Shriparna Ghosh

We as security and fraud professionals have a daunting task to create friction without impacting user experience. These stats validate our challenges but I know we continue to innovate everyday to meet these challenges.

15

https://lnkd.in/eZfp59HD Schools need greater support and funding for protection and mitigation against such attacks. If a school is run as an academy can they face an ICO fine? There were 347 cyber incidents reported in the education and childcare sector in 2023, a BBC report revealed. It represented a 55% increase on 2022.

11

1 Comment

Would you like to understand more about the intersection of Business Risks, Technology Driven Risks and Vulnerabilities? Are you interested in how to automate the CONVERSION of Technical Vulnerabilities INTO Technical or Cyber Security Risks, knowing that the Board of Directors views Cyber Security as a Business Risk? Join me at the UK Financial Services Information Security Network 2024 as I share insights into this topic. #The Network Group

17

Bank of England’s Sasha Mills sets out the banks expectations around operational resilience for FMIs. Some key points hinting at regulatory focus in the run up to April 2025… 1. Growing emphasis on cyber and data corruption scenarios as some of the most demanding 2. Ensuring that extreme but plausible scenarios provide a full exploration of resilience issues 3. Adopting more comprehensive resilience testing regime over time not just tabletops 4. Considering broader market impacts and involving market participants in testing 5. Growing emphasis on third party risk and the forthcoming critical third party regime While this speech focuses mainly on payment systems - the themes will be familiar to most FIs in their recent dealings with regulators. While April 2025 focusses many people’s minds - we can all be certain that regulatory interest in resilience will not diminish after that date. We wait with interest for the next rounds of supervisory engagement as the regulators digest everyone’s latest self assessments. #operational resilience

62

1 Comment

Do you think fraud is a ‘silent threat’ to national security? With the rise in awareness surrounding romance scams – which are often carried out by organised crime groups with ties to human trafficking – it’s clear that fraud isn’t an isolated crime. This article by Helena Wood is a great summary of the worrying state of fraud and what the UK is doing to tackle it: https://hubs.li/Q02zcxl60 #Fraud #Scams #FinancialCrime

4

End of week when I get to spend time and think what, where & why of everything I do as part of my profession along with a serious intent of learning from a broader community of professionals. Some of the things I try to get to are professional network insights to learn, opine and share ideas. Over the last few months, I may be the only one experiencing this, I have observed that a majority of LinkedIn posts are used as personal or company marketing messaging. A few years back there used to be more of content posts that were educational/insightful/enabling but I don’t see them. Maybe be it’s just my feed. I know I can tune my feed but maybe there’s is an opportunity for a better algorithm that helps people to ignore the dog & pony show.

20

1 Comment

How Data Protection Essentials guidelines can empower SMEs to respond to security incidents Drawing from the experiences of countries like Singapore, where DPE guidelines have enhanced cybersecurity practices among SMEs, India can create a baseline standard for data protection. Read full story here https://bit.ly/4du0YOW

2

❔ Need to know what acquisition due diligence you could contemplate re cyber issues or how cyber issues affect your day to day compliance work? Sign up to hear Paul Dutot IEng MIET MBCS CITP MCIIS OSCP CSTM and Matthew Derrien from the Jersey Cyber Security Centre talking about these and other issues at the Jersey Compliance Officers Association webinar on Wednesday 26 June - 12pm. #cyber #security #compliance #risk #JCSC #JCOA #regulation

7

I recently did a podcast with CyberSecurity Magazine on the changing cyberthreat landscape, the most pressing cyber risk concerns to come and my perspectives on the CISO role. #Cybersecurity has become a topic that is of even greater importance as Standard Chartered alongside our peers in the industry ramp up adoption of #AI and digital assets. #FightCybercrime #HereforGood #AwarenessMatters

154

5 Comments

'The Cyber Security Breaches Survey is a research study for UK cyber-resilience, aligning with the UK Government’s National Cyber Strategy. The study explores the policies, processes and approach to cybersecurity, for businesses, charities and educational institutions.' This year’s survey said that half of businesses and around a third of charities reported experiencing any kind of cybersecurity breach or attack in the last 12 months. The financial impact of an attack alone can be devastating, but when you add to that the loss of time, customer trust and your reputation, it really is vital to take action. Don't wait until it's too late! #cybersecurity #cyberattacks #survey

2

A tad late posting about this. But the #McPartlandReview into Cyber Security as an enabler of Economic Growth has been released. It was great to be a part of this through the ISC2 roundtable. The UK has some serious potential to become a leader in Cybersecurity across a number of domains, this doesn't just start with private businesses but the education sector and public sector. #Cybersecurity #CyberRisk #CyberResilience #Cloud #UK

