Cyber threats are everywhere - are you prepared are you pen-tested??

All businesses are now a target for cyber criminals. Make no mistake, cybercrime is well-organised and sophisticated, with criminals using state of the art techniques.

Unidentified vulnerabilities can cost you everything.

One defence [not the only defence] is PENETRATION TESTING [PEN TESTS] which can help you identify and control your cyber vulnerabilities.

What is Penetration Testing?

• Pen testing is an expert-led simulated cyber-attack on your systems to determine how quickly your networks can be hacked and whether you would even notice.
• Pen testing reveals hidden vulnerabilities before the real attackers find them, allowing you to put the necessary controls in place.

The Benefits of Penetration Testing

1. Proactive Protection –

• Identify and fix hidden security flaws before they're exploited.

2. Expert Insights –

• Get detailed reports and actionable steps from experienced professionals.

3. Legal and Regulatory Compliance –

• Meet the standards required by your regulators and avoid severe fines from your data protection regulator and or financial services regulator [e.g. JFSC – SEE BELOW]

4. Peace of Mind –

• Sleep soundly knowing your defences are solid.

JERSEY – JFSC - Understanding your regulatory obligations

1. The frequency, sophistication and impact of cyber-attacks is increasing and the impact of a successful attack can be significant.
2. Common risks involve:

• Data / information theft
• Misappropriation of client assets
• Reputational damage

3. These all carry financial costs, which may be significant and may also result in breaches of the law and / or, for registered persons, regulatory action.
4. In Jersey as a registered person, the Codes of Practice require you to understand and manage risks, including cyber-security risks, which could affect your business or customers.

Guidance on understanding and mitigating cyber security risk

5. Given the potential impact on businesses, the public and the reputation of Jersey, we want to ensure that you have the appropriate cyber-security measures in place. To help with this, we have identified a number of resources that can help you identify and managing these risks.

Cyber essentials

6. The Cyber Essentials scheme is a cyber-security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber-security effectively and mitigating the risk from internet-based threats.
7. This is likely to be a core resource that is appropriate to most registered persons, especially smaller and medium sized firms.

• http://www.cyberessentials.org

National Institute of Standards and Technology (NIST)

8. The framework is voluntary guidance, based on existing standards, guidelines, and practices for organisations to better manage and reduce cyber-security risk. It is a detailed methodology for understanding risks and designing appropriate mitigation and control mechanisms.

• https://www.nist.gov/cyberframework

ISO standards

9. The International Standards Organisation has developed standards on information security (ISO 27001) and cyber-security (ISO 27032).

• https://www.iso.org/isoiec-27001-information-security.html https://www.iso.org/standard/44375.html

You should consider which standard, or combination of standards, is most relevant to them and be aware that the standards may be updated from time to time.

READ MORE

• https://www.jerseyfsc.org/industry/risk/cyber-security/understanding-your-regulatory-obligations/