WHY DO I NEED THE C-19 CYBER RESILIENCE SERVICE?​

"The way we work, the suppliers we depend on and even our business models have been impacted by Covid-19 and this has resulted in an increase of over 500% in cyber attacks!"
THE BOARD ARE ACCOUNTABLE FOR CYBER RESILIENCE

WHY DO I NEED THE C-19 CYBER RESILIENCE SERVICE?​

"The way we work, the suppliers we depend on and even our business models have been impacted by Covid-19 and this has resulted in an increase of over 500% in cyber attacks!"
THE BOARD ARE ACCOUNTABLE FOR CYBER RESILIENCE

“In today’s digital world, business continuity is primarily about cyber resilience. Being able to prepare your business adequately
for a cyber incident and recover
as effectively as possible.”

“In today’s digital world, business continuity is primarily about cyber resilience. Being able to prepare your business adequately
for a cyber incident and recover
as effectively as possible.”

Cyber risk management is a board imperative. The CEO is responsible, and the board are accountable. The elephant in the room when communicating with the board is Covid-19 (C19) in relation to most business aspects but especially cyber risk.

With the benefit of hindsight, we could easily rationalise C19 as a 
“Black Swan” event and interpret is as a surprise, with a major effect. Whatever your view, the reality is it has caused chaos in the global economy and transformed society.

“It is not the strongest of the species that survives, nor the most intelligent, but the most responsive to change.”  Charles Darwin

From a business risk perspective, all businesses are unique and carry what we refer to as an inherent risk level. This is of particular relevance when you consider the inherent cyber risk related to how an enterprise leverages ICT (Information Communication and Technology). As unique as an organisation is in respect of its business model, culture and history, its “Cyber DNA” is also unique. 

“This pandemic brings out the best but unfortunately also the worst in humanity. With a huge number of people teleworking from home, often with outdated security systems, cybercriminals prey on the opportunity to take advantage of this surreal situation and focus even more on cybercriminal activities.”

CATHERINE DE BOLLE Executive Director, Europol

That is to say, how it leverages and is interconnected and interdependent on its digital architecture and that of its business value chain including suppliers, business partners and customers.

C19 has had a significant impact on the inherent cyber risk level of every organisation on the planet. There are a number of reasons for this, not least of all the disruption of supply chains. C19 has accelerated business model transformation and increased our reliance on the digital economy and the Internet. What normally took years, is now taking months and the new rule is, there are no rules.

With organisations often abandoning the normal safeguards and assurances of system implementation and embracing a culture of “Shadow I.T.” In other words, working outside of normal policy and procedures just with the short-term objective of “getting the job done”.

This may involve activity such as giving remote users access to systems to completely digitally transforming a business model. Working outside the normal agreed safety parameters of course means increased risk.

Cyber threat actors have embraced this discombobulation as an opportunity and we all have received warnings from law enforcement agencies around the world and even the WHO (World Health Organisation) themselves, warning of a huge increase in attacks with a C19 related aspect.

So, there is an increased pressure on our supply chains, digital architecture and also an increased psychological pressure on the human workforce. They have to work in a “distracted” often unprofessional residential environment without the full support of their organisations ecosystem and colleagues.

“The key threats to organisations during the response to Covid-19 stem from the phishing, social engineering and remote access threat, these are not new threats, but with large numbers of staff working from home, there may be additional vulnerabilities where existing IT security services do not extend to remote devices, and where remote working was implemented under time pressure.”

NCSC (National Cyber Security Centre)

If we delve into this, we can appreciate the fact that this results in an increase in inherent cyber risk for an organisation by having an “increased attack surface” with their key people working from home and thus potentially exposing their critical assets.

Another fact to consider is that today is a #newnormal and tomorrow is a different #newnormal, there is no returning to a pre-covid status, we are all transitioning. As we are all interconnected and interdependent in this digital economy, we need to take a collective responsibility in taking action to deal with the cyber related impacts of C19. A holistic approach is required, we need to appreciate that inertia is the contagion!

So, we all need to aim towards a culture of shared risk ownership and “cyber risk business enablement beyond compliance”. We have to be multidisciplinary, risk orientated, pragmatic, adaptable and aim to balance short terms goals with longer term imperatives.

