Response Library - how Companies and Governments respond to cyber attacks

Become a Member of Cyber Rescue for a bespoke Cyber Crisis Response Plan, for your organisation. During a cyber attack, call us for succinct advice.  Click images for each report. (Or go to Threat analysisattack mapsresponse guidesquotesjokesLinkedIn or Twitter.)

Active Cyber Defence: The Second Year NCSC - 84pgs - 16th July 2019
192,256 takedowns were performed by the ACD in 2018
14,124 government-related phishing sites were removed in 2018
22,133 phishing campaigns were taken down in 2018, totalling 142,203 individual attacks.
Cyber Incident & Breach Trends Report Online Trust Alliance – 15pgs – 9th July 2019
78% rise in supply chain related attacks seen in 2018.
$12.5bn in global Business Email Compromise losses since 2013.
1.5 billion files exposed globally last year due to misconfigurations in cloud services.
Ransomware incidents saw a slight decline in 2018, however total losses continued to rise.
2 in 3 surveyed organisations have experienced supply chain attacks, costing an average of $1.1 million.
Third Party and Supplier Risk eSentire – Survey of 600 IT Decision Makers - 16 pages – 3rd July 2019
44% of 600 Decision Makers have suffered from a 3rd Party Breach in last 12 months
20% of companies don’t evaluate cyber security of third parties due to “confidence and trust”
32% of companies don’t evaluate cyber security of third parties due to “a lack of time or resources”
Cyber security in the UK UK Parliament - Public Accounts Committee – 25pgs – 5th June 2019
UK Parliament recommends "Cabinet Office should influence sectors in economy - eg Retail - to provide info on their cyber resilience"
Cabinet Office told Parliament "larger organisations are responsible to encourage their supply chains to get basic cyber security right"
UK Parliament has found the "Cabinet Office is beginning to make progress on the National Cyber Security Strategy after a poor start"
Trouble at the top: The boardroom battle for cyber supremacy Nominet – 12pgs – 3rd June 2019
20%, on average, of organisations’ annual IT budgets are allocated to cyber security.
1 in 3 CEOs state they would terminate the contract of an employee who caused a data breach.
52% of CISOs believe the board of directors see them as a “must have”, yet 76% of C-level execs feel this way.
71% of C-suite execs concede knowledge gaps, the most prevalent being a lack of knowledge around malware (78%).
90% of C-suite execs believe their organisation lacks at least one resource that would help defend against cyber attacks.
27% of CISOs admitted work-related stress impacts their physical or mental health, while 23% state it affects their personal relationships.
The State of Cyber Security SME Report Senseon – 16pgs – 3rd June 2019
SMEs have 50% chance of experiencing a cyber breach.
Only 4% of alerts raised are investigated as threats increase in volume and complexity.
$2.17m is the average cost of a data breach for organisations with up to 500 employees.
81% of SMEs think AI will improve will improve the security posture of their organisation.
69% of SMEs are planning to invest in AI defences in the next five years, however only 4% have already implemented AI solutions.
Hiscox Cyber Readiness Report 2019 Hiscox – 17pgs – 30th May 2019
With $900,000, the UK has the lowest average cyber security budget.
24% increase in cyber security spending, with an average spend of $1.45 million.
61% of firms reported an attack in the past year, an increase of 16% from previous year.
65% of respondents have experienced one or more cyber attacks due to a weak link in their supply chain.
61% increase in the mean figure for losses associated with cyber incidents among firms reporting attacks. GDPR Investigation – 1pg – 14th May 2019
0.25% of reported data breach cases fined under GDPR between May 2018 and March 2019.
11,468 self-reported data breach cases closed by ICO between GDPR implementation and end of March 2019.
“There is a clear problem with Individuals and businesses over-reporting to the ICO” – Julian Ranger ( founder).
37,798 data protection concerns raised by the public since GDPR implementation, nearly 3x the number of cases investigated by the ICO.
2019 Thales Data Threat Report Thales – 32pgs – 3rd May 2019
60% of U.S. Federal Government respondents report being breached, 35% in the past 12 months.
60% of U.S. Federal Government respondents state they expect to increase security budget spending.
78% of U.S. Federal Government respondents use SaaS, PaaS or IaaS to store sensitive or regulated data.
The #1 factor impacting IT security spending decisions was agencies looking to implement best practices.
Three years on from Bangladesh: Tackling the adversaries SWIFT – 8pgs – 10th April 2019
4/5 fraudulent transactions were issued to Beneficiary accounts in South East Asia.
Attackers often wait weeks or months after gaining access before launching an attack.
70% of attempted thefts were USD-based, however use of European currencies has increased.
$10m+ typical transaction amount decreased over the past 12months, now sitting between $250,000 and $2m.
How to Avoid Disruption by Bridging the Resilience Gap Tanium – 8pgs – 3rd April 2019
80% of CIOs and CISOs found that a critical update or patch they deployed had not updated all devices.
47% of CIOs and CISOs state other business units do not grasp the importance of technology resilience.
94% of CIOs and CISOs admit to compromising how well they protect their organisation from cyber threats.
81% of CIOs and CISOs have not made a critical security update or patch due to concerns on the impact of business operations.
Cyber Security Breaches Survey 2019 DCMS – 66pgs – 3rd April 2019
44% of UK Businesses still don’t know what led to their most disruptive data breach.
11% of businesses say they have invested in threat intelligence in the last 12 months.
54% of businesses state the top reason for investing in cybersecurity is to protect customer or donor data.
30% of businesses have made changes to cybersecurity based on GDPR, with 60% of those creating new policies.
80% of businesses have received fraudulent emails or been directed to fraudulent websites in the past 12 months.
£3,490 was the average investment in cybersecurity for small businesses, compared to £25,100 for medium and £277,000 for large.
Global Cybersecurity Index (GCI) ITU – 78pgs – 27th March 2019
New UN report says Asia’s leading countries in Cyber are Singapore and Malaysia.
Cyber Safety Insights Report Global Results Norton LifeLock – 44pgs – 27th March 2019
Over 850 million consumers have been a victim of cyber crime in the last 12 months.
87% of consumers want to do more to protect their privacy, yet 55% do not know how.
83% of respondents concerned over privacy, yet 61% sacrifice safety for convenience.
76% of consumers more alarmed over privacy than ever, with 1 in 5 deleting a social media account as a result.
Controlling Vulnerability bsi – 20pgs – 26th March 2019
Almost 60 data records are lost or stolen every second.
54% of US workers trust open WiFi networks in trusted locations.
90% of data in the world today has been created in the last two years.
2021 will see BYOD and enterprise mobility market grow to $73.3bn.
New Analysis shows how Breaches are reported to UK's ICO Redscan – 1pg – 9th March 2019
9/10 businesses did not know or could not specify the impact of a breach.
Cyber security – industry insights FCA – 15pgs – 8th March 2019
FCA offers cybersecurity industry insights by addressing themes of Governance, Identification, Protection, Detection, Situational Awareness, Response and Recovery, and Testing.
How Equifax neglected cybersecurity and suffered a devastating data breach US Senate – 71pgs – 7th March 2019
Equifax breach was made possible by Internal Audit "Honor System" that failed to verify patching.
FTSE 350 Cyber Governance Health Check - March 2019 HM Government – 60pgs – 5th March 2019
72% perceive cyber threats as a ‘very high/high’ risk, an 18% increase from 2017.
96% of businesses have a cyber security strategy, yet only 46% have a dedicated budget for it.
95% of FTSE 350 businesses have an incident response plan, yet only 57% test it on a regular basis.
77% of FTSE 350 businesses do not recognise risks associated with businesses in the supply chain they have no direct contact with.
M-Trends 2019 FireEye – 76pgs – 4th March 2019
78 days was the global median dwell time in 2018, a 23 day decrease from 2017.
64% of FireEye customers previously with Mandiant were retargeted within 19 months by the same or similarly motivated group.
Nation-state threat actors continue to evolve, with significant investments providing more sophisticated tactics, tools and procedures.
Why Ignoring Incident Response Could Spell Disaster Bae Systems – 16pgs – 4th March 2019
30% of attacks handled by incident response teams are targeted attacks.
66% of organizations surveyed respond to 1-25 security incidents each month.
22% of respondents have temporary or no incident response resources in place.
23% of incident response teams conduct no readiness exercises with senior management.
71% of respondents have experienced a phishing incident, while 65% have fallen victim to untargeted virus or malware.
Annual Report: 25 May – 31 December 2018 Data Protection Commission – 104pgs – 28th February 2019
56% increase in total number of complaints in 2018, compared to previous 12 months.
70% increase in total number of valid data security breaches in 2018, compared to previous 12 months.
2019 - Practical Guide to Reducing Digital Risk Digital Shadows – 36pgs – 20th February 2019
Reduce digital risk, Digital Shadows explains four steps on how:
1. Identify Key Assets
2. Understand Threats to Your Business
3. Monitor for Unwanted Exposure
4. Take Action and Protect
Digital Risk Digital Shadows – 15pgs – 20th February 2019
72% of leaders believe the rush to digital transformation increases the risk of data breaches.
Life Inside the Perimeter: Understanding the modern CISO Nominet – 17pgs – 14th February 2019
Nearly 17% of CISOs use alcohol or medicate to cope with job stress.
32% of CISOs fear job loss or official warnings in the event of a breach.
26.5% of CISOs worldwide experience physical or mental health issues from stress.
Only 52% of CISOs believe executive teams value the security team when relating to revenue and brand protection.
Horizon Scan Report 2019 BCI – 40pgs – 14th February 2019
#1 threats to businesses over the next twelve months are cyber attacks & data breaches.
$144 million in costs put cyber attacks 8th in top ten costliest disruptions for businesses.
2019 Healthcare Report SecurityScorecard – 12pgs – 12th February 2019
The healthcare industry ranked 13th of 18 in DNS health, when compared to other major US industries.
The healthcare industry ranked 5th of 18 for network security, when compared to other major US industries.
The healthcare industry ranked 12th of 18 for endpoint security, when compared to other major US industries.
The healthcare industry ranked 8th of 18 for application security, when compared to other major US industries.
Notifiable Data Breaches Quarterly Statistics Report OAIC – 33pgs – 7th February 2019
262 breach notifications in past 3 months, a rise of 17 from the previous quarter.
20% growth in last 3 months in breach notifications due to malicious or criminal attacks.
85% of data breaches received contact information including home addresses, phone numbers and emails.
57% of breaches resulted from malicious or criminal attacks, 37% from human error and 6% from system faults.
Cyber Insurance Market Watch Survery CIAB – 9pgs – 6th February 2019
The price of cyber insurance fell for 2x as many businesses as saw it rise in the last year
23% of underwriters say what is included and excluded in a cyber policy is not clear enough
$2.8 M was the typical cyber insurance policy limit, among 20% of businesses with standalone cyber policy
Which countries have the worst (and best) cybersecurity? Comparitech – 1pg – 6th February 2019
Japan is the most cyber-secure country in the world, according to Comparitech
The UK is ranked 7th, the USA is 5th, Denmark is 3rd and France is 2nd.
10% of computers in the USA are infected with some malware
Cyber Attacks and Stock Market Activity Warwick Business School – 42pgs – 19th January 2019
Over 5 years following a cyber-attack, companies invested less in research and development.
Average CEO’s pay increased following a cyber-attack, while CEO’s not affected by attacks lost $2m per year.
Share value and liquidity significantly dropped when breaches were made public, but immediate backlash subsided after two days.
After Action Memo FDD – 9pgs – 5th February 2019
“You’d have no fuel, you’d have no food, people would be in the streets."
There is disagreement about the importance of attribution of cyberattacks.
Planners must consider how to reconstitute the economy after a cyber-enabled economic war.
The USA will struggle during a major cyber event unless government and private sector develop CEEW procedures, now.
DLA Piper GDPR Data Breach Survey DLA Piper – 8pgs – 4th February 2019
Liechtenstein (15), Iceland (25) and Cyprus (35) had the fewest breaches notified.
Over 59,000 personal data breaches notified to regulators in the 8 months since GDPR came into effect.
Netherlands (15,400), Germany (12,600) and the UK (10,600) had the most data breaches notified to supervisory authorities.
€50 million is the highest GDPR fine to date, against google relating to processing personal data for advertising purposes without valid authorisation.
Bashe attack: Global infection by contagious malware CyRiM – 79pgs – 4th February 2019
US projected highest losses with up to $89bn, followed by Europe at $76bn.
$193bn in potential losses from a global ransomware attack, with only 14% being covered by insurance.
613,000 businesses could be affected, with retail and healthcare sectors hit hardest estimated at $25bn losses each.
Note: The $193bn global loss forecast in this cyber crisis happens to be equal to the value of goods the UK exported to the EU in 2018.
Global Ransomware Marketplace Report Coveware – 15pgs – 22nd January 2019
Backup systems are typically the first target of the hacker.
75% of organizations that paid a ransom had their backups compromised.
The average data recovery rate when a working tool is delivered is about 95%.
93% of the time, paying the ransom results in a decryption tool being provided.
The average ransomware payment increased by 13% in the last quarter, to $6,733.
The main cost of a ransomware attack is the incident related downtime, averaging $54,904.
PWC - Survey of 1,378 CEOs PWC – 47pgs – 21st January 2019
30% of CEOs worldwide are “extremely concerned” about cyber threats in 2019.
45% of CEOs in North America are “extremely concerned” about cyber threats in 2019.
4% of CEOs in Europe say "AI initiatives are fundamental to our organisation’s operations".
Report of the COI into the Cyber Attack on SingHealth The Committee of Inquiry – 454pgs – 10th January 2019
How 25% of Singapore's citizens were breached (454 pages!)
Information of 1.5 million patients were exfiltrated, including NRIC numbers, addresses and dates of birth.
IHiS staff lacked adequate cybersecurity awareness, training and resources to respond effectively to the attack
Priority #6 for Singapore Government after their largest ever breach, announced on 10th Jan 2019: "Incident response processes must be improved"
International Publics Brace for Cyberattacks on Elections, Infrastructure, National Security Pew Research Center – 19pgs – 9th January 2019
"Cyber attacks will tamper with our elections" say 61% of voters, world wide.
