Democratising Cybersecurity: Insights from WISER Project
Learn about the WISER project and the push for democratising cybersecurity to combat the rising threat of cybercrime. Explore key statistics, the evolving cybersecurity market, essential lines of defense, and the crucial role of risk management in safeguarding digital assets. Discover how organisations can enhance their cyber-risk awareness and build resilience to prevent and recover from cyberattacks effectively.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Overview of WISER and the Democratisation of Cyber security Michele Nannipieri, Director Trust-IT Services WISER WIDE-IMPACT CYBER SECURITY RISK FRAMEWORK www.cyberwiser.eu www.cyberwiser.eu @cyberwiser #CyberSecPractice Co-funded by the European Commission Horizon 2020 Grant # 653321
The cybersecurity landscape: some stats No one is immune from cyberattacks People and organisations depend on digital technologies we are increasingly exposed, every day The economic impact of cybercrime rose fivefold from 2013 to 2017 (to an estimated 450 B$ globally), and could further quadruple by 2019 (1) 53% of US/UK/DE companies are ill-prepared (2) Cyber-risks can not be eliminated growing economic and social impact (2B of personal records & 100M of medical records stolen in 2016 in the US alone) Organisations need to become cyber-risk aware and need to build resilience: preventing breaches and recovering swiftly from attacks (1) European Council Communication paper - "Resilience, Deterrence and Defence: Building strong cybersecurity for the EU Sept 2017. (2) CNBC & Hiscox Insurance, Feb 2017. Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 2
Cybersecurity Market The other side of the coin: Opportunities for many GDPR Rapidly evolving market, with a growing value to be boosted by GDPR Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 3
Cybersecurity: Lines of defense Let s be schematic awareness the prerequisite monitor react mitigate Security Information and Event Management insure Security Incident Response Intrusion Prevention Systems DIGITAL ASSETS Many lines of defence & solutions make sure you choose the right one(s) for you Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 4
Risk management its the key L atteggiamento da avere nei confronti della cybersecurity Primarily adopted only by large companies(e.g. Financial institutions, Nuclear power plants) Risk management approach: Identify risk patterns, monitor threats, quantify likelihood & impact, mitigate Quantify also direct & indirect costs through real-time monitoring RAE DSS Sensors Risk Assessment Engine Decision-Support System Models Risk management is the approach as defined by GDPR It can be done, also by SMEs Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 5
Cybersecurity vs data protection Two themes closely linked together New European Directive GDPR - applicable for all European citizens (since May 25, 2018!) Are you cybersecure? It's not said you're GDPR-compliant & vice versa, but ... you're on the right track Non compliance: up to 4% of annual turnover fines (o 20M ) www.gdprcoalition.ie The Regulator is moving in a constructive way, (for once) for the benefit of European SMEs Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 6
GDPR: a first checklist for a generic website Are you ready for May 2018? GDPR theme Related Article(s) Checklist for a standard website (not elaborating user data) Art. 5 and ff Privacy notice Right to be informed Art. 15 (13, 14) All user data should be accessible after login Right of access Art. 16; notific., Art. 19 All data should be editable by the user Right to rectification Art. 17 It should be possible to delete an account Right to erasure Art. 18 It should be possible to disable user account, data will be still visible but can't be changed anymore Right to restrict processing Art. 20 It should be possible to provide data export in CSV format or similar Right to data portability Art. 21 Phrase in the privacy notice Right to object Art. 4(4), Art. 9, Art. 22 No relevant automated processing of personal data are usually taken on a standard website Rights related to automated decision making and profiling DPO: Artt. 37, 38, 39, Implement appropriate technical and organisational measures that ensure and demonstrate that you comply Accountability and governance Art. 85, 86 Setup a procedure of notification in case of data breach (when there is risk to the rights & freedom of individuals) Notification of data breach within 72 h GDPR is a complex rule (99 articles on 88 pages), but it must and can be handled in practical terms. Let's involve ICT managers too! Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 7
Cyber insurance The last line of defence 2017 Ponemon report: Digital Assets have greater average potential loss than PPE - Property, Plant & Equipment assets, but much smaller insurance coverage (15% vs 59%) What risks can you insure? Cyber insurance? Range: 2.5 20k / year, even with top-of-the-rank companies (eg AIG, Allianz, Chubb, Generali, Unipol) Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 8
The cyber-wise SME A possible strategic vision for an "ICT-intensive" SME 1 2 3 Internal processes (notifications, access control, ) Monitoring tools Reaction / Protection tools 4 Cyber security insurance policy (to cover the residual risk) 5 Internal organisation (DPO Data Protection Officer, privacy-by-design, ) Which budget to allocate? A (provocative) answer: TCM Total Cost Management From 3.000 to 20.000 , on annual basis Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 9
What will be looking at today? Concrete elements to improve understanding, find solutions & exploit existing opportunities Innovative elements of SMEs Self-assessment of cyber risks "Free" solutions for cybersecurity Risk management, in action GDPR Opportunities to join community of experts Access to / visibility on cybersecurity markeplace Cybersecurity in practice Cluj, 18 October 2017 www.cyberwiser.eu - @cyberwiser 10
Thank you! Contact: Michele Nannipieri m.nannipieri@trust-itservices.com www.trust-itservices.com www.cyberwiser.eu www.cyberwiser.eu @cyberwiser
BACKUP SLIDES Cybersecurity in practice Pisa, 12 October 2017 www.cyberwiser.eu - @cyberwiser 12
Risk management its the key L atteggiamento da avere nei confronti della cybersecurity Approccio una volta appannaggio solo di grandi aziende (ad es. Banche, Centrali Nucleari) L importanza della quantificazione, in Euro, del rischio e il vantaggio del real- time Architettura logica di WISER Cybersecurity in practice Pisa, 12 October 2017 www.cyberwiser.eu - @cyberwiser 13
Cyber insurance The last line of defence Quali coperture possono essere richieste? Cybersecurity in practice Pisa, 12 October 2017 www.cyberwiser.eu - @cyberwiser 14
