News

Get the Latest News, Blogs and Press Releases

TeamCyber to Keynote at Cyber Security Summit 2023

Cyber Risk: What Every Board Needs to Know!

In this illuminating 15-minute presentation, Paul C. Dwyer, a globally recognised cyber risk expert and CEO of the world-leading advisory firm, Team Cyber, presents a clear, actionable blueprint for navigating the complex terrain of cyber risk management.

As cyber threats proliferate and evolve amidst an ever-changing geopolitical landscape, Dwyer asserts the imperative of strategic leadership to navigate these digital waters effectively.

He posits, “Cyber risk is an issue from the boardroom to the server room and everything in between” with the ultimate responsibility resting on the shoulders of our business leaders.

Underlining the recent European Union legislation, the Digital Operational Resilience Act (DORA), Dwyer illuminates the integral role of management boards in spearheading ICT security strategies. This Act cements the fact that business leaders aren’t just spectators but are now fully responsible and accountable for mitigating cyber risks within their organisations.

Dwyer aims to empower these leaders, highlighting key steps they can take to thrive amidst dynamic cyber threat landscapes while supporting their core business mission. This includes fostering an environment that doesn’t shy away from innovation, but rather embraces it as part of the strategic defence against cyber risks. Audience members will walk away with a deepened understanding of their roles in the cyber risk matrix and the vital steps they need to embrace cybersecurity at a strategic level. This presentation promises to be an eye-opening examination of cyber risk and a call to action for leaders to step up and safeguard their organisations in the digital age.

Be prepared for a robust, practical discussion that will help you understand how leadership plays a pivotal role in defining the organisation’s cyber resilience. The future of your organisation could depend on how well you
grasp and act on the insights shared in this timely presentation.

Video Recording of Keynote at Cyber Expo

Full Video Recording of "Batten Down the Hatches"
Keynote Speech by Paul C Dwyer at Cyber Expo 2023

What is all this Cyber Clop?

“Clop,” a notorious group of cybercriminals, has recently claimed responsibility for the MOVEit data-theft attacks, highlighting their persistent threat to organisations worldwide. Known to industry experts to have affiliates such as  ‘Lace Tempest,’ ‘TA505,’ and ‘FIN11,’ this group employs sophisticated “ransomware” – malicious software that locks a user out of their system until a ransom is paid – to conduct their illicit activities.

Their recent attack, exploiting a previously unidentified weakness (known as a ‘zero-day vulnerability’) in MOVEit Transfer servers, resulted in extensive data theft from hundreds of companies worldwide. This isn’t the first time Clop has capitalised on holiday periods to launch their attacks, taking advantage of reduced staff numbers to slip under the radar.

The victims of these attacks, if refusing to pay a ransom, will find their confidential information displayed on Clop’s data leak site. However, it seems Clop’s criminals are taking a breather, delaying the extortion process to sift through the stolen data for valuable pieces that might encourage a hefty ransom.

It’s worth noting that, while Clop has its roots in ransomware operations, their recent actions suggest a shift towards data-theft extortion. This strategy involves stealing sensitive data and threatening to publicise it unless a ransom is paid.

Several victims of the MOVEit data theft have already come forward. UK payroll and HR solutions provider, Zellis, confirmed their own data breach due to Clop’s attacks, affecting a number of their customers. Other companies impacted include Aer Lingus and British Airways, both confirming that they were also affected by the Zellis breach.

While Clop has been investigating ways to exploit vulnerabilities in MOVEit Transfer managed file transfer (MFT) solutions since 2021, this latest attack using the zero-day vulnerability has been their most potent yet.

The Clop group has grown to infamy over the last three years, renowned for high-profile attacks on global organisations in various industries. By employing multi-level extortion techniques, the group has amassed an estimated total of US$500 million in illegal payouts by November 2021.

Despite successful efforts by a global coalition to arrest six members of the group in Ukraine in June 2021, the criminal activities of Clop have continued undeterred. Therefore, businesses worldwide must adopt a proactive cybersecurity approach to counter these ongoing threats.

How can businesses protect themselves against this threat? Here are some key steps:

Inventory: Understand what assets and data your company has, identifying both authorised and unauthorised devices and software.

Monitor: Monitor network ports, protocols, and services and ensure your network infrastructure devices have proper security configurations.