47% of respondents state their country is not well prepared to handle a major cyberattack.
74% of individuals globally say that an attack where sensitive national security information will be accessed is likely.
Cyber Confidence is highest in Russia & Israel, where over 2/3rds of citizens believe their country is well prepared for a cyber attack.
Global Consultation on Business Continuity Standard - ISO 22301 International Standards Institute – 34pgs – 3rd January 2019
Worldwide voting on the new global standard for Business Continuity (Security & Resilience) will terminate on 28 March 2019.
The new standard will cover the Governance, including Leadership, Operations and Evaluation of Business Continuity.
UK Active Cyber Defence Kings College London – 40pgs – January 3rd 2019
£4.6 billion was stolen from 17 million UK Internet users in 2017.
Active Cyber Defence model has potential to be applied internationally.
Active Cyber Defence has significant potential in improving UK national cybersecurity.
UK residents are more likely to be a victim of cybercrime or fraud than any other offence.
The UK population is more than twice as likely to be targeted by cybercriminals compared to the global average.
Measuring & Managing the Cyber Risks - Ponemon Institute - 17th December 2018 62% are not confident their metrics accurately measure the business costs of cyber risk
58% of security departments lack adequate staffing to scan for vulnerabilities in a timely manner
67% say 2019's top priority is to ensure 3rd parties have appropriate security practices to protect confidential data
U.S. House of Representatives - 15th December 2018 Report into a the Equifax Data Breach, which affected 148m consumers including 56% of American adults.
The Cyberattack lasted 76 days, during which the attackers found unencrypted credentials, then sent 9,000 queries on these 48 databases.
Data exfiltration wan't noticed because the device used to monitor ACIS network traffic was inactive for 19 months due to an expired security certificate.
The dedicated breach website and call centers were overwhelmed, so consumers could not able to obtain timely information about if they were affected.
If Equifax had taken action to address its observable security issues prior to this cyberattack, the data breach could have been prevented.
Equifax Costs Related to Cybersecurity Incident were $266.5m, with $45m of that recovered from insurers.
Equifax increased security spending fourfold since the breach was discovered.
Top CyberSecurity Trends - Attivo - 14th December 2018 61% of security professionals say they are most worried by Malware, including Ransomware
23% of security professionals say they are now spending more on detection than prevention of cyber attacks
"Deception" is the capability most often mentioned by Cyber Security Professionals when listing their wishes
EBA draft Guidelines on ICT and security risk management - 13th Dec 2018 Some cyber-attacks can render common risk management and business continuity arrangements ineffective.
Observing the weakest link principle, cyber-security should not only be a concern for major market participants or critical service providers.
Unlike most sources of risk, malicious cyber-attacks are often difficult to identify or fully eradicate and the breadth of damage difficult to determine.
Financial institutions should monitor the level of compliance of 3rd Party Providers with their security objectives, measures and performance targets.
Financial institutions’ testing of their BCPs should challenge assumptions, including governance arrangements and crisis communication plans.
Financial institutions should ensure that they continuously monitor threats and vulnerabilities relevant to their business processes.
Security for Protecting Ballistic Missile Defense System Technical Information - US Department of Defense (DoD) - 10th Dec 2018 Auditors found that security officers at missile design facilities "did not consistently implement security controls and processes."
Auditors found security officers at missile facilities "did not consistently verify the effectiveness of implemented security controls."
Managing the Risk of Post-breach or "Resident" Attacks Ponemon – 35pgs – 5th December 2018
Incident response appears to be the weakest link in the threat-handling chain
Most organizations lack the ability to detect resident attackers, particularly insider threats
Senior leaders lack understanding of the threats and do not clearly communicate business risk
Organizations have low confidence in their ability to prevent serious damage from these attacks
Capabilities are low to prevent attackers from finding connections and credentials that enable lateral movement
Defending Your Network from Cryptomining Cisco – 7pgs – 4th December 2018
Many threat alerts are not investigated or remediated
Email continues to be a popular and effective means of communication, and as such, it’s a reliable tool for attackers.
Cloud-based collective security intelligence works across your security architecture to help contain the spread of cryptomining.
Data Threat Report - Thales - 3rd December 2018 84% of U.S. Financial firms are increasing security spending this year, well ahead of last year’s 78%.
36% of U.S. Financial firms reported a successful breach last year (Vs 28% for Global Financial firms) compared with just 24% last year.
33% of U.S. Financial respondents state that cyber security spending will be ‘much higher ’in the coming year.
49% of U.S. Financial respondents report feeling either ‘very’ or ‘extremely’ vulnerable to cyberattack.
85% of U.S. Financial firms report storing sensitive data in the cloud (SaaS, IaaS, PaaS, etc.).
Cyber Interdependencies - good practices ENISA – 56 pgs – 30th November 2018
Significant incidents may have a cascading effect on different sectors and across borders.
A common pitfall is overlooking dependencies that are hidden in plain sight, such as ICT services that are taken for granted.
National Competent Authorities should work towards developing a common taxonomy of incident impact assessment.
National Competent Authorities should facilitate information sharing about cyber threats.
The ISO 31010 standard identifies various techniques that can support risk identification.
Important to understand difference between Syntactic Attacks and Semantic Attacks.
Annual Gathering of the Centre for Cybersecurity World Economic Forum – 26pgs – 27th November 2018
Over 60% of global GDP will be digitalized by 2022
75 billion IoT devices estimated to be digitally connected by 2025
By 2022, global security solutions spending will exceed $120 billion
Shortfall of 3.5 million cybersecurity jobs expected globally by 2021
Cyber and Technology Resilience FCA – 14pgs – 27th November 2018
18% of operational incidents reported to the FCA are cyber-attacks.
138% increase in the number of incidents reported to FCA in the past year.
‘People’, ‘Third party management’ and ‘Protecting key assets’ highlighted as primary cyber weaknesses.
Getting your Incident Response Plan together Page 28 of InfoSecurity Magazine, Phil Muncaster, 19th Nov 2018
"Responders should not rush to kick intruders out" - Mathias Fuchs, SANS Institute
"Organisations must have a Recovery Time Objective as well as a Recovery Point Objective" - Ramses Gallego, ISACA
Cyber Security of the UK’s Critical National Infrastructure - Parliament - 19th Nov 2018 It is a matter of real urgency that the Government makes clear which Cabinet minister has cross-government responsibility for improved cyber security.
There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change for cyber resilience.
Witnesses offered mixed views on the utility of cyber insurance for CNI, eg to drive cultural change and improve baseline cyber resilience.
Due Diligence 2020 Merrill Corporation – 31pgs – 12th November 2018
35% of M&A practitioners in EMEA believe risk of a data/privacy breach in the due diligence process years has increased.
63% of EMEA practitioners believe new technologies will enable greater security in the due diligence process over the next five years,
66% of practitioners believe the EU’s GDPR will increase acquirers’ scrutiny of the data protection policies and processes of target companies.
CyberSecurity Certifications for Professionals Joseph Steinberg – 1pg – 2nd November 2018
Cybersecurity Certifications: CISSP, CISM, CompTIA Security+, GSEC.
Certified Information Systems Security Professional (CISSP), issued by (ISC)2.
Certified Information Security Manager (CISM) credential from the Information Systems Audit and Control Association (ISACA).
Global Information Assurance Certification Security Essentials Certification (GSEC), by SANS Institute.
CompTIA Security+ offered by technology-education non-profit, CompTIA.
The Standard of Good Practice for Information Security 2018 ISF – 3pgs – 30th October 2018
The ISF Standard includes: resilience (eg incident response); risk assessment; supply chains; compliance; awareness; governance and policies; and assessments.
The ISF Standard is informed by: NIST Cybersecurity Framework; ISO/IEC 27001/2:2013; CIS Top 20; COBIT 5 for Information Security; PCI DSS; and GDPR.
Notifiable Data Breaches Quarterly Statistics Report OAIC – 33pgs – 30th October 2018
Malicious or criminal attacks accounted for 57 per cent of data breaches
56% of data breaches of the health service providers were the result of the human error.
85% of data breaches involved ‘contact information’, such as an individual’s home address, phone number or email address.
2018 Data Breach Report Attorney General (Washington State) – 22 pgs – 30th Oct 2018
The estimated average total cost of a reported data breach is $3.11 million.
The average cost of a data breach to an American business in 2018 is $233 per compromised record.
Currently, all 50 states have laws requiring private or governmental entities to notify individuals when a data breach occurs.
Cyber Balance Sheet Focal Point – 30pgs – 30th October 2018
Directors get the overwhelming impression that no matter how much money is spent on security, they’re still going to get breached.
Cyber risk has been increasing due to the number of cyber security events in the news, raising awareness of the issue.
"We are willing to accept financial losses, but data/privacy losses simply cannot be tolerated."
Annual Privacy Governance Report iapp & EY – 132pgs – 18th October 2018
56% of respondents admit to be far from compliance or will never comply.
GDPR triggers privacy hiring, $3M in average spend; 1 in 5 say they’ll never be compliant.
44% of organizations elevated the position of the privacy leader within their organization in response to the GDPR.
25% of organisations have changed vendors in response to GDPR and 30% say they are considering future vendor changes.
GDPR Articles that Privacy Professionals say are most difficult: Right to be forgotten; Access Requests
2018 spend on Privacy is equivalent to $118 per employee in EU, vs $114 in USA
A taxonomy of cyber-harms Journal of Cybersecurity – 15pgs – 16th October 2018
The ability to quantify harm would allow an organization to make better decisions regarding the treatment of a particular risk.
JP Morgan Chase reported that hackers obtained administrator access affecting 76 million households and seven million small businesses.
UK NCSC Annual Review - 2018 National Cyber Security Centre (part of GCHQ) - 27 pgs - 16th October 2018
Jill describes what happens when NCSC calls to tell a company it has been breached - "We get a lot of people hanging up!"
NCSC responded to an average of 10 serious cyber attacks a week in the last year, over half from Nation States
The UK's share of visible global phishing attacks dropped from 5.3% (June 2016) to 2.4% (July 2018)
138,398 phishing sites hosted in the UK have been closed by NCSC in last 12 months.
Data Privacy and New Regulations Take Center Stage Gemalto – 16pgs – 9th October 2018
Identity theft accounted for 87.2% of the accounts breached in H1 2018.
Malicious insiders were quieter in H1 2018 compared to the previous year.
Malicious outsiders rose by 1,294 percent to 3,648,160,927 records breached.
More and more organizations are accepting the fact that, despite their best efforts, security breaches are unavoidable.
2018 Retail Cybersecurity Report SecurityScorecard – 10pgs – 9th October 2018
Retail industry neglects application security.
Hackers target retailers through social engineering in three ways: baiting, phishing, and vishing
90.72% of the domains may have been non-compliant with PCI DSS standards in more than four requirements.
SecurityScorecard’s scanning enables retailers to streamline their PCI DSS compliance to mitigate fines and intrusions from malicious actors.
Securing cyber resilience in health and care Department of Health & Social Care – 21pgs – 9th October 2018
Over £250 million will be invested to improve the cyber security of the UK health and care system by 2021
NHS Digital has entered into a three-year deal with IBM to deliver the new Cyber Security Operations Centre (CSOC)
All NHS organisations are to develop business continuity plans that include the necessary detail around response to cyber incidents
All NHS organisations are to develop local action plans to achieve compliance with the Cyber Essentials Plus standard by June 2021
WannaCry costs to NHS were £92m, having hit 200,000 NHS computers in 33% of NHS Trusts, 8% of GP Practices and 1% of all NHS care disrupted for a week
Expanding our descriptive palette for cyber threat actors Chronicle Security (part of Alphabet) – 20pgs – 4th October 2018
The industry is currently plagued by a counterproductive obsession with attribution.
Replicability has found notable expression in defeating authentication and fooling monitoring devices.
The State of Web Application Security Radware – 32pgs – 3rd October 2018
Data breach impacts: in 52% of cases, some customers ask for compensation, 46% result in major reputation loss, 35% cause customer churn, 34% lead to drop in stock price, 31% result in customer legal action, and in 23% executives were let go.
New application exploit kits are released almost daily, while most organizations refresh security practices perhaps once a year and security solutions every three or four years.
Organizations should be somewhat wary of outsourcing all security measures to cloud providers, as Kmart and Sears both recently learnt to their cost
Report into SingHealth Cyber Attack Channel News Asia – 1pgs – 5th October 2018
Exploited server had not been updated for more than a year
Attacker also used modified open-source tools that evaded anti-virus software
Medical records on 1.5 million patients were breached, including the Prime Minister’s
Response included Kerberos Golden Ticket reset, mandatory password resets and Surfing Separation policies
Investment Trends in Legal Technology HSBC UK – 8pgs – 2nd of October 2018
Technology will still be viewed as a key business enabler.
Data protection is becoming of an increased concern for organisations.
50% increase in the shift towards innovative technology since last year.
Back-office systems should be fit for purpose in the long-term and support the innovative technologies of the future.
Medical Device Cybersecurity Report MDIC – 36pgs – 1st October 2018
CVD policies need to involve the entire organization.
Vulnerability disclosure carries both regulatory and strategic considerations.
Cyber attackers target medical devices to steal PHI either directly or indirectly from medical devices.
PHI is an attractive target for cyber attackers because it commands a greater black-market price than financial data.
Closing the Gap on Breach Readiness: Insights fom the security for Business Innovation Council RSA – 12pgs – 26th September 2018
Is your Enterprise breach-ready?
Security Operations must maintain a certain level of flexibility.
Organisations need to continually refine their approach to intelligence action.
Both internal and external sources must be used for malware detection and analysis.
