ANNUAL REVIEW

Cyber Security & Risk Management 2016

July 2016  |  RISK MANAGEMENT

financierworldwide.com


Click cover to download

(Subscriber-only password access)

 

Not a subscriber?

Click here to join the FREE mailing list and receive password access


The current cyber risk environment is a fast moving place. As companies develop new internal cyber policies and legislators introduce new guidance to help protect businesses and their customers, they are often just fighting to keep ahead of malicious actors. Cyber risks continue to evolve; from ransomware to spear phishing, it is imperative that organisations keep themselves abreast of the latest developments in cyberspace and establish suitable defences. Cyber attacks are a major enterprise risk. Failing to protect data, intellectual property and customer information can be hugely detrimental for any business.

 

UNITED STATES

Frances Floriano Goins

Ulmer & Berne LLP

“Companies are becoming more secure, but no company is immune from breach. Cyber risk remains an enterprise risk because of the potential operational impact, cost and reputational harm a cyber attack can cause. In addition to continuing threats such as hacked systems, malware and phishing, increasing threats arise from ransomware and business email compromises. Ransomware is a malicious software that encrypts a victim’s data, making the data inaccessible and holding it for ransom until the victim pays a cash ‘ransom’ for a decryption key. It is profitable because the cost of losing or restoring the data is often higher than the ransom payment.”

 

CANADA

Vanessa Coiteux

Stikeman Elliott LLP

“I would say that in the past 18 months, we have witnessed a number of important developments. These include a jump in extortion-driven attacks where hackers use sensible information to blackmail organisations, new risks emerging from poorly planned or executed cloud service integrations or the use of non-secured cloud based solutions, an increase in risks posed by third-party suppliers and contractors having access to a company’s infrastructure, the proliferation of new and mass repackaging of ransomware, and security incidents related to enterprise connected personal and mobile devices (BYOD).”

 

MEXICO

Fernando Roman Sandoval

PwC

“Cyber risks in Mexico have definitely increased over the past two years. Today, there is a global trend of ‘targeted attacks’ with a clear economic interest – and Mexico has been no exception. This has forced organisations to make investments to face those new risks. The cyber risk environment is diverse, and certain industries are more vulnerable than others. However, in the last 18 months we have seen DDos, DDoS extortion, ransomware, fraud, phishing and malware, among others. Currently, companies still see cyber security as an IT problem instead of a business problem. Organisations must adopt an approach that includes cyber issues in their enterprise risk management.”

 

UNITED KINGDOM

Anita Bapat

Hunton & Williams

“Cyber risk has proliferated in the last few years, with cyber crime growing not only in volume but in sophistication. As well as the more traditional actions, such as theft deployed by internal rogue actors, we are seeing a broad range of techniques being deployed by cyber criminals including phishing, denial of service attacks, malware, ransomware and persistent threats. Companies need to be aware of the heightened cyber risk and spectrum of threats that may be launched against them – often multiple attacks simultaneously – and implement appropriate internet and network security to ensure as high a standard of security as possible as well as robust internal policies and procedures to manage such risk.”

 

FRANCE

Claire François

Hunton & Williams

“The past 12 to 18 months have been marked by many changes in the cyber risk environment. Cyber attacks have increased in both number and in sophistication. This has resulted in a higher number of data breaches, which often involve tens of millions of data. The French legislative framework has also evolved significantly, in particular with the implementation of the French Military Programming Law. That law obliges companies that have critical networks and information systems – so-called ‘operators of vital importance’ – to implement a cyber security mechanism.”

 

SPAIN

Carmen Segovia Blázquez

AON Risk Solutions

“Since the 1970s, progress in computing and telecommuni-cations has transformed our lives. Today we talk about the IoT and Big Data; we are consolidating the idea of the ‘Smart Life’ in which we and the objects that surround us will be subjects of this new way of interacting with our environment. The rapid evolution of information and communication technologies has led to threats and attacks on infrastructure and other systems. These attacks are becoming increasingly numerous and sophisticated. Cyber space is becoming hostile, forcing us to employ increasingly innovative technical and human resources to cope. In recent months we have seen the speed with which ransomware attacks are increasing and how companies have no choice other than to pay ransoms quickly in order to restore their systems and services, or how social engineering techniques that seek to deceive employees to access what criminals want become highly successful.”

 

PORTUGAL

Leonor Chastre

Cuatrecasas, Gonçalves Pereira, RL

“The technological evolution and the wide use of the internet have contributed to the creation of the so-called ‘global village’. We have seen a number of changes to the social paradigm; new means of communication have emerged and have almost replaced the traditional physical and face-to-face means of social interaction. Although it is common knowledge that these new means of communication facilitate and promote a permanent and immediate interaction between the users, their use can be accompanied by some technological naivety which leads the users to share, sometimes without any type of restrictions, their personal data and in some cases the personal data of others. This ‘unrestrained sharing’ is mostly motivated by a false sense of security and not so much by the lack of technological training or information.”

 

BELGIUM

Wim Nauwelaerts

Hunton & Williams

“Multinationals, as well as SMEs, are faced with an increasing risk of cyber incidents that are constantly evolving and can take various forms, depending on the sector and industry. For example, with a growing number of transactions and personal data of customers being collected on a daily basis, online retail businesses are increasingly facing the risk of cyber attacks and other security related data incidents. The past year has also seen a number of cyber attacks targeting public sector institutions, including vital sectors such as nuclear energy and air transport. In order to help manage these risks, the federal government has supported the creation of a Centre for Cybersecurity.”

 

GERMANY

Dr Jochen Lehmann

GÖRG

“Cyber risks are posing an ever greater threat to enterprises and the number of critical incidents is still rising. While the theft of data is a danger that has become common knowledge, new dangers are emerging, such as spear phishing. Emails and further communication are tailored to a specific person and his or her environment, so that the person is coaxed into believing that the correspondence is genuine. In the end, he or she acts in good faith that he or she is doing the right thing while actually damaging the enterprise. Another threat that has recently become prominent is the capturing of whole networks by criminals that only ‘release’ these networks after a ransom has been paid. Several hospital networks in Germany have fallen victim to those attacks, which could possibly endanger the lives of patients.”

 

AUSTRALIA

Emma Osgood

Berkshire Hathaway Specialty Insurance

“While point of sale software was very much the theme of 2015 with attacks on retail giants including Target and Home Depot, whereby an estimated 96 million debit and credit card numbers were compromised, latterly criminals have upped the ante and have set their sights on SWIFT, the world’s largest system for transferring funds between financial institutions. There has been an uptick in advanced persistent threats with a focus on compromising intellectual property from research & development institutions. Any country with a reputation for innovation is at risk and Australia is no exception, with the Australian Cyber Security Centre reporting that it sees cyber espionage activity targeting Australian networks on a daily basis. Finally, there has been an increase in malicious attacks directed at critical infrastructure.”

 

SOUTH AFRICA

Jason Gottschalk

KPMG Services (PTY) LTD

“The financial services industry, among other sectors, continues to be a target for cyber attack and this is largely due to the potential financial rewards on offer for the attacker. Ransomware remains a prevalent burden and continues to show how effective it can be in its ability to disrupt business operations. Most recently we have seen cyber attacks using advanced malware with the ability to bypass key controls. While this not in itself groundbreaking, we are starting to see these attacks being more and more successful against organisations, where their environments are considered very mature.”


CONTRIBUTORS

AON Risk Solutions

Berkshire Hathaway Specialty Insurance

Cuatrecasas, Gonçalves Pereira, RL

GÖRG

Hunton & Williams

KPMG Services (PTY) LTD

PwC

Stikeman Elliott LLP

Ulmer & Berne LLP


©2001-2016 Financier Worldwide Ltd. All rights reserved.