Explains types of organisation more prone to risk (Governance and riskTechnology and analytics, Large banks)

theft of data/ .make resource unavailable to users (distributed denial-of-service attacks)

If technology older and more vulnerabilities e.g. remain unpatched, then higher risk. 

If political volatility then high risk (Asia)

6 steps

1. Determine what information needs to be protected. Map processes and assets, / Prioritise threats 


2. Expand the concept of risk and risk appetite to all information assets. Form a cyber-intelligence team/ gather current threats and threat actors. 


3. Design cyber-security measures to fit the nature and activities of the organisation. Produce policies covering organisational systems, including for home and mobile working, and manage user privileges. Train staff. Establish a monitoring programme and an incident response and disaster recovery capability. Ensure that security patches are applied in a timely manner. Scan for malware continuously, and maintain strong anti-malware defences.

4.Test regularly whether the security measures work. Ensure the control infrastructure is thoroughly tested and any gaps are followed up on. Inform third-party vendors about vulnerabilities, so they can take preventive action. Also, an organisation needs to consider the worst-case scenario of becoming the victim of a full-blown cyber-attack. Carefully thought through and tested incident management and contingency plans need to be agreed upon pre-emptively at the highest levels.

5. Update the board periodically. Security updates help the board and senior management stay engaged and appropriately manage risks. Without updates, the board may be less likely to understand why financial resources needed to be diverted to cyber-security. Ensure the board has an agreed-upon approach towards the organisation’s unique risk profile.

6. Share information about cyber-attacks with similar organisations. Directors can play a crucial leadership role in sharing information about cyber-attacks and combining resources with their counterparts at similar organisations to find solutions.

Article discusses how data theft has become one of the biggest cyber attack threats, and discusses 6 ways tmprove resilience to these threats.

Useful article most of the items we cover with our own info sec team. Probably now a bit out of date as things move fast in the cyber world.

Give s a good insight to cyber security and the number of threats currently posed.