UK Finance analysis & response to fraud - 25th Sept 2018 Source: UK Finance represents 300 firms providing credit, banking, markets & payment-related services
66% of the £1,064m reported attempts at Unauthorised Financial Fraud were prevented by UK Finance members in H1 2018
10% rise in Number of reported cases of Unauthorised Financial Fraud, at 1,036,376 in H1 2018
2% decline in Value of actual losses from Unauthorised Financial Fraud, at £358m in H1 2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps Dark Reading – 1pg – 20th September 2018
Conduct a detailed risk assessment to establish your current status.
Tailor your cyber security framework to your specific business needs.
A deeper knowledge of risks and potential business impacts enables you to move on to a gap analysis.
83% of SMB owners have no cash put aside to deal with the fallout from a cyber attack HelpNetSecurity – 1pg – 19th September 2018
25% believe a cyber attack is a matter of ‘when’, not ‘if’.
54% of SMBs do not have a plan in place to deal with a cyber attack.
83% of SMB owners have no cash put aside to deal with the fallout from a cyber attack.
52% of small business owners think it is unlikely their company will be a victim of a cyber attack.
ENISA launches the Cybersecurity Strategies Evaluation Tool Enisa – 1pg – 18th September 2018
ENISA’s Evaluation Tool is in 15 sections and takes "less than 30 minutes to complete"
Decode cyber risk Willis Re – 6pgs – 18th September 2018
Less than 50% of respondents estimated the silent cyber risk factor as greater than 1.01 in any line of business.
17% – 22% of respondents viewed the silent cyber risk factor for workers compensation as greater than 1.01 across the range of industry groups.
Cyber Strategy 2018 Department of Defence – 10pgs – 18th September 2018
The arrival of the cyber era has created new opportunities and challenges for the Department and the Nation. The 2018 DoD Cyber Strategy directs the
Department to defend forward, shape the day-to-day competition, and prepare for war by building a more lethal force, expanding alliances and partnerships,
Towards secure convergence of Cloud and IoT Enisa – 14pgs – 17th September 2018
43% of IoT computing will occur at the edge by 2021.
Security depends on the vertical that Cloud is serving.
Security relies a lot on the implementation from IoT developers.
There is a growing concern about security for the IoT ecosystem in its entirety.
Federal SPF and DMARC Adoption Up More Than 30 Percent Points Leading Up to BOD 18-01 Deadline Proof Point – 1pg – 17th September 2018
19% of agencies have engaged 3rd-party vendors to help them achieve compliance.
31% of agency domains are not DMARC compliant and 23.8% of domains do not have a valid SPF in place.
25% of the 133 agencies are fully compliant at this point, having satisfied both SPF and DMARC requirements.
Technology and Innovation in Europe’s Capital Markets Afme – 36pgs – 13th September 2018
72% of respondents felt that the current investment allocated to the current strategic change was insufficient.
84% of survey respondents expected banks to have significantly advanced Data & Analytics capabilities embedded in five years’ time.
Banks should embed an enterprise-wide approach towards innovation while focusing on maintaining resilience and effective cyber security.
100% of survey respondents agreed that successful banks of the future will be those that are more flexible and agile to change and innovation.
The Next Crisis will be Different – Response to Systemic Risks DTCC – 25pgs – 12th September 2018
Cybersecurity should continue to be prioritized, emphasizing resilience and recovery as much as prevention, incorporating tabletop exercises
Cybersecurity concerns have grown exponentially and may be the most important near-term threat to financial stability
Cyber-attacks on financial institutions have become more frequent, complex, and sophisticated, with an unprecedented potential for far-reaching, systemic impacts
From data boom to data doom Kaspersky Lab – 17pgs – 12th September 2018
88% of businesses collect and store their customers’ PII,
31% global businesses store data protected by the strict confines of the GDPR
20% of sensitive customer and corporate data resides outside the corporate perimeter.
38% of enterprises applying additional policies and requirements after a cyber incident.
46% of large enterprise (42% of SMBs) worldwide have had one or more data breaches.
Guide to Developing a National Cybersecurity Strategy ITU – 70pgs – 11th September 2018
Cyber-incident response capabilities must be established, such as Computer Emergency Response Teams (CERTs).
United Nations announced on 15th Jan that 73 countries have no National Cyber Security Strategy, vs 121 that do.
A national contingency plan for cybersecurity emergencies and crises should be developed, aligning with an overall national contingency plan.
Information-sharing mechanisms crucial to the exchange of actionable intelligence and threat information between government, public and private sectors.
The Economic Impacts of the Advanced Encryption Standard, 1996-2017 NIST – 149pgs – 7th September 2018
NIST routinely directs its vast technical expertise into technology partnering activities between NIST laboratories and industries.
Mixture of laws, regulations, and responsible agencies has raised concern that Federal computer security policy is lacking direction and forcefulness in some areas, yet has created overlapping and duplication of effort in other areas.
Survey of 500 senior IT decision makers in UK Small & Medium Businesses (SMBs) Privatise Business VPN – 28pgs – 31st August 2018
Only 13% of SMBs have a cyber security incident management process in place.
20% of senior IT managers at SMBs say their employees DON'T CARE about cyber security.
50% say that current cyber security software solutions are EASY for small businesses to deploy.
20% say there are NOT ENOUGH cyber security solutions designed specifically for small businesses.
25% of UK small businesses have NO PLANS to upgrade or even review their cyber security in the near future.
23% say there are TOO MANY cyber security software solutions on the market, making it hard to understand what they all do.
Security solutions deployed by small businesses are ANTI-VIRUS (78%), ANTI-MALWARE (72%), and FIREWALLS (69%).
Cyber Defender Strategies: What your vulnerability assessment practices reveal Tenable – 21pgs – 30th August 2018
Only 5% of organisations have the most mature style of Vulnerability Assessment ("Diligent")
43% of organisations have a medium to high maturity to Vulnerability Assessment ("Investigative")
The mature Diligent Style has been found in the hospitality, transportation, telecoms, electronics and banking industries.
Federal CIO: Expect New Cybersecurity Reporting Metrics by Year’s End Nextgov – 1pg – 28th August 2018
Policies should be advancing hand in hand with technologies.
CDM Defend initiative would become Law under House Bill.
FISMA metrics updated and aligned with the report to the president.
CDM initiative should be able to keep pace with cutting-edge capabilities in the private sector.
20 out of 23 federal CFO Act agencies are actually sharing cybersecurity data between their agency-level and DHS dashboard.
Understanding the Cybersecurity Skills Shortage Fortinet – 18pgs – 3rd August 2018
The IT security is severely understaffed.
Cybersecurity and the role of the CISO are not to be taken lightly.
The global shortage of cybersecurity professionals is expected to reach 2 million by 2019.
There are more than twice as many male-gendered terms in job ads than female-gendered ones
The top soft skills employers seek in candidates are leadership, communications, and planning .
Business leaders must urgently rethink how they recruit and retain talent in the digital transformation age.
Information Commissioner’s Annual Report FY17-18 UK ICO - 84 pgs - 2nd August 2018
The UK’s ICO spends £18.6m on the cost of its 480 staff, including contractors.
The UK’s ICO issued fines totalling £1.29m for 11 for data security failures in the last year
The UK’s ICO’s £27.5m annual budget mostly comes from £21.3m fees from Data Controllers
Cyber incidents were behind 361 (11%) of the data breaches reported to the ICO in the last year
61% of 3,156 data breaches reported to UK’s ICO lead to no action, and 0.3% lead to a fine
The ICO expects its revenues from Data Controllers to increase at least 50% this year
Cyber Insurance Market Watch Survey Executive Summary CIAB – 8pgs – 30th July 2018
32% of respondents’ clients purchased cyber coverage - unchanged compared to two years ago.
30% of insurers saw cyber prices decline versus 12% who enjoyed an increase over last 6 months.
44.9% of companies that renew their cyber insurance increase it, with $3.2 million now the typical limit.
Notifiable Data Breaches Quarterly Statistics Report Australian Government – 33 pgs – 30th July 2018
63% increase in breach reports in last 3 months.
59% of reported breaches caused by malicious act; 36% by human error and 5% by system fault.
50% of all cyber data breaches in the finance sector caused by Phishing, 36% by Compromised Passwords and Credentials.
Report to Congress on National Security Agency (NSA) Office of the Inspector General - Declassified on 25th July 2018
NSA's auditor found "inaccurate or incomplete” security plans.
NSA's auditor found flash drives are not always being scanned for viruses before being used by staff
The Cyber Threat to UK Legal Sector NCSC – 22pgs – 19th July 2018
200% increase in the supply chain compromises in 2017
Over £11 million of law firms’ client money was stolen due to cyber crime in 2016-17.
In the post-GDPR world it’s vital to share a common view and understanding of cyber threats and their impact.
High-profile cyber crime incidents such as WannaCry in May 2017 highlight the indiscriminate nature of such attacks
FCA UK – Business Plan – 19th July 2018 PSD2 has the potential to increase cyber attacks and breaches.
Our aim is to help firms to become more resilient to cyber-attacks.
We will strengthen assessments to better understand resilience to cyber-attacks.
Cyber-attacks in the financial services sector are becoming more frequent and widespread.
One area we are focusing on is outsourcing arrangements.
Building the UK financial sector’s operational resilience Bank of England, PRA and FCA - Joint Paper - 48 pgs - 5th July 2018
Boards' oversight needs to cover any activities outsourced to third-party providers.
The supervisory authorities expect boards to take responsibility for the cyber resilience of their firms.
Boards should be planning on the assumption that disruption will occur, as well as seeking to prevent it.
Report on recovery plans European Central Bank – 43pgs – 4th July 2018
The ECB has concluded that some plans (of over 1,000 pages!) "might be too large to actually be used in a crisis"
Cyber Lexicon The G20’s Financial Stability Board (FSB) – 21pgs – 2nd July 2018
The lexicon should promote cross-sector understanding of cyber security and cyber resilience terminology.
The FSB intends to finalise this lexicon for delivery to the G20 Summit in Buenos Aires in November of this year.
Defined terms include: Cyber Resilience; Cyber Risk; Cyber Security; Cyber Threat; Traffic Light Protocol (TLP).
Cyber Resilience Report BCI – 21pgs – 28th June 2018
66% of the organisations surveyed have experienced at least one cyber security incident in the past 12 months.
76% of the organisations have lost less than 50,000 euros due to cyber security incidents in the past year.
13% have reported a cumulative losses of 250,000 euros or more as a result of cyber attack.
Assembly Bill No. 375 – Chapter 55 29th June 2018
The California Constitution grants a right of privacy.
California Is the First to Bring European-Grade Data Protections to the United States.
CCPA defines “personal information” much more broadly than other privacy statutes in the United States.
Every company should be attentive to the CCPA and any updates
Minimum Cyber Security Standard Cabinet Office of HMG, UK - 7 pgs - 25th June 2018
Introduces mandatory protective security outcomes that immediately apply to all UK Government Departments.
Mandatory activities are organised into four main areas for cyber resilience: Identify, Detect, Respond and Recover.
Bank of England - Resilience and Continuity Speech given by Lyndon Nelson, Deputy CEO, 13th June 2018
I would like our firms to be on a WAR footing: withstand; absorb; recover.
Small Business Guide to Cybersecurity in New York State New York State - 12pgs - 11th June 2018
Includes graphical explanation of what to look for in a scam email.
Summarises the 5 actions needed when responding to a data breach.
Details the 10 steps that small businesses should take to protect themselves
2018 SANS Security Awareness Report: Building Successful Security Awareness Programs SANS – 38pgs 7th June 2018
Security awareness field is still very immature.
The 5 stages of Security Awareness Maturity Model (SAMM) enable organisations to ID their current maturity level and change it.
Lack of staff-time is the number one challenge faced by the security awareness organisations.
71% of organisations identify themselves in the Behaviour Stage in the SAMM.
Atlanta officials reveal worsening effects of cyber attack Reuters - 6th June 2018
No critical applications were compromised
Hackers demanded $51,000 worth of bitcoin for the release of encrypted city data.
More than a third of the 424 software programs used by the city have been thrown offline or partially disabled in the incident.
Response to ecb consultation on croe framework AFME.EU – 9pgs – 5th June 2018
Requirements should remain focused on cyber resilience.
Requirements should map and remain consistent with internationally recognised standards to reduce the risk of fragmentation.
Requirements should avoid reference to a two-hour recovery time objective (RTO) for cyber events.
The Cyber Hygiene Index: Measuring the Riskiest States Ponemon Institute – 26pgs – 5th June 2018
41% of the sample maintain one or two passwords.
39% of respondents update their computer automatically.
A third of respondents (35%) have more than 20 online accounts.
95% of the sample do not use a privacy filter when working or travelling in tight spaces.
A "perfect" reaction to a data breach at MyHeritage Adam Levin - 1 page - 4th June 2018
Urgency: MyHeritage informed 92,283,889 email user on the same day it learnt of the breach.
Transparency: MyHeritage provided minute details of what the company knew, and what would be done next.
Empathy: MyHeritage established a customer call line before releasing breach notification, so anyone could get information and guidance.
GDPR - General Data Protection Regulation - Applicable from 25th May 2018 Rights of the Data Subject include Transparency, Access to personal data, Rectification and Erasure, Right to Object.
Responsibilities of Controller include Data protection by design & by default, Records & Security of processing, DPIAs & Breach Notifications.
Controllers must have a process for regularly testing, assessing & evaluating technical and organisational measures for security of processing at suppliers.
Cybersecurity Maturity Assessment ISACA - 1pg - 15th May 2018
Develop Risk-Mitigation roadmap.
Define the scope of the assessment and organisation's risk profile.
Cybersecurity in the boardroom: Practical support for the Executives in a world where cyber attacks and defences are automated Nokia – 11pgs – 14th May 2018
Rehearing for the shock, speed and ambiguity of a successful cyber attack helps executives avoid mistakes made by their peers.
A single cohesive end-to-end management solution is essential for effective response to accelerating threats.
Simulating a major breach is the best way to help leaders internalize the business nature of the cyberthreat.
