Understanding Cyber & Resilience Issues

Many companies are working towards, or have achieved, CESG’s ’10 Steps to Cyber Security’ and Cyber Essentials. Mastering these standards is non-trivial in itself and a must do task for any responsible business. However, it only provides a periodic snapshot of the Cyber and resilience health of a business. While absolutely vital, IT based protections – such as anti-virus software and firewalls – can only provide part of the solution.

The Cyber threat to your company is complex and continually mutating. It falls into 3 categories: organised crime; hackers; and nation state. Despite the impression often created by the media, the vast majority is criminal in intent and home grown.

A recent study on the www revealed:

  • Organised Crime
    • 1st (72%) of attacks from organised crime gangs within UK.
    • 2nd through a growing cybercriminal network in Mexico.
    • 3rd is Nigeria, 4th Germany, and 5th USA.
    • Just 0.074% of cyber attacks against UK targets originated in China and 0.27% originated in Russia.
    • Source: International Business Times – 12 May 2015.
  • Hackers/Hacktivists: Moral and thrill agenda drives these to often amazing, headline grabbing success.
  • Nation State attack is probably less likely for SMEs but as weaker links in the e-Supply Chain into larger companies, SMEs may be attractive as a way of gaining access to larger organisations.

So it is almost a certainty that you have been/will be successfully attacked – you just may not know about it. The CEO’s key Cyber concerns are typically:

  • What is the cyber and resilience risk to my business?
  • Have I done enough to reduce my business risks?
  • Am I spending too much/not enough?

Why the standard technical solutions often cannot protect you

The internet is fundamentally insecure. No code exists that can’t be cracked or firewall built that can’t be breached. Complying with industry standards, or those demanded by your clients, is simply not enough. Compliance cannot prepare you for new threats, which constantly multiply and mutate.

Defending your business must be a dynamic, pro-active activity, sufficiently adaptive to allow your users in, but sufficiently robust to keep threats out. An intelligent security approach is needed to help predict and pre-empt risk to stay ahead of the attacker while maintaining acceptable levels of risk.

Companies need to stay ahead of the threat by understanding the interconnected vulnerabilities of their People, Processes and Technology. This allows them to pro-actively anticipate, contain and neutralise attacks and keep threats away from their vital strategic resources. To enable business to continue despite the mounting cyber and resilience menace.

Our Approach

  • Ensures business continuity in a constantly hostile and evolving cyber environment.
  • Understands how your business relies on people, process and information technology.
  • Work with you to build a robust, repeatable model of your business.
  • Use sophisticated analysis tools to identify key points of weakness that affect your business outcomes.
  • Identify measures to reduce your vulnerabilities.
  • Install real time monitoring that identifies any risks to your business outcomes.

What is RJD’s track record in Cyber Defence?

RJD provides cyber capabilities into:

  • Defence Science & Technology Laboratories [dstl]
  • MoD Cyber Protection Teams
  • Defence Intelligence
  • GCHQ
  • Other government departments

As part of this RJD has developed, with and for government, cyber tools and services. Government now wants to exploit this national investment in the wider government and commercial cyber environments.

Our commercial solution, CyCURE®, is based upon our proven Defence toolset/service, Cyber Mission Impact Assessment (CMIA®).

CyCURE ® Process

Safeguard your business against the Cyber Threat with CyCURE®.

  • Used by departments of UK Government.
  • Analyses intertwined nature of people, processes and technology.
  • Identifies enterprise’s potential vulnerabilities.
  • Recommends & prioritises cost effective solutions.
  • CyCURE® can be evolved as your business changes.
  • Train your staff to use CyCURE® to defend the business themselves.
  • Provides regular reviews and reports,

Our CyCURE® process:

  • Provides the vital layer of enterprise analysis that conventional IT based cyber security approaches cannot give.
  • Protection is pre-emptive and proactive.
  • We train your staff to deliver this enhanced security for themselves.
  • RJD in support as required.

What we do:

  • Understand how your business relies on people, process and information technology.
  • Work with you to build a robust, repeatable model of your business.
  • Use sophisticated analysis tools to identify key points of weakness that affect your business outcomes.
  • Identify measures to reduce your vulnerabilities.
  • Provide training and support.

The Business Challenge

Operating a business today depends on a combination of people, processes and systems to generate a high quality assured product for customers, in an increasingly regulated environment.  Management needs:

  • Confidence that the information presented to them is current and correct
  • Assurance that statutes and regulations are being complied with
  • Assurance that the business is resilient to an agreed range of potential disruptions

Business related data is often held in a number of formats; scanned copies of papers, MS Office documents, spreadsheets, Visio diagrams etc.  Regulations are generally accessed over the internet when staff need to check details.  The data is not linked making maintenance of corporate memory difficult.  Establishing any sort of causal linkage or business dependencies can be a major challenge.

The goal is to optimise access to and usage of coherent and consistent information.  As new questions arise, no one can afford the disruption of starting with ‘a clean sheet of paper’.  They will want to adapt ways of working and software tools to assure continuing operations.

A simple to use, logical process

RJD has developed CyCURE®, a simple process to capture a business enterprise as a series of entities that represent the people, the processes, information and systems that constitute the business enterprise.  By holding these entities in a relational Enterprise Architecture database, the disparate collection of data can be structured, allowing a coherence and completeness check to be undertaken and for key information to be delivered to decision makers in a rigorous and timely fashion

CyCURE® enables business efficiency

The CyCURE® approach enables a business to adapt their processes and tools at a pace to suit them.  It does not force change.  It exploits Sparx Enterprise Architect commercial software product, with custom scripts tailored to the specific issues of concern to each client.  The underlying governance and data management is common across all instances of the CyCURE® process.

RJD will train staff in the client organisation to run the CyCURE® process ‘in house’ or we can discuss a suitable support package.