Cyber security: threats to operational resilience
Whether cyber attacks are from nation states, hacktivists, or organized criminals, they’re becoming ever more sophisticated. Combined with the rising digitalization of business activity it means it’s becoming increasing difficult for an organization to be genuinely resilient. Other business challenges can create issues too – such as legacy technology estates, the storage of sensitive information and the rise of hybrid working.
We believe that businesses cannot respond to growing threats by bolting a cyber security function alongside existing capabilities. But they need to take a wider-screen view of all potential vulnerabilities – business and technical – to improve their overall resilience.
At Berkeley, we ensure that we understand your business and recognize what’s important and critical for you. By deploying a small team in strategic positions within your organization, we won’t overwhelm your business or take months to deliver results. Instead, we’ll work to quickly define and deliver solutions that are right for you. Your security is our priority.
The Berkeley consultant’s sharp business acumen coupled with an in-depth understanding of information security were invaluable assets during my first months in the role. Overall, the consultant was a key contributor to the success of my first 90 days in the company.
Out of the many hundreds of IT/cyber professionals and professional consultants I worked throughout my career, Berkeley clearly falls into in the top 10%. One of those who see the big picture, can easily zoom in and out, ultimately caring about the outcome and getting things done as if they were doing it for their own business. A rare skillset these days.
Actions speak louder than any advertisements. After working together, my only regret is that I did not know about Berkeley in my prior gigs.”Head of Information and Cyber Security, a supply chain and logistics company
Cyber security: defining strategy for success
The Berkeley Partnership supports organizations to develop and define their cyber security and operational resilience strategies. By helping our clients work through the outputs of risk assessments, we assist in developing a roadmap for change – all while ensuring activities are prioritized so that our clients can feel tangible benefits as soon as possible. Berkeley consultants understand that every business runs differently, so strategies and plans are centered on the unique context of each client. We don’t bring in off the shelf solutions.
Cyber security consultants from strategy through to delivery
Regardless of where you are in your resilience journey, The Berkeley Partnership is here to help. We work with our clients at all levels and pride ourselves on helping build capability at all of them. We’re adaptable as well as experienced, and can switch from policy and strategy to the detail of implementation in the most complex, high-stakes circumstances.
Pragmatic approach to operational resilience
We’re experts at defining functional strategies that strengthen our clients’ businesses and we’re committed to ensuring that those strategies are deliverable. We work with our clients to mobilize their cybersecurity and operational resilience roadmaps and then often help lead the delivery of projects that materially strengthen their capabilities. Our consultants combine their practical security domain knowledge with deep experience in program delivery and business change to help our clients set their security programs up for success.
Framing transformation for senior stakeholders
Cyber security and operational resilience is vital, but it’s crucial that senior stakeholders are on board to truly manage risk. Berkeley has vast experience of helping our clients with positioning their cyber security and operational resilience agendas with board members, including securing investment approvals. Bringing recommended interventions to life and framing them in language that makes sense to senior stakeholders can be decisive in moving a project forward. We partner with our clients to achieve this necessary buy in.
Cyber security and operational resilience can be unfathomable for the uninitiated. We believe the best approach is to bring everything down to the basics: a coherent, insight-driven strategy; well executed change; rigorous and efficient operations; and engaged and supportive leadership.”
Michael Owen, Partner
The Berkeley Partnership’s fundamentals for developing operational resilience
Our advice
When providing cyber security consulting to clients, from formulating resilience strategies through to delivering tangible change to their cyber security capabilities, our advice is:
Know the business
What’s important versus what’s critical? What are the inherent organizational cyber security strengths and weaknesses?
Don’t let great be the enemy of good
It’s easy to be seduced into attempting a leap to the gold standard. Before embarking upon wholesale organizational change, first ask: “How good are we at the basics of cyber security?” It’s not glamorous but it is essential.
Judgment over theory
With cyber security, it’s impossible to analyze your way to success. True operational resilience is achieved by being pragmatic – developed through focused thinking, delivering meaningful change in manageable steps.
People are as important as machines
Too often cyber security is characterised as a technology arms race, but developing operational resilience relies as much on cultural and behavioral change within your business
Get into the heads of the decision makers
Governance, organization and ownership are everything. Effective operational resilience should come from the top down, not as an afterthought.
The Berkeley Partnership’s fundamentals for developing operational resilience
Our advice
When providing cyber security consulting to clients, from formulating resilience strategies through to delivering tangible change to their cyber security capabilities, our advice is:
Know the business
What’s important versus what’s critical? What are the inherent organizational cyber security strengths and weaknesses?
Don’t let great be the enemy of good
It’s easy to be seduced into attempting a leap to the gold standard. Before embarking upon wholesale organizational change, first ask: “How good are we at the basics of cyber security?” It’s not glamorous but it is essential.
Judgment over theory
With cyber security, it’s impossible to analyze your way to success. True operational resilience is achieved by being pragmatic – developed through focused thinking, delivering meaningful change in manageable steps.