ROCA Vulnerability and eID: Lessons Learned Republic of Estonia –Information System Authority – 4pgs –10th May 2018
The paper was published at an event with the Prime Minister of Estonia
It is a model of transparency in how to recover from a major cyber risk
Estonia revoked hundreds of thousands of faulty certificates on 1 April 2018
Estonia's ID card system is unique in that it is possible to update certificates remotely
The paper includes a detailed timeline and lessons on risk management and continuity planning
Blockchain & Cyber Security Deloitte – 14pgs – 3rd May 2018
Blockchain’s characteristics do not provide an impenetrable panacea to all cyber ills.
Every organization has to consider the inherent link between performance, innovation and cyber risk.
There is promising innovation in blockchain towards helping enterprises tackle immutable Cyber Risk challenges such as digital identities and maintaining data integrity
How to implement the European framework for Threat Intelligence-based Ethical Red Teaming ECB – 58pgs – 2nd May 2018
The core objectives of TIBER-EU are:
•enhance the cyber resilience of entities including the financial sector.
•standardise and harmonise the way entities perform intelligence-led red team tests across the EU
• provide guidance to authorities on how they might establish, implement and manage this form of testing at a national or European level;
• support cross-border, cross-jurisdictional intelligence-led red team testing for multinational entities;
• enable supervisory and/or oversight equivalence discussions where authorities
seek to rely on each other’s assessments carried out using TIBER-EU.
When the going gets tough, the tough get going Oliver Wyman – 10pgs – 24th April 2018
Cyber risk appetite: a strategic tool to manage the rapidly growing exposure.
Designing an effective cyber risk appetite is crucial for any institution that has exposure to the internet.
The starting position of most Boards of Directors and senior management is still a close-to-zero acceptance of cyber risk.
Cybersecurity for Industry Council on Competitiveness – 8pgs – April 2018
Security must be integrated into products and processes early on in the development cycle rather than being considered an add-on component.Cybersecurity must be transformed into a competitive advantage rather than a sunk cost by focusing on the confluence of risk, capabilities and resources.
Industry and academia must work together to create a baseline curricula to educate a knowledgeable, cybersavvy workforce.
NIST Cyber Security Framework (Governance) NFPPC (National Forum for Public Private Collaboration) - 20 pg - April 2018
Summary of NIST (National Institute of Standards & Technology) Cyber Security Framework
Mapping into 5 main categories: Identify, Protect, Detect, Respond, Recover.
Cyber Balance Sheets in the Boardroom Yvette Connor – 25 pgs – 20th April 2018
The value of cyber security is hard to measure, which makes the Board sceptical.
Board Directors say “Stop talking about security, and focus on the outcomes of security”
Directors have the impression that no matter how much they spend, they’ll be breached
Boards want Cyber Security to protect data and brand, and avoid losses
Vodafone Group Cyber Security - presentation on Governance to RSA Emma Smith & Andy Talbot – 19 pgs – 20th April 2018
Playbooks and automation free up human effort
Balance between SIEM and big data analytics.
Cyber security focus is moving from Preventing attacks, to Detecting attacks, to Responding to attacks
How to present Cyber Risk Evan Wheeler - 43 pgs - 20th April 2018
Where do you start when your boss asks about the top information security risks?
Good governance requires risks to be articulated in Boardroom as strategic or operational
Forms of loss can be captured in pre-defined loss tables
Inherent Risk – Control Environment = Residual Risk
Personality Profiling 3rd Party Suppliers for Cyber Security Risk John Elliott – 14 pgs – 20th April 2018
Assess the cyber security of key suppliers on 3 axes: their knowledge, ability and intent
Governance framework for assessing key suppliers indicates which need close monitoring
Responding rationally to headline vulnerabilities Gill Langston – Qualys – 42 pgs - 20th April 2018
Every patch of an Operating System has a downside
Decide on response to vulnerability: Remediate? Mitigate? Wait?
Vulnerabilities are not always as easy as pushing a patch, eg App rebuild and test cycles
Decision Making in CyberSecurity Investments Sateesh Bolloju - 22 pgs - 20th April 2018
Good governance says invest no more than 1/3 of "Value at Risk" in security.
Value at Risk (VaR) is a measure of potential losses over a specific time frame.
A good Governance Framework looks at both Threats & Vulnerabilities, regularly.
NIS - Security of Network & Information Systems UK Dept for Digital, Culture, Media & Sport ( DCMS) - 27 pgs - 18th April 2018
In the UK, Banking & Financial Sectors are excluded from NIS directive, as regulated elsewhere.
11 Competent Authorities will assess the Essential Service providers in their sector and geography.
DCMS recommends that Competent Authorities take a cautious approach to enforcement in first year.
Impact Assessment for Network & Info Systems (NIS) Regulation UK Dept for Digital, Culture, Media & Sport (DCMS) - 37 pgs ¬-18th April 2018
443 Essential Service Providers in UK may need to spend extra to be compliant with NIS
Among large providers of Essential Services, 43% expected to increase security spend, typically by £200,000 pa
The FMI should institute a dedicated cyber expert within the Board.
Snior management should produce a formal Cyber Code of Conduct and ensure that all employees comply with it.
Senior management should proactively cooperate with other stakeholders to promote a cyber resilience culture across the ecosystem.
Navigating a Cloudy Sky McAfee – 26pgs – 16th Apil 2018
83% store sensitive data in the public cloud.
69% trust the public cloud to keep their sensitive data secure.
65% have a cloud-first strategy, down from 82% one year ago.
1 in 4 organisations have experienced data theft from the public cloud.
97% of organizations use cloud services (public, private, or a combination of both), up from 93% one year ago.
Calculating Total Risk Across Third-Party Portfolios SecurityScorecard – 10pgs – 15th April 2018
Companies with a C grade or lower are 5x more likely to experience a cyber breach than companies with an A or B rating
Cybercrime-related costs are expected to reach $6trillion annually by 2021.
Companies within your digital ecosystem directly impact cyber risks.
SecurityScorecards statistical breach insights analyse common security weakness among venders in your portfolio
2018 Cyber Defenders CBInsights – 71pgs – 12th April 2018
There are two sides to the anti-fraud equation:
(1) authenticate legitimate users and avoid false-positives, and
(2) identify fraudsters.
Fraudsters are complicating the equation by switching up their tactics.
Each new breach raises fears that trust in the global digital economy is eroding due to death by a thousand hacks.
From Equifax to Yahoo, major hacks show us that there is little guarantee that a business can protect its customers’ data.
Cyber Attack Categories as defined by NCSC UK National Cyber Security Centre - six categories - 12th April 2018
Category 1 = sustained disruption of UK essential services or national security, leading to severe consequences or loss of life.
Category 2 = has a serious impact on central government, UK essential services, a large proportion of population or economy.
2018 Data Breach Investigations Report Verizon – 68pgs – 10th April 2018
93% of breaches used Phishing and Pretexting.
59% of Phishing attacks were financially motivated.
68% of breaches took over a month to detect.
Cybercrime tactics and techniques Malwarebytes – 26pgs – 9th April 2018
4,000% increase in Android cryptomining malware over the last quarter.
27% increase in all types of cryptomining malware over the last quarter.
Spyware still #1, with over 80,000 detections in January alone
M-TRENDS 2018 FireEye – 52pgs – 4th April 2018
Once a target always a target
Hidden threats remain in legacy system
Cyber security skills gap remains an invisible risk
Organisations’s maturity of information security programs is needed
Cybersecurity Penetration Testing Framework for Global Financial Markets GFMA (AFME, ASIFMA, SIFMA) - 27 pgs - 3rd April 2018
The Framework aims to facilitate global Regulatory and Industry coordination on Cybersecurity.
Ransomware Hostage Rescue Manual KnowBe4 – 20pgs – 27 March 2018.
The adage is true that the security systems have to win every time, the attacker only has to win once.
CryptoLocker was followed up by the variant CryptoWall which made $325 million dollars in 18 months, half of that in the United States.
There will only ever be 21 Million Bitcoins in circulation once they are all available.
Typical ransomware software uses RSA 2048 encryption to encrypt files.
Partnering with Law Enforcement to Combat Cybercrime U.S. Chamber of Commerce – 12 pgs – 27th March 2018
Cultivate trusted and bidirectional relationships with state and federal law enforcement as well as U.S. attorney points of contact.
Ensure your legal counsel is familiar with the organization’s cyber risk management and incident response plans.
Contact law enforcement at any point during incident response if there is suspected criminal activity.
Develop, exercise, and update a cyber incident response plan.
Join a cyber information-sharing organization.
Large-Scale Cyber-Attacks on the Financial System DTCC – 26pgs – 25th March 2018
There is an opportunity for a Utility to assess cyber resilience capabilities of third parties and issue ratings.
Firms which disconnect from a given stricken counterparty are uncertain when to allow reconnection
Isolated breaches can cause ripple effect into other ecosystem components
Cyber Risk Management – Response and Recovery Marsh – 26pgs – 20th March 2018
What cyber risk management framework does the organization use?" is a key question for Boards to ask
How are our business continuity plans adapting to cyber threats?" is a key question for Boards to ask.
70% of companies have no cyber response plan in place.
59% of boards have no cyber expertise on board.
The Third Annual Study on the Cyber Resilient Organization Ponemon – 44pgs – 15th March 2018
61% say that hiring skilled personnel improved their cyber resilience.
66% say that Incident response plans often do not exist or are "ad hoc".
69% of high performers say they have a mature cybersecurity programme in place.
High cyber resilient organizations are less likely to have a data breach and cyber security incidents.
50% say that CIO and Business Unit Leaders are mainly responsible for ensuring organization's high level of cyber resilience.
A new posture for cybersecurity in a networked world Thomas Poppensieker - March 2018
Companies need to identify their "crown jewels".
120 million new variants of malware are produced every year.
Cybersecurity is the most serious economic and national security challenge that the US government.
In a world where everything is connected, cybersecurity must be comprehensive, adaptive and collaborative.
IoT security PETRAS – 18pgs – 7th March 2018
19 best practices: adoption & implementation is imperative for IoT security.
Solid leadership is required to transcend fragmented international standards.
EU Cybersecurity certification scheme may form the basis for future international discussions.
Secure by Design: Improving the cyber security of Internet of Things Department for Digital, Culture Media & Sport – 37pgs – 7th March 2018
Compromised IoT devices could let criminals into homes without a forced entry.
13 new rules proposed by UK Government for IoT retailers, service providers & manufacturers.
Promoting a Secure by Design Approach to Consumer IoT Security requires greater transparency.
LifeSpam” (cSALSA) project aims to help the Government to produce educational materials tailored for different audiences.
“Code of Practice” guidelines are not a silver bullet, companies should also have security in mind when designing products and services.
2018 BSA Global Cloud Computing Scorecard BSA – 28pgs – 6th March 2018
Broadband penetration remains inconsistent even though technology has evolved tremendously.
Cloud computing enables artificial intelligence to “train” algorithms to solve complex problems and achieve goals.
Cyber security laws should not handcuff cloud computing providers, but restore users’ trust in their ability to manage risks.
Scorecard proves that most countries are rising to the challenges of protecting data from cyber and physical security breaches.
Cybersecurity Capability Maturity Model (C2M2) – Facilitator’s Guide Published by US DHS – 34 pgs – 28th February 2018
Assists organizations in evaluating their cybersecurity capabilities
Provides guidance for follow-on activities to prioritize and implement a plan to close identified capability gaps
Is your company ready for a Big Data Breach? Ponemon Institute – 35pgs – 28th February 2018
64% of companies are unable to prevent negative public opinion.
85% say the best way to improve your Data Breach Response Plan is to conduct more fire drills
33% now have a "standby website" for content that they can make live when a data breach occurs
75% express inability to minimise the financial and reputational damage post following a data breach.
31% are confident in their ability to recognise and minimise Spear Phishing incidents (down from 39% last year)
Guidance on Public Company Cybersecurity Disclosures SEC (Securities & Exchange Commission) - 24 pgs - 26 Feb 2018
Trading by company personnel ahead of the disclosure of a cybersecurity incident can constitute illegal insider trading.
Board level directors should evaluate the effectiveness of their company's procedures for disclosing cyber incidents
By the Numbers: Global Cyber Risk Perception Survey Marsh – 20pgs – 15th February 2018
14% of Directors are "not at all confident" in their ability to lead respond and recover from a cyber event
59% of Directors say that Reputational Damage is among the greatest threats from cyber scenarios.
64% of organisations expect to increase their cyber risk investment by next year.
55% of organisations fail to estimate the cost of a cyber incident.
New York State - Financial Regulation - 23 NYCRR 500 Covered Entities are required to submit the first certification under 23 NYCRR 500.17(b) by February 15, 2018.
Non-continuous monitoring of Information Systems, such as through periodic manual review of logs and firewall configurations, is not considered to constitute "effective continuous monitoring" for purposes of 23 NYCRR 500.05.
Official Guidelines on Personal Data Breach Notification under GDPR WP29 - Working Party of European Parliament - 33 pgs - published 13th Feb 2018
There are 3 types of Data Breach: Confidentiality Breach; Integrity Breach; Availability Breach.
Companies are under an obligation to ensure they will be aware of a breach in a timely manner, (eg by their suppliers).
After detecting a security incident, companies have "a short period" to establish whether or not a breach has in fact occurred.
The ability to detect, address, and report a breach in a timely manner should be seen as essential elements of compliance with GDPR.
What Every Business Leader Should Know about Cyber Risk (ISC) – White Paper – 8pgs – 19th February 2018
Bring your CISO into all risk discussions.
Link cyber risk to organisational frameworks such as Enterprise Risk Management.
Cybersecurity cannot remain the concern of the Chief Information Security Officer (CISO) alone.
Build awareness and education about cyber risks into all the training materials of the organisation.
5 Lessons from Media Reaction to Data Breach notifications By Helen Clarke & Viva Paxton - Corrs Chambers Westguard - 15th Feb 2018
Have a holding statement settled, approved & ready to go (subject to being customised for the circumstances of the data breach).
It is clear that the shorter and vaguer the statement, the more scope it gives the media to speculate about the silences.
