Technique 2.96 Cyber Threat

Introduction

Most senior managers regard cyber risk as their number one area of concern. For example, in Australian banking

"...ANZ has 8 to 10 million attacks a month..."

Sally Patten, 2021c

Cyber attack refers to an attack on the company's IT networks and could be an Willeffective way to create a sense of urgency.

Cyber security is a 24/7 affair. The Internet does not sleep!!

Some key questions

1. Do directors have enough knowledge around cyber security?

(if the answer is no, they need to seek advice from cyber consultants, attend the appropriate training, keep up with the latest information on the topic, etc)

2. Is senior management committed to cyber security?

(Owing to its high and broad potential level of harm, cyber security is a general business issue, not just an IT issue. Thus, it should be one of the top priorities for senior management. All staff should understand their role in keeping information safe. Some more questions

    a) How often does senior management meet with security staff?

    b) What is everyone's understanding on cyber risk and plans to mitigate it?

    c) What is the position of cyber security in planning, like strategic plan, etc?

3. How is your data and information classified?

"...by prioritising data in terms of the impact of breach on their customers and internal systems, Companies can decide which data requires higher levels of security..."

Sally Patten, 2021c

A subsidiary question is

    - how much cyber security is enough for each category of data?

NB Most boards and senior management focus on the up-front costs of a new system, rather than the ongoing maintenance, like firewalls

4. Who is protecting your data?

(need to know where your organisation's data is stored, ie

- Which cloud?

NB cloud storage is not immune to cyber attacks

- What data centre?

- Where is it backed up?

- How quickly can back up data be utilised?

- Is it encrypted?

- Which country is it stored in?

NB Data stored in a particular country can come under their jurisdiction, ie local rules and regulations, despite the data being owned by an organisation based outside that country.

- be careful of 'God access', ie where one person has access to every system at every level. If this gets compromised, it can be disastrous

"...In the financial year 2020, some 27% of reported cyber security-related instances stem from phishing attacks..."

Australian Cyber Security Centre as quoted by Sally Patten, 2021c

"...it's everybody's role to protect the organisation's systems. Employees need to be doing the right things by not clicking on suspicious e-mails, not opening suspicious documents and doing the right thing with how they manage their data and not sending it to home e-mail accounts..."

Mike Cerny as quoted by Sally Patten, 2021c

5. How secure are your supply chains?

Need to check with suppliers who have access to your organisation's data about how they protect their systems, etc

- Are you comfortable with the level of security that your suppliers use?

- Do your cyber security contracts and insurance cover third parties?

- How quickly can a third party inform you of a breach?

Summary: you need to check

- have you identified the right risks?

- are you able to manage these risks effectively?

- do you know how to respond and recover when things go wrong?

Also,

"...- know the value of your data

    - know who has access to your data

    - know where your data is

    - know who is protecting your data

    - know how well your data projected..."

Telstra, 2017

 

Search For Answers

designed by: bluetinweb

We use cookies to provide you with a better service.
By continuing to use our site, you are agreeing to the use of cookies as set in our policy. I understand