Gearing up against cyberwarfare

Learn how you can fortify your defences with our cybersecurity solutions.

At a Glance

Cyber-attacks are increasing at a tremendous speed and are taking the centre stage for many organisations across the globe. With the new hybrid model of working in place, cyber risks are bound to evolve and organisations are constantly finding ways to mitigate cyber threats.

The good news is that with a clear set of guidelines and practices in place, businesses can significantly reduce the cyber-attacks whose impacts are beyond than just financial losses.

 

The Premise

With the upsurge of sophisticated cyber-attacks in Mauritius, one of our client operating in the health insurance and fund administration sector, was concerned with visibility on their effectiveness to protect their information assets and their ability to respond to disruptive events. The company was an existing client of Rogers Capital and with our solid foundation of client relationship, the company turned to Rogers Capital Technology when it came to cyber security advisory.

After an in-depth evaluation of the client’s need, our Cyber Security Advisory experts responded to the client’s concern by proposing a Cyber Security Audit to assess the effectiveness of their key defence controls including their Governance framework, policies, perimeter security, core security and capability to detect and respond to cyber-attacks. The team also assisted the client in enforcing adequate policies in view of operating a robust Business Continuity Plan to face potential disruptive events. This involved a thorough understanding of the core activities and conducting a Business Impact Analysis exercise.

 

Guiding our client through the challenges

Cyber-attacks are almost invisible to the human eye except for some experts who have the means and tools to detect them. However, for the common user of information systems, laptops and business applications, it will be difficult for them to imagine the impact that such attacks can have.

The main challenge for the client was to raise user awareness to ensure prompt and adequate responses. Each and every user of our client had different understandings about the risks and impacts of cybersecurity events and actions that were required to counter such events. Awareness and training were fundamental in aligning everybody to the same level of understanding. A series of professional training was conducted to users including Head of Departments and managers. Team leaders were also trained through our “Train-the-trainer programme” on how to systematically train their users so as to keep them updated on their roles, responsibilities and risks of disruptive events.

Since our Cyber Security Advisory Services are positioned to offer a holistic approach for risk mitigation and compliance, the client benefitted from an overall cybersecurity strategy that would take into considerations any future implementations while strengthening existing capabilities and addressing any crucial gaps in the fast-changing risk environment.

 

Key benefits to the client:

  • The higher management obtained visibility on the risk posture, security maturity level and maturity of technical controls of the organisation
  • A roadmap to improving their cybersecurity was provided with clear priorities
  • Technical risks were evaluated and clear recommendations were made to improve the organisation’s cyber security level.
  • Improved trust and awareness for the employees on how to deal with disruptive events.
  • Assurance for the board and company stakeholders regarding the organisation’s capability to sustain disruptive events and respond effectively.

 

Understanding the threat and the fines associated with a major breach

The sophistications of cyber-attacks are continuously increasing. Phishing emails and Ransomware are top attacks dominating the stage, as they are sophisticated methods designed by cyber criminals to extort money and leak confidential information. The two major legislations which impose fines on data breach are the GDPR (General Data Protection Regulation) and Mauritius DPA 2017 (Data Protection Act 2017). Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20 million (roughly or 4 percent of worldwide turnover for the preceding financial year—whichever is higher.

Under the DPA 2017 of Mauritius, penalties include a fine not exceeding MUR100,000 and imprisonment for a term not exceeding five years.

“The team’s knowledge with regards to the subject and their guidance helped us in multiple ways. The security audit was done with much professionalism from Rogers Capital Technology and today each and every member of our team is aware about the consequences of a cyber-attack” – says the client.

[vcGitTeam git_team=”9753″]