We had the pleasure of hosting a Cyber Security Seminar today in conjunction with Control Risk (https://www.controlrisks.com/), with Oliver Church, Partner, Head of Cyber Threat Intelligence at Control Risks as our distinguished guest speaker.
In his role as Head of Cyber Intelligence at Control Risks, Oliver has built a market-leading cyber threat intelligence capability and is currently one of a very small number of teams accredited by the Bank of England to advise large banks on cyber threat intelligence. Oliver shared his insights on why cyber threat is becoming increasingly dangerous for companies, why many major companies are being breached as well as what companies should do to improve their ability to detect, prevent and respond.
After multiple high-profile hacking cases both of global multinational companies (as well as many smaller businesses in Hong Kong throughout 2017), what is clear is that it is an extremely hot topic and there are no simple answers. We had a full house of CFOs, CISOs, CIOs & CEOs in attendance and some healthy debate on the topics under discussion. Some of the key points debated were around how to stay ahead of cyber-attacks when the resources (financial and skills) at the potential cyber attacker’s disposal (especially for nation states), is substantial. As a non-IT-security specialist, what I found extremely interesting is hearing how the interest’s (and therefore identity) of cyber-criminals, cyber activists and nation states have converged over time.
So to answer the question “Are we fighting a losing battle?”, it was proposed that perhaps instead of looking at Cyber in such black and white win/lose terms, maintaining the cyber ‘health’ of a business is a more pragmatic approach. And although every business is going to suffer a security breach or ‘illness’ at some point, its treatment, long-term health and protection of critical systems is the more important factor. It is widely recognised that these days, security breaches are often inevitable as the reality is that company information and assets are under constant cyber threat. The need to identify the ‘Crown Jewels’ in terms of company’s assets/information (i.e. what to protect) is essential. Understanding and anticipating the likely threats to a business are critical so that a mature risk-based information security program can be implemented to mitigate the risks. The need to have a clear and structured Cyber response plan to manage a crisis while a company contains, investigates, and remediates the issue is also key.
If you would like to attend our next event or are looking for a new role in IT Security in 2017 or if you would like to find out about how Ambition can help your business source talented professionals with Cyber and IT skills sets and many more, please get in touch!
by Chris Aukland