With cyber attacks increasingly coming to the top of the agenda for both the private and public spheres, cyber hackers have now started to target big conglomerates including prying on directors during the boardroom meetings. We speak with Andrew Fitzmaurice and Anu Khurmi from Templar Executives on how best to handle these threats
CEO: Why do you think Cyber attacks have increased so dramatically in the last year and what are the most common type of attacks?
Templar Executives: Cyber crime is a lucrative business for criminals who are becoming better organised and deploying increasingly sophisticated cyberattack methodologies. A current example of this is ransomware; just two years ago few people had heard of this term and now its use is growing exponentially alongside older attack methods, many of which, as the TalkTalk breach demonstrated, still work. In addition, unprecedented advances in technology and the growing reliance on digitisation and automation to deliver efficiencies and innovation, mean organisations are becoming more vulnerable. This is particularly the case when it comes to the supply chains of large organisations. The supply chain is an attractive target because it is ‘rich’ in business intelligence and intellectual property and can be easier to infiltrate, thus becoming a route into compromising the organisation it is supplying to. Cyber attacks can be generated from anywhere around the world, instigated by a range of motivations. They are difficult to attribute and legislation is always struggling to catch up so criminals have little fear of being caught or prosecuted. Today we are seeing increasing attacks from phishing, ransomware, Distributed Denial of Services (DDOS) as well as malicious and non-malicious insider activity.
CEO: Boards are trying to see what are the biggest cyber security risks out there and how they can be reduced but there are not many companies that cover every area. Do Templar executives specialize in specific areas of cyber security or is it a more general approach and advice to offer?
Templar Executives has over ten years of experience in supporting Boards, across the public and private sectors, to develop a credible and sustainable Cyber resilience that not only protects the organisation but is also business enabling. We advocate a holistic approach that recognises Cyber is about people, processes and culture as well as IT. We encourage Boards to acknowledge that Cyber is a leadership issue and not something to be conveniently fobbed off to IT. In addition, with the increasing sophistication and use of social engineering techniques, senior executives need to be aware that they will be potentially attractive targets for cyber criminals and must guard against this. Organisations that recognise Cyber Security is a business risk, work with us to incorporate the Cyber agenda into their governance and this, in turn, allows them to invest proportionately in protecting their most critical information assets and gain real market advantage. One of our signature case studies is a multi-national FTSE 100 that has won over £7.2 Billion in new business as a result of raising its Cyber maturity. Our expert portfolio includes providing: Platinum Board-level services; strategic advice and assurance, audits and health checks, Threat briefings and business intelligence services, Cyber insurance, incident response exercises, and a world class Cyber Academy, with e-learning and training courses certified by GCHQ.
"As well as the increasing likelihood and severity of being hacked, companies are also operating in complex legal and regulatory environments."
CEO: With the daily threat of cyber attacks especially to large global companies do you think that every company should prioritize comprehensive planning throughout all aspects of operations in relation to cyber security?
T.E: In the Cyber world you are as vulnerable as your weakest link. It is essential therefore that every company, no matter what its size, is aware of the Threats to their business and what information is of value and critical to their survival and success. This requires prioritising and managing information risk across the entirety of the organisation and taking proportionate measures when it comes to Cyber Security. Fundamental to this is developing good governance and having a strategic roadmap endorsed by the Board. In addition, all those who handle information related to the business, including employees, contractors and third parties, should understand their role through building their skills, knowledge and capabilities.
CEO: What are the biggest threats do you think to business from a cyber security aspect?
T.E: Some of the biggest threats for a business is getting to terms with the terminology, scale and pace of change when it comes to Cyber Security. Understanding the issue will enable an organisation to address the challenge proactively. Working with experts in this field will allow organisations to stay abreast of the Threat landscape, identifying new developments and trends as they emerge, such as the growing Insider Threat.
CEO: What do you think are the biggest challenges global companies face?
T.E: As well as the increasing likelihood and severity of being hacked, companies are also operating in complex legal and regulatory environments. With more and more information being generated, business operations are coming under increased scrutiny from Governments and Regulators and the pressure on Boards is relentless. In addition, there is an expectation from customers and shareholders that information is protected and shared appropriately. The EU’s General Data Protection Regulation (GDPR) coming into effect in 2018 will see financial penalties of up to €20 million or 4% of an organisation’s global turnover – and the prospect of criminal prosecution for senior Board executives. The challenge for companies is how to manage all this complexity and be seen to be taking the right proactive measures. A Cyber incident, whether malicious or non-malicious, will have severe real time impacts as well as long term consequences which can be devastating for a global business.
CEO: How do you see Templar Executives developing in the next 12 to 18 months?
T.E: This year, Templar celebrates ten years of providing sustainable Cyber Security solutions to Governments and organisations worldwide. Over the next months, we will continue to partner with our clients across all industry sectors to raise the bar when it comes to implementing best practices in Cyber Security resilience and promoting thought leadership. This is an evolving agenda and alongside our expert team, we are expanding our ecosystem of partners to provide the most effective solutions and services. Our goal remains, to continue being recognised as the trusted advisor of choice for Boards and organisations.
Templar Executives is an award-winning Cyber Security company trusted by Governments and multi-national organisations. Operating at the highest levels across the public and private sectors Templar Executives has an unparalleled track record in helping clients develop a resilient and business enabling Cyber Security capability. Our world class portfolio of industry leading services and solutions includes: Cyber Security consulting and Information Assurance auditing, healthchecks, quality e-learning and training with GCHQ certified courses, Platinum Board-level advisory offering, and Blade, an innovative cyber intelligence service.
For more information contact us on +44 (0) 844 443 6243, or