22nd March 2019

Get Real on Cyber Risk – Event Roundup

We are delighted to have hosted our first cyber risk breakfast briefing yesterday at The Old Government House in Guernsey.

Great turnout

Over 80 people attended the event, reflecting the ever-evolving and increasing cyber threats which compromise critical data and damage business reputation.

Our panellists took to the stage to deliver discussion on the local cyber landscape, minimising risk of new technology and utilising best practice cyber security protocols to prevent breaches from happening. We provided real-life examples of breaches and delivered ways these could have been prevented in the first instance. The audience were included in a full dialogue to spark debate around their business challenges and thoughts around cyber risks.

Excellent panellists

Special guest panellists included Oliver de la Fosse, Senior Manager, PwC who did a great job setting the scene providing an overview of the local cyber landscape and emphasising that Guernsey is not a backwater and everyone is under attack.

Joe Sefton Jenkins, CTO, Microgen gave a superb overview on how firms can minimise risk of new technology without opening themselves up to new cyber risks.

Anthony Young, Director, Bridewell Consulting, provided bewildering and scary insight into real-life examples of cyber-attacks and how he would ethically go about attacking a financial services firm.

Richard Field, Partner, Appleby brought emphasis on the legal landscape perspective and discussed the legal and regulatory obligations around cyber security in Guernsey.

Customer insights

A special thank you to Robin Newbould, Managing Director, BullionRock who, as a Microgen 5Series customer, gave valuable commentary and insight on the importance of ensuring all threat vectors are locked down to prevent cyber threats.

For all of us I think the main takeaway from the event was that we simply cannot be complacent, and it is not a case of if, it is a case of when.

We hope that events like this will provide attendees with education and bring more awareness of the dark world of cyber crime and how to use best practice to mitigate against cyber threats.

Watch this space for further events coming soon.

Best practice links for further reading

Threat Modelling

Microsoft Secure Development Lifecycle.  Provides a framework for reducing the likelihood of introducing security vulnerabilities during application development https://www.microsoft.com/en-us/securityengineering/sdl/practices

Cloud Risk Assessment

Cloud Security Alliance (CSA).  A not-for-profit organisation that provides comprehensive research, guidance and education on all aspects of cloud security https://cloudsecurityalliance.org/guidance/#_overview

Application Risk Assessment

Vendor Security Risk Assessment

Vendor Security Alliance (VSA).  Provides vendor auditing services as well as free vendor questionnaire https://www.vendorsecurityalliance.org/index.html

Cyber Essentials

https://www.cyberessentials.ncsc.gov.uk/

The National Cyber Security Centre

https://www.ncsc.gov.uk/