Cyber-attacks have risen to the top of the agenda in both the private and public sphere, and in today’s global, highly competitive world, Templar Executives is the company to help you fight the battle. We interview Andrew Fitzmaurice, CEO, Templar Executives, on how best to avoid these issues.
Henry Martin: Templar Executives has won the Best Cyber Security Firm UK 2016 by CEO Insight magazine, alongside landing a place on this year’s Top 20 Most Influential list. What is it about Templar Executives unique approach that empowers companies to understand and exploit cyberspace?
Andrew Fitzmaurice: The digital era is heralding a new ‘cyber world’ of unprecedented interconnectedness, instantaneous communications and access to swathes of data and information – and every day, we are seeing the impacts of this on governments, organisations and individuals.
Even before the word ‘Cyber’ started trending, Templar Executives has been advocating the importance of understanding the opportunities and safeguarding against the Threats of this evolving landscape. Identifying, protecting and having the ability to appropriately leverage their most valuable information assets, is paramount to the survival and success of every business of the future.
Templar Executive’s unique and dynamic approach helps companies create and sustain this competitive edge, wherever they are in their development cycle. Our mantra, consistent for over a decade, is that Cyber is a leadership agenda, which requires a holistic approach, and that the response should be proportionate to the risk appetite of the organisation and it must be business enabling. A fundamental aspect of our approach is demystifying what Cyber Security is and making it relevant from the CEO Boardroom to front-line employees, so that it becomes an inherent part of the organisation’s strategy and culture.
We deploy a government endorsed maturity model and a methodology which is enhanced by the practical experiences and skills of our experts. It is more than implementing standards, it is about creating sustainable business resilience against an ever-increasing and sophisticated Threat environment. The success and veracity of our unique approach is evidenced in our world-class track record across governments and private sector organisations spanning all industry sectors.
Henry Martin: How important is cyber resilience, and faced with so many possible ways to destabilise an organisation, what can businesses do to strengthen their resistance?
Andrew Fitzmaurice The commoditisation of ‘Cyber-crime-as-a-service’ with tools, techniques and even expert advice readily available, means no organisation today is immune from Cyber-attacks; when it comes to experiencing a data breach, the odds are as high as 1 in 4. The stark fact is that ‘an attacker only has to be lucky once, but a defender has to be lucky all the time’ – either that, or be prepared, which means cyber resilience is of the utmost importance.
"TEMPLAR EXECUTIVE’S UNIQUE AND DYNAMIC APPROACH HELPS COMPANIES CREATE AND SUSTAIN THIS COMPETITIVE EDGE, WHEREVER THEY ARE IN THEIR DEVELOPMENT CYCLE."
Board-level engagement and sponsorship of Cyber Security initiatives is critical. Businesses need to understand the possible Threat vectors they face and what factors can best mitigate the risks and impacts of a breach. Organisations need to explore and adopt a range of interventions including expert external advice and independent reviews such as audits, penetration testing, and training. As well as having a proactive IT capability, policies and procedures should also reflect current best practices and adherence to local regulatory requirements.
The relentless growth in phishing and malware attacks makes employees vulnerable targets. Introducing Cyber Security training and awareness across the organisation, including the supply chain, offers a quick win. Accelerating the time frame in which security events can be contained means having a formal ‘incident response plan’ - this is still one of the top factors in reducing risk and lowering the eventual cost and impact of a breach.
Henry Martin: Coming into 2018, what are the biggest cyber security trends we need to be aware of?
Andrew Fitzmaurice: 2018 promises to be a ‘year of reckoning’ with changing surveillance laws and one of the biggest changes in data legislation, the General Data Protection Regulation (GDPR), coming into effect. The latter should create a positive trend in how organisations go about developing their Cyber Security capability and help the shift from protection to prevention.
The growth of digital ecosystems and social media usage will continue to create a preponderance of data. This, coupled with the introduction of technologies such as digital currencies and block chain, will start to change business paradigms. These trends, compounded with technological innovations in areas such as the Internet of Things (IoT), Artificial Intelligence (AI), and machine learning will require organisations to find new and better ways to store, manage and protect their information assets.
