Cyber Security

In the UK alone cybercrime costs the economy GBP27billion per year with businesses bearing the lion's share at GBP21billion. Major cyber-attacks are now today's most significant risk and ensuring your key decision-makers know the basic principles of cyber-security and attack techniques is your organisation's first line of defence. Ark Group's new report Cybercrime: Threats and Solutions is written specifically with the non-technical reader in mind. Using practical examples and easy-to-understand illustrations it outlines the most common cyber-attacks being used today, explains the risks, and demonstrates how to mitigate them and remain secure. Advice is also provided on business continuity and disaster recovery methods that can be implemented immediately in the event of an attack. Key topics covered will enable you to: Understand the impact and risks of cyber-crime on your business; Build the business case for a cyber-security programme; Devise a framework for educating employees as to the importance of cyber security; Design a governance action plan for cyber security; Develop and implement a threat assessment process; and Implement a cyber-crisis response for your organisation. PLUS - Contained within the complimentary CDROM you'll find all the checklists featured throughout the report with practical steps to protect your organisation against cybercrime. that may be of interest to you and may pass your details to other companies within the Wilmington Group and selected clients. Major cyber-attacks are now today's most significant risk and ensuring your key decision-makers know the basic principles of cyber-security and attack techniques is your organisation's first line of defence. Ark Group's Cybercrime: Threats and Solutions is written specifically with the non-technical reader in mind. Using practical examples and easy-to-understand illustrations it outlines the most common cyber-attacks being used today, explains the risks, and demonstrates how to mitigate them and remain secure. Advice is also provided on business continuity and disaster recovery methods that can be implemented immediately in the event of an attack. Key topics covered will enable you to: Understand the impact and risks of cyber-crime on your business; Build the business case for a cyber-security programme; Devise a framework for educating employees as to the importance of cyber security; Design a governance action plan for cyber security; Develop and implement a threat assessment process; and Implement a cyber-crisis response for your organisation. PLUS - Contained within the complimentary CDROM you'll find all the checklists featured throughout the report with practical steps to protect your organisation against cybercrime.

Table of Contents:
Contents...III Executive summary...VII About the author...XI Part One: The cyber threat landscape in 2013 Chapter 1: Cyber criminals - Profiles, motives, and techniques... 3 An interview with (ISC)2... 3 The Blackhole exploit kit... 6 Other exploit kits and CaaS attack tools... 9 Increasingly varied threats... 9 A Cyber Pearl Harbor... 10 From 'one-to-one' towards 'many-to-many'... 11 The cybercrime 'perfect storm' scenario... 13 Threat actors - The cast of cybercrime characters... 13 Conclusion... 16 Chapter 2: Why cyber attacks occur... 19 Strategy versus operations... 19 Horizontal versus vertical sectors... 20 Access versus exploit... 21 Why are organisations vulnerable?... 23 Awareness need not have a technical focus... 24 Cyber challenges facing the world in 2013... 25 Conclusion... 35 Chapter 3: The impact and cost of cybercrime... 37 Financial... 38 Brand, reputation, and customer confidence... 39 Fake online profiles... 40 Personal and social effects... 41 Tracking and privacy... 41 A risk-based approach to planning... 43 Conclusion... 43 Contents IV Part Two: Cyber attack techniques Chapter 4: From an army of one to the botnet... 47 The typical stages of a cyber attack... 47 Attack objectives... 48 Common tools and techniques... 48 Organised crime... 49 A growing threat... 53 Chapter 5: E-crime... 55 Social engineering... 55 Phishing... 56 Pharming... 57 Data theft... 57 Online fraud... 57 Conclusion... 57 Chapter 6: Employees and risk... 59 Hostile online investigations and social media... 59 Unauthorised Cloud deployments... 60 USB sticks and other media... 60 Conclusion... 62 Part Three: The road ahead Chapter 7: Governance... 65 The evolution of cyber security and the regulatory framework... 65 Winning the argument... 68 Governance, risk, and compliance... 68 Auditing vs penetration testing... 69 A high level governance action plan for cyber security... 71 Chapter 8: Assessing risks... 73 Information technology and data asset inventories... 73 Threat assessments... 76 Vulnerability assessments... 78 ICT risk registers... 79 Risk velocity... 80 Risk tolerance and the 'goldilocks zone'... 80 Cyber crisis response... 80 Conclusion... 84 Cyber Security: Threats and Solutions V Chapter 9: Devising or updating controls... 85 Data classification and segmentation... 86 Encryption... 87 Authentication... 88 Network flooding attacks... 90 Anti-malware solutions... 90 Mobile device security... 91 Cloud security... 92 Mobile payments security... 95 Machine-to-machine auditing... 97 Citizen developers... 98 ISO 27001 compliance... 98 Conclusion... 99