Will Channel Islands Fund and Asset Managers Lose Clients Because Of New EU Cyber Security Regulations?
Read MoreFree Webinar for London Fund and Asset Managers: Don’t Lose Clients Because Of New EU Cyber Security Regulations
Read MoreThe next open Cyber User Education and Awareness Training session with any availability left is on Wednesday 06 October 2021 from 10am-12pm.
Read MoreBlack Arrow Cyber Threat Briefing 10 September 2021
-91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations
-Ransomware Attacks Increased Exponentially In 2021
-One In Three Suspect Phishing Emails Reported By Employees Really Are Malicious
-Hackers Shift From Malware To Credential Hijacking
-Attacker Breakout Time Now Less Than 30 Minutes
-Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices
-The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge
-Hackers Exploit Camera Vulnerabilities To Spy On Parents
-39% Of All Internet Traffic Is From Bad Bots
Read MoreTime’s up. Are you ready to evidence compliance with the new GFSC Cyber Rules now in effect?
Read MoreGuernsey Regulated Financial Services Firms, the deadline for compliance with the GFSC Cyber Rules is today!
Will you be ready to explain your strategy and governance when the GFSC turn up for a regulatory visit?
The Cyber Rules compel Boards to take accountability for Cyber risks where previously it may have belonged to IT. Technology is only one piece of the puzzle, and often it is your people that present your weakest link.
We support our clients with an independent and proportionate gap analysis report that assesses risks and controls across people, operations and technology. This informs the strategy and governance that shows the GFSC what they want to see, reinforced by objective education and awareness for Boards and users.
Read MoreWhat is a Cyber 'Trigger Event' under the GFSC Rules - and what firms need to do to evidence they have taken appropriate steps
Priority action for all regulated firms in Guernsey: Microsoft announced that email servers are being attacked, and the GFSC rules require you to record how you have reviewed your cyber security controls to address this.
Read MoreOur latest piece in the Guernsey Press - The new GFSC Cyber Security Rules: What the GFSC demands of firms, and why leaving it all to your IT provider won't make you compliant
Read MoreWelcome to this week's Black Arrow Cyber Tip Tuesday, this week Tony is talking about the new cyber rules that the GFSC have just released and which are now in force for regulated financial services firms in the Bailiwick.
The GFSC have now released the new cyber rules and all regulated financial will need to be able to demonstrate compliance with these new regulations.
The regulations are built around compliance or adherence to the internationally recognised NIST cyber security framework and the five pillars contained therein, being identify, protect, detect, respond and recover.
We can assist any firm by producing a gap analysis against the NIST standard, and therefore the GFSC rules, to identify any areas of non-compliance or areas where firms will need to bolster their existing security arrangements.
Remember that cyber and information encompasses a lot more than just IT but is rather requires a holistic approach across people, operations and technology.
Leaving this solely to your IT team or IT provider likely won’t provide the coverage the GFSC now expects from firms.
Remember too taking a proactive approach should always be about preventing an attack or breach, many firms do not survive a significant cyber event, and for those that do recovery invariably costs a lot more than it would have cost to put appropriate controls in place to prevent the breach happening in the first place.
Boards are expected to show good governance over cyber and information security as they would be expected to do with any older and longer established risks.
It is clear from the new rules that the GFSC also agree that the responsibility for cyber and information security clearly sits with Boards, not IT.
Talk to us today to see how we can help you demonstrate compliance or become compliant with the new GFSC cyber rules.
Read MoreWelcome to this week's Black Arrow Cyber Tip Tuesday.
In our articles in Business Brief magazine and the Guernsey Press, we have consistently highlighted that the Board, not IT, is responsible for Cyber and Information Security.
The financial services regulators in the Channel Islands have also made that very clear.
The GFSC has warned that “Cyber and information security should be taken seriously by the Board and included along with more established risks within a firm’s overall strategy for risk management”.
And the JFSC has told businesses that “As a registered person, the Codes of Practice require you to understand and manage risks, including cyber-security risks, which could affect your business or customers”.
Read MoreCyber Weekly Flash Briefing 25 September 2020: GFSC consulting on new Cyber Rules; Leaked FinCEN files expose poor data security; Microsoft detects active Zerologon attacks; ransomware crew fingered for German hospital death; malware that steals your most sensitive data on the rise; Ransomware is evolving; top threats inside malicious emails; Credential Stuffing behind Recent Attacks
Read MoreWelcome to this week's Black Arrow Cyber Tip Tuesday. We have talked before about how the regulators like the Guernsey GFSC and the Jersey JFSC expect Boards to take Cyber and information security seriously by the Board just as they do with more established risks, and that Directors are required to understand and manage those risks. So, how can a Board evidence this. The clearest way is to schedule a regular review of a cyber security report at Board meetings. That report should contain a few sections with brief and focused content that is explained in terminology that all business leaders can understand. One of those sections is a dashboard with key indicators about the risks that the business faces, and the controls that are in place to mitigate those risks to match the organisation’s risk appetite. We recommend that organisations structure their risks and controls based on one of the globally recognised frameworks, for example NIST or ISO 27001. In fact, the forthcoming regulations from the GFSC are based on the NIST framework. So, the dashboard would also be structured to match that same framework, to ensure everything this covered. The Board members should be sufficiently knowledgeable about these topics to be able to question whether things are as good as the dashboard says they are, and whether the rating should be Amber instead of Green. Or, whether the RAG threshold is appropriate for their business. And that challenge in the Board room should be minuted for future reference. You don’t need to be an expert, but you do need to have a good understanding of the basics, and your independent trusted advisors can support you on the details. Contact us to see how we can help you achieve what the regulators require of you.
Read MoreWelcome to our first Black Arrow Cyber Tip Tuesday for 2020 a chance for us to have a think about what's coming up over the next couple of months. Firstly, we know the new GFSC rules on cyber security will be going out to consultation and we know that the GFSC will be putting a lot more focus on cyber security, both in terms of operational and governance risk, and regulated firms need to think about how they are going to demonstrate compliance with these new regulations. Secondly, we will be holding our first workshop for charities later in Q1, once we have completed a number of case studies with local charities to ensure the workshop hits the right note with the charities we are trying to help. More info on this will follow in the next month or so. Whether you're a regulated financial services firm, any other kind of business, large or small, or a charity, contact us today to see how we can help make security easier for you to understand and protect yourselves against attacks.
Read MoreBlack Arrow Cyber Tip Tuesday - Looking to 2020 and increased focus on cyber by the GFSC for all regulated financial service firms in the Bailiwick
Read More