26/Feb/2020
The Cyber FinTech Summit in the Hague took place last week in The Hague and we were happy to see so much exciting technology, as well as continue to connect with other businesses and innovators. For those of you who were not able to attend our workshop Proactively Manage Your Supply Chain Digital Risks at the Summit, we have summarised the highlights for you here. Hosted by CyNation in partnership with Marsh and our Dutch partners, Compumatica, we engaged participants in a dynamic and interesting discussion about digitalisation, supply chain risk and best practices for moving forward.
Koen Gijsbers, former General Manager of NATO’s Communications and Information Agency, who served as the moderator for this workshop, opened with comments on the importance of addressing digital risks within a supply chain environment. With recent examples such as Marriot’s data breach, which stemmed from a third-party supplier, and Maersk’s devastating hit from a phishing attack that paralysed their global operations, the need for effective and consistent cyber security is clear. These threats have an effect on the entire business, not just the IT department; therefore, cyber risk strategies need to be holistic, taking into account all departments and levels of management.
Gregory van den Top, Cybersecurity Consultant at Marsh, continued on this train of thought, explaining how they promote a comprehensive strategy for risk assessments to their clients, considering various mitigation methods. Critically, he noted that in most discussions about supply chain risk, organisations forget to account for the risk that they themselves are bringing into their ecosystems.
Participant discussion subsequently highlighted concerns that while cyber risks have been acknowledged by boards and top management, they have not been prioritised over other strategic and revenue generating activities. One participant noted that for effective change to occur, organisations would need to educate employees and adjust their attitudes towards supply chain risk.
Unsurprisingly, in a recent Cyber Risk Perception Survey Report 2019, Marsh found that confidence levels in the three core areas of cyber risk – understanding, preventing/mitigating, and managing threats – is incredibly low in The Netherlands and Continental Europe.
Another participant noted that risk priorities themselves depend on various factors, including geographic; for example, in Brazil, physical risk is prioritised, whereas in the US, digital risk is a larger issue. This can be a challenge for large, multinational companies, who have to negotiate these differences while maintaining cyber security across their entire operation.
In response, Shadi A. Razak, Chief Technology Officer of CyNation, noted the new technologies that are being leveraged to help organisations maintain cyber security and compliance. Solutions like CyDesk, CyNation’s integrated risk management platform, help to consolidate the siloed views of the cyber security posture that different departments and business units have within an organisation. To equalize the level of risk maturity across departments, organisations must implement a culture of compliance, performance and resilience, focusing on business continuity, avoiding financial consequences and establishing key sources or multipliers of cyber threats.
This can be very difficult, especially as digital risks evolve and propagate constantly. Consequently, it is necessary to adopt the new technologies that are effective in identifying and evaluating digital risks within business contexts, allowing principals across management levels – from executive positions to operations to the tactical team – to make risk management decisions that benefit both the cyber security status and overall business operations.
Koen Gijsbers then spoke briefly about email, which is one of the largest cyber threats to an organisation. Speaking for our partner Compumatica, Petra van Shayik noted that securing email communications and ensuring the authenticity of both the sender and the receiver, as well as the integrity of the message itself, can go a long way in reducing harmful phishing and fraud emails. Phishing is a key tactic that hackers use to infiltrate large networks; with Compumatica’s CompuMail Gateway, this key threat is easily prevented.
Participants then discussed the benefits of sharing information on potential threats or past attacks, noting that organisations are hesitant to do so out of fear of losing competitive advantage or opening themselves up to another cyber hack. In this area, Koen Gijsbers mentioned that the Dutch government is working on initiatives to safely share this kind of information across corporates, government and academia. Shadi noted that information sharing would likely be more common if organisations were encouraged to report cyber threats anonymously, highlighting only their characteristics (such as size and type of industry), allowing similar organisations to scan for similar attack attempts or patch vulnerabilities.
With that, our time was up! If you attended, thank you for your participation and thoughtful discussion. We hope to hear from you again soon.
If you missed the workshop or would like to find out more about enhancing your cyber security posture, join our webinar, A Practical Guide to Vulnerability Testing, on 4th March.
If you would like to explore the theme of digital transformation and emerging risks more, you can download CyNation’s latest whitepaper at this link: https://cynation.com/new-white-paper-outlines-risk-management-in-digital-transformation/.
The Global Risks Report, published by the World Economic Forum with support from Marsh & McLennan, provides a rich perspective on the major threats that may impact global prosperity in 2020 and over the next decade. It is available at the following link: https://www.marsh.com/nl/nl/insights/research-briefings/global-risks-report-2020.html
