It's time to develop your own Cyber Security

advertisement
It’s time to develop
your own Cyber
Security capabilities
Professional development guidance for senior decision-makers
to help them counteract data loss and cyber-attacks
Accredited by leading professional bodies and institutions:
It’s not just the big organisations that
lose data …The Internet Security Threat
Report (2015) from Symantec shows
that 59% of all spear-phishing
attacks struck small and medium-size
businesses, putting not only them
but their business partners and
customers at higher risk.
Company Boards, Lawyers
and Regulators are now
paying attention to Cyber
Every organisation, regardless of its relative size,
is vulnerable to cyber loss. The statistics speak for
themselves: in 2013, 81% of large corporations and
60% of small businesses reported a cyber breach1.
The average total cost of a data breach has
increased 23% over the past two years to
£2.43 ($3.79) million. The average cost paid
for each lost or stolen record containing
sensitive and confidential information
increased 6%, jumping from £93 ($145) in
2014 to £98 ($154) in 20152 .
With the implementation of the European
Data Protection Regulation only a year
or two away, businesses must now
acknowledge that the hype is over, the
reality is clear and the threat to businesses
is here to stay. It is now more likely than
not that:
some people will try and misuse
electronically stored data that you
hold, whether it’s your customers’
personal data or the latest designs
of your soon-to-be-released products.
some people will try and prevent your
digital transactional systems from
functioning.
An ISACA study in 2015 revealed that
organisations are experiencing attacks
that are largely deliberate, and they lack
confidence in the ability of their staff
to protect and respond. The top four
threats exploiting organisations in
2014 were cyber criminals (46%),
non-malicious insiders (41%), hackers (40%)
and malicious insiders (29%)3.
Whether it is an accident by one of your
employees or the attack is performed by an
outsider with malicious intent, your business
will lose market confidence, you will lose
revenue and you will incur costs to rectify
and remediate. If you are also found to be
culpable by the regulators for the loss,
then new EU laws can fine you up to €1m
or 2% of your company’s global annual
turnover.
There is a significant role to play for
every person in an organisation and
because of that, embedding new cyber
capabilities, skills and knowledge at all
levels in your organisation will ensure that
your business is properly protected and
also capable of responding when a cyber
incident occurs.
In 2013, US
retailer Target
was hit by one of
the biggest data
breaches in the
industry’s history.
As many as 40
million customers
saw their credit
and debit cards
become subject
to potential fraud
after malware was
introduced to the
Point of Sale (POS)
systems in 1,800
stores. The hackers
managed to breach
Target’s security
perimeter by using
a less secure
supplier in Target’s
supply chain. Target
suffered a 46%
drop in profits in
the fourth quarter
of 2013 compared
with the year
before. Target’s
cyber insurance
policy is only
covering about 35%
of the estimated
$250million
cost. CEO Gregg
Steinhafle stepped
down in 2014.
There is not enough skilled cyber security
resource around to protect all businesses
FACT: More than one in three businesses (35%) are unable to fill open positions, yet 82% expect a cyber-attack4
According to a study conducted by
ISACA and RSA Conference of 649 cybersecurity and IT managers or practitioners,
77% of those polled experienced an
increase in attacks in 2014 and at the
same time, these organisations are coping
with a very shallow talent pool. Only
16% of respondents felt at least half of
their applicants are qualified; 53% said it
can take as long as six months to find a
qualified candidate; and more than a third
are left with job openings they cannot fill.
A recent report by the UK government
confirms the findings of the ISACA survey.
Outsource or insource cyber
capability – the decision
The choice as to whether you use thirdparty providers to protect your data and
systems, or you develop the main
counter-cyber crime capabilities yourself
will depend on your business and what
your risk assessment tells you is needed.
79% of UK companies still outsource some
or all of their cyber security provision5.
Even if the majority of your cyber resource
is outsourced, you will need an internal
core element of awareness, if not skills,
to help protect your business in the
future as the Digital Revolution develops.
If, however, you are a business that relies
on IT to deliver and/or support your
business model, then you really should
have your own technical cyber resource.
Key cyber skills that UK organisations find difficult to recruit for
Very
difficult
Incident
Management
A bit
difficult
Not at all
difficult
35%
39%
Information
Awareness
Methodologies
and Testing
37%
26%
Implementing
Secure
Systems
44%
35%
18%
31%
17%
N/A
8%
6%
4%
Source: HM Goverment Report on Cyber Security Skills, March 2014
More than one third of organisations surveyed by the UK Government found it
“Very difficult” to recruit cyber security professionals. This is evidence of the
need for high quality cyber training programmes like those offered by 7Safe.
7Safe’s professional courses will help your organisation
to develop a range of cyber capabilities and skills required
to protect your business from cyber-related loss.
As the pace of IT change continues to accelerate, your people will
require new counter-cyber crime skills and experience to help you
protect your business from reputational and financial loss caused by
cyber events. 7Safe can help you to meet this challenge by developing
a tailored programme for any and all of your cyber security needs.