The media’s reaction to a data breach statement may reach more of the public than your statement.
It is imperative to ensure that the apology comes across as genuine.
UK Government - Cyber Security Breaches Survey 2018 "Preparations for the new Data Protection Act – 9pgs –7th February 2018"
62% of surveyed UK businesses have never heard of GDPR
Phishing attacks: Defending your organisation NCSC – 16pgs – 6th February 2018
A Multilayer approach involves:
1. Make it difficult for attackers to reach your users
2. Help users identify and report suspected phishing emails
3. Protect your organisation from the effects of undetected phishing emails
4. Respond quickly to incidents
Active Cyber Defence - One Year On UK NCSC (National Cyber Security Centre) - 68 pgs - 5th Feb 2018
In the last 12 months, NCSC removed 18,067 unique phishing sites that pretended to be a UK government brand.
Over 600 UK Government web sites have used DMARK to prevent criminal impersonations spoofing their address.
NCSC's new Web Check services has conducted 1,033,250 scans on public sector web sites.
Development of NCSC's Threat-o-Matic is a priority for the next year.
Securing cyber resilience in health and care: A progress update Department of Health and Social Care – 11 pgs –1st February 2018
Rigorous reprioritization exercise is underway across the NHS IT portfolio.
£150m funds to be "reprioritised," to improve monitoring, resilience and response to cyber attacks in 2018.
GDPR and NIS Directive will strengthen the cyber security and data protection for health and care organisations.
Dominating your next security incident Trustwave - 26 pgs - 2nd January 2018
How to preserve evidence: nine need-to-do practices.
Don’t underestimate the human freak-out component following an incident..
Triage requires an assessment of business processes that have been impacted, as well as the systems, assets and data involved.
Data Security and Protection Requirements for all Health & Care organisations in UK UK Department of Health & NHS: how to implement the 10 recommended data security standards - 13 pgs - 31 Oct 2017
"Leadership Obligations" are set out for all working in Health and Care organisations, based on the latest Caldicott Report
Obligation 1: There must be a named senior executive to be responsible for data and cyber security in your organisation.
Obligation 6: A comprehensive business continuity plan must be in place to respond to data and cyber security incidents.
G7FE – Desirable Outcomes and Assessment Components G7 – 5pgs – 26th October 2017
Mature entities will exhibit an understanding that cyber disruption will occur
Flexibility is key – agility and experience contain disruptions and resulting impacts
Cybersecurity must be embedded within core business processes to minimise potential damage.
Promoting awareness is a must for effective security culture within an organisation.
Strengthening digital society against cyber shocks Key findings from The Global State of Information Security Survey 2018 – 21 pgs –18th October 2017
Organisations need to evaluate their digital risk and focus on building resilience for the inevitable.
The ownership of responsibility for IoT security varies depending on the organisation
Pursue resilience as a path to rewards not merely to avoid risk.
C-suites must lead the change and boards must be engaged.
Seek lessons in disaster-response case studies.
How small businesses should respond to cyber threats - Infographic UK National Cyber Security Centre (NCSC) - 18 pgs - 11th October 2017
Cyber Security Guide for Small Businesses UK National Cyber Security Centre (NCSC) - 18 pgs - 11th October 2017
This guide has been produced to help small businesses protect themselves from the most common cyber attacks.
CyberArk - Report 31 pgs - 4 October 2017 There are strategic business benefits to stronger protection of personal data, beyond the near-term avoidance of fiscal pain [of GDPR fines, etc].
A strong Privileged Account Security strategy is critical to securely leverage personal data.
GDPR Article 25 requires protection of personal data by design and by default
Equifax - Senate Hearing on Data Breach - former CEO, Richard F. Smith - 8 pgs 4th Oct 2017 As CEO I was ultimately responsible for what happened on my watch.
The breach occurred because of both human error and technology failures.
An unpatched vulnerability allowed hackers to access personal identifying information.
We struggled with the initial effort to meet the challenges that effective remediation posed.
I was updated daily – sometimes hourly – on the investigation and remediation development.
Experts told us to prepare for exponentially more attacks after the notification, from “copycat” attempts.
The challenge of building a website to notify consumers proved overwhelming, and, regrettably, mistakes were made.
143 million consumers were notified of the breach, and 7.5 million have registered for our remediation offer.
Before I decided to step down as CEO, our CIO and CISO also left the company.
Cyber Rescue Alliance Helping CEOs lead business recovery after a breach.
Video of some of our specialists and friends.
London's Worshipful Company of Technologists Cyber security experts consider the cascade of consequences that follow an attack
Annual Review – 2017 – Making the UK the safest place to live and work online National Cyber Security Centre – 44pgs – 3rd October 2017
NCSC has prevented waves of attacks through the Active Cyber Defence programme.
Cyber security small business guide – simple, quick and inexpensive steps to improve company’s resilience.
28 CyberInvest partners invested £2.8 m across 30 different British universities in 2017.
120,000 email from a spoof “” address have been blocked from reaching their target.
The UK’s Armed Forces also benefit from the technical work and support provided by NCSC.
590 out of 1,131 cyber incident reports are classed as significant.
Digital Forensics Providers Forrester WaveTM: 17 pgs - 28th Sept 2017
PWC, Verizon, Deloitte, Mandiant, and Stroz Friedberg lead the pack.
A retainer with a Digital Forensics provider is essential to Breach Response.
You don't want to negotiate rates and nondisclosure agreements under duress.
Ransmoware - Alien Vault - Report 47 pgs - 26 September 2017 52% of respondents say main obstacle to blocking Ransomware is lack of budget
42% of respondents say main obstacle to blocking Ransomware is the evolving sophistication of attacks
54% of respondents say they could recover from a successful ransomware attack within a day
74% of respondents say the most effective response to ransomware is regular data backups
60% of organisations expect their budget for ransomware security to increase.
UK Information Commissioner (ICO) - Award Winning InfoSec Report for SMEs - 26 Sept 2017 Bespoke action plan generated for each small business, based on 19 questions in 4 steps.
Step 1: Management and organisational information security
Step 2: Your staff and information security awareness
Step 3: Physical security
Step 4: Computer and network security
IT Security at SMBs / SMEs: 2017 Benchmarking Survey An Osterman Research Survey Report – 24pgs – 19th September 2017
Ransomware and phishing are the leading concerns for SMB decision makers.
68% of organisations experienced a security incident during the past 12 months.
44% of decision makers believe their organisations are doing “well” or “extremely well” against ransomware attacks.
57% of businesses rely on cloud-based email security.
Ponemon Report based on survey of 600 SMBs / SMEs - 38 pgs - 19th Sept 2017 * 61% of Small & Medium sized Businesses have experienced a cyber attack in the past 12 months
* 54% report they had data breaches involving customer and employee information in the past 12 months
* 52% of respondents say their companies experienced a ransomware attack
Cyber Security: The Innovation Accelerator - Vodafone - Report 38 pgs 86% of of high-growth companies believe that having strong cyber security enables new business opportunities.
83% of businesses said that being confident in their security helped their organisation be ready for the future
Security, law enforcement and criminal justice for the UK after Brexit A Future Partnership Paper – HM Government – 21 pgs – 17th September 2017
Highlight's the importance of Joint Cybercrime Action Taskforce (J-CAT), part of EC3, Europol’s cybercrime centre.
Calls for continuing deep partnership between UK and EU after Brexit.
Foreign policy, defence and development for the UK after Brexit A Future Partnership Paper – HM Government – 23pgs – 12th September 2017
Work together to develop effective cyber security legislation and international standards,
UK – EU agencies and bodies should be as flexible and innovative as the nature of the threats they face.
Participation in the CSIRT network and Cooperation Group.
Encourage the development of the cyber security industry.
The Evolving Role of CISOs - Ponemon - report on interviews with 184 CISOs - 67 pgs - August 2017 Chief Information Security Officers (CISOs) have growing influence in their enterprise.
* 60% have direct access to the CEO
* 61% are responsible for setting the security mission and strategy
* 60% are responsible for informing the organisation about new threats, technologies, practices, and compliance requirements
Cyberthreats in 2017 Webroot - Survey of 600 decision makers at SMEs - 7 pgs - 1st August 2017
A cyberattack in which customer records were lost would cost an average £737,677 for a UK SME, their IT leaders estimated.
71% of SMBs are not prepared for cybersecurity risks.
Cybsafe - survey of 250 IT decision-makers within SMEs that sell to enterprise - 31 July 2017
33% of small businesses that sell to enterprises have had their cyber security precautions questioned as part of winning contracts in the last year
50% of small businesses that sell to enterprises have had cyber security clauses added to new contracts in the last five years
14% of small businesses that sell to enterprises have no cyber security controls at all
69% of small businesses that sell to enterprises have cyber security training in place
Global Cybersecurity Index (GCI) 2017 ITU (Agency of the United Nations) – 66 pgs – 27th July 2017
Ranks 134 countries on 25 measures of commitment to cybersecurity, in areas like legal, technical and cooperation.
Example Rankings: Singapore (1); USA (2); Estonia (5); UK (14); NL (17); Hungary (56); Greece (70); Liechtenstein (126).
Only 27% of the 134 countries have a stand-alone cyber strategy, while 50% have not even started on a strategy.
61% of Member States do not have an emergency response team with national responsibility.
The State of Incident Response 2017 Demisto – 34 pgs – 20th July
47% of organisations find it hard to prioritise different cyber attack alerts.
More than 40% organisations say they are unprepared to respond to advanced attacks.
While automating incident response would provide immediate benefits, only 9% have this capability.
The main challenge for those leading attack response is having to work with a large number of information security tools.
Counting the cost – cyber insurance exposure exposed Lloyd’s of London and Cyence, input from over 50 experts, 56 pgs, 17th July 2017
Lloyd’s estimates insurers will receive $3bn to $3.5bn in premiums for cyber insurance in 2017, with 85% of that paid in the USA.
Successful attacks on commonly used hypervisor software implemented by cloud service providers could result in cascading outages & significant losses.
$53bn direct losses could be suffered by businesses if a major cloud service provider (eg Amazon, Microsoft, IBM) suffered an extreme outage.
Cyber Europe 2016: after action report Findings from a cyber crisis –ENISA – 14 pgs – 30th June 2017
Future Cyber Europe should focus on cooperation activities on technical and operational topics. 

Developing interconnections between cooperation mechanisms empowers the crisis cooperation framework.
A clear vision for the future of EU cyber response is needed.
Know the Odds - Cost of a Data Breach Ponemon - 1 pg - 20th June 2017
28% chance of suffering a material data breach, vs 0.5% chance of dating a millionaire
An experienced incident response team can help you quickly identify and contain a cyber attack
Be prepared to provide responders with logs & tools to help them understand what happened
Be prepared to quickly execute a reset of all passwords and service accounts
Cost of Data Breach - Annual Study Ponemon - interviews of 419 organisations in 11 countries - 35 pgs - 20th June 2017
28% chance of businesses suffering a material data breach in next 24 months
14% reduction in total cost of a breach if companies have good incident response
$225 per lost record is average cost of breach in USA, vs $123 in UK and $64 in India
$380 per lost record is average cost of breach in healthcare, vs $150 in communications & $71 in public sector
47% of breaches are caused by criminal or malicious activity; 28% by human error; 25% by system glitch
WanaCry Ransomware Crowdsourced Intelligence CMA = Cyber Management Alliance - contributions from over 20 individuals - 23 pgs - 16th May 2017
Lists operating systems that are affected by WanaCry (aka WannaCry aka WCry)
Speculates on attribution (who did it) and recommends technical actions
Provides advice to management on if and when to pay Ransomware
Economic Crime Board of the Police (CoL - UK) Agenda and Report by T/Commander Dave Clark to City of London - 30 pgs - 9 June 2017
20% rise in crimes reported to Action Fraud, at 280,706, but 5% decrease in crimes with viable lines of enquiry.
During 2016/17, City of London Police recorded a 179% increase in outcomes (partly from better recording).
Victim satisfaction with outcome of crime investigation has failed to 55% (from 67% in previous year).
Guide to the general data protection regulation Bird&Bird – 65 pgs – May 2017
GDPR will become effective without the need for implementing legislation.
GDPR allows Member States to legislate in many areas. This will challenge the GDPR’s aim of consistency, including employee data processing.
GDPR requires all organisations to implement measures to reduce the risk of their breaching the GDPR and prove they take data governance seriously.
Cyber Insurance in USA - Market Watch Survey CIAB (The Council of Insurance Agents and Brokers) - survey of insurance brokers in USA - 15th May 2017
98% of respondents noted that capacity in market is either plentiful or increasing.
75% of respondents believe there is, for the most part, adequate clarity in the content of a cyber policy.
32% of respondents’ clients purchased at least some form of cyber coverage.
76% of those with cyber insurance have standalone policies.
$6 million is the typical cyber insurance policy limit.
Cyber Risk Landscape for Insurers and Insured RMS (Risk Management Solutions) - reviews 50 cyber insurance products - 47 pgs - 15th May 2017
14% growth on cyber security expenditure, from US$75 billion in 2015, to $86 billion in 2016.
Extremely low conviction rates for cyber crime perpetrators (1 in 50,000 cases).
2.6 Terabytes: the world’s largest data leak by volume took place in April 2016
Yahoo! Twice breaks the record for the largest number of personal records compromised (2013, 2014).
The global cyber insurance market is predicted to reach $7.5 billion by 2025.
Latest statement on international ransomware cyber attack NCSC - UK's national focus are on two lines of defence - 14th May 2017
Guidance for Organisations:
Guidance for Individuals:
A broker guide to selling cyber insurance AIG - CyberEdge (r) Playbook - 15pgs - 12th May 2017
78% rise in average cost of a data breach in over last 8 years: now £2.53m
209 days is the average time from initial infection to discovery of breach
Gives examples of SME Claims on Cyber insurance, ranging from £48k to £105k
Types of claim paid by AIG: Ransom (16%); Breach (14%); Unauthorised access (10%); Other (60%)
Australia's cyber security strategy ASPI - 44 pgs - 10th May 2017
“cyber health checks” the next step towards Australia’s stronger private sector cyber defence.
