Cyber Security Culture

Slides:

Advertisements

Similar presentations

Innovation or Necessity? ISM 158 By: Sepehr Saeb.

Advertisements

Security awareness and cultural change “…from bad apples to good eggs…” Martin Smith MBE FSyI Chairman and Founder The Security Company (International)

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

2 ictQATAR “ Information and Communication Technology (ICT) improves how we live and work in countless ways.”  The Ministry of Information Communication.

Recent Cyber Attacks and Countermeasures September 2006.

Cyber Security in Local Government. One of the Industry’s Most Widely Recognized and Highly Accredited Partners 1.

Nuclear Security Culture William Tobey Workshop on Strengthening the Culture of Nuclear Safety and Security, Sao Paulo, Brazil August 25-26, 2014.

DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Friday 22nd April 2016 DS Chris Greatorex SEROCU

DHS Publishes Report Saying Low but Persistent Risk of Cyber Attack on Energy Sector DHS REPORT ON ENERGY CYBERSECURITY April 6, 2016 | Ben Booker Source:

© Copyright Ovum. All rights reserved. Ovum is part of Informa Group. Payment fraud: The customer view and business landscape in 2016 Kieran.

Conducting business the right way Nobody should get hurt or made unwell by what we do GROUP HEALTH, SAFETY & WELLBEING POLICY Version 1 [August 2016]

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Security and resilience for Smart Hospitals Key findings

Michael Wright • Chief Security Officer • Tech Lock

Information Security Program

LIZ MOODY OPEN UNIVERSITY. LIZ MOODY OPEN UNIVERSITY.

3 Do you monitor for unauthorized intrusion activity?

Humanize the Security Awareness and Training Program

Cybersecurity - What’s Next? June 2017

Comprehensive Security and Compliance at an Affordable Price.

Careers in Cyber Security

Cybercrime: Mitigation Challenges

Cyber Security: State of the Nation

Compliance with hardening standards

Decrypting Data Compliance in China

Security Themes Debunked

WEBINAR The Rise Of Insights Services

USA Final Project Report

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

EVOLVING THREATS, VULNERABILITIES AND COUNTERMEASURES

I have many checklists: how do I get started with cyber security?

CYBER CRIME Matthew Purchase.

8 Building Blocks of National Cyber Strategies

By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union

Andy Hall – Cyber & Tech INSURANCE Specialist

Romanian National Cyberspace - Quick facts -

Cyber Security in Ports Business as Usual?

Cybersecurity: The State Regulators’ Perspective

Attacks on The Manufacturing Industry

Curating an Effective Security Culture

Threat Trends and Protection Strategies Barbara Laswell, Ph. D

David Sayago EU Research Funding Team Valorisation Centre.

Creating a Cyber Resilient Population

PGE Chris Nolke, Director of Cybersecurity

Cybersecurity compliance for attorneys

Cyber Security professions Overview

Keeping your data, money & reputation safe

Chapter 8 Developing an Effective Ethics Program

The European Union response to cyber threats

Community of Users.

INTRODUCTION For years there have been attacks around the United States for sometimes now, which is unexpected. However; there have not been good restoration.

The CYBERWISER.eu project

Strategic threat assessment

Information Services Security Management

Cyber Security in a Risk Management Framework

3 Do you monitor for unauthorized intrusion activity?

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

IT and Audit Building a Security Aware Culture

Lecture 15: Cybersecurity management

3 Do you monitor for unauthorized intrusion activity?

CyberSecurity Strategy For Defendable ROI

Thames Valley Chamber / Claire Logic

Presentation transcript:

Cyber Security Culture Importance In The Financial Sector Stephen Robinson Founder Xyone Cyber Security

UAE accounted for 2.4 million of the 1.7 billion 23/10/2014 UAE accounted for 2.4 million of the 1.7 billion ransomware attacks detected globally in Q1 of 2018 Malware Threats Source Trend Micro 2018

Threat Mitigation Strategy Encompass people, culture, processes and the physical environment to make the Financial Sector as resilient as possible against dangerous and growing threats of cyber attack by helping to create and implement a Threat Mitigation Strategy. External Physical Threat Mitigation Internal Threat Mitigation Information Security Compliance 2013 90% 2014 81% 81% 86% 86% 2013

Research with Lancaster University 2016 / 2017 - UK Based Financial and Legal Companies Research Findings: 45% - No Cyber Security Policies signed by employees. 73% - No Cyber Security Awareness Training for employees 100% - The Training was not relevant to the policy. The generic rules from the policy were not embedded within the training.

National Cyber Security Strategy for the state of Kuwait 2017- 2020 The Objective 1 Promote a culture of cyber security that supports safe and proper usage for cyberspace

Create An Internal Security Culture Threat intelligence and Communication Scenario Based Learning and Testing Actionable Awareness Building Internal Resilience Achieve a company wide Security Culture

Threat Intelligence and Communication Cybersecurity and fraud have now shifted from a walled-garden approach to a holistic one. Better communication and intelligence sharing, not only internally but to consumers. It is not just about technology, but People and Process. The shift from the old cybersecurity analyst that is very much focused on technology and cyber controls. To the new analyst that understands the business and can have a conversation with the customer in the payments space.

Create An Internal Security Culture Threat intelligence and Communication Scenario Based Learning and Testing Actionable Awareness Building Internal Resilience Achieve a company wide Security Culture

Scenario-based Training and Testing Structure exercises and scenario testing are also one of the best ways for the banking and financial industry to protect from cyber threats, specifically when they are conducted across the industry. Recreate different breach scenarios to understand where your gaps are and what you do well, it also gives an understanding about what needs to be built into your cyber process and resiliency process. It is essential to do this with everyone within the organisation accounts, compliance, sales, operations and technical staff.

Create An Internal Security Culture Threat intelligence and Communication Scenario Based Learning and Testing Actionable Awareness Building Internal Resilience Achieve a company wide Security Culture

Actionable Awareness Financial and banking Industry is seeking to get more actionable insights not just for their security analysts but also for the people within the business departments. It allows intelligence to quickly turn into a response by the most relevant people, especially important in a landscape where breaches happen in a heartbeat. It is important in the payments system, to create intelligence inside the financial tech company and publish it out and circulate that fast and someone needs to receive it and do something with it, so actionable intelligence.

Create An Internal Security Culture Threat intelligence and Communication Scenario Based Learning and Testing Actionable Awareness Building Internal Resilience Achieve a company wide Security Culture

“Bad things will sometimes happen that’s just a fact of life”. Build Resilience “Bad things will sometimes happen that’s just a fact of life”. Empower your employees with the knowledge - Security awareness is the process of teaching your entire team Test your employees with randomised assessments Info Sec compliance certifications helps them adhere to Information Security Protocol Rapidly disseminate urgent threat alerts. Reward and recognise those people that do the right thing for security

Create An Internal Security Culture Threat intelligence and Communication Scenario Based Learning and Testing Actionable Awareness Building Internal Resilience Achieve a company wide Security Culture

Cyber Security Culture “It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” Stephane Nappo Global Chief Information Security Officer Société Générale International Banking. 2018 Global CISO of the year

Thank you for listening!