Featured company: Protective Intelligence
Only 4 days left before our expo programme! Time to put our participants in the spotlight. We hereby give the (virtual) floor to Vince Warrington, Founder and Director of Protective Intelligence.
Protective Intelligence is a UK-based cyber security consultancy with experience across Europe, Southern Africa, the Middle East and Latin America. One of our offerings is a thematic sectoral review of cyber resilience capabilities based on our work with the UK’s Financial Conduct Authority and particularly relevant to the financial services sector in most territories. We are now looking to expand this service internationally, and the chance to link up with DIT and the British Embassy in The Hague is a real opportunity for us to demonstrate our services to European financial regulators.
Cyber resilience is a new way of thinking about how we approach cyber security. Traditionally, the focus has been on preventing attackers from gaining access in the first instance — the ‘Hard Shell, Soft Centre’ model. Recent events, however, have proven that this is no longer suitable, since attacks can and will succeed against almost any target, given enough time and resources. This model has consequently proved exceptionally weak when defending against the ‘Insider Threat’ problem. A cyber resilience approach takes the view that a successful cyber incident is inevitable, so in addition to the usual prevention and detection measures, a more effective model includes intelligence sharing, governance and recovery functions, to ensure that normal operations can be resumed quickly and efficiently post-attack.
Protective Intelligence worked alongside the Financial Conduct Authority to develop and deploy a robust toolkit to evaluate the cyber resilience capabilities of the UK’s financial sector. Regulators currently face problems when attempting to assess the cyber preparedness levels of their regulated entities. Essentially, they cannot see where systemic cyber weaknesses lie within their sector and therefore can only base advice and guidance on generic cyber risks and threats. This toolkit took three key cyber security frameworks popular within financial services, and combined them to provide a level of thematic review that had not previously been possible. Crucially, we identified that this toolkit can be adapted to the specific requirements of any regulator or overseeing body based anywhere across the globe.
With the insight that our tool provides, regulators can obtain a comprehensive overview of the current cyber maturity levels within their firms. This helps them to focus on technical, strategic and managerial controls as well as cyber intelligence gathering capabilities to get the information they need quickly so they can tailor their cyber resilience messages and influence policy decisions effectively. The data generated also allows for firms to be specifically targeted for improvement should their cyber posture be deemed particularly immature. For individual firms, the insights can help them make smarter decisions on cyber resilience, educate the C-Suite and Board on their cyber maturity position — especially with regards to their peers — and help ease the progression of funding for future cyber projects.
We’re very excited to be a part of the Cyber Security Week in The Hague. As well as being able to discuss our services with relevant parties, the event will provide us with the information we need to succeed in the Dutch cyber security market, as well as introducing us to other companies in the market who can complement our services.