As all our businesses and lives transform with the impact of C19, we need to work together to support the dynamic nature of the risk landscape.

“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”

Jürgen Stock, INTERPOL Secretary General

“500% increase in cyber attacks”

Read More

“In today’s digital world, business continuity is primarily about cyber resilience. Being able to prepare your business adequately
for a cyber incident and recover
as effectively as possible.”

Cyber risk management is a board imperative. The CEO is responsible, and the board are accountable. The elephant in the room when communicating with the board is Covid-19 (C19) in relation to most business aspects but especially cyber risk.

With the benefit of hindsight, we could easily rationalise C19 as a 
“Black Swan” event and interpret is as a surprise, with a major effect. Whatever your view, the reality is it has caused chaos in the global economy and transformed society.

“It is not the strongest of the species that survives, nor the most intelligent, but the most responsive to change.”  Charles Darwin

From a business risk perspective, all businesses are unique and carry what we refer to as an inherent risk level. This is of particular relevance when you consider the inherent cyber risk related to how an enterprise leverages ICT (Information Communication and Technology). As unique as an organisation is in respect of its business model, culture and history, its “Cyber DNA” is also unique. 

“This pandemic brings out the best but unfortunately also the worst in humanity. With a huge number of people teleworking from home, often with outdated security systems, cybercriminals prey on the opportunity to take advantage of this surreal situation and focus even more on cybercriminal activities.”

CATHERINE DE BOLLE Executive Director, Europol

That is to say, how it leverages and is interconnected and interdependent on its digital architecture and that of its business value chain including suppliers, business partners and customers.

C19 has had a significant impact on the inherent cyber risk level of every organisation on the planet. There are a number of reasons for this, not least of all the disruption of supply chains. C19 has accelerated business model transformation and increased our reliance on the digital economy and the Internet. What normally took years, is now taking months and the new rule is, there are no rules.

With organisations often abandoning the normal safeguards and assurances of system implementation and embracing a culture of “Shadow I.T.” In other words, working outside of normal policy and procedures just with the short-term objective of “getting the job done”.

This may involve activity such as giving remote users access to systems to completely digitally transforming a business model. Working outside the normal agreed safety parameters of course means increased risk.

Cyber threat actors have embraced this discombobulation as an opportunity and we all have received warnings from law enforcement agencies around the world and even the WHO (World Health Organisation) themselves, warning of a huge increase in attacks with a C19 related aspect.

So, there is an increased pressure on our supply chains, digital architecture and also an increased psychological pressure on the human workforce. They have to work in a “distracted” often unprofessional residential environment without the full support of their organisations ecosystem and colleagues.

“The key threats to organisations during the response to Covid-19 stem from the phishing, social engineering and remote access threat, these are not new threats, but with large numbers of staff working from home, there may be additional vulnerabilities where existing IT security services do not extend to remote devices, and where remote working was implemented under time pressure.”

NCSC (National Cyber Security Centre)

If we delve into this, we can appreciate the fact that this results in an increase in inherent cyber risk for an organisation by having an “increased attack surface” with their key people working from home and thus potentially exposing their critical assets.

Another fact to consider is that today is a #newnormal and tomorrow is a different #newnormal, there is no returning to a pre-covid status, we are all transitioning. As we are all interconnected and interdependent in this digital economy, we need to take a collective responsibility in taking action to deal with the cyber related impacts of C19. A holistic approach is required, we need to appreciate that inertia is the contagion!

So, we all need to aim towards a culture of shared risk ownership and “cyber risk business enablement beyond compliance”. We have to be multidisciplinary, risk orientated, pragmatic, adaptable and aim to balance short terms goals with longer term imperatives.

As all our businesses and lives transform with the impact of C19, we need to work together to support the dynamic nature of the risk landscape.

“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”

Jürgen Stock, INTERPOL Secretary General

“500% increase in cyber attacks”

Read More

C-19 Cyber Resilience Service

Cyber Risk International are offering a managed service to help organisations deal with the cyber risk impacts of Covid-19 on their cyber resilience and business continuity status. This service is delivered remotely, using a combination of the CyberPrism platform and expert support.

