Building resilience from the inside out. Making your own people the frontline defence against cyber-attack.
In partnership with Axelos
Too many businesses make cyber security a priority only when they have been attacked and, although many recognise the lack of adequate resource allocation to this critical aspect of business resilience, they also admit that they do not have enough understanding of the latest information, security implications and their own vulnerabilities. Recent reports in industry show that activities related to information gathering by information brokers, intelligence services and cyber criminals acting on behalf of business players have increased rapidly over the last few years. The rise in malware and phishing has significantly impacted most organisations risk exposure, with the costs of dealing with the aftermath rising globally to £600bn in 2017. A recent report found that current employees remain the top source of security incidents*. Lloyd’s Register is one of the world’s leading providers of professional services for engineering and technology – improving safety and increasing the performance of critical infrastructures for clients in over 75 countries worldwide. We understand the risk environment of the digital world, whether that’s from gaps in your systems to inexperienced employees, and work with clients across the world to ensure their businesses are aware and resilient to any cyber threat that may come their way. * PwC 2018 Global State of Information Security Survey
2 | Lloyd’s Register
Your organisation’s security is everyone’s responsibility. A new training partnership More effective employee training is a key factor in reducing the occurrence of cyber-attack and the costs of dealing with breaches after they occur. That’s why we’ve partnered with AXELOS, global best practice specialists to offer their world leading RESILIA® Frontline awareness training for all staff.
90% of successful cyber-attacks success because of human error *Verizon, 2015 Data Breach Investigations Report
About AXELOS AXELOS is a joint venture created in 2013 between HM Government in the United Kingdom and Capita plc, to manage, develop and grow the Global Best Practice portfolio. AXELOS boasts an already enviable track record and an unmatched portfolio of globally recognised best practice qualifications.
Introducing RESILIA® Frontline Information lies at the heart of every successful organization. Ensuring your most valuable and precious information remains secure from cyber-attack is now a critical priority. But your cyber security is only as good as the attitudes and behaviours of your people. And 90% of all successful cyber-attacks succeed because of human error*. That’s where RESILIA® Frontline, a GCHQ Certified Training (GCT) provider, can help. RESILIA® Frontline provides engaging cyber security awareness training for all employees, regardless of their role or responsibilities. Written and designed by cyber security experts and learning specialists, RESILIA® Frontline helps your people to become your greatest information security asset by embedding and sustaining cyber resilient behaviours. From large-scale corporations and SMEs to public bodies, RESILIA® Frontline is helping to deliver information security and cyber resilience for organisations like yours.
Lloyd’s Register | 1
Engaging cyber security awareness training for all employees
RESILIA® Frontline is a suite of engaging, relevant and innovative online learning modules. They provide employees with the simple, practical guidance they need to make the right decisions at the right time in the face of sustained cyber-attacks and digital exploitation. The content for RESILIA® Frontline is designed by world-leading international experts in the fields of information security and learning design. They’ve worked with corporations, institutions and governments around the globe to address cyber risks and improve digital safety. RESILIA® Frontline provides a mix of training types, including games, animations and audio stories, for any organisation to design compelling training campaigns which appeal to all learning
2 | Lloyd’s Register
RESILIA® Frontline is updated regularly to reflect the changing nature of cyber security threats styles. The content is continually reviewed and developed to ensure the materials and techniques used remain up-to-date and relevant. The net result? Practical and accessible cyber security awareness training that is invaluable for staff in any organization, in any role.
Topics covered by RESILIA® Frontline include:
AGE 12 Managing Online Risk
Keeping Safe Online
Protecting Information
Safe Device Use
Phishing How to recognise, react and respond to one of the most common methods used by cyber-attackers
Social media Using social media platforms wisely to defend against potential attackers and fraudsters, safeguarding personal information and privacy
Personal information Understanding what constitutes personally identifiable information and the responsibilities of keeping information secure
BYOD (bring Your Own Device) Strategies and techniques for safe use of personal mobiles and tablets inside and outside the organisational environment
Information handling Skills and tactics to ensure safe usage, control, disposal and destruction of the organisation’s sensitive and commercial data
Password safety Guidance in the creation and management of high-strength passwords to help stop attackers gaining unauthorised access to the organisation’s network
Social engineering Recognising, avoiding and managing attempts to uncover sensitive data through manipulation by fraudulent parties
Online safety How to work safely and responsibly online, protecting personal date when browsing websites
Removable media Using devices to store, move and share data safely inside and between organisations
Remote and mobile working Safe use of office devices outside of the organisational environment
Lloyd’s Document Register footer | 3
A flexible cyber security awareness training solution Lloyd’s Register clients can access the RESILIA® Frontline interactive learning platform allowing you to tailor content to suit your employees and critical cyber risks. No complex integration is necessary and because the platform is web-based, staff can also access the content remotely for increased flexibility. Using the RESILIA® Frontline diagnostic tool you can assess your employees existing levels of security knowledge and build personalised learning pathways for employees. This allows you to provide the modules you think are necessary for different roles and levels of knowledge. This tailored approach, together with regular built-in assessments, ensures maximum training effectiveness, increases employee engagement and improves operational efficiency. You’ll also benefit from their Learning Dashboard, giving you real-time data on employee and team progress and performance. Ideal for all your compliance, learning and development needs.
4 | Lloyd’s Register
RESILIA® Frontline is perfect for organisations who want to protect their hard-won reputations, competitive advantage and online delivery capabilities
Visit lr.org for more information on the RESILIA® Frontline cyber security e-learning and to arrange a demonstration.
