Cyber-Resilience: Corporate Cyber Risk Management
Cyber-Resilience: Corporate Cyber Risk Management
Publications
By EBRC 20/10/2018

Cyber-Resilience meaning and origins

In recent decades, digital has brought new services that have become essential and irreplaceable: GPS, chip card, smartphone, connected car, smart cities, robotics… Tomorrow’s global ecosystem will be totally dependent on digital.

Yet they inexorably underlie new risks and threats that need to be identified, recognised and controlled.
This digital resilience is the inescapable prerequisite for a confident development in cyberspace. To survive, it has become necessary to urgently adopt the basic principles of cyber resilience.

Types of Cyber risks

Cyber risks are weaknesses in your system and your operation. They can have different technical or human origins, have consequences potentially up to a compulsory shutdown and are particularly complex to apprehend given the variety of their forms:

  • Privileged access for sale
  • Data leakage
  • Data theft
  • Security vulnerabilities
  • Crime and ransomware
  • Manipulation and harm
  • Human failure
  • Software error

The occurrence of a risk might therefore be due to several factors: under-evaluation, poor anticipation, human failure, etc.

List of recent Cyber-Threat examples

Back to some recent cases of cyber threats:

Security vulnerabilities - TSMC

Chip manufacturer TSMC, Taiwan Semiconductor Manufacturing Company, was a victim of a virus that spread into obsolete computer systems, and it took almost 3 days to return to a normal situation. Apart from the costs incurred, the company warned that the incident could account for around 3 percent of its Q3 revenue and that manufacturing delays could occur until the end of the year.
Source: TSMC - 05/08/2018

Crime and Ransomware - Wannacry

The WannaCry ransomware, which swept the globe in May 2017, violently affected companies such as Vodafone, FedEx and Deutsche Bahn. The English National Health Service was forced to cancel thousands of medical appointments as a result of being infected by the software.
Source: National Audit Office, NAO - 25/04/2018

Human Failure - Nice systems

Nice Systems, a service provider of Verizon, publicly exposed a database hosted on Amazon S3. Due to human failure, a listing of 14 million US customers was inadvertently left unprotected and unencrypted.
Source: Verizon - 07/12/2017

Cyber risk Management within your organisation

In cyberspace, the realization of cyber risk is certain. All stakeholders must accept the existence of those risks and therefore work towards better anticipating them, defending themselves against them, preparing to absorb their impact, reacting to any possibility and bouncing back.

In this context, Cyber-Resilience focused on data protection clearly shows its limits, even though it remains important as a “vital minimum” and must be strengthened by an overall and fully integrated approach.
It is necessary to move beyond a purely defensive strategy and to manage risks naturally, “by design”, using a “business as usual” approach, to contend with changing and adaptive threats.

Cyber-Resilience strategy: checklist of key issues

In this white paper, we present in detail the key issues of cyber resilience in your company including:

  • Knowledge of and compliance with the regulatory framework
  • Adopting international standards for cyber risk management and business cyber resilience
  • Adopting and/or imposing on its service providers and data hosts the appropriate level of cyber-security and continuity on the basis of certifications
  • Designing or transforming existing infrastructures by adopting an approach based on ensuring “by design”
  • Raising awareness, continuously training and informing all employees and stakeholders about cyber-resilience
  • Decide on the company’s ability to deploy cyber resilience resources

We also review the regulatory framework, international standards, resources and tools at your disposal to deal with cyber risks and enable you to develop the cyber resilience capabilities within your organisation.