Leading by example! The Australian government ‘raises the bar’ on meeting cyber security standards.
First annual assessment report reveals serious lack of transparencies around delivery timelines.
In urgent need of a coordinated communication strategy for any cyber incident may arise.
Greater government support for mid-tier and small to medium enterprises.
Transatlantic Cybersecurity Report EU & US Chamber of Commerce - Report 41 pgs - 8 May 2017
The report lay out 9 steps to strengthen transatlantic cyber security
EU and the United States make up the two largest economies in the world
The report lists a number of initiatives that all strengthen EU - US co-operation
Launch of Free Services to protect London's Businesses LDSC - Press Release - 2nd May 2017
London Digital Security Centre (LDSC) was founded by Mayor of London, Metropolitan Police and City of London Police
LDSC Membership scheme is initially aimed at those employing up to 249 employees, with plans to extend its reach by next year.
LDSC's first partner is SecurityScorecard, to provide security ratings to all London businesses
Deputy Mayor for Policing & Crime said: LDSC provides 1-stop shop to help businesses use technology to develop & grow
Why are so few women working in Cyber? Frost & Sullivan + (ISC)² 22 pgs, 27th April 2017
Percentage of women in sector unchanged since 2013.
11% of the information security workforce are women (14% in America, 7% in Europe)
51% of women working in information security experienced discrimination (vs 15% of men)
Women earn less than men in every level of the information security workforce
Global Cyber Risk Transfer Comparison Report Ponemon - survey of 2,168 involved in their company’s cyber risk management - 25th April 2017
The impact of business disruption to cyber assets is 72% greater than to property, plant and equipment (PP&E) assets.
The probable maximum loss from cyber assets is 27% higher than from PP&E assets.
Organizations insure on average 59% of PP&E losses, compared to an average of 15% of cyber exposures.
ISO/IEC 27035:2016: Security incident management The ISO process for managing information security events, incidents & vulnerabilities.
Managing incidents effectively involves detective and corrective controls designed to recognize and respond to events and incidents, minimize adverse impacts, gather forensic evidence (where applicable) and in due course ‘learn the lessons’ in terms of prompting improvements to the ISMS, typically by improving the preventive controls or other risk treatments.
What don't you know about Cyber Security? Five Questions every Board Member should ask:
1. What procedures do you have in place to manage a breach?
2. Have you tested your preparedness plans?
3. Do customers understand your data collection and usage practices?
4. How do you decide how much to invest in security - and where?
5. Are you educating employees on the best cybersecurity practices?
Evolution of Security Skills ComTIA - Skills needed to mitigate cyber risks - April, 2017
Between 18% and 32% of companies say they need significant improvement to existing security expertise.
For technical workers, 60% of companies use training to build security expertise, and 48% pursue certifications. 33% of companies say that security is a significantly higher priority for them today than it was two years ago.
49% of companies expect that security will be a significantly higher priority in two years than it is today.
Data Breach Disclosure 101 Troy Hunt – 1pg – 23rd March 2017
Disclose early
Don’t be Vague
Organisations don't plan to fail.
Treat security reports with urgency
Make it easy to submit security reports
Cybersecurity Requirements or Financial Services Companies NYSDFS – 14pgs – 1st March 2017
Covered entities shall implement due diligence processes and periodic assessment to evaluate the cybersecurity practices of Third Party Service Providers
Covered entities shall implement annual penetration testing unless they have effective continuing monitoring in place.
Multi-Factor or Risk-Based authentication is required for effective data protection.
CISO's shall be implemented to enforce cybersecurity policy.
Cyber Readiness Report Hiscox: Survey of over 3000 Businesses - 26 pages - 7th February 2017
55% of US businesses say they have cyber insurance vs 36% in UK and 30% in Germany
86% of experts agree that employee training has reduced the number of cyber incidents
45% of UK firms do not believe that a cyber insurance policy is relevant for them
91% of companies view cyber security to be a top priority at the board and C-level
Protecting information across government UK Parliament: Public Accounts Committee - 69 pgs - 2nd Feb 2017
Parliament calls for "detailed plan" for new National Cyber Security Centre.
Says that Data Breach recording processes are "inconsistent and dysfunctional".
Says UK Government taking too long to consolidate the 'alphabet soup' of agencies that protect Britain.
Cabinet Office "places too little emphasis on supporting citizens and service users beyond Whitehall".
Notes that Britain is below Brazil, South Africa & China at keeping phones & laptops secure.
2017 State of Malware Report - 11 pgs - Malwarebytes Lab - 15 Feb 2017 Ransomware distribution between January 2016 and November 2016 increased by 267 percent.
In 2016, there were three main players in the ransomware game: TeslaCrypt, Locky, Cerber.
Advancing Cyber Resilience with the Board (Governance) World Economic Forum - 40 pgs - 18th January 2017
Internal and external cyber preparedness audits should be performed periodically and reported to the board.
The board should have visibility of how the stated risk appetite is being applied in business decision-making.
Cyber resilience is a leadership issue.
Strong Authentication - 8 Key Principles for Policymakers Cheteroff Group - 16 pgs - February 2017
(1) Have a plan. (2) Recognise security limitations. (3) Authentication must be easy to use. (4) Old barriers to strong authentication no longer apply. (5) Solutions must support mobile. (6) Privacy matters. (7) Biometrics must be applied appropriately. (8) Focus on standards and outcomes.
A strategic cyber roadmap for the Board (Governance) Harvard Law School - 9 graphics on 1 page - 12th January 2017
Phase I – Know the Basics
Phase II – Oversee Preparedness
Cyber-risk management is everyone’s responsibility
Board organisation is a function of depth of experience in cyber-risk
Company’s best practices also for CISO engagement with law enforcement, industry peer groups and government
Cyber-Risk Oversight - Director's Handbook for good governance NACD (National Association of Corporate Directors) - 12 Jan 2017
11% of Boards have participated in a test of the company’s response plan
80% of black-hat hackers are affiliated with organized crime
48% of cyber breaches result from criminal or malicious attacks
38% of IT organizations lack a defined cyber breach response plan
48% of IT security professionals do not inspect the cloud for malware
53% of cyberattacks are first identified by third parties while 47% internally
Framework for Improving Critical Infrastructure Cybersecurity (Governance) NIST (National Institute of Standards and Technology) - 61 pgs - 10th January 2017
Proposes enhancements to best practice response to cyber attacks, including:
Greatly expanded explanation of using Framework for Cyber Supply Chain Risk Management purposes.
Access Control Category has been refined to account for authentication, authorization, and identity proofing.
New section on Demonstrating Cybersecurity, eg correlation of business results to cybersecurity risk management.
CYBERscape 2017 Momentum Partners - 104 pgs - 10th January 2017
Includings mapping of cyber vendors in 16 categories
Describes operating metrics of fastest growing vendors
Helping Boards meet their cyber responsibilities (Governance) KPMG - 15 graphics on 1 page - 7th Dec 2016
25% of CEOs regarded their organisation fully prepared for a cyber event.
Boards have duties to both internal and external parties.
The 5 step Cyber in the Boardroom methodology aims to assess present state and develop key risk indicators.
Investment in security awareness works as a force multiplier in an organisation’s security plan.
Cyber Security Annual report (Governance) TAG Cyber (The Amoroso Group) - 388 pgs - 2nd November 2016
Written for hardcore CISO team members, includes vendor mapping.
CISOs must focus on 4 areas: compliance, technology, architecture & innovation.
Groups 50 security into 6 groups: Perimeter, Network, Endpoint, Governance, Data & Industry.
UK National Cyber Security Strategy HM Government - 84 pgs - 1 November 2016
Strategy to spend £1.9bn to support Vision for 2021 "that UK is secure and resilient to cyber threats"
"From the most basic cyber hygiene, to the most sophisticated deterrence, we need a comprehensive response."
Three Objectives: to Defend against threats, to Deter aggression and Develop cyber security industry.
UK Government will use forthcoming (EU) GDPR to drive up standards of cyber security.
Key Vulnerabilities: poor cyber hygiene, insufficient training, unpatched systems.
Police will expand efforts to identify, anticipate and disrupt cyber criminals.
Cyber Essentials for 5 controls: access; boundary firewalls; malware protection; patch management; secure configuration.
G7 Fundamental Elements of Cybersecurity for the Financial Sector G7 – 3pgs – 11th October 2016
Lists 8 fundamental elements, from Strategy to Governance to Continuous Learning.
Systematic monitoring allows evaluation of cybersecurity measures.
Information sharing vital for the mitigation of breach damages.
Evolving cyber risks require regular strategy reviews.
Is your company ready for a Big Data Breach? Ponemon - survey of 619 executives, privacy and IT specialists in USA - 5th October 2016
80% of USA executives say their data breach response plan would be more effective if practiced more often.
60% of USA executives say their data breach response plan would be more effective if supported by a dedicated budget.
34% of USA executives say their Board understand the specific security threats facing their organization.
27% of USA executives are confident they can minimize financial & reputational harm from a data breach.
26% of USA executives say their Board is prepared to take responsibility for incident response plan.
13% of USA executives are very confident they can respond effectively to international data breach.
Cyber Claims on Insurance Study NetDiligence - 56 pgs - 17th October 2016
Analyses 176 data breaches that were covered by cyber insurance in the USA.
The average total breach cost was $665K, with an average payout for Crisis Services of $357K.
80% of breaches cost between $5,822 and $1.6M (ie excluding the cheapest and most expensive).
The average claim for a large company was almost $6 million.
The average claim in the Financial Services sector was $1.8 million, while the average claim in the Healthcare sector was $717K.
ISO 27001: International Standard for Standard for Info Security Management Systems Analysis of how many organisations have adopted ISO 27001 - October 2016
20% increase over 12 months in number of organisations wordwide with ISO 27001 - total is now 27,536
90% increase over 12 months in number of organisations in USA with ISO 27001 - total is now 1,247
Japan has 8,240 organisations certified for ISO 27001 - that's 30% of global total
The UK has 2,790 organisations certified for ISO 27001 - that's 10% of global total
The ISO standard for Business Continuity is growing much faster (78% pa) than for Info Security (20% pa)
Governor CyberSecurity Dashboard (Governance) Michigan State Board - 1 pg - 30th September 2016
Malware from internet activity on the rise since last month
Cybersecurity awareness and cyber culture remains operational
Industrial Control System Cybersecurity DHS - US Department of Homeland Security - 58 pgs - Sept 2017
Details "defence in depth" best practice for platforms like SCADA.
CSET - Cyber Security Evaluation Tool DHS - Department of Homeland Security - NCCIC - Software Tool - Version 8.0 - 27th Sept 2016
Provides self-assessment for industrial control system (ICS) and information technology (IT) network security practices, e.g. SCADA.
Contains six steps for user, starting with selection of appropriate standard, e.g. NIST, NERC, TSA.
User guide is 403 pages long
Cyber Attack Survival Guide Financial Times - Maija Palmer & Owen Walker - Online - 21st September 2016
It took TalkTalk 36 hours after discovering the hack to release a statement saying it had been attacked.
Most hacks follow warnings that were overlooked: emailed tip-offs that were never read, phone calls that were ignored.
Having an incident team makes the biggest difference in reducing the cost of an attack.
An attack "always seems to happen at the start of a long weekend and no one is around."
"You are actually wetting your pants at this point. Your goal was to prevent something like this happening."
The average tenure of a CISO at a company is a little more than two years.
Safe & Secure - Protecting London's data Gareth Bacon - London Assembly - 11 pgs - 31st August 2016
In London, the cost to the economy from security breaches is about £36 billion per year.
By March 2016, 2,181 Cyber Essentials & Cyber Essentials Plus certifications had been issued (ie to <1% of organisations).
A ‘Mayoral Standard’ for cyber security could potentially help all organisations in London.
Advancing Small Business Cyber Maturity Mark Tomlin - 102 pgs - Stored on Dropbox - 24th August 2016
There is no silver bullet to the cyber problem.
Cyber security often sits at the bottom of the priority list.
Proposes a proportionate, automated "Small Business Cyber Assessment Maturity Assessment Tool" (Chapter 6)
Joint investigation of Ashley Madison Privacy Commissioner of Canada and the
Australian Privacy Commissioner - 40 pgs - 23 August 2016
Press Release: "The company went so far as to place a phoney trustmark icon on its home page to reassure users."
Malicious Email Mitigation Strategies Australian Cyber Security Centre - 11 pgs - 31 July 2016
Excellent protections against malicious email attachments: whitelisting, filtering, converting, analysing & sanitising before opening.
Minimum protections against malicious email attachments: blacklist on file type & extension & virus scanning before opening.
Mitigate risks to your company systems by blocking use of non-authorised third party email services
Minimum method for verifying email senders: implement spam blacklists
Best protection for verifying email senders: implement DMARC
Hackers: Fake or real? Adrian Crawley - Radware - 1 pg - 2nd August 2016
In May 2016 we detected an exponential increase in the number of ransom letters being sent.
Around one in three organisations has experienced a ransom attack.
There are a number of indicators that will help you spoke a fake ransomware demand.
Building an Effective Incident Response Plan Rishi Bhargava - VP Marketing at Demisto - 1 pg - 29th July 2016
The 5 W’s of a comprehensive incident response plan: Who, When, What, Where Why
Top 10 Steps to an effective incident response plan, includes "Conduct table top exercises"
Presidential Policy Directive - USA Cyber Incident Coordination President Barack Obama PPD 41 - 2,258 words - 26th July 2016
The PPD defines for the first time what constitutes a "significant cyber incident" triggering a federal response.
The PPD delineates between “Threat responses” and “Asset responses.”
“Threat response” involves investigating the crime, so federal law enforcement leads (DoJ, through FBI & NCIJTF).
“Asset response” involves forensics and remediation, so Homeland Security leads (DoHS, through NCCIC).
Evaluation of cyber threats to be led by Director of National Intelligence (through CTIIC).
