Tag Archives: Risk Management

Strategic Approaches, Strategic Report

Blockchain Regulatory Framework, Legal Challenges and the Financial Industry

1 Comment

Blockchain Regulatory Framework, Legal Challenges and the Financial Industry

Camille Madec

Introduction

In order to stay competitive, financial industry must seize the opportunities of the on-going technological disruption, and particularly with the recent so-called blockchain innovation when some argue that this new technology has the potential to replace banks as financial intermediaries for transfer and exchanges of money. In this transitional context, financial sector could face new cybersecurity risks, with sophisticated attacks, which eventually call for a renewed regulation framework. Here the financial sector means banks, insurers, asset managers, and advisory firms.

Blockchain can be defined as “a peer-to-peer operated public digital ledger that records all transactions executed for a particular asset (…) The Blockchain maintains this record across a network of computers, and anyone on the network can access the ledger. Blockchain is ‘decentralised’ meaning people on the network maintain the ledger, requiring no central or third party intermediary involvement. […] Users known as ‘miners’ use specialized software to look for these time stamped ‘blocks’, verify their accuracy using a special algorithm, and add the block to the chain. The chain maintains chronological order for all blocks added because of these time-stamps.” (Alderman, 2015)

Hence, Blockchain, well known through the so-called bit coin, could open much more perspective and should guaranty security and the validation of all the exchange of data. In addition to open room for new business opportunities, this new technology could disrupt the legal conception of privacy, intellectual property right, and presents some issues regarding financial institution accountability given the new associated risks. As a consequence while financial institutions have been under strengths by the new regulatory requirements in the aftermath of the 2008 financial crisis, they might see their accountability rises again to address cybersecurity risks and associated prejudices related to blockchain innovation.

This paper explains how business compliance to new cyber regulatory framework is a strategic issue for financial institutions. It presents the financial institutions specific data profile and linked eventual collateral damages. It highlights blockchain innovation opportunities and associated new cybercrime challenges. It describes the current European regulatory framework and legal accountability scenarios. It then finally supports the hypothesis of cyber compliance as a corporate competitive advantage and maps out some elements
of potential recommendations to strengthen cybersecurity resilience.

Read the full strategic report here: regulatory compliance and cybersecurity

References

Alderman, P. (2015). Blockchain –emerging legal issues. Lexology, Global.

Cybersecurity: Challenges and New Threats, Strategic Report

Cybersecurity, a new challenge for the aviation and automotive industries

Leave a comment

Cybersecurity, a new challenge for the aviation and automotive industries

Hélène Duchamp, Ibrahim Bayram, Ranim Korhani

Abstract:
This paper will focus on cybersecurity in the civil aviation industry, but will also present some of the threats that exist in a much more daily transportation mode: personal cars.
We will present the stakeholders involved in the aviation industry, point out the sources of the vulnerability of the industry to cyber attacks, and then analyze the efforts put in place to deter cyber attacks against commercial aircraft. The same order of reasoning will be applied to the automotive industry

Introduction

The aviation industry is important to the global economy. In 2013, the air transportation network carried over 48 million tons of freight and over 2.6 billion passengers. Its global economic value was estimated at 2.2 trillion dollars (AIAA, 2013). Any (cyber)-attack in this industry would result in important social and economic consequences.

With the development of new technologies such as internet, the global aviation industry is subject to a new and growing type of threat coming from cyberspace. As in the other industries, cyber threats purposes are for example the robbery of information, political actions, make profit, or simply weaken one stakeholder of the industry.

Because of its complexity and its weight in the economy, breaking the aviation industry’s security constitutes a great challenge for hackers and terrorists. Moreover, this industry relies more and more on information and communication technology (ICT). As an industry that is well known for providing one of the safest type of transportation, it is mandatory for all its stakeholders to understand the risks and to prevent any malicious events for the good of the industry, the economy, the population and the environment.

Read the full strategic report here: cybersecurity, a new challenge for the aviation and automotive industries

References

AIAA. (2013). The connectivity challenge: protecting critical assets in a networked world – a framework for aviation cybersecurity.

Cybersecurity: Challenges and New Threats, Strategic Report

Cybersecurity & Cyber Threats in Healthcare Organizations

1 Comment

Cybersecurity & Cyber Threats in Healthcare Organizations

Aurore Le Bris, Walid El Asri

Abstract:

Cybersecurity has become a strategic issue for healthcare facilities. This current risky situation comes from an internal double threat: the misuse of IT systems by employees due to their low risk awareness and the lack of proper funding dedicating to Information Security. Simultaneously, the democratization of hacking techniques has also increased the number of potential perpetrators and the variety of their profile. The multiplication of healthcare facilities hit by such attacks reveals how absolutely necessary the question of cybersecurity is. Thanks to the mediatization of these incidents, concerns now grow among general public and authorities, which trigger more and more initiatives to turn things around: FDA, AHA, HITRUST in the USA. A move towards more coordination in necessary. Furthermore, facilities’ staff is essential in solving the hacking issues. Indeed, cybersecurity cannot be improved without training employees to use devices properly, raising their awareness on cyber threats and ensuring their compliance with security policies.

Introduction

Cybersecurity has become a crucial issue for many organizations but also for private individuals. As well as for “regular” crime, anyone may become a target of ill-intentioned people, exploiting the vulnerabilities of information systems (IS) in any possible way. Healthcare organizations are some of the entities we trust the most and that hold the most sensitive information about us: name, date and place of birth, medical records, social security details, etc. Suffering from many flaws (low budget, lack of IT organization, excessive use of legacy systems…), healthcare actors have become easy targets for hackers, facing more and more pressure and threats from them (Fu and Blum, 2013).

This article aims at depicting the current state of cybersecurity in healthcare organizations as well as at understanding the main cyber threats they face and how these last ones could be addressed.

First of all, the stakes and risks associated to the healthcare environment will be presented. The different types of assets likely to be targeted will be reviewed as well as the profile of the potential attackers/threats and their objectives. Then, examples of attack scenarios – that occurred in real life or pentests – will be studied in order to highlight the consequences they may have on healthcare IS. Finally, the current state of cybersecurity in healthcare facilities will be portrayed and possible measures to enhance it will be discussed.

The following strategic report assess new risks and threats towards healthcare facilities and organizations. Read the full report here:
Cybersecurity & Cyber Threats in Healthcare Organizations

References

Fu, K., & Blum, J. (2013). Controlling for cybersecurity risks of medical device software. Communications of the ACM, 56(10), 35-37.