A short post comparing an information asset led approach to cybersecurity vs a critical service and customer-led approach.
A change to the cyber risk landscape
On June 27th 2017 a cyber-attack called ‘NotPetya’ was launched against a large number of firms. The attack was notable for three reasons; it used a third-party software update mechanism to spread, it was a geopolitically motivated destructive attack that caused extensive damage to uninvolved bystanders it used automated techniques…
Cyber Resilience: Part Six Recommended Reading
Here are the sources used when developing the thinking behind this blog series:
Cyber Resilience: Part Five What next?
Cyber resistance clearly requires leadership and operational intervention from specialised cyber professionals. However, Cyber Resilience requires a broader institutional response that encompasses all aspects of the business. As such, it needs to be owned by the entire executive management of an organisation. “The Department encourages all institutions to view cyber…
Cyber Resilience: Part Four Companies’ Plans Must Include Both Resistance and Resilience
Resistance to cyber attack is undoubtedly valuable and can produce effective outcomes. However, resistance is expensive and there is a law of diminishing returns on the investments made in resistance, Moreover, because the preparations and mitigations employed in resisting attacks are often specific to particular, point-in-time threats, ongoing resistance is…