C-19 Cyber Resilience Service​

Cyber Risk International are offering a managed service to help organisations deal with the cyber risk impacts of Covid-19 on their cyber resilience and business continuity status. This service is delivered remotely, using a combination of the CyberPrism platform and expert support.

Find out more about the service by downloading our brochure.​

GET STARTED - NOW

Enterprise Ireland – Lean Business Continuity Voucher Available
This service is eligible for 100% funding up to the value of €2,500*
*Lean Business Continuity Voucher Terms and Conditions Apply

What is the Service Offering?

Cyber Risk International are offering a managed service to help organisations deal with the cyber risk impacts of Covid-19 on their cyber resilience and business continuity status.

What is the Service Offering?

Cyber Risk International are offering a managed service to help organisations deal with the cyber risk impacts of Covid-19 on their cyber resilience and business continuity status.

GET STARTED - NOW

Enterprise Ireland – Lean Business Continuity Voucher Available This service is eligible for 100% funding up to the value of €2,500* *Lean Business Continuity Voucher Terms and Conditions Apply

10 Things Every Business Should Do

Identify Your Business Value Chain
Document and prioritise the different entities that make up your business Identify interdependencies, criticality and the entities that support your business both internal and external.
1
Calculate Your Inherent Cyber Risk
Identify your current level of inherent cyber risk based on your current ecosystem and augmented business operational model. It will be different from it was pre C19 and is a key metric to drive informed management decisions.
2
Identify Current Controls
Identify your current level of inherent cyber risk based on your current ecosystem and augmented business operational model. It will be different from it was pre C19 and is a key metric to drive informed management decisions.
3
Establish Cyber Risk Metrics
CRQ (Cyber Risk Quantification) however unsophisticated will reduce the subjectivity from decision making. Establish KRI’s (Key Risk Indicators) and KPI’s (Key Performance Indicators) that will help the business make informed decisions. You need to measure to manage and at the very least be able to understand inherent risk levels, maturity levels and thus identify residual risk levels. Use meaningful metrics and adopt a zero-trust approach in the potential pseudo-science of “vendor metrics”. You need to understand how metrics are derived.
4
Create Culture of Cyber Resilience
Acknowledge the importance of proactive cyber risk management and establish a clear structure of cyber resilience governance and oversight. You need to appoint someone responsible for cyber resilience and they should report to the board.
5
Focus
You can’t do everything and there is no such thing as 100% secure. Therefore, focus on your critical assets and make sure all the baseline controls are in place and operational. Basic cyber hygiene controls, such as patching and monitoring of remote access activity. This may include increased investment in identity and access management solutions to support the new reality of increased remote activity and risk. Automate controls and the mundane when possible to decrease the reliance on scarce resources and allow them to be leveraged appropriately.
6
Educate
Education is the most effective cyber risk control. Educate your users on how to operate securely in a remote environment and educate your business leaders on how to identify and manage cyber risks within their operating environments to support the “new” business model. Go beyond compliance and enable the business, education will strengthen behaviour and help reduce and manage risk.
7
Update as You Transition to the New Normal
Remember there is no going back, so update your policies, procedures and strategy as you transition to the “New Normal”. On that journey, remember to test and challenge any assumptions being made. One of the most critical and valuable documents you should update is your “Crisis management Plan”.
8
Collaborate
We all need to take a collective responsibility when it comes to cyber risks. Internally and externally, up and down the supply chain we all have a part to play. Remember cyber security is only as strong as the weakest link.
9
Update Strategy be Brave
We are “transitioning”, and change brings opportunity. The fact is, digitalisation will continue to accelerate due to C19 and you can identify business opportunities. New solutions, new opportunities for improved performance or return on investment. I am reminded of the words of President John F Kennedy
“In the Chinese language the word “crisis” is composed of two characters. One representing danger and the other opportunity”
10

The C-19 Cyber Resilience Service can help you with all these challenges.

FAQ

Some Of Our Clients

newdeb
newirishlife
newlaya
newsig
newryanair
newgwle
newpinebridge
newiaa
newaxa
newboi
newphonovation
newinvestec

Stay Connected

Subscribe to Our Channels

C-19 Brochure Download:

C-19 Cyber Resilience Service: