S-RM’s Lenoy Barkai and Mike Groves recently spoke with Financier WorldWide about how organisations can improve their cyber risk management.
This article was originally published in Financier Worldwide's Cyber Security & Risk Management InDepth Feature, March 2022 and has been reprinted with kind permission.
Although the objectives of cyber criminals have remained constant – maximising profits while minimising efforts – cyber attacks over the previous 12-18 months have exemplified the increasing levels of sophistication among criminal gangs. Ransomware operators, who continue to pose the most prominent risks to organisations, have added new weapons to their arsenals to enhance the likelihood of receiving a payout. Tactics include leveraging double encryption attacks, in which victims’ data is encrypted with two or more, rather than a single, ransomware strains. distributed denial of service (DDoS) attacks have taken victims’ websites offline until a ransom has been paid, causing major business interruption. And increasingly we have seen instances of attackers cold-calling victims to apply pressure if ransom demands have been ignored.
Financier worldwide: What steps should companies take to establish appropriate processes and policies to manage cyber-related risks and keep systems safe?
Companies should begin by defining the objectives of their information security function – looking at which information assets and systems they are trying to protect the confidentiality, integrity and availability of, and why. Next, build out the cyber security policy, which should describe the ‘ideal state’ of the domain outlined in the objectives. Then supplementary procedures can be written, detailing how the ideal state is to be reached and maintained. If you are aiming to align with, or attain compliance with, a particular industry standard or framework, ensure that your policies define an ideal state that meets these requirements. Finally, engage employees with the policies and procedures so they understand their role and the consequences of not adhering to policy, even in the case of accidental policy violations.
LENOY BARKAI, Director, Cyber Security
Lenoy co-leads S-RM’s Cyber Advisory practice. She has over nine years’ experience spanning security risk analysis, strategic consulting and alternative investment management. Since joining S-RM in 2018, Lenoy has supported clients working through complex cyber and physical security challenges, and has led projects spanning the private equity, extractives and FMCG industries, among others.
MIKE GROVES, Director, Cyber Security
Mike co-leads S-RM’s Cyber Advisory practice in the UK, working with clients from a diverse range of sectors, to make their organisations more resilient to cyber security risks. He joined S-RM’s Crisis Management Team in 2015 as a corporate security operations manager focusing on the provision of terrorism and political violence response services. He subsequently led the development of S-RM’s crisis preparedness functions for corporate clients from a range of sectors and developed specialisms in the design and delivery of emergency management exercises.