Configure and Manage: Carefully manage hardware and software configurations, and restrict admin privileges to only necessary personnel.

Vulnerability Management: Regularly perform vulnerability assessments and keep your systems updated with the latest patches and updates.

Protect for Recovery: Implement data protection measures, including robust backup and recovery procedures. Enable multifactor authentication to add an extra layer of security.

Secure with Automation: Employ advanced technologies such as AI and machine learning to detect early signs of an attack, and sandbox analysis to block malicious emails. Keep all security solutions up-to-date.

Be Prepared: Regularly train your employees on security protocols, and conduct red-team exercises and penetration tests to identify potential weaknesses.

In summary, the threat posed by the Clop group and similar cybercriminals is real and ongoing. However, by staying vigilant, keeping up-to-date with the latest cybersecurity strategies, and maintaining robust security measures, businesses can minimise the risk of falling victim to these cyber-attacks.

Webinar: The Cyber NED – Elevating Board Level Cyber Security Strategy

Date:  July 11th 2023 

Time: 10:00-11:00 UTC+01:00

Register on Linkedin

Webinar Overview

Join us for an insightful webinar that delves into the pivotal role a Cyber Non-Executive Director (NED) can play in fortifying a company’s cybersecurity strategy and resilience.

In today’s rapidly evolving digital landscape, cybersecurity threats are increasingly sophisticated and complex. Navigating these challenges requires more than just robust IT infrastructure; it calls for strategic oversight and governance at the board level. This is where the role of a Cyber NED becomes critical.

Hosted by Paul C Dwyer, a renowned cybersecurity expert with over 30 years of experience, this webinar will illuminate the unique intersection of governance and cybersecurity expertise that a Cyber NED brings to an organisation.

Key topics will include:

– Understanding the Role and Value of a Cyber NED
– The Strategic Services Offered by a Cyber NED
– The Impact of a Cyber NED on Cyber Metrics and Compliance
– A Real-World Case Study on the Efficacy of a Cyber NED

Whether you’re a board member, C-suite executive, or a cyber security professional looking to better understand how strategic cybersecurity oversight can elevate your organisation’s digital resilience, this webinar is for you.

A live Q&A session will follow the presentation, providing you with an opportunity to engage directly with Paul C Dwyer and explore any questions you may have about the role of a Cyber NED.

Don’t miss this opportunity to gain insights from a world-leading authority on cybersecurity and discover how a Cyber NED can strengthen your organisation’s defences.

Cyber War is Ireland Ready? Keynote Speech at Cyber Expo

CYBER EXPO 23 - MAY 16TH DUBLIN

PAUL C DWYER TO KEYNOTE

“remarks signify support for the Irish to take part in combat in Ukraine, but said if that is the case, then Ireland would be the direct participant of the conflict with all the ensuing consequences.” – Russian Embassy

Given the above remarks and recent activities on the cyber threat landscape, I will focus my opening keynote speech “Batten Down the Hatches” on “Cyber War” and the threat from arguably the world’s most significant cyber threat actor Vladimir Putin – the event will conclude with an industry panel discussion.

MORE INFO ON EVENT

The Importance of a Contextually Aligned Cyber Strategy for Business Success

As a senior business leader, you understand the significance of having a well-crafted business strategy in place. In today’s digital landscape, it’s equally crucial to have a robust cyber strategy that is contextually aligned with your business objectives. In this blog, we’ll explore what a cyber strategy is, why it’s essential, and how leveraging world-class experts can assist with the process and provide governance and oversight through a Cyber NED (Non-Executive Director) or other board advisory functions.

What is a Cyber Strategy?

A cyber strategy is a comprehensive plan that outlines an organisation’s approach to managing cybersecurity risks, protecting sensitive data, and ensuring business continuity. It involves a thorough understanding of the threat landscape, a detailed risk assessment, and the implementation of policies, procedures, and technologies to safeguard the organisation’s digital assets. A successful cyber strategy also encompasses employee training, incident response planning, and continuous monitoring of the organisation’s security posture.

Why is Contextually Aligned Cyber Strategy Important?

