What matters in security - A highlighter
0 likes107 views
The document outlines the current cybersecurity landscape, highlighting key concerns for organizations, such as the rise in cybercrime and the financial impact of incidents like ransomware attacks. It provides statistics on attack frequency, vulnerabilities, and the importance of proactive measures such as audits and compliance to mitigate risks. It serves as a resource for leaders to understand and communicate the significance of cybersecurity management in aligning with business value.
What matters in security - A highlighter
- 3. www.holivia.com C-LEVEL CONCERNS AND ATTITUDES 1.30% 8.40% 14% 16% 23% 28% 28% 31% 35% 36% 42% 45% 0% 10% 20% 30% 40% 50% Other Integration Compliance Data-driven decision-making Innovation Automation Monetisation/transformation Employee productivity Business agility Customer/user experience Business continuity and resilience Information Security Which tech objectives are priority? 35% 43% 48% 50% 50% 53% 66% 0% 10% 20% 30% 40% 50% 60% 70% Another global outbreak of COVID- 19 or other different infectuous disease Tighter restrictions on the cross- border movement of people and goods Protracted disription of global supply chains Failure of industries or sectors in certain countries to properly recover Cyberattacks and data fraud due to a sustained shift in working patterns Surge in bankrupcies and industy consolidations Prolonged recession of the global economy Most worrisome for your company? Source: World Economic Form, 2021 Directly related to security
- 4. www.holivia.com ORGANISATIONS COMPROMISED BY AT LEAST 1 ATTACK 62% 71% 76% 79% 77% 78% 81% 86% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2014 2015 2016 2017 2018 2019 2020 2021
- 5. www.holivia.com NO SECTOR LEFT BEHIND Source: Enisa, October 2021 0 50 100 150 200
- 6. www.holivia.com SECURITY REPRESENTS YOUR STATE Free from danger or threat Continuity Enabled to advance value
- 7. www.holivia.com MULTI-VECTOR RISKS • Disruption of services • Compromised accounts • Phishing • Ransomware/Extortionware • Denial of Service (DDoS) attacks • Employee ignorance • Social Engineering • Right precautions • Impact of digital transformation (on-prem, cloud, hybrid) • Control over IT Systems • Systems security • System vulnerabilities • Layered security solutions (Endpoint/Gateway) • Data insecurity • Improper backup/recovery systems • Regulatory compliance per industry/area under management • Leaving default settings • Sharing data with unintended audiences • Deletion of data • Hardware failures Knowledge / Awareness Cybercrime Mistakes Due Diligence / Regulatory
- 8. www.holivia.com WHAT ATTACKERS TYPICALLY WANT Disable your ability to work Discredit you Your digital resources or money For personal entertainment or gain Their Job / Hired Service or
- 9. www.holivia.com CYBERCRIME Source: Purplesec, Datto , Verison, 2021 600% Cybercrime growth in 2020/2021, of which 86% are motivated by financial gain. 43% Of cyber-attacks target small businesses, of which 70% are not equipped to deal with such attacks 89% Of MSPs reporting ransomware as the most common malware threat to SMBs 90% Of MSPs “very concerned” about ransomware threats with only 24% SMB clients feeling the same 7.3 days Average number of days a ransomware incident lasts 274K Average cost (USD) of ransomware incident
- 10. www.holivia.com HIGHLY DISRUPTIVE 60 62 78 105 116 189 190 219 0 50 100 150 200 250 20 Q1 20 Q2 20 Q3 20 Q4 21 Q1 21 Q2 21 Q3 21 Q4 (Est) Millions Quarterly Attacks Source: Datto, Sonicwall 2.5X More damaging than other incidents 5,600 (USD) Average global ransom demand 274,000 (USD) Average downtime cost of a ransomware attack
- 11. www.holivia.com FINANCIAL IMPACT CATEGORIES Additional Costs Assistance & Emergency Measures Loss of Turnover & Increase in cost of work Liability Coverage • Identification, assessment and containment of security incident (IT Forensic) • Provision of external expertise • Provision of legal assistance (Data breach of confidentiality) • Provision of crises management or communication assistance • Restoring the IT system to its state prior to the incident • Maintaining operability of the IT system • Preparing claims • Preventing or mitigating liability exposure / improper use of personal data (data breach) • Communication Strategy • Notification to the authorities and individuals (data breach) • Ransom • Defense costs from an investigation by a regulator • Regulatory fines • Defense costs and damages arising out of claims made by 3rd parties: • Breach of confidentiality of personal data • Defamation, damage to reputation, breach of intellectual property, violation of privacy etc. • Business Interruption • Extra expenses
- 12. www.holivia.com GOVERNMENT & MARKET EXPECTATIONS Scope PCI DSS Data Sources Security Auditing Right to be forgotten Tooling GDPR Manage Personal Data Law Data Training Monitor Use the effort to implement to differentiate your brand by promoting what you do to keep your customers safe
- 13. www.holivia.com FOR YOU THIS MEANS Due Diligence Due Care Reasonable amount of careful and persistent work to avoid wilful ignorance, negligence, loss and liability e.g., keeping policies and standards, training, installing and configuring security solutions like antivirus, firewalls, VPNs Pro-active processes invested in to maintain and ensure the highest level of performance while keeping your and third- party assets e.g., periodic audits, enforcing of policies, keeping solutions up to date e.g., AV and security updates, implementing frameworks like ISO 127001, having formal change management processes, researching and understanding legal responsibilities, conducting SLA negotiations BUSINESS ASSETS Core Products People Operations Value Chain
- 14. www.holivia.com PROACTIVELY HANDLE YOUR LEVEL OF RISK DIGITAL ASSETS READINESS TO GROW DIGITAL DEBT COST BRAND EQUITY PRIORITIES TIMELINE
- 15. www.holivia.com EXPANDING DIGITAL LANDSCAPE TO SECURE Cloud Infrastructure Desktops & Laptops Applications SaaS Solutions Servers Networks On-premise/ Hybrid apps Storage (Local & Distributed) Telecommunications WFH Devices Databases Development & Production environments Portable Devices & Wearables Data & Data Management Security Data Centers Operating Systems Websites, Web APIs and Web Portals Email Passwords Audit info
- 16. www.holivia.com CYBER-RELATED INSURANCE CLAIMS PER YEAR 80 249 495 849 1,114 1,217 0 200 400 600 800 1000 1200 1400 2016 2017 2018 2019 2020 1H 2021 (556) + 15% uplift on H2 Attacks (all - including ransomware) Source: Allianz Insurance
- 18. www.holivia.com LET’S TALK…WWW.HOLIVIA.COM Macro and strategic trends in digital security for leaders trying to understand and communicate what matters to be assured and secured. Master the connection between business value and cybersecurity management through a non-technical lens. START YOUR CYBERSECURITY LANDSCAPE CYBERCRIME AS A SERVICE YES, YOU ARE A TARGET OF INTEREST DIGITAL TRANSFORMATION CYBER RESILIENCE
- 19. www.holivia.com This publication contains general information only and is being made available under the Terms of Services as published on www.holivia.com. This is an informational piece of work. In no way or means of this material, are we rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for engaged professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor to fully assess your situation and context. Holivia Ltd. shall not be responsible for any loss sustained by any person or organisation that relies on this publication. Copyright © 2022 Holivia Ltd. All rights reserved ABOUT