A clear & present danger

Building the intelligence to create a digital fortress to protect your customer and your business

#DigitalByDesign

The British and American financial systems were recently tested to see how well they could stand up

to attacks by hackers in the wake of the Sony, TalkTalk and United States Office of Personnel Management

security breaches. The biggest banks in the UK and US faced a simulated major cyber attack from the

Building a digital fortress to protect your customers and

your business

3

Bank of England and its US counterparts this month, as officials probed the industry’s ability to withstand assaults from hackers looking to steal data or cripple the financial sector.

What you don’t hear about is the constant and relentless bombardment that has resulted in 90% of large businesses reporting an information security breach. This perspective was further underpinned by a recent PwC study that recorded a 38% increase in detected

information security incidents.The business risk has also been exacerbated by rapidly changing technology, IOT effects,

digital disruption and the need for changing business models. There is now a growing awareness that this topic needs to be at the

forefront of the board’s agenda.

Bearing this background in mind, we recently discussed

with our clients how SMEs and large organisations could build and sustain a Digital Fortress in order to establish a digital resilience that would protect their customers and their own business. We also discussed how our clients

could leverage UK Government initiatives that will see it invest nearly $1Bn in the promotion of cyber security.

53% of organisations say that lack of skilled resources is one of the main obstacles that challenge their information security (EY)

#DigitalByDesign

To become a business leader in the digital environment requires that the customer and digital strategy is placed at the core of your business strategy. It also means that protecting client or customer information is the essential element within that digital strategy. Recent studies continue to show that a significant number of businesses still

don’t have a digital strategy and therefore probably do not have a robust digital resilience strategy.

A recent McKinsey report cites that nearly 80% of technology executives surveyed stated that their organisations could not keep up with the attackers’ increasing sophistication, and most organisations

recognise that there is significant room for improvement when it comes to digital resilience.

56% of organisations say that it is unlikely or highly unlikely that their organisation would be able to detect a sophisticated attack (EY)

5

This has created the need to view digital resilience through an operational excellence lens in order to create a “Digital Fortress” that we call the Digital

Resilience Operational Network Ecosystem or DRONE©. The foundation of this model includes a real-time risk management to protect customers’

sensitive and business critical information.

The model also needs to recognise an ever growing IOT presence and its security

Digital Fortress: Digital Resilience Operational

Network Ecosystem

37% say that real-time insight on cyber risk is not available (EY)

91% have adopted a risk-based cybersecurity framework (PwC)

58% of organisations do not have a role or department focused on emerging technologies and their impact on information security (EY)

#DigitalByDesign

ramifications.

Another critical aspect within the DRONE© model is the need to harness not just Big Data, but also the Right Data in order to facilitate the early recognition of potential internal and external threats. This DRONE© model

also calls for the need to establish a security excellence centre (SEC) that will provide real-time insight into cyber risks. A recent KPMG study indicated that only 65% of organisations had a cyber security team or responsible executive in place. Another study showed that only 20% of

36% have a security stratecy for the Internet of Things (PwC)

Fewer than 20% of organisations have real time insight on cyber risks readily available (EY)

7

organisations have real-time insight into cyber risks. Another critical characteristic of the SEC is the integration of a well-defined advanced authentication, identity and access management (IAM) programme.

The holistic resilience strategy model

(DRONE©) also recognises the role that the board plays in establishing the right oversight, both inside and outside an organisation. There is hard evidence which suggests that a key threat comes from within organisations, therefore enhancing employee awareness

is a key aspect of the model.

20% have published sources of cyber attacks on their sector peers readily available (EY)

Nearly two thirds of organisations do not have well-defined and automated IAM programs (EY)

45% of boards participate in the overall security strategy (PwC)

#DigitalByDesign

9

#DigitalByDesign

The author of ‘The Black Swan’, Nassim Nichols Taleb, described Black Swan events as an outlier that carries an extreme impact. He said human nature makes us concoct explanations for these events after

they have occurred, despite their outlier status, in an attempt to make them explainable and predictable. Therefore, managing these kind of cyber Black Swan events requires a blueprint

in order to deliver sustainable digital resilience, and it is essential to incorporate the simple Who, What, Where, When and How principles into the model.

John ChambersCEO, Cisco

There are two types of companies: those who have been hacked, and those who don’t yet know they have

been hacked.

Establishing a Digital Fortress (DRONE) by

managing Black Swan events

11

To assist you in establishing the next tangible steps that are required to build the foundations of a Digital Fortress, you need to: Leverage UK

government investments, the ISO27001 standards and

the US National Institute

Standards and Technology framework

Measure and rate your current digital resilience

process

Develop a digital strategy that incorporates

digital resilience (DRONE©) as

a priority

Enhance employee

communications and awareness

to improve transparency and

eradicate silos

Develop a ‘C Suite’ governance

process to manage real-time risk from

both inside and outside the

organisation

Collaborate with your partners to acquire a deep

knowledge of best in class practices

Appoint a Chief Information

Security Officer (CISO) who will support you in

building the road map and scorecard to

digital resilience

Frequently test your Resilience

and Crisis Management

Model

Who?

What?

Where?When?

How?

The Digital Fortress: DRONE© (Digital Resilience Operational Network Ecosystem)

#DigitalByDesign

Strategy Alignment

Physical & Environmental Security

Employee Processes

Partners & Suppliers

Business Continuity

Incident management

Operations management

13

The Digital Fortress: DRONE© (Digital Resilience Operational Network Ecosystem)

Strategy Alignment

Governance

Organisation

Policies & Procedures

Real-Time Risk Management

Measurement & Compliance

Access Control

© Digital Alchemist Consulting Services International Ltd 2015

Thankyou!

jim@the-digital-alchemist.comwww.the-digital-alchemist.com

If you wish to discuss the building of a sustainable Digital Fortress (DRONE©) or require help with

this, please contact us at: