We were engaged to achieve higher levels of Network Security, improved Cyber Risk Management, overall reduce brand risk and potential loss of digital assets for our client and their customers.
This became an ongoing periodic network “health check” and included aspects of Disaster Recovery Business Continuity.
INCLUDES RISK:
Identification: (360-degree cyber risk assessment)
Most significant exposures, such as:
- Unauthorized access
- Ransomware
- Digital communications compromise – Social Engineering
- Web site scraping
- Fake negative reviews planted by competitor in social media
- others…
Mitigation:
- Manage competitive Request for Proposals from vendors providing:
- Vulnerability assessment
- Penetration analysis
- Manage Bug Bounty programs
- Employee training
- Evaluate technology responsive to weaknesses
- Crisis Management – post event
- Initial assessment
- Minimize disruption – “plug the hole”
- Record/collect data – forensic later assessment
- Comply with notification requirements
- Manage Crisis Communication Vendor
- others….
Transfer:
- Insurance for internet based risks, 1st & 3rd party
- Contractual
- Vendors – appropriate liability
- Identify “who has what data”
- Customers – control expectations