‘Q & A’ Session with the Platinum Team
“The threat is growing and increasingly the loss of data and customer confidence or the resultant economic impact is becoming a shareholder issue and meaning that Boards must demonstrate leadership in this area. Also, notwithstanding the investment governments are putting into cyber responses, with the limited impact they are having on international threats via an uncontrolled internet, it is necessary for businesses to take steps to protect themselves.”
“Criminals, Spies, terrorists and hacktivists. They use different methods for different reasons. Not all leave a trace even though data security will have been breached. E.g. financial information leading to fraud with evidence of financial loss, differs from copying of intellectual property and confidential trading information and hidden system controls or monitoring.”
“Unfortunately the threat is growing. Increasing State level spending in this area means more hostile cyber activity and coupled with increased computing power and accessibility to hacking tools, larger numbers of less sophisticated actors are also now involved.”
“Financial Threat, Industrial espionage, loss of secure trading information and intellectual property. Most importantly loss of brand reputation and integrity which represents the greatest shareholder value threat.”
“This isn’t just a problem for large businesses. Increasingly small and medium sized enterprises are now targets, as the methods being used by hackers lend themselves to automated attacks on high volume targets and SMEs have often invested less in security.”
“Firstly it is important to recognise that technology is only a small part of information security. It is an enterprise risk which involves ALL aspects of the business. PEOPLE (culture and working practices), PROCESSES (how data is stored and used) and TECHNOLOGY (firewalls, patching etc.). This needs to be delivered as a change programme with effective support and controls which connect with every aspect of the business.”
“The vital first step is active engagement from the Board or senior executive management to initiate the process and to help them shape a comprehensive strategic approach, and to also ensure they remain secure themselves.”
“It is very much focussed on board level engagement. From the personal risks senior executives face through to advice at a strategic level to help deliver an enterprise approach to Information security. We have built a team of experts who have all operated at Board level. They understand the competing strategic challenges that senior executives are wrestling with on a daily basis and can help shape the strategic approach that is relevant and proportionate to the business need.”
“Effective Information Security involves all the business. It cannot be solved by simply using different technology. Staff at all levels need to use and store information in a secure manner but more importantly it is they that are building new business solutions on a daily basis and therefore they need the knowledge and skills to build a secure approach bottom up. People and organisational processes therefore are the most important issues to address, supported by effective technology, across every aspect of the business, from client delivery systems though to internal support processes. An ‘enterprise’ approach.”
“Describing the threat and the response in business terms. Costing proposals that balance investment against the known commercial threat & more importantly show the potential return on investment for business growth arising from good information security.”
- Outlining personal and corporate legal obligations and introducing performance metrics, oversight and governance frameworks for implementing information security strategies.
- Building crisis response strategies for Board level engagement.
- Helping to develop strategies to mitigate the risk from wider business threats such as M&A, Outsourced Services, Cloud Services and the Insider Threat.
- Advising on corporate cyber security governance and oversight arrangements
“We like our first engagement to be an open session with the Board to raise awareness of the cyber threat and how this can be addressed at a corporate level. Businesses should be regularly conducting audits of Information Security to assess the maturity of the organisation. This needs to be independent and is a vital way of shaping the required strategy to build information security and growth potential. Everything else flows from this and is very much unique to each business, their risk appetite and their corporate priorities.”