Cyber security it’s not just about technology

Recommendations

Info

• The same applies to monitoringattacks. In many cases, organizationshave certain monitoring capabilities,but the findings are not shared withthe wider organization. No lessons, orinsufficient lessons, are learned fromthe information received. Furthermore,monitoring needs to be underpinnedby an intelligence requirement. Onlyif you understand what you want tomonitor does monitoring become aneffective tool to detect attacks.• Organizations need to develop anenterprise-wide method for assessingand reporting cyber security risks.This requires protocols to determinerisk levels and escalations, andmethods for equipping the board withinsight into strategic cyber risks andthe impacts to core business.5Mistake: “We need to recruit the bestprofessionals to defend ourselvesfrom cyber crime”Reality: Cyber security is not adepartment, but an attitudeCyber security is often seen as theresponsibility of a department ofspecialist professionals. This mindsetmay result in a false sense of securityand lead to the wider organization nottaking responsibility.The real challenge is to make cybersecurity a mainstream approach.This means, for example, that cybersecurity should become part of HRpolicy, even in some cases linked toremuneration. It also means that cybersecurity should have a central placewhen developing new IT systems,and not, as is often the case, be givenattention only at the end of such projects.7 | Cyber security: it’s not just about technology© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network ofindependent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.All rights reserved. Printed in the U.S.A. The KPMG name, logo and “cutting through complexity” are registeredtrademarks or trademarks of KPMG International. NDPPS 264522
8 | Telelens op de toekomst03The key is customizationThe risks of cyber crime for a local entrepreneur compared to a globally operatingmultinational are vast. The former may not have the resources or expertise toadequately detect or prevent cyber crime. But the latter is a more attractive target tocriminals: it is more visible, more dependent on IT, and has far more valuable assets.It is clear that both businesses need to adopt a customized approach to cyber security,based on the character of the organization, its risk appetite and the knowledgeavailable. Consider how a jeweler arrives at the proper level of security through astrategic, realistic and customized approach to protecting its assets. Then compare it tothe current common corporate approach to cyber security.Jeweler’s perspective on theft securityI know which assets to protect and have set up theappropriate measures.I perceive theft as a risk in the business and know thatrealistically I can’t be in business if I want 100 percent security.I focus on measures that prevent a person from leaving withvaluable goods.I do not let security suppliers spook me and I make my ownpurchasing decisions.When it goes wrong or almost goes wrong, I learn a lesson.Corporate perspective on cyber securityI take measures without a having a clear idea of the assetsit is essential to protect.I see cyber crime as something exotic and strive to achieve100 percent security.I focus on measures that prevent a person from enteringand forget to take measures that prevent a person fromtaking away information.My security policy depends on the tools available in themarketplace, without knowing exactly what I need.When it goes wrong or almost goes wrong, I panic.I train employees in how to reduce the risk of theft and talkto them when they make mistakes.I invest in tools because they assist the continuity ofmy business.I view cyber security as mainly a matter for specialistprofessionals and don’t want to burden the rest of theorganization with it.I invest in tools because it is mandatory and because themedia reports on incidents every day.© 2014 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network ofindependent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.All rights reserved. Printed in the U.S.A. The KPMG name, logo and “cutting through complexity” are registeredtrademarks or trademarks of KPMG International. NDPPS 264522Cyber security: it’s not just about technology | 8
Page 1 and 2: Cyber security:it’s not just abou
Page 3 and 4: ContentsPreface 101 Understanding t
Page 5: What is cyber crime and who is carr
Page 9: 3Mistake: “Our weapons have to be
Page 14: 05Are you ready for action?Cyber se

Cyber security it’s not just about technology

Create successful ePaper yourself

Delete template?

Save as template?