In addition, scrutiny of supply chains, and in particular, deployment of cloud platforms, will need to address vulnerabilities exposed by many of the high-profile breaches that make regular headlines. With the pace of change so acute, organisations will need to pay close attention to legacy systems, otherwise attacks like ‘WannaCry’ will become more frequent and effective.
Against this evolving Threat landscape, the exponential pace and growth in Cyber-crime (predicted to reach $2.4 trillion by 2020), Cyber-espionage and hacktivism, will continue to trend and inevitably require a greater and more proactive response at national and local levels.
All these changes will necessitate comprehensive training for existing workforces and give rise to a whole new spectrum of professions and careers in Cyber Security and Information Assurance.
Henry Martin: There has been a rise in notorious cyber breaches in the news recently. Should businesses be concerned and what are the main benefits of GCHQ-certified Cyber Security training?
Andrew Fitzmaurice No business can afford to ignore Cyber Threats and no business is immune from experiencing a Cyber breach. It is predicted that data breaches will cost the global economy over $2.1 trillion by 2019, but it is not just the financial impacts that businesses need to be concerned about. The regulatory exposure, and associated penalties especially with the introduction of GDPR, coupled with reputational backlash, can be even more damaging and irrecoverable in terms of share price and market confidence.
First and foremost therefore, Cyber Security is a leadership issue. In today’s business environment every organisation must have an effective Cyber Security Strategy and associated implementation plan owned at Board-level to deliver its business effectively and securely.
Secondly, Board members themselves need to utilise current global best practices across people, process and ICT to ensure that their organisation can function successfully. Our GCHQ certified training for Boards helps prepare and brief Boards on the Threats, how to mitigate risks, and build cyber resilience as well as how to develop and implement a successful bespoke Cyber Security Strategy.
The human factor is also important - it is generally accepted that employees are the largest security vulnerability in any organisation with regards to Cyber breaches but, properly educated and engaged, can also be the greatest asset in mitigating the risks and helping in the prevention of a breach. In a market saturated with Cyber training courses therefore, it is imperative for organisations to quickly and confidently identify training courses that meet the highest standards in both content and delivery.
"With over a million new bits of malware per day, coupled with the existing threats, organisations that wish to remain resilient need a discerning and holistic strategy."
GCHQ is widely recognised as the preeminent authority on Cyber intelligence and data security. The GCHQ brand certification signifies, “quality, assurance and security” – immediately making it clear which training and trainers have been rigorously assessed to deliver the highest quality learning that reflects the latest best practices in Cyber Security.
Henry Martin: Why are so many companies weak when it comes to security and can businesses anticipate cyber-crime rather than simply respond to it?
Andrew Fitzmauric: Cyber Security requires a holistic approach and can no longer be passed off to the IT function as has traditionally been the case - it is a core part of the Board’s remit to protect their organisation and its information assets. However, it is still challenging for leaders to align business decisions and investment to the risk profile of the organisation – recent research has highlighted only 19% of directors believe they have a high-level understanding of the risks associated with Cyber Security and 59% find it difficult to oversee those risks.
Cyber-crime is a growth industry and it is incumbent upon every organisation to not only develop a capability to respond to the increasingly sophisticated Threats in this area, but to also understand how they can prevent breaches occurring. Every serious breach, and there were over a staggering 1.6 billion data breaches in 2016, is a wake-up call; companies need to take note and learn from these as part of anticipating the Threats from Cyber crime. According to GCHQ, understanding the Threats to the business and adopting basic risk management practices can prevent up to 80% of Cyber attacks experienced to date.
With over a million new bits of malware per day, coupled with the existing threats, organisations that wish to remain resilient need a discerning and holistic strategy. Templar Executives advocates a maturity model approach to safeguarding businesses and organisations. This requires agility and continuous improvement to be able to anticipate and react to potential Threat vectors. Those companies that are able to do this successfully will continue to flourish in an ever-evolving digital world.