It’s time to develop your own Cyber Security capabilities Professional development guidance for senior decision-makers to help them counteract data loss and cyber-attacks Accredited by leading professional bodies and institutions: It’s not just the big organisations that lose data …The Internet Security Threat Report (2015) from Symantec shows that 59% of all spear-phishing attacks struck small and medium-size businesses, putting not only them but their business partners and customers at higher risk. Company Boards, Lawyers and Regulators are now paying attention to Cyber Every organisation, regardless of its relative size, is vulnerable to cyber loss. The statistics speak for themselves: in 2013, 81% of large corporations and 60% of small businesses reported a cyber breach1. The average total cost of a data breach has increased 23% over the past two years to £2.43 ($3.79) million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased 6%, jumping from £93 ($145) in 2014 to £98 ($154) in 20152 . With the implementation of the European Data Protection Regulation only a year or two away, businesses must now acknowledge that the hype is over, the reality is clear and the threat to businesses is here to stay. It is now more likely than not that: some people will try and misuse electronically stored data that you hold, whether it’s your customers’ personal data or the latest designs of your soon-to-be-released products. some people will try and prevent your digital transactional systems from functioning. An ISACA study in 2015 revealed that organisations are experiencing attacks that are largely deliberate, and they lack confidence in the ability of their staff to protect and respond. The top four threats exploiting organisations in 2014 were cyber criminals (46%), non-malicious insiders (41%), hackers (40%) and malicious insiders (29%)3. Whether it is an accident by one of your employees or the attack is performed by an outsider with malicious intent, your business will lose market confidence, you will lose revenue and you will incur costs to rectify and remediate. If you are also found to be culpable by the regulators for the loss, then new EU laws can fine you up to €1m or 2% of your company’s global annual turnover. There is a significant role to play for every person in an organisation and because of that, embedding new cyber capabilities, skills and knowledge at all levels in your organisation will ensure that your business is properly protected and also capable of responding when a cyber incident occurs. In 2013, US retailer Target was hit by one of the biggest data breaches in the industry’s history. As many as 40 million customers saw their credit and debit cards become subject to potential fraud after malware was introduced to the Point of Sale (POS) systems in 1,800 stores. The hackers managed to breach Target’s security perimeter by using a less secure supplier in Target’s supply chain. Target suffered a 46% drop in profits in the fourth quarter of 2013 compared with the year before. Target’s cyber insurance policy is only covering about 35% of the estimated $250million cost. CEO Gregg Steinhafle stepped down in 2014. There is not enough skilled cyber security resource around to protect all businesses FACT: More than one in three businesses (35%) are unable to fill open positions, yet 82% expect a cyber-attack4 According to a study conducted by ISACA and RSA Conference of 649 cybersecurity and IT managers or practitioners, 77% of those polled experienced an increase in attacks in 2014 and at the same time, these organisations are coping with a very shallow talent pool. Only 16% of respondents felt at least half of their applicants are qualified; 53% said it can take as long as six months to find a qualified candidate; and more than a third are left with job openings they cannot fill. A recent report by the UK government confirms the findings of the ISACA survey. Outsource or insource cyber capability – the decision The choice as to whether you use thirdparty providers to protect your data and systems, or you develop the main counter-cyber crime capabilities yourself will depend on your business and what your risk assessment tells you is needed. 79% of UK companies still outsource some or all of their cyber security provision5. Even if the majority of your cyber resource is outsourced, you will need an internal core element of awareness, if not skills, to help protect your business in the future as the Digital Revolution develops. If, however, you are a business that relies on IT to deliver and/or support your business model, then you really should have your own technical cyber resource. Key cyber skills that UK organisations find difficult to recruit for Very difficult Incident Management A bit difficult Not at all difficult 35% 39% Information Awareness Methodologies and Testing 37% 26% Implementing Secure Systems 44% 35% 18% 31% 17% N/A 8% 6% 4% Source: HM Goverment Report on Cyber Security Skills, March 2014 More than one third of organisations surveyed by the UK Government found it “Very difficult” to recruit cyber security professionals. This is evidence of the need for high quality cyber training programmes like those offered by 7Safe. 7Safe’s professional courses will help your organisation to develop a range of cyber capabilities and skills required to protect your business from cyber-related loss. As the pace of IT change continues to accelerate, your people will require new counter-cyber crime skills and experience to help you protect your business from reputational and financial loss caused by cyber events. 