Comprehensive Cyber Risk Management: New Threats, New Approaches
Webcast panel covered how to reassess cyber defense plans as frightening new threats emerge.
Many cyber criminals are not as concerned as they once were with sneaking past your organization’s firewall to insert malware into computer systems. Instead, they are targeting employees directly with seemingly legitimate emails from trusted sources — from colleagues to outside advisors to family members.
The new breed of cyber-attacks is being launched by “threat actors who are determined and have ample tools and tactics at their disposal. When they hit a road block, they will adapt or switch up their tactics,” Kristen Dennesen, senior threat intelligence analyst at FireEye, said during Marsh’s September 23 The New Reality of Risk® webcast.
To combat these active adversaries, cyber risk management should be undertaken comprehensively, across the enterprise. “The way we think companies should be looking at cyber risk these days is in terms of an overall framework that encompasses aassessment, management, and response,” said Tom Reagan, Marsh’s Cyber Practice leader.
The final panelist on the webcast was Tom Fuhrman, Cyber Security Consulting leader for Marsh Risk Consulting.
Panelists provided examples of spear-phishing attacks to illustrate how hackers may execute a breach, and how thye can attack a company via its partners or vendors.
Key takeaways from the event:
- Even an unlimited budget for information security will not eliminate your cyber risk.
- Defending against cyber risk requires enterprise-wide commitment and diligence.
- Major cyber breaches often start with spear-phishing attacks, so you need to educate employees about such attacks.
- Your suppliers’, customers’, and partners’ cyber vulnerabilities may also me yours as they can unwittingly provide a back door into your organization.
- Hackers are extremely adaptable, changing their tactics as their targets implement cyber defense processes.
- Organizations can use threat intelligence to stay ahead of cyber-attackers.