Department of Homeland Security to lead the effort to write the National Cyber Incident Response Plan.
Prevention and management of cyber incidents is a shared responsibility among the government, private sector, and individuals.
No More Ransomware Europol, Dutch National Police, Europol, Intel Security & Kaspersky Lab - 25th July 2016
718,000 users were attacked by crypto-ransomware in 2015-2016, up 5.5 times on previous year.
Launch of new tool containing 160,000+ keys will help victims to retrieve their data.
CyberSecurity - Protecting your future Robert Half - 100 interviews with UK CIOs and CTOs - 16 pgs - 12th July 2016
77% of UK CIOs say they will face more security threats in the next 5 years due to a shortage of IT security talent.
Top security concerns of UK CIOs: Data Abuse & Integrity (60%), Cybercrime (54%), and Spyware/Ransomware (39%).
Staff with skills in cloud security (51%), IT security technologies (47%), and big data analytics (37%), are the most in demand.
How to protect your networks from Ransomware US Government - 10 pgs - 11th July 2016
300% increase in number of ransomware attacks in the last year.
What to do if infected with Ransomware: Isolate, Secure Back-up, Contact Law Enforcement.
UK National Data Guardian for Health: Review of Data Security,Consent & Opt-Outs Dame Chaldicott - 60 pgs - 6th July 2016
41% of all breaches reported to the UK ICO were from the health sector.
The leadership of every [health] organisation should demonstrate clear ownership and responsibility for data security.
Ensure staff are equipped to handle information respectfully & safely, according to the Caldicott Principles.
Ensure the organisation proactively prevents data security breaches & responds appropriately to incidents or near misses.
Where malicious or intentional data security breaches occur, the Department of Health should put harsher sanctions in place.
Have a continuity plan to respond to significant data breaches, and test once a year as a minimum.
EU launches partnership for €1.8 billion investment against cyber threats The EU will invest €450 million in this partnership, under its research and innovation programme Horizon 2020.
The Commission will propose how to enhance cross-border cooperation in case of a major cyber-incident.
80% of European companies experienced at least 1 cybersecurity incident over the last year.
Guidance on cyber resilience for financial market infrastructures BIS – 32pgs – 29th June 2016
This Cyber Guidance requires FMIs to instil a culture of cyber risk awareness
Implement an adaptive cyber resilience framework that evolves with the dynamic nature of cyber risks
FMIs are required to demonstrate ongoing improvement of cyber resilience posture at every organisational level
An FMI should actively monitor technological developments and keep abreast of new cyber risk management processes .
Cyber Resilience Report 2016 Business Continuity Institute (BCI) - 369 respondents in 61 countries - 29th June 2016
Top causes of Cyber Disruption: 61% Phishing, 45% Malware, 37% Spear Phishing, 24% Denial of Service, 21% Old Software.
Some respondents cited that they only came to know about a disruption through law enforcement & the media.
19% of respondents report it takes over 4 hours for their organisation to respond to a cyber incident.
7% of respondents estimated the cumulative cost of cyber incidents at over €250k.
66% of respondents report at least 1 cyber incident in last 12 months.
Cyber Security: Protection of Personal Data Online UK - House of Commons - CMS Committee - 29pgs - 20th June 2016
285 "breach notifications" at UK Telcos were reported to the Information Commissioner in last year
30 staff at UK's Information Commissioner handle 1,000 "cases" plus 200,000 "concerns" per year.
It is appropriate for the CEO to lead a crisis response, should a major attack arise.
A portion of CEO compensation should be linked to effective cyber security.
Businesses need to see security breaches as an inevitable part of being in the digital economy today.
The person responsible for cyber-security should organise realistic management plans and exercises.
Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA U.S. Department of Health and Human Services - 34 pgs - 17th June 2016
mHealth services often aren't covered by Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Innovation in health has led to "Non Covered Entities" that collect, share & use health info without being regulated by HIPAA.
Only 6% of free health apps and 15% of paid health apps always use encrypted SSL connections when sending data to 3rd parties.
mHealth has been projected to be a $60 billion worldwide financial opportunity.
In 2014, only 30.5% of 600 mHealth apps studied had a privacy policy.
CEO's Guide to CyberBreach Response AT&T - 24 pgs - 13th June 2016
25.2% of organisations experienced significant negative impact from a breach last year.
34% of organizations believe they have an effective incident response plan, & 9% update it at least twice a year.
6 Core Components of Incident Response, including to Define all breach scenarios & to create response templates.
Post-breach response is often an all-hands-on-deck affair involving the C-suite, IT, security, legal, comms, & other teams.
Communication that focuses on helping customers (Vs describing the problem) limits media interest.
Poorly coordinated incident response activities may cause more damage than the breach itself.
Log data is vital as it helps forensic experts perform post-breach investigations.
Internet access block for public servants 'absolutely necessary' Prime Minister Lee Hsien Loong, commenting on "Internet Surfing Separation" initiative - 9th June 2016.
100,000 computers used by Civil Servants in Singapore to be disconnected from Internet by May 2017.
New move by Infocomm Development Authority of Singapore described by PM as “a nuisance... , it’s inconvenient but it’s doable.”
"Are we happy? I don’t think so... . But in terms of security... , it’s absolutely necessary."
A proactive C-suite can reduce cyber-risk The Economist Intelligence Unit - Survey of 300 CISOs & CIOs worldwide - 2nd June 2016
53% reduction in growth of cyber attacks & breaches achieved by companies with a proactive C-suite
A proactive C-Suite will "actively monitor external threats and mobilise the entire workforce to stave off attacks."
53% reduction calculated as: proactive companies suffered growth in cyber breaches of just 9.8%, vs 21.1% at worst firms
UK National Cyber Security Centre - launch prospectus HM Government - UK - 12 pgs - 25th May 2016
Cyber is a Tier One threat to the UK's national & economic security.
The new National Cyber Security Centre will launch in Autumn 2016, led by Ciaran Martin, reporting into GCHQ.
The NCSC will run the UK's Cyber Security Information Sharing Partnership (CiSP).
The NCSC will include Centre for the Protection of National Infrastructure (CPNI), CERT-UK & the Centre for Cyber Assessment.
Cyber and the City TheCityUK and Marsh - 36 pgs - 17th May 2016
Includes map of the 31 organisations fighting cyber threats to Financial Services in the UK.
"Surveys say average annual cost of cyber crime to large firms is £1.5m – £3m, but this is likely to be far short of the actual cost."
Recommended Check-List for Board: #1 - The main cyber threats for the firm have been identified and sized.
Recommended Check-List for Board: #8 - Preparations have been made to respond to a successful cyber attack.
"We propose that the financial sector sets up a Cyber Forum comprising a steering group of Board level cyber risk owners."
"The City should work on systemic cyber risk reduction: infosharing, risk aggregation & sector resilience."
How to Verify Data Breaches Troy Hunt – 1pg – 7th May 2016
Verifying with HIBP subscribers
Mailinator accounts are perfect for testing enumeration risks.
One thing that's enormously important when doing verification is the ability to provide the organisation that's allegedly been hacked with a "proof".
NIST Cyber Security Framework (Governance) NFPPC (National Forum for Public Private Collaboration) - 1 pg - May 2016
Summary of NIST (National Institute of Standards & Technology) Cyber Security Framework
Mapping into 5 main categories: Identify, Protect, Detect, Respond, Recover.
Cyber Insurance Market Watch Survey The Council of Insurance Agents and Brokers (USA) - 6 pgs - 26th April 2016
The price for cyber insurance varies dramatically by industry and size of organisation.
The nature of cyber risk is man-made and constantly changing in order to overcome cyber defenses.
Cyber coverage continues to be written with vastly different definitions, terminology, limits, endorsements and exclusions.
Cyber Insurance: "It is too difficult to compare offerings, coverage enhancements and exclusions with too many carriers."
16% of companies in the USA purchase stand-alone cyber insurance, plus another 8% that buy "very limited" embedded coverage.
Guide to developing a data breach response plan Australian Government - Information Commissioner - 9 pgs - April 2016
Your actions in the first 24 hours after discovering a data breach are often crucial to the success of your response.
A quick response [to a data breach] can substantially decrease the impact on the affected individuals.
Implementing a data breach response plan can assist in mitigating the [significant] costs [of a data breach].
Example Data Breach Response Plan Australian Government - Information Commissioner - 4 pgs - April 2016
There is no single method of responding to a data breach.
Some data breaches may be minor, and dealt with without action from the Data Breach Response Team.
4 key steps: contain breach & assess; evaluate risks for individuals; consider breach notification; review and learn from incident.
Cyber Defense Matrix (Governance) Sounil Yu - 27 pgs - 6th April 2016
Mapping of vendor landscape on two dimensions.
Asset classes: Devices, Apps, Networks, Data, Users.
Operational Functions: Identify, Protect, Detect, Respond, Recover.
Cyber Security Response in the cloud Microsoft Azure - 13 pgs - April 2016
Microsoft uses a shared responsibility model in the Azure services to define security and operational accountabilities.
In the event of a declared security incident, notification by Microsoft will be made without unreasonable delay and in accordance with any legal or contractual commitments. Customers should recognize that an exercise balancing between accuracy / completeness and speed takes place.
Data Breaches - Insurance and How Organizations Manage Advisen and ID Experts - Survey of 203 American Risk Managers - 17 pgs - March 2016
81% of US companies that have bought cyber insurance have never filed a claim on it (pg 15)
75% of US companies have developed an incident response plan but only 42% have tested it (pg 3)
45% of US companies believe their company has adequate resources to detect all breaches (pg 3)
Incident Response and Cyber Crisis Cooperation ENISA (European Union Agency for Network and Information Security) - 35 pgs - March 2016
A Cyber Crisis is a serious threat to structures, values & norms that - under time pressure & highly uncertain circumstances - necessitates making vital decisions.
Cyber Crisis Management has 5 steps: Sense-making, Meaning-making, Decision-making, Termination, Learning (Fig 3).
Cyber Crisis Management has 3 levels: Technical (eg detection, forensics & remediation), Operational (eg threat analysis and mitigation), Strategic (eg to invoke contingency plan and public communication).
The typical Incident Response process has 15 steps (see Fig 1)
Data Security Incident Response Survey BakerHostetler - lessons from 300 incidents - March 2016
43 days is average duration of External Forensics Investigation.
52% of breaches are self-detected, while 48% are notified by a 3rd party
Average time to discovery of breach: 69 days (114 days in health, and 46 in all other sectors)
40% of suspected breaches investigated by BakerHostetler required Notification of consumers.
Cause of breach: 31% hacking; 24% employee mistake; 17% external theft; 14% Vendor; 8% internal theft; 6% lost.
53% of Breach Notifications included an offer of Credit Monitoring, which was taken up by 10% of those consumers.
Return Path - 14 pgs - Analysis of 1,000 brands in 33 countries - February 2016
DMARC can significantly reduce instances of phishing or spoofed emails.
24% increase in DMARC implementation in last 12 months, but 71% of brands still don't use it.
The sectors that care most about preventing Phishing are in Social Media & Tech, where >50% of firms use DMARC.
The sector that cares least about preventing Phishing is Healthcare, where <20% of firms use DMARC.
Germany seriously lags in using DMARK to protect consumer email accounts from spoofing and phishing.
Rail Cyber Security - Guidance to Industry (UK) Department for Transport (DfT) - 39 pgs - February 2016
Effective cyber security is reliant on full engagement at all levels of an organisation.
DfT may hold some governance over cyber incident handling, dependent on the size and nature of the event.
UK Government wants to encourage use of US NIST cyber security framework with critical infrastructure.
Railway systems are becoming vulnerable to cyber attack due to the move to Commercial Off The Shelf (COTS) components.
The PERA model provides a reference model for understanding cyber systems at an enterprise level.
Failure to make systems secure might contravene regulatory safety requirements.
Priorities in the event of an attack: safety of people is the highest priority. This overrides all other considerations.
We recommend that you put in place a regular exercising programme for cyber related incidents.
IT Security Spending Trends SANS Institute - Survey of 169 staff involved in IT and security budgets- 23 pgs - February 2016
Main drivers to spend in InfoSec: Protect sensitive data (63%); Regulatory compliance (56%); Reduce breaches (31%).
Most effective justifications for InfoSec budgets: ensure regulatory compliance, enable business objectives.
Financial Services companies tend to give largest share of IT Budget to Security (7% to 12%).
Education organisations tend to give smallest share of IT Budget to Security (1% to 4%).
The most effective area of InfoSec to invest in is "Access and Authentication".
Global spend on InfoSec was $75.4 billion in 2015, up 4.7% over 2014.
Only 22% of the companies benchmark their security effectiveness.
Critical Security Controls your IT Director should have implemented SANS Institute - mapping the 20 layers of IT Defense - January 2016
How To Run A Data Breach Fire Drill Law360 - 4 pgs - January 2016
Data Protection Laws of the World DLA Piper - 500 Pgs - January 2016
Cyber Incident Management Planning Guide For IIROC Dealer Members IIROC - 28pgs - 15th December 2015
The five phases of cybersecurity incident management.
Published 1,000 days ago by Canadian authorities but still up to date.
EU General Data Protection Regulation Final Compromise on new law for data breach etc - 209 Pages - December 2015
Data Breach Response Webinar BABC - Bradley Arant Boult Cummings - 1 hour - December 2015
Report on National and International Cyber Exercises ENISA - 32 pgs - December 2015
"Twice as many large cyber exercises in 2015 vs 2013"
2016 Global Privacy Handbook - Laws Baker and McKenzie - 832 pgs - December 2015
Proposal for European Cybersecurity Flagship European Organisation for Security (EOS) - 9 pgs - November 2015
Call to support strategy for a "Smart & Secure Digital Europe”
Market for Cybersecurity is €70 billion, with €24 bn in North America growing at 8% pa, & €18 bn in EU growing at 6% pa.
Aims to address 4 challenges in cyber activities across EU: information sharing, standards, trusted entities and industrial base.
