On our latest call the CIOs shared what they reported to their boards, and their reporting frequency for cyber security. The boards fell into two broad groups.:
Across both groups, the CIOs were clear they had the support of their board, and the boards were very keen to ensure they were addressing industry issues and staying across emerging threats.
On our next call (10th August) the CIOs will talk about what they are doing to prepare for the worst case scenario, including bare metal rebuilds. We will also start this discussion by walking the CIOs through the Lifecycle of a Ransomware Incident which was produced by CERT NZ.
On the following call (14th September) we will have a discussion on lessons learned from security incidents.
In our June discussion, the CIOs focussed on:
In this month's discussion, the CIOs shared various issues they are currently facing:
During our April call, the CIOs discussed:
A recurring point from the CIOs was the recognition that if they ask a supplier to complete a questionnaire around security, the CIO's team should ensure that:
During our March call, the CIOs discussed:
During our February call, the CIOs spoke about:
On today's call The Network had an IBRS Advisor present to the CIOs on Microsoft's strategy, in particular their view on security. The following points were presented and discussed:
During our November call, the CIOs spoke about:
On our October call, the CIOs spoke about:
Quote of the call
“I’m not sure which has been more invasive, the executive health check or our cyber insurance renewal”
Some links referred to during the call:
On our September call, the CIOs and guests spoke about:
On our August call, the CIOs and guests spoke about cyber security messaging to the executive team and the board:
Surviving a cyber breach without damaging your brand - A Case Study of Australian Red Cross Life Blood Breach - Webinar and Q&A 26 August 2021 11.00 AM EAST (1 hr) Registration
On today’s call, the CIOs discussed:
On today’s call, the CIOs spoke about:
On the Cyber & Risk Network May call, the CIOs spoke about:
Expel is a SOC that actually has happy customers.
The Commonwealth Department of Industry, Science, Energy and Resources has developed a cyber security self assessment tool, which may be useful for smaller suppliers: Cyber Security Assessment Tool.
James recently wrote a piece, 'Recent FBI intervention on compromised Exchange servers is a bad sign for taxpayers everywhere'.
We had the pleasure of hearing from the CIO of a medium sized Australian company. The CIO took us through their company's recent experience of a ransomware attack; from their own self-assessed level of security maturity before the attack, the timeline of events, and lessons learnt.
Through the Q&A session some of the key priorities that emerged were: On the Cyber & Risk Network March call, the CIOs and guests spoke about:
You might also like to include these links
"Notifiable Data Breaches Report: July–December 2020", Office of the Australian Information Commissioner, Jan 2021.
Useful data points here, including the increase in breaches through human error.
"Cybersecurity Insurance Has a Big Problem", Harvard Business Review, 11 Jan 2021
This article is well worth reading.
"FMA releases review of NZX technology issues", 28 Jan 2021.
This article contains sharp objects.
Local public incidents
"Accellion hack behind Reserve Bank of NZ data breach", IT News, 12 Jan 2021.
"Australian securities regulator discloses security breach", Bleeping Computers, 25 Jan 2021.
(Also via Accellion)
"Allens victim of high-profile cyber attack", AFR, 22 Jan 2021.
(Also via Accellion)
"Law In Order – Cyber Security Incident", 3 December 2020
Quote, "When this incident occurred, we implemented a response strategy to investigate the threat actor’s activities, safely restore our systems and prevent potential disclosure of client information." [Emphasis added]