Consulting On Cyber Resilience: Lessons From The FTSE During Covid-19

CMCE held its first virtual Showcase on July 28th on the very popular topic of cyber-resilience, with two expert speakers on our panel: Mr Kevin Duffey, Managing Director of Cyber Rescue Alliance, and Mr. George Quigley, Director of Foulkon Limited.

At the start of the session over half of the attendees stated via poll that they were attending to learn more about the subject and particularly wanted to know what questions to ask, what capabilities to offer their clients and, of course, hear some war stories.

Both Kevin and George were given the opportunity to introduce themselves and their work, and shared war stories including the leakage of police home addresses and a ransomware incident for a chemical company. Also discussed were recent breaches such as travel data and Costa. One early theme which emerged during this part of the session was the importance of understanding the strength of cyber-resilience with your company's suppliers - the implication being that cyber-resilience is only as strong as the weakest link in the chain of relationships.

The discussion progressed to consider ways in which to identify whether your client may experience a cyber-resilience breach within the next six months. One particular element of discussion highlighted ways to use cyber-resilience market intelligence to compare a company to its peers - looking at recent comparative trends in cyber-resilience posture differences between peer companies highlights why certain companies may have been cyber-attacked. BitSight and other cyber risk scoring sites can be highly informative in watching such comparative trends over time.

Also discussed were the ways in which to work with clients to 'start the cyber-resilience' conversation. The initial response most companies provide to 'Is your company cyber-safe?' is yes.... because they think they are. Ways to probe deeper would include asking 'Are you as safe as your peers?' and also suggesting a resilience review which could be conducted to answer questions such as 'How could an attack affect your business? How ready are you should a cyber-attack occur?'

Small-and medium-sized businesses may not have the funding nor manpower to pursue the more robust arrangements FTSE companies may have. Discussed during the session were ways in which these smaller companies can Protect, Detect, and Respond to cyber-threats and attacks.

The panel Q&A covered a range of topics including potential conflicts of interest with IT staff assuring cyber resilience, what metrics for cyber-resilience should be overviewed in the boardroom, and staging annual attack simulations for executives.

Should you wish further information, please contact CMCE or our panellists directly:

Mr Kevin Duffey

Managing Director, The Cyber Rescue Alliance

email: kevin.duffey@cyberrescue.co.uk

 

Mr George Quigley

Director, Foulkon Limited

email: george.quigley@foulkon.com

 

CMCE hopes to form a Cyber-Resilience discussion group; details to follow in due course.

Please do also follow our cyber-resilience and other activities here:

LinkedIn: https://www.linkedin.com/company/28983724

Website:https://www.cmce.org.uk