Using Cyber Insurance as a Risk Management Strategy SINTEF - 24 pgs - 11th November 2015
Cyber-insurance products are still relatively immature.
"Products are untested, pricing appears arbitrary and experimentation in contract writing is commonplace."
There were in Europe in 2012 only nine insurers with specialized cyber-insurance, compared to 30-40 in the US.
52% of businesses that don't plan to buy cyber insurance say its because “Premiums are too expensive”
44% of businesses that don't plan cyber insurance because “Too many exclusions, restrictions & uninsurable risks.”
"Actuarial data for the cyber-insurance market is missing and unlikely to be available in the near future."
Major cost items in the Ponemon study seem not relevant for the claims payouts surveyed by the NetDiligence study.
Training on Cyber Response Corpress - 16 pgs - November 2015
Cybersecurity Incident Response - Planning is just the beginning Grant Thorton and FERF - 8 pgs - November 2015
How to Prepare for a Breach Rapid7 - 6 Pgs - November 2015
PR Case Study on TalkTalk PR Week - 1 Pg - November 2015
Data Breaches - What is the Marketers Role Liisa Thomas - Winston and Straw - 18 Pgs - November 2015
Unprepared pay more for cyberattacks Grant Thornton - 4 pgs - November 2015
Global Cyber Security Ecosystem ETSI - Anthony Rutkowski & Carmine Rizzo – Version 1.1.1 - 54 Pgs - 17th November 2015
Lists 850 organisations promoting 5 cyber security actions (Identify, Protect, Detect, Respond, Recover).
Highlights 70 standards bodies, 36 developer forums, 15 information hubs, 9 centres of excellence.
Describes the national cyber security system in 64 countries.
Digital Security Risk Management OECD - 74 pgs - October 2015
Breach Response - Making the right choice NPC Immersion - 10 pgs - October 2015
Data Breach Preparedness Study Experian - Ponemon - 38 pgs - Oct 2015
Best Practices for Cyber Response Lifars Cyphort - Video - 55 mins - November 2015
Guidance to 25m breached Federal Employees US Government OPM - Cybersecurity Resource Center - October 2015
Cyber Crime - Help the Police TechUK - 28 pgs - October 2015
Of the 248,200 cyber crimes reported to Action Fraud last year, 28% are investigated, and 5% lead to judicial action.
Two thirds of small and medium sized businesses (SMEs) do not consider themselves to be vulnerable to an attack.
TechUK recommends that Diagnostic Question Sets are developed for police officers to use with victims of cyber-crime.
The UK National Cyber Security Programme (NCSP) allocates £30m per year to combating cyber-crime.
Guide to developing a data breach response plan Australian Government - 8 Pgs - October 2015
Cyber Security Playbook FireEye - 19pgs - October 2015
Making DDoS Mitigation part of your Incident Response plan Akamai - Denial of Service - 5 pgs - October 2015
Plan now to use offband communications during Incident Response DLA Piper - 3 pgs - October 2015
"Do you mind if the attackers follow along with your Incident Response Plan playbook?"
The Top 10 Tips for Building an Effective Security Dashboard Tripwire - on-line resource - 23rd Sept 2015
(1) Make It Relevant to the Audience. (2) Sell Success, Not Fear. (3) Be Brief. (4) Use Visualizations. (5) Allow Data to Be Drilled. (6) Show Trends. (7) Make it customisable. (8) Keep it Web-Based (9) Check the Information Before It Is Presented. (10) Benchmark Yourself to Your Peers in the Industry
Insurance 2020 & beyond Reaping the dividends of cyber resilience – PWC – 14th September 2015
Cyber crime costs the global economy more than $400 billion a year.
Cyber criminals are probing for weaknesses and adapting their tactics.
71% of insurance CEOs, 79% of banking CEOs and 61% of business leaders see cyber attacks as a major threat.
Over 90% of cyber insurance was purchased by US companies.
If your business cannot protect itself, why should policyholders trust you to protect them?
Incident Response - Brochure BoozAllen USA - 2 pgs - Sept 2015
7 Things To Do If Your Biz Is Hacked Rapid7 - 2pgs - Sept 2015
Responding to a Data Breach PCI Security Standards Council - 3 pgs - Sept 2015
Annual Privacy Governance Report IAPP - EY - 142 pgs - September 2015
Cyber Claims on Insurance Study NetDiligence - 48 pgs - September 2015
The 160 cyber claims analysed for this report represent about 5% of all cyber insurance claims in 2012-2015.
Having access to preferred vendor panels with pre-negotiated rates... significantly reduces the cost of breach response.
The median (mid-point) claim on cyber insurance is $76,984, while the mean average claim is $673,767.
For each data record lost, the median cost is $13, while the mean average is $964.
Of the $75.5m claimed, 78% went on Crisis Services, 8% on Legal Defense, 9% on Legal Settlements, & 4% for Fines.
The Crisis Services most often claimed for: Legal (73%), Forensics (59%), Notification (46%), Credit Monitoring (42%) & PR (9%).
Achieving Cyber Resilience AIG - 6 pgs - September 2015
Cybersecurity Guide for Directors Dentons - 12 pgs - September 2015
Incident Response Capabilities Needed McAfee - 21 pgs - August 2015
Cost of Phishing & Value of Employee Training Ponemon – Wombat – Survey of 377 IT and IT security practitioners in USA - August 2015
95% say Phishing compromised credentials (eg cryptographic keys & certificates) in last 12 months
Return on Investment in Phishing Training is Fifty Fold, ($184 per $3.69 spent on each employee)
1.6% likelihood of business disruption due to weaponized malware in next 12 months
0.9% likelihood of business disruption due to credential compromise in next 12 months
0.4% likelihood of data exfiltration due to credential compromise in next 12 months
64% reduction in employees who would fall victim to phishing scams after training
Incident Response Survey of 500 IT Professionals SANS - Alienvault - 22 pgs - August 2015
Theres a breach, now what? RSA - 25 pgs - July 2015
Reputation & Crisis Management for the Enterprise Sprinklr - 19 pgs - July 2015
Very often, in a crisis, people will add fuel to the fire by filling in gaps with rumors, suspicions, or what they think went wrong.
People want to hear from people, not brands. This is especially true in the event of a crisis.
Activate the key audience segments that care about your brand to defend you.
Guide your employees in their effort to speak up for the company.
There are two types of crises: Flash Fires and Rolling Disasters.
In a Rolling Disaster crisis, [pre-scheduled] tweets can be deemed inappropriate.
Cyber Security Logging and Monitoring Guide Crest - 60 pgs - July 2015
Cloud Service Security - Assume Breach Microsoft - 47 pgs - July 2015
Cybersecurity Assessment against Inherent Risk and Capability Maturity for Finance Companies FFIEC – 5pgs – 15th June 2015
FFIEC is empowered by the USA's Federal Reserve System to set standards.
Inherent Risk Profile with 5 levels is the second part of the FFIEC cyber assessment.
Cybersecurity Maturity Model with 5 levels is the second part of the FFIEC cyber assessment.
Cyber Insurance - Considerations when buying Keeling Law - 27 pgs - June 2015
To buy $1m cyber insurance costs $5k to $25k for a medium sized company
The number of companies buying cyber insurance has grown about 30% per year since 2012
Cyber policies might not pay out if: claim is delayed, breach actually occurred before cover purchased, employee negligence, failure of insured to adhere to minimum required security practices.
Cyber Security Training for Procurement Professionals HM Government (BIS & DCMS) and CIPS - 2 hours - June 2015
"Assess your suppliers' cyber security stance meets your needs"
CFO Role in CyberSecurity GrantThornton - 24 pgs - June 2015
CSIRT - Academic Review of Response Teamwork Pfleeger - 38 Pages - June 2015
CSIRT - Academic Review of Response Teams Skierka - 28 Pages - May 2015
Cost of Data Breach - Impact of Business Continuity Management Ponemon and IBM - 19 pgs - May 2015
In A Flash - A Training Lesson in CyberSecurity DLA Piper - Trailer - May 2015
In A Flash - A Training Lesson in CyberSecurity DLA Piper - 38 Pgs - May 2015
PR - Managing Customer Perceptions in an Information Security Crisis Waggener Edstrom - 20 pgs - April 2015
Confronting Complexity in Managing a Cyber Crisis BoozAllen - 12 pgs - April 2015
Cyberdata breach response checklist DLA Piper - 11 Pgs - April 2015
Cyber Insurance - How much do Universities in USA buy University Risk Management and Insurance Association - 3 pgs - April 2015
Breach Readiness eBook RSA EMC - 12 pgs April 2015
Cyber incidents - Victim response and Reporting Cybersecurity Unit of DoJ USA - 15 pgs - April 2015
Cyber Readiness - Breach Response Simulation Exercise Pinsent Mason - 8 pgs - April 2015
CSIRT - Maturity Toolkit Dutch Government Recommendations - 18 Pages - April 2015
Insurance 2020 & beyond PWC - Includes survey of 806 insurance industry participants from 54 countries - 20 pgs - 23rd March 2015
Annual gross written premiums for Cyber Insurance was around $2.5 billion in 2015.
Annual gross written premiums for Cyber Insurance will be around $7.5 billion in 2020.
The insurance industry’s global cyber risk exposure was around $150 billion in 2015.
Lloyd’s is concerned that cyber risk may not be being properly priced for, nor the exposures adequately quantified.
In the UK in 2015, only 2% of companies had standalone cyber insurance.
A cyber breach has a long and unpredictable tail.
Some common conditions, eg state-of-the-art data encryption or 100% updated security patch clauses, are difficult for any business.
Guide to Data Protection ICO - Information Commissioners Office UK 131 pgs - March 2015
Cyber Threat Defense Report CyberEdge Group - 41 pgs - March 2015
Notification of PECR Security Breaches for Telcos and ISPs ICO UK - Information Commissioners Office - 13 pgs - March 2015
Cyber Security Report Francis Maude - UK Government and Marsh - 32 pgs - March 2015
81% of large businesses & 60% of small businesses suffered a cyber security breach in the last year
52% of CEOs believe that they have cover, but less than 10% actually do
Cyber insurance is priced to reflect type of activity, # of personal records and staff, turnover, & IT maturity
>60% of cyber incidents reported to insurers are accidental, but >50% of high-severity losses stem from attacks.
Insights into Incident Response FireEye [Subscription needed] - Webinar - 43 slides - March 2015
Overview of Digital Forensics ISACA CSX - 14 pgs - March 2015
Data Breach Response Readiness - Husch Blackwell - 5 pgs - March 2015 "There are 10 activity channels for Breach Response."
Sensitive Data Handling Toolkit Workflow Data Breach Response for Universities in USA - 4 pgs - Feb 2015
Strategies to Mitigate Targeted Cyber Intrusions Australian Government - Department of Defence - 3 pgs - February 2014
At least 85% of the targeted cyber intrusions could be prevented by following the Top 4 mitigation strategies listed:
1. use application whitelisting to help prevent malicious software and unapproved programs from running
2. patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
3. patch operating system vulnerabilities
4. restrict administrative privileges to operating systems and applications based on user duties.
Data Breach Response Workflows King Spalding - 35 pgs - Feb 2015
Data Breach Notifications Guide Liisa Thomas - 776 pgs - February 2015
Cyber Crime Overview and Sources of Support RISCAuthority and CRIF - 14 pgs - February 2015
Data Breach Readiness Guide Online Trust Alliance OTA - 40 pgs - February 2015
Executive Breach Response Playbook HP - 12 pgs – Jan 2015
10 Steps to Cyber Security CESG - GCHQ - UK Government - 16th Jan 2015
Defining and communicating your Information Risk Management Regime mapping is central to your cyber strategy.
What to do if compromised - Credit Card Acquirers and Issuers Visa Europe - 30 pgs - Jan 2015
Breach Preparation - Plan for the Inevitability of Compromise Bit9 - 10 - pgs - Dec 2014
Cyber risk challenge and the role of insurance CRO Forum - 48 pgs - December 2014
Incident Response AlienVault - 48 pgs - December 2014
Cyber Crisis Cooperation and Management ENISA - 60 pgs - November 2014
The Breach Combat Manual HB Litigation Conferences - NetDiligence Cyber Risk - October 2014
How to Tell Data Leaks from Publicity Stunts Krebs on Security - 2pgs - October 2014
Incident Response Playbook AlienVault - SANS - Webinar - 60 minutes - August 2014
Data Breach Best Practices LifeLock - 3 pgs - August 2014
Restoring Trust in IT Systems after a Data Breach TripWire - 21 pgs - July 2014
Cyber Risk Oversight - Director's Handbook ISA NACD AIG - 64 pgs - June 2014
Data Breach Preparedness InsureTrust and Fletcher Media - 57 pgs - June 2014
Protecting personal data in online services ICO - Information Commissioners Office UK - 47 pgs - May 2014
Make Denial of Service Mitigation part of your Incident Response plan Akamai - DDoS - 6 pgs - April 2014
Three Phases of Securing Privileged Accounts CyberArk - 8 pgs - April 2014
Guide for Managers of e-Crime Investigation ACPO (UK Police) - 117 pgs - April 2014
Guidelines for Computer Evidence ACPO (UK Police) - 72 pgs - April 2014
Cyber incident response - Are business leaders ready Economist - EIU - Arbor - 27 pgs - March 2014
Online Training for Legal & Accountancy Professionals ICAEW - March 2014
After a data breach - are credit monitoring services worth it for consumers? These are basically PR vehicles for most of the breached companies who offer credit report monitoring.
They only give consumers limited help with a very small percentage of the crimes that can be inflicted on them.
Cybersecurity Capability Maturity Model (C2M2) for Energy Companies US Department of Homeland Security – 76pgs – 10th February 2014
The Capability Maturity Model covers information (IT) and operations technology (OT) assets.
The Capability Maturity Model helps executives to evaluate and benchmark cybersecurity capabilities.
The Capability Maturity Model is an easily scalable tool for implementing the NIST Cyber Security Framework.
Cyber Threat Intelligence with Structured Threat Info eXpression STIX - February 2014