22nd March 2019
Get Real on Cyber Risk – Event Roundup
We are delighted to have hosted our first cyber risk breakfast briefing yesterday at The Old Government House in Guernsey.
Over 80 people attended the event, reflecting the ever-evolving and increasing cyber threats which compromise critical data and damage business reputation.
Our panellists took to the stage to deliver discussion on the local cyber landscape, minimising risk of new technology and utilising best practice cyber security protocols to prevent breaches from happening. We provided real-life examples of breaches and delivered ways these could have been prevented in the first instance. The audience were included in a full dialogue to spark debate around their business challenges and thoughts around cyber risks.
Special guest panellists included Oliver de la Fosse, Senior Manager, PwC who did a great job setting the scene providing an overview of the local cyber landscape and emphasising that Guernsey is not a backwater and everyone is under attack.
Joe Sefton Jenkins, CTO, Microgen gave a superb overview on how firms can minimise risk of new technology without opening themselves up to new cyber risks.
Anthony Young, Director, Bridewell Consulting, provided bewildering and scary insight into real-life examples of cyber-attacks and how he would ethically go about attacking a financial services firm.
Richard Field, Partner, Appleby brought emphasis on the legal landscape perspective and discussed the legal and regulatory obligations around cyber security in Guernsey.
A special thank you to Robin Newbould, Managing Director, BullionRock who, as a Microgen 5Series customer, gave valuable commentary and insight on the importance of ensuring all threat vectors are locked down to prevent cyber threats.
For all of us I think the main takeaway from the event was that we simply cannot be complacent, and it is not a case of if, it is a case of when.
We hope that events like this will provide attendees with education and bring more awareness of the dark world of cyber crime and how to use best practice to mitigate against cyber threats.
Watch this space for further events coming soon.
Best practice links for further reading
Microsoft Secure Development Lifecycle. Provides a framework for reducing the likelihood of introducing security vulnerabilities during application development https://www.microsoft.com/en-us/securityengineering/sdl/practices
Cloud Risk Assessment
Cloud Security Alliance (CSA). A not-for-profit organisation that provides comprehensive research, guidance and education on all aspects of cloud security https://cloudsecurityalliance.org/guidance/#_overview
Application Risk Assessment
- Standardized Information Gathering Questionnaires (SIG). Commercially available security RFP tools and questionnaires https://sharedassessments.org/sig/
- National Institute of Standards and Technology Questionnaire (NIST 800-171). Free to access security controls questionnaire https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
- Center for Internet Security Questionnaire (CIS). Free to access security controls questionnaire https://www.cisecurity.org/controls/
Vendor Security Risk Assessment
Vendor Security Alliance (VSA). Provides vendor auditing services as well as free vendor questionnaire https://www.vendorsecurityalliance.org/index.html