How secure is your organisation?
“It takes 20 years to build a reputation and 5 minutes to ruin it. If you think about that, you’ll do things differently.”
Warren Buffett Business Investor and Philanthropist
The threat of cyber-attack is now widely recognised as one of the greatest risks facing any organisation around the world. Yet it’s estimated upwards of 90% of successful cyber-attacks continue to succeed because of human error, the unwitting actions of anyone in any role within the organisation.
Engage employees: offering a lively mix of different and immersive learning approaches including games and animations in addition to eLearning
But this training is often annual, ‘tick-box’ training that does little or nothing to change and sustain behaviour change or sustain resilient behaviours. RESILIA® Frontline is different and demonstrably more effective.
Embrace everyone: encouraging the support and involvement of all staff, including leadership teams, to create a genuine culture of cyber resilience.
Measure, learn and adapt: providing a comprehensive set of management information
Tom Farley President of the New York Stock Exchange Foreword to ‘Navigating the Digital Age
RESILIA® Frontline has been developed to allow you to: Keep training regular and relevant: delivering short, frequent learning in key areas of cyber risk enabling tailored awareness training Communicate practical guidance: providing advice that’s jargon-free and which can be applied at home and on the move as well as at work
“It is important companies remain vigilant, taking steps to proactively and intelligently address cyber security risks. Beyond the technological solutions, we can accomplish even more through better training, awareness and insight on human behaviour. Confidence, after all, is not a measure of technological systems, but of the people entrusted to manage them.”
With RESILIA® Frontline you can be assured that your employees sit at the heart of your response
Data Protection and GDPR. Guidance for protecting and using Personal Data correctly to be compliant with the General Data Protection Regulation (GDPR).
“You need to really work with your people and embark on conversations with them about the threats that are out there. That’s what we want to change – we want people to talk about security, discuss the risks, but help each other out. The more people talk about security with each other, the better things will become.”
Professor Angela Sasse Professor of Human-Centred Technology at UCL and Director of the UK Research Institute in Science of Cyber Security (RISCS)
Lloyd’s Document Register footer | 5
Global best practice in action Cyber Stories from the Frontline
AXELOS is a joint venture between HM Government in the United Kingdom and Capita plc, a leading FTSE organisation. AXELOS was formed to develop and promote a global portfolio of best practice solutions and qualifications.
RESILIA Frontline awareness training uses scenarios and stories to engage people. Here are some snippets from supporting real-life stories that AXELOS RESILIA has published that outline real cyber incidents to being the cyber risks we all face to life:
The AXELOS Global Best Practice portfolio includes the PRINCE2® and ITIL® methodologies, certification and training which are used by project management and IT professionals around the world. In 2015, AXELOS launched the RESILIA®Portfolio designed to address the growing need to adopt Best Practice in cyber security to counter the relentless threats to organisations and their most valuable and precious information and systems. Thousands of varied and successful organisations around the world now use AXELOS Global Best Practice including NASA, The Walt Disney Company, UNOPS, HP, Microsoft, P&G and the Australian Government.
The fact that a senior manager had fallen for a phishing email made my point for me. It’s people who count as much as systems. Your people have to be educated, trained, and vigilant enough to resist falling for the simple, obvious scams.
Our goal is to make your people your most effective defence against cyber-attacks
…bad luck compounds bad practice. The only thing you’re in control of is the way you set up your business and the good practice you instil in your people at all levels of the organisation.
The board was very worried. They were concerned something would be lost or compromised and that there would be a leak to the press. The deal could all fall through, the share price would plummet and the headlines would be toxic.
The lesson is simple: be friendly with your clients, contractors and customers but always keep your secrets in the family. Investigate, be suspicious, never take someone for granted, especially an outsider. 6 | Lloyd’s Register
A 360 degree approach to building cyber resilience Understanding the changing nature of cyber threats across different industries is an important part of a cyber security strategy. Entire operations and organisations are networked and interconnected as the worlds of Information Technology and Operational Technology merge. We help our clients to cut through their data noise, delivering ever-smarter risk management and intelligence to enhance cyber security. Threat Intelligence Dedicated research and innovation team to inform clients with up to date threat intelligence and proprietary tooling Governance, Risk and Compliance Security services for managing corporate governance, risk management and compliance with regulatory requirements
Governance, Risk and Complance
Incident Response
Security Testing Threat intelligence led testing, red teaming, penetration testing and continuous scanning Training and Strategy Customised cyber strategy that aligns people, processes, and technology with enterprise business priorities and risks Managed Security Services An extension of our clients’ security operations team Incident response Immediate response in the event of a cyber breach
Managed Security Services
Security Testing
RESILIAÂŽ Frontline ishelps you to achieve a Threatcyber resilient culture Intelligence
Training and Strategy
Lloyd’s Document Register footer | 7
Get in touch
Please visit www.lr.org/resilia for more information Or email resilia.frontline@axelos.com
www.lr.org
May 2018 Lloyd’s Register and variants of it are trading names of Lloyd’s Register Group Limited, its subsidiaries and affiliates. Copyright © Lloyd’s Register Group Limited. 2018. A member of the Lloyd’s Register group. Copyright © AXELOS Limited 2017. AXELOS®, the AXELOS swirl logo®, ITIL®, PRINCE2® and RESILIA® are registered trade marks of AXELOS Limited. All rights reserved