7Safe can help you to meet this challenge by developing a tailored programme for any and all of your cyber security needs. Your organisation requires the capability to: identify and fix technical weaknesses/threats to your IT systems and data storage respond to incidents when they happen so you can minimise loss, identify cause and prevent reoccurrence 7Safe provides a wide range of courses suited to various audiences, from general awareness through to leadership, all built around our strong core of technical courses. Logical career progression from introductory level to advanced courses for people with experience ensures that your staff will benefit from the 7Safe approach to professional development. educate all leaders and IT users on their role in keeping your business cyber secure Skill Level Security Awareness Foundational Security skills for day-to-day use Advanced Security skills Advisory/ Managerial skills People with an IT support role People with a technical Cyber Security role C urrent, relevant courses delivered by practising consultants All our courses are developed, delivered and regularly revised by our practising consultants to reflect the latest developments, techniques, exploits and defensive recommendations - an approach that guarantees up-to-date, highly relevant real-world content. Work-based, practical approach that satisfies real-world requirements Hands-on practical exercises transfer skills needed in the workplace and unlike so many courses in this field, when delegates complete the exam, they are ready to do the job. Membership of 7Safe Organisational Role All staff Here are four key reasons to choose 7Safe’s Professional Development courses: People with an audit role People with a business leadership role Training to enable you to deliver your audits to international standards Training to enable your leaders to really understand the cyber threats to their business Enhanced cultural training to prevent your people being vulnerable to social engineering Technical training to identify and resolve data loss risks and incidents Advanced technical training and certification. CREST and IISP accredited. Alumni Network 7Safe’s Alumni Network gives our delegates exclusive membership access to all the latest updates in our courses, so that they never fall behind when things change. It’s also the perfect community for crowdsourcing technical advice when needed back at your work place. Skills needed by industry Our client base is strong and diverse, we currently work with: FTSE 100 companies including banks, major retailers and global manufacturers Over 50% of UK Police forces UK Government organisations Overseas organisations and Governments and government 7Safe’s technical training courses provide industry recognised certifications with delegates coming to us from all sectors, including law enforcement agencies and even our competitors to increase their in-house capability and peer recognition. What the senior managers and delegates say about 7Safe training ‘Excellent instruction; clear and concise overview, perfect for non-specialists.’ Delegate on Hacking Insight for Managers course (2014) Our training is available throughout the UK, Europe and USA Onsite in your organisation Locations throughout the UK as part of our Cyber Training Roadshow In our custom-built training facility near Cambridge ‘I came away with a substantial increase in my knowledge along with some very useful documentation.’ Delegate on Certified Cyber Investigator course (2015) ‘Excellent course, Lecturer was brilliant! Course is really going to help with my day-to-day work.’ Delegate on Certified Forensic Investigation Practitioner course (2015) Course accreditations Ethical Hacking ‘Excellent course made better by instructors knowledge of subject and real life examples.’ Delegate on Certified Malware Investigator course (2014) ‘The course is well laid out and has a very good balance between the theory and the practical aspects. Delegate on Certified Security Testing Associate course (2015) ‘The course was excellent and highly relevant to my work as a web developer. As a result of this course I have changed the way I will approach security and coding on mobile apps.’ Delegate on Certified Mobile Security Tester course (2015) What the individuals from our security and intelligence services say about 7Safe training 7Safe London 101 Finsbury Pavement London EC2A 1RS United Kingdom Tel: +44 (0)870 600 1667 ‘I have enjoyed the course. The tutor was 7Safe Cambridge excellent and made things clear and was Cambridge Technology Centre Melbourn Herts SG8 6DP United Kingdom Tel: +44 (0)870 600 1667 thorough with the course material.’ Police Officer on Certified Forensic Investigation Practitioner course (2015) Digital Forensics Information Security Software Security Did you know that it was the curious designers at MIT who first started hacking other people’s computers, as they explored the boundaries and limitations of the new technologies and communication protocols. The first use of the term Hacker was in an MIT student newspaper in 1963. BIS 2014 Information Security Breaches Survey Ponemon Institute Source: IT Security Guru 4 ISACA and RSA Conference Survey 2015 5 PAC MSS Study, InfoRisk Today, 25 Feb 2015 (http://www.inforisktoday.com/target-breach-costs-162-million-a-7951) 1 2 3 Would you like to find out more from the 7Safe professional development team? +44 1763 285 285 Email: education@7safe.com www.7safe.com/professional-development