Your organisation requires the
capability to:
identify and fix technical
weaknesses/threats to your
IT systems and data storage
respond to incidents when they
happen so you can minimise
loss, identify cause and prevent
reoccurrence
7Safe provides a wide range of
courses suited to various audiences,
from general awareness through to
leadership, all built around our strong
core of technical courses.
Logical career progression from
introductory level to advanced courses
for people with experience ensures that
your staff will benefit from the 7Safe
approach to professional development.
educate all leaders and IT users on
their role in keeping your business
cyber secure
Skill Level
Security
Awareness
Foundational
Security skills
for day-to-day
use
Advanced
Security skills
Advisory/
Managerial
skills
People with an IT
support role
People with a
technical Cyber
Security role
C
urrent, relevant courses
delivered by practising
consultants
All our courses are developed,
delivered and regularly revised
by our practising consultants to
reflect the latest developments,
techniques, exploits and
defensive recommendations
- an approach that guarantees
up-to-date, highly relevant
real-world content.
Work-based, practical
approach that satisfies
real-world requirements
Hands-on practical exercises
transfer skills needed in the
workplace and unlike so many
courses in this field, when
delegates complete the exam,
they are ready to do the job.
Membership of 7Safe
Organisational Role
All staff
Here are four key
reasons to choose
7Safe’s Professional
Development courses:
People with an
audit role
People with
a business
leadership role
Training to enable
you to deliver
your audits to
international
standards
Training to enable
your leaders to really
understand the
cyber threats to their
business
Enhanced cultural
training to prevent
your people being
vulnerable to social
engineering
Technical training to identify and resolve data
loss risks and incidents
Advanced technical
training and
certification.
CREST and IISP
accredited.
Alumni Network
7Safe’s Alumni Network gives our
delegates exclusive membership
access to all the latest updates in
our courses, so that they never
fall behind when things change.
It’s also the perfect community
for crowdsourcing technical
advice when needed back at
your work place.
Skills needed by industry
Our client base is strong and diverse, we currently work with:
FTSE 100 companies including banks, major retailers and global manufacturers
Over 50% of UK Police forces
UK Government organisations
Overseas organisations and Governments
and government
7Safe’s technical training courses
provide industry recognised
certifications with delegates
coming to us from all sectors,
including law enforcement
agencies and even our competitors
to increase their in-house
capability and peer recognition.
What the senior managers
and delegates say about
7Safe training
‘Excellent instruction; clear and concise
overview, perfect for non-specialists.’
Delegate on Hacking Insight for
Managers course (2014)
Our training is available throughout
the UK, Europe and USA
Onsite in your organisation
Locations throughout the UK as part of our Cyber Training Roadshow
In our custom-built training facility near Cambridge
‘I came away with a substantial
increase in my knowledge along with
some very useful documentation.’
Delegate on Certified Cyber
Investigator course (2015)
‘Excellent course, Lecturer was
brilliant! Course is really going to
help with my day-to-day work.’
Delegate on Certified Forensic
Investigation Practitioner course (2015)
Course
accreditations
Ethical
Hacking
‘Excellent course made better by
instructors knowledge of subject
and real life examples.’
Delegate on Certified Malware
Investigator course (2014)
‘The course is well laid out and has
a very good balance between the
theory and the practical aspects.
Delegate on Certified Security Testing
Associate course (2015)
‘The course was excellent and highly
relevant to my work as a web developer.
As a result of this course I have changed
the way I will approach security and
coding on mobile apps.’
Delegate on Certified Mobile Security
Tester course (2015)
What the individuals
from our security and
intelligence services say
about 7Safe training
7Safe London
101 Finsbury Pavement
London
EC2A 1RS
United Kingdom
Tel: +44 (0)870 600 1667
‘I have enjoyed the course. The tutor was
7Safe Cambridge
excellent and made things clear and was
Cambridge Technology Centre
Melbourn
Herts SG8 6DP
United Kingdom
Tel: +44 (0)870 600 1667
thorough with the course material.’
Police Officer on Certified Forensic
Investigation Practitioner course (2015)
Digital
Forensics
Information
Security
Software
Security
Did you know that it was the curious
designers at MIT who first started
hacking other people’s computers,
as they explored the boundaries and
limitations of the new technologies
and communication protocols. The
first use of the term Hacker was in
an MIT student newspaper
in 1963.
BIS 2014 Information Security Breaches Survey
Ponemon Institute
Source: IT Security Guru
4
ISACA and RSA Conference Survey 2015
5
PAC MSS Study, InfoRisk Today, 25 Feb 2015 (http://www.inforisktoday.com/target-breach-costs-162-million-a-7951)
1
2
3
Would you like to find out more from the
7Safe professional development team?
+44 1763 285 285
Email: [email protected]
www.7safe.com/professional-development
Download