header image

Current Trends in Cyber Security and Risk Management

Lenoy Barkai, Mike Groves 1 March 2022
1 March 2022    Lenoy Barkai, Mike Groves

S-RM’s Lenoy Barkai and Mike Groves recently spoke with Financier WorldWide about how organisations can improve their cyber risk management.

This article was originally published in Financier Worldwide's Cyber Security & Risk Management InDepth Feature, March 2022 and has been reprinted with kind permission.


Although the objectives of cyber criminals have remained constant – maximising profits while minimising efforts – cyber attacks over the previous 12-18 months have exemplified the increasing levels of sophistication among criminal gangs. Ransomware operators, who continue to pose the most prominent risks to organisations, have added new weapons to their arsenals to enhance the likelihood of receiving a payout. Tactics include leveraging double encryption attacks, in which victims’ data is encrypted with two or more, rather than a single, ransomware strains. distributed denial of service (DDoS) attacks have taken victims’ websites offline until a ransom has been paid, causing major business interruption. And increasingly we have seen instances of attackers cold-calling victims to apply pressure if ransom demands have been ignored.

 

Q-01Financier worldwide: What steps should companies take to establish appropriate processes and policies to manage cyber-related risks and keep systems safe?


Companies should begin by defining the objectives of their information security function – looking at which information assets and systems they are trying to protect the confidentiality, integrity and availability of, and why. Next, build out the cyber security policy, which should describe the ‘ideal state’ of the domain outlined in the objectives. Then supplementary procedures can be written, detailing how the ideal state is to be reached and maintained. If you are aiming to align with, or attain compliance with, a particular industry standard or framework, ensure that your policies define an ideal state that meets these requirements. Finally, engage employees with the policies and procedures so they understand their role and the consequences of not adhering to policy, even in the case of accidental policy violations.

Read the full PDF

 

LENOY BARKAI, Director, Cyber Security

Lenoy co-leads S-RM’s Cyber Advisory practice. She has over nine years’ experience spanning security risk analysis, strategic consulting and alternative investment management. Since joining S-RM in 2018, Lenoy has supported clients working through complex cyber and physical security challenges, and has led projects spanning the private equity, extractives and FMCG industries, among others.

 

MIKE GROVES, Director, Cyber Security

Mike co-leads S-RM’s Cyber Advisory practice in the UK, working with clients from a diverse range of sectors, to make their organisations more resilient to cyber security risks. He joined S-RM’s Crisis Management Team in 2015 as a corporate security operations manager focusing on the provision of terrorism and political violence response services. He subsequently led the development of S-RM’s crisis preparedness functions for corporate clients from a range of sectors and developed specialisms in the design and delivery of emergency management exercises.

To discuss this article or other industry developments, please reach out to one of our experts.

Lenoy Barkai
Lenoy barkai Director, Cyber Security Email Lenoy
Mike Groves
Mike groves Director, Cyber Security Email Mike

Intelligent Business 2022 Strategic Intelligence Report

The evolution of strategic intelligence in the corporate world. Read S-RM's latest report.

Download Report