Operational Resilience is not a box ticking exercise, it’s a sum of cumulative actions that will enable the organisation to be better prepared to manage disruptions.
Given the rapid adoption of new ways of working and technologies to support hybrid-working, organisations are now more exposed to sophisticated criminals, increasing the risk of falling foul of their nefarious activities, which could jeopardise critical business information and impact the integrity of the business.
According to the National Fraud Intelligence Bureau, in the UK between April 2021 and April 2022 427k cyber-attacks were reported with an estimated loss of £3.1Bn. When it comes to data breaches, in the UK the average time to identify a breach is 181 days and around 75 days to contain the incident positioning the UK as the fifth fastest to respond, behind Germany, Canada, South Africa, and the US.
Looking at some other statistics, between 2014 and 2022 the percentage of organisations having “at least one successful attack” increased from 62% to 85%, and having “six or more successful attacks” almost tripled, from 16% in 2014 to 41% in 2022.
But how to do you protect your organisation in this high-risk environment?
Security by Design is the correct approach to adopt to protect and prepare your organisation and preserve the business integrity beforehand and minimising the impact after an attack.
Based on our experience, organisations commonly fail to establish a coherent Cybersecurity programme, that connects not just the IT Architecture and Application Ecosystem, but also the team; moreover, they lack a coherent action plan to contain any resulting collateral damage from a cyber-attack.
So, where do you start? The following actions will support your organisation to build a single view of Security, allowing you to manage your risk exposure, and develop defence mechanisms, and action plans to contain the damage
- Understanding your Existing IT Architecture and Application Ecosystem: This is essential to trace vulnerabilities or “back doors” that criminals can exploit to penetrate and compromise your systems. This encompasses: legacy IT systems, version control, application registration, patching, and the cyber resilience of the supply chain
- Adopting international Best Practices: If your organisation hasn’t really implemented global standards on ICT control and security, or if there is not a good understanding of “the current state”, it is highly recommended that you conduct independent assessment by experts to identify gaps and define a remediation plan and roadmap. Some of the most common standards related to Cybersecurity are NIST, ISO 27000, COBIT and ITIL
- Data Management Framework: This is one of the most critical components and often organisations fail because they don’t have a defined framework to classify and manage information across the organisation. The absence of these elements causes a ripple effect in terms of resourcing, business planning, and security protocols. The key components of this framework are; Collection, Relevance, Classification, Handling & Storage and Transmission & Transportation. Your organisation needs to have a strategic view of how it is using data
- Threat Monitor/Hunting: Having a real-time and proactive threat monitoring capability allows you to quickly detect and react to potential threats. Criminals are using social engineering and social intelligence to scrape information, from employees with Senior staff in particular being seen as high-value targets. As previously stated there should be scrutiny of your supply chain, adopting a proportional risk based approach
- Training and Communication: Cyber criminals’ skills evolve rapidly, and organisations need to become more agile and responsive to close the gap with its own internal capabilities and technical skill sets. Running a certification programme is an important first step, however it requires continuous ongoing improvement and upskilling such as frequent training on IT controls, emerging technologies, behaviours, and ethical hacking are all good practices to ensure your defence mechanisms remain strong
How TORI can Help?
We have been actively supporting financial institutions in their journey towards building cyber resilience. We are working with a number of financial institutions, assisting with including; inter alia:
- Cybersecurity Assessments
- Application Security Assessment
- Data Management
- Ethical hacking and Penetration Testing
- Business Continuity Disaster Recovery Plan
- Operational Resilience
- Augmentation Intelligence (Threat Intelligence unit)
- Regulatory & Compliance Advisory services (e.g. GDPR)