Cyber Crime Seminar 8 December 2015

Transcription

1 Cyber Crime Seminar The Cyber Contest Jon Rigby Director of Cyber, December 2015 Cyber-Crime What is Reasonable? Jon Rigby AlixPartners Cyber Security ( Enterprise Improvement Financial Advisory Information Management Leadership & Organizational Effectiveness Turnaround & Restructuring 1

2 Hard Lessons: Cyber is a contest, not with technology, but with someone else a planned and synchronised operating domain, where defensive cyber operations are conducted to enable freedom of manoeuvre; and offensive cyber operations are conducted to achieve military effect in and through cyberspace...where is the treasure?..who should do what? 3 Hard Lessons: Boundary Vulnerabilities Network/service operations and security operations: constant tension CISO at the Sharp End Running an Operation; Delivering a Programme; Communicating the Risk; Responding to the Threat Partners hold your data CIO in the Middle Balancing speed, availability and stability against security Counsel; Senior Risk Owner: Insurance and Gauging Risk ExCo and the Board: responsible Is it clear who is responsible for what? 4 2

3 Characterisation of the Threat The Tired, Lazy or Foolish The Insider The Opportunist Thief The Organised Criminal 5 Understand the threat and your vulnerabilities Insider: Privilege Access Motivation Quantifying the problem Transportation (Physical) Retail & Services (Customer Data, Business Interruption) Opportunity: Open Source Techniques Percentages Weak Law Enforcement Organised: State-crime Cost-benefit Low risk Detection minimal Vulnerability: People Process Technology Energy (Business Interruption, Damage) Manufacturing (Physical & Business Interruption) Telco (3rd party svcs; business interruption, customer data) Technology & Pharmaceuticals (IP) Finance (Theft, Fraud, Business Interruption) 6 3

4 Cyber Security: Reasonable Risk Reduction Essential Controls are published and practiced; and top-10 are commoditised Safeguard against insiders Protect against opportunist and known threats Then work out how to detect and respond to those that get through How does the risk feel to you? 7 Executive s Must Take Control National Association of Corporate Directors Best Practice: Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue. Directors should understand the legal implications of cyber risks. Boards should have adequate access to cyber-security expertise and discussions about cyber risk management should be given regular and adequate time on the board meeting agenda. Board Management discussion of cyber risk should include identification of which risks to avoid, accept, mitigate or transfer through insurance, as well as specific plans associated with each approach

5 Cyber Justice Are there accepted norms, standards, practices, rules and laws International ones? Is there political and judicial will and weight Internationally Is there adequate national and international law enforcement resource How far will 2Bn Stretch? Do we understand responsibilities of business, law enforcement and cyber forces. 9 Cyberspace is the new Border Country Its not Surrey 10 5

6 AlixPartners is a leading global business advisory firm of results-oriented professionals who specialize in creating value and restoring performance at every stage of the business life cycle. We thrive on our ability to make a difference in high-impact situations and deliver sustainable, bottom-line results. The firm s expertise covers a wide range of businesses and industries whether they are healthy, challenged, or distressed. Since 1981, we have taken a unique, small-team, action-oriented approach to helping corporate boards and management, law firms, investment banks, and investors respond to critical business issues. For more information, visit alixpartners.com. AlixPartners. When it really matters AlixPartners, LLC Jonathan Rigby Director London (m) jrigby@alixpartners.com Jon joins AlixPartners Cybersecurity team in London with 30 years experience as a leader in Defense in the United Kingdom. As a 2-star officer, he has a proven ability to architect and deliver complex change programs of national and international significance. Jon is a successful leader; accustomed to operating in fast moving, mission critical environments. An experienced manager of large operating budgets, delivering challenging outputs under continuous financial pressure and in complex circumstances. As a key figure within the Allied, Defense and UK intelligence, cyber and IT communities, Jon recognizes the necessity of companies protecting themselves from cyber threats that are becoming harder to fend in a world transformed by data and technology. Since joining AlixPartners he has focused on supporting clients to increase their information-security maturity through targeted program design and delivery. : Examples of Jon s experience include: Defined and led the Defence Cyber Programme- delivering the structures, organization, people, skills and technology required to integrate cyber into military operations, alongside air, land, sea and space environments. Defined and commenced National Offensive Cyber Program with an annual cyber operating costs and capital spend was approximately 100M. Jon ensured that the operating model, its governance and authorities, enabled information and decision-making to flow between the technical and strategic levels. Architected and delivered a world-leading, ( 300M) intelligence center to cost and time, transforming performance. Developed blueprint and 20M program to extend and continuously improve the capability. Implemented Defense s information safeguarding measures; including personnel security, access and identity management; alongside a personnel security programme to mitigate the insider threat. Developed models for allied burden sharing and collaboration across multiple intelligence and cyber disciplines. Jon has a BSc in Physics from Durham University; MSc in Systems Engineering from Loughborough University and an MA in Defence Studies from Kings College London. He is an alumnus of the Royal College of Defence Studies. He is a Chartered Engineer and Member of the Institute of Engineering and Technology. He has been awarded the CBE and OBE; and is a recipient of the US Meritorious Service Medal, Defence Intelligence Director s Award and National Geospatial Intelligence Agency Award. 12 6