The Principles of Good Cyber Risk Management

In the world of cyber risk, we are dealing with unprecedented events. Apart from headline grabbing attacks such as the global malware incident that impacted Mondelēz’s business and the Russian military-run global cyber-attack, NotPetya, we are now seeing an epidemic of cyber attacks. Concern has shifted from dealing with data being stolen and sold on the dark Web to handling serious ransomware and destructive attacks, where attackers are looking for immediate monetary output. This is the new threat. Malware such as TrickBot can infect an entire corporate network allowing hackers to surreptitiously gain access to systems, embed nefarious files and clean themselves, leaving no trace. The source of the attack is not, however, dealt with — allowing hackers time to monitor what is valuable to an organisation and prepare a more sinister attack. At a later date, entire networks are encrypted, and companies are brought to their knees, unable to access email, payment systems, and operational systems. Everything goes down, including email, calendars, Skype and VOIP, leaving a company unable to operate or communicate.