across various sectors. Collaborating with leading security providers, Nexon provides clients access to the expertise and threat intelligence required in a rapidly evolving regulatory and technology environment.