Cyber Risk Fundamentals

How to Fast-Track Your Cybersecurity Journey with a No-Nonsense Gap Assessment by CRMG

The emergence and rapid growth of online retail is a great example of how businesses can move most of their operations online. Even businesses that don’t sell their products or services online are now benefiting from increased customer engagement and interaction from using digital platforms. However, while moving online has many benefits and opportunities to scale, it also creates many vulnerabilities and opportunities for cybercriminals. Businesses online activity has seen an increase by 50% to 100%. This is a huge increase which creates a huge burden on the IT department and generates new threats they are unprepared for. In the second part of this podcast conversation with CyBourn, we discuss the attack trends in the online space for rapidly growing online businesses, and how organisations can overcome these threats.

The pace and scale at which we create and share data is greater than ever before. With such an abundance of information, data ownership is a real challenge for organisations, with many finding it too difficult to determine the data they own, and who is responsible for what.  Once organisations assign data owners who understand what they are accountable for, how to manage risk to their data, and buy-in to the responsibility of being an owner, they can truly be an asset to the business - and a critical step in cybersecurity.  In this podcast, Nick Frost, Co-Founder & Director at CRMG and Simon Lacey, Principal Consultant at CRMG, discuss why organisations that define data owners will be in a stronger position with their information security than those that don’t. Nick and Simon also share examples of how to identify and assign data owners, and how to get buy-in from the people who own data, and essentially the risk. 

The pace and scale at which we create and share data is greater than ever before. With such abundance of information, data ownership is a real challenge for organisations, with many finding it too difficult to determine the data they own, and who is responsible for what. Once organisations assign data owners who understand what they are accountable for, how to manage risk to their data, and buy-in to the responsibility of being an owner, they can truly be an asset to the business - and a critical step in cybersecurity. In this podcast, Nick Frost, Co-Founder & Director at CRMG and Simon Lacey, Principal Consultant at CRMG, discuss why organisations that define data owners will be in a stronger position with their information security than those that don’t. Nick and Simon also share examples of how to identify and assign data owners, and how to get buy-in from the people who own data, and essentially the risk.

Since the outbreak of COVID-19, there has been a period of major transition and organisations have had to quickly adapt to weather the storm. Many businesses have managed to remain operational but with all-new working processes. Organisations have adopted enterprise-wide remote working which likely required the rapid adoption of technology and a much greater reliance on existing or new digital infrastructure. Unfortunately, this rapid transition to remote working has left organisations open to cybersecurity vulnerabilities, and cybercriminals have been more than ready to exploit them. In this podcast with CyBourn, a managed detection and response provider, we share the alarming trends and attack patterns witnessed since the rise of remote working, and what we anticipate to see as we move into the new norm.

Developing an effective cybersecurity policy is a fundamental stepping stone when creating a comprehensive cybersecurity plan. Like any other corporate policy, they are a roadmap that defines what is in scope and establishes the baseline for ‘good’ cybersecurity practices. A key challenge for leaders, however, is getting key stakeholder input. Traditional policies are often written in silos – in ways that are not clear to the audience they are meant to influence. Stakeholder contributions and their understanding of the language and purpose of the policy/s is an essential phase when implementing cybersecurity processes and awareness. Without them, it will not influence the business. In this podcast, Nick Frost, Co-Founder and Director at CRMG, is joined by Simon Lacey, Principal Consultant at CRMG. Together they discuss the following: • The lifecycle of a cybersecurity policy • The questions you should ask when creating or reviewing existing policies • Who you should get involved (stakeholders) within the organisation and the language to use to engage the business • Language and crafting – translating cybersecurity requirements to those who aren’t in cybersecurity For more information visit www.crmg-consult.com.

Senior management's awareness of information security and cyber threats is essential if security teams are to effectively mitigate against them. Unfortunately, over time as cybersecurity has shifted from a technical position to a risk management position, senior management's perception has not moved with it. Still seeing cybersecurity as a technical function focused around IT controls and technology, they do not consider it a part of risk and a critical component to business success. Is it a leadership issue? Or an awareness issue? And whose responsibility is it to change their perception of cybersecurity for the better? In the third episode of the ‘Cyber Risk Fundamentals’ series, Nick Frost is joined by Todd Wade and Andrew Wilson to explore what is now the biggest challenge for CISOs. Together they discuss: - Why the CISO must now take an influencer role - How to position and communicate cybersecurity to senior management - Why aligning cybersecurity goals to business goals could be key to changing senior managements view on security - Why the CISO needs to build champions within the organisation

Not so long ago, the idea of outsourcing critical business functions or IT systems to a third party supplier would have been off limits for many organisations because of the level of risk involved. However today, the use of third party suppliers has increased exponentially, with many organisations outsourcing even core functions of their business. Why? Outsourcing can be financially attractive, efficient and provide competitive advantage.   In delegating key processes to third parties, organisations are potentially exposing themselves to huge amounts of risk, and while you might be able to outsource functions, you can never outsource business risks or reputation. It is common for information security to be last in the process of due diligence when selecting suppliers. So, when you have thousands of suppliers, and they have thousands of suppliers, how far should you go to assess and mange cyber risk?   In this podcast, CRMG’s Nick Frost, Todd Wade and Andrew Wilson discuss the key risks associated with third party suppliers, how to manage the process of on-boarding suppliers. and how to filter through suppliers to assess those most critical to your business. Our team also discuss the importance of managing the relationships with third party suppliers and the need for an exit strategy in the event of a split.

Organisations are facing new types of advanced persistent threat scenarios that current risk management programmes cannot defend against. To be proactive and reactive to such threats, business leaders must have a detailed threat profile, providing a clear view and prioritisation of their risks, enabling the implementation of effective defences. In the first episode in CRMG’s podcast series, CRMG’s Nick Frost, Andrew Wilson and Todd Wade share their take on threat profiling, the importance of defining an organisations threat profile, and the threat actors that can influence the profile. Our experts also share their key action points for CISOs to successfully define their organisation’s threat profile, while delivering value to the business. About the Series This podcast series has been created by the CRMG team whose experience and expertise in cybersecurity and information risks spans many years, working at CISO-level for large reputable organisations. The podcasts cover topics that are at the heart of risk, providing knowledge sharing and insights from different professional experiences.