A contextually aligned cyber strategy is crucial for several reasons:

  1. Mitigating risks: A well-defined cyber strategy helps organisations proactively identify and mitigate risks, reducing the likelihood of data breaches and other cyber incidents.
  2. Business continuity: Ensuring that your cyber strategy is aligned with your business objectives ensures that you can maintain business operations, even in the face of cyber threats.
  3. Regulatory compliance: As cyber laws and regulations become more stringent, having a contextually aligned cyber strategy can help your organisation comply with these requirements, avoiding fines and reputational damage.
  4. Competitive advantage: A robust cyber strategy can provide a competitive edge, as customers and partners will have confidence in your organisation’s ability to protect their data and interests.

Leveraging World-Class Experts

Developing and implementing an effective cyber strategy can be challenging, especially for senior business leaders who may not have the technical expertise or time to manage this process. That’s where world-class cybersecurity experts come in.

By engaging external cybersecurity professionals, you gain access to their knowledge and experience, enabling your organisation to develop a tailored and contextually aligned cyber strategy. These experts can help you navigate the complex cybersecurity landscape, identify potential risks, and select the most suitable security measures for your organisation.

Moreover, world-class experts can provide ongoing support in the form of governance and oversight. A Cyber NED or other board advisory functions can offer invaluable guidance on cybersecurity best practices, ensuring that your organisation remains vigilant and proactive in its approach to digital security.

Conclusion

In conclusion, a contextually aligned cyber strategy is vital to the success of any organisation operating in today’s digital environment. By leveraging the expertise of world-class cybersecurity professionals, senior business leaders can ensure their organisation is well-equipped to manage risks, protect data, and maintain business continuity. Additionally, engaging a Cyber NED or other board advisory functions can provide ongoing guidance, ensuring that your organisation remains at the forefront of cybersecurity best practices.

What is the typical role of a Cyber NED?

A Cyber Non-Executive Director (NED) plays a crucial role in an organisation by providing strategic oversight, independent advice, and expertise related to cybersecurity matters. As a member of the board, a Cyber NED contributes to the overall governance of the organisation, helping to ensure that the company’s cybersecurity posture is aligned with its business objectives. Some typical responsibilities of a Cyber NED include:

  1. Strategic guidance: A Cyber NED helps shape the organisation’s cybersecurity strategy, ensuring it is contextually aligned with the company’s overall business strategy, risk appetite, and regulatory requirements.
  2. Risk management: They assess and evaluate the organisation’s cybersecurity risks and work with the executive team to develop appropriate risk mitigation strategies and plans.
  3. Governance and compliance: A Cyber NED is responsible for overseeing the organisation’s adherence to relevant cybersecurity regulations, industry standards, and best practices. They also help monitor the effectiveness of internal cybersecurity policies, procedures, and controls.
  4. Independent advice: As an independent board member, a Cyber NED provides objective advice and guidance on cybersecurity matters, helping to identify potential threats and vulnerabilities, and recommending suitable security measures and technologies.
  5. Incident response and crisis management: A Cyber NED may assist in developing and reviewing the organisation’s incident response and crisis management plans, ensuring that the company is well-prepared to respond to cybersecurity incidents and minimise their impact on business operations.
  6. Performance monitoring and reporting: They play a key role in monitoring the effectiveness of the organisation’s cybersecurity strategy, ensuring that key performance indicators (KPIs) and key risk indicators (KRIs) are regularly reviewed and reported to the board.
  7. Stakeholder engagement: A Cyber NED helps build and maintain relationships with various stakeholders, such as regulators, industry partners, and customers, ensuring that the organisation’s cybersecurity efforts are well-coordinated and aligned with external expectations.
  8. Talent development and training: They may advise on developing the organisation’s cybersecurity talent, including hiring and retaining skilled professionals, promoting a culture of cybersecurity awareness, and ensuring that appropriate training and development programs are in place.

By fulfilling these responsibilities, a Cyber NED adds significant value to an organisation by ensuring that its cybersecurity posture is robust, resilient, and aligned with its business objectives, thus helping to protect the organisation’s digital assets, reputation, and bottom line.

Secure Your Future with CRI

Mission: Guiding Leaders to Secure, Innovate, and Prosper with Effective Cyber Strategies
Chat With Our Team
Phone
+353 (0)1 905 3260
EMail
[email protected]
Address
Cyber Risk International Ltd
Unit 8 Kinsealy Business Park
Co Dublin
K36 CX92
Ireland

All rights reserved.  CYBER RISK INTERNATIONAL  Ltd

Privacy PolicyCookie Policy

CyberPrism Terms of Service

Linkedin
Scroll to top