6

ISO have produced a new guide to understanding ISO27001. For some reason they put “SME” into the title but 95% of its content is applicable to organisations of any size and at 106 pages long it is not really that suitable for SMEs. It is structured around each clause/requirement in ISO27001 and gives guidance on their implementation. In that sense it is meeting a similar need to that of ISO27003 but is a much easier read. There is some advice it has that I would not support but 95% of what it says is in my opinion sound. As a simple example of something that is not in my opinion quite right is that under internal audit it says “In general, a member of staff should not audit their own work” but I can’t ever see how a member of staff could audit their own work and still be considered objective and impartial. It also says “The certification body expects that your enterprise has completed at least one internal audit and one management review when you submit the certification application. Moreover, the internal audit shall cove the scope of certification that you want to seek.”. This is not quite right as you will need to have done something for these for the Stage 2 audit but not for the certification application. It includes some sensible recommendations. As an example, clause 5 about leadership and commitment rightly points out that the management must have a clear understanding of what they want information security to achieve. The guide assumes that an organisation is doing legal, regulatory, compliance stuff but it is not mandatory to include these in your implementation. But as I say, overall, lots of sound advice for organisations of any size. It is a shame that ISO are charging for it (although not much) because I recommend it to all organisations and not just SMEs. It can be obtained from here: https://lnkd.in/etqBcC6b #iso27001 #chrishalliso27001

92

2 Comments

Truly inspirational and words of wisdom from the legend! These three words stood out for me - intensity, clarity, focus...... "..... The truth is whatever game you play in life, sometimes you are going to loose........The best in the world are not the best because they win every point. It's because they know they'll lose again and again and have learned how to deal with it..." The secret to develop a championship mindset - maintain focus, clarity, and forward momentum, refusing to dwell on past points! https://lnkd.in/g4qp7HSR

6

The following from Munich's insightful cyber survey blows my mind - 'The survey, comprising over 7,500 participants from 15 countries across various sectors, underscores the escalating concerns of managers surrounding cyber security. Despite heightened awareness, a staggering 87% of respondents in this group express doubts about their organizations' preparedness against digital threats' - with this many peers across the globe stating such sentiment what would you tell your board / c-suite / investors if your organisation was impacted (of one of your critical supply chain partners was) and you have not transferred that material risk to the insurance market? #cyber #cyberinsurance #cyberattack #ransomware #directorsandofficers #fiduciary #FINEX #WTW https://lnkd.in/e_EqEEUU

42

Oh that's right - some countries have a national fraud strategy. As this opinion piece by Helena Wood points out, there's still a lot of ground to cover in the UK around effectively managing fraud. Still, as I read through the well-researched summary of what's been done so far I got a little jealous all over again. Just in case I had somehow missed a US national fraud strategy in all my rabid consumption of fraud news, I searched various forms of "US national fraud strategy". The result was consistently a long list of references to the UK's strategy. We'll be forced to catch up eventually, but until there are more centralized strategies like what the UK is attempting fraud will have its run of the place. The linked piece is a worthwhile read in addition to being a nice one-stop shop for reference material. Tackling the Silent Threat of Fraud: Amplifying the UK’s Response ( https://lnkd.in/g2YDBeX5) #fraud #fraudmanagement #fraudstrategy #fraudprevention #scams #identityfraud #paymentfraud #regulation #envy

8

3 Comments

'Objective risk-based approaches focused on human capital delivery and resilience entail more considerations: anticipating #NIS2 for, for example, advanced Controls, Intelligence and DLP solutions and enabling various indicators in improved new solutions for compliance integrity and for activities and actions that are eligible for operational teams: this is important to realize and to Anticipate on the basis of continuous improvement (CI) - these people do activities and work that matter. These people are of value and we call that ValueCare for people --->>> these employees and officers are the most valuable assets under local supervision in a healthy culture: .....we express this in ROI/VAR and TRA Compliance Integrity to Cyber ​​#Security Essentials in #Monitoring. we express this: as ○ Build ○ Bridge ○ Secure ○ aspects and communication and Participation and #Compliance #Integrity and HR risks associated with raising awareness of (Aware) secure policy making with applied appropriate security considerations (Secure) and Novation for #Cyber ​​Security. we express this: as ○ Security Essentials with regard to ○ eTrust and ○ Informed Trust, with regard to required and desired or distributed ○ Resilience, or ○ Realistic Resilience-Compliant constructs. Both and especially for ○ Culture and Awareness ○ Informed trust ○ Communication in Organization for strategy and integrated zero-trust principles guiding with Teams and Operations in its complex Business Management and Services for our Customers with Partners in OT-OT processing of #Data Technology. This is not only the case in the business world, but all Acts applied are of course always and in the same way broadly applicable, in a timely manner, completely accurate and transparent, where possible and for relevance and realizability, to the Organization and Operation of Services and services provided by the Government, for you and with participants, partners and stakeholders and other organizations and relevant parties in the business community. #Investments 🌐

1