People are as important as machines
Too often cyber security is characterised as a technology arms race, but developing operational resilience relies as much on cultural and behavioral change within your business
Get into the heads of the decision makers
Governance, organization and ownership are everything. Effective operational resilience should come from the top down, not as an afterthought.
Clients often ask us…
Question 1
What are the biggest cyber threats to my business?
Question 2
How do I establish my organization’s impact tolerances for cyber and operational risks?
Question 3
How do I identify my biggest operational resilience risks, and shape and deliver a program of work to mitigate them?
Question 4
How do I prioritize which cyber-security and operational resilience initiatives to invest in, when demand always outstrips supply?
Question 5
How do I persuade my business that cyber security and operational resilience is not just a technical issue / solution?
Question 6
How do I embed a culture of cyber security within my organization?
Question 7
How do I justify an investment in cyber-security or operational resilience? How can I quantify the benefits when it may never happen?
Question 8
How do I respond to questions from my board / CEO about the latest ransomware attack, and whether I can guarantee that it would never happen to us?
Client stories
Global supply chain logistics company
Our client – a global supply chain logistics company – works with many well-known consumer goods brands, making them an attractive target for potential cyber criminals. In the wake of several well-publicized major supply chain cyber-attacks on other companies, the executive leadership team and board recognized they faced a significant risk – which could result in substantial damage to financial performance, business continuity and reputation.
The company embarked upon a three-year scope of work to realize their strategy of increasing their cyber maturity and mitigating their most immediate risks. They needed to be able to identify and manage cyber risks; protect themselves from attacks; efficiently detect and respond to incidents when they did occur; and have the capability to recover quickly.
Global manufacturer
We assisted a major global manufacturing company to evaluate and select a cloud infrastructure service provider on which to run its new ERP system.
We helped establish selection criteria, a decision-making team, and a short-list of potential vendors. We ran the selection exercise and helped negotiate the contract for the service.
Large energy super-major
We led the project to migrate the global, multi-brand web-estate for a large energy super-major to the cloud in response to a huge increase in web-traffic volatility and a number of security threats.
The project implemented a new Content Management System and helped establish a process for each brand entity to migrate their sites.
FTSE 250 manufacturer
We led the program to migrate a FTSE 250 manufacturer’s entire data-center estate onto the cloud.
This included both Unix and Windows services, ERP and best-of-breed package and bespoke applications.
Global cloud solution
We led the overall program as well as business case and supplier selection streams to deliver a cloud solution for all internet and intranet content with 200+ sites spanning 100 countries, in 29 languages and five major brands.
Benefits included: improved site resilience and flexibility, improved digital security, annual OPEX savings and a significantly reduced lead time over traditional methods of hardware procurement, rack and stack, deployment and testing.
UK financial services regulator
We worked with a UK financial services regulator to develop the detailed business case for a multi-million pound investment in a new Salesforce.com authorizations workflow capability.
One particular complication was to drive out an accurate set of ongoing service support costs given that this was the first time the organization had implemented a cloud-based solution. The business case was approved by the regulator’s executive committee and the template was rolled out as a good practice example.
Client stories
Our client – a global supply chain logistics company – works with many well-known consumer goods brands, making them an attractive target for potential cyber criminals. In the wake of several well-publicized major supply chain cyber-attacks on other companies, the executive leadership team and board recognized they faced a significant risk – which could result in substantial damage to financial performance, business continuity and reputation.
The company embarked upon a three-year scope of work to realize their strategy of increasing their cyber maturity and mitigating their most immediate risks. They needed to be able to identify and manage cyber risks; protect themselves from attacks; efficiently detect and respond to incidents when they did occur; and have the capability to recover quickly.
We assisted a major global manufacturing company to evaluate and select a cloud infrastructure service provider on which to run its new ERP system.
We helped establish selection criteria, a decision-making team, and a short-list of potential vendors. We ran the selection exercise and helped negotiate the contract for the service.
We led the project to migrate the global, multi-brand web-estate for a large energy super-major to the cloud in response to a huge increase in web-traffic volatility and a number of security threats.
The project implemented a new Content Management System and helped establish a process for each brand entity to migrate their sites.
We led the program to migrate a FTSE 250 manufacturer’s entire data-center estate onto the cloud.
This included both Unix and Windows services, ERP and best-of-breed package and bespoke applications.
We led the overall program as well as business case and supplier selection streams to deliver a cloud solution for all internet and intranet content with 200+ sites spanning 100 countries, in 29 languages and five major brands.
Benefits included: improved site resilience and flexibility, improved digital security, annual OPEX savings and a significantly reduced lead time over traditional methods of hardware procurement, rack and stack, deployment and testing.
We worked with a UK financial services regulator to develop the detailed business case for a multi-million pound investment in a new Salesforce.com authorizations workflow capability.
One particular complication was to drive out an accurate set of ongoing service support costs given that this was the first time the organization had implemented a cloud-based solution. The business case was approved by the regulator’s executive committee and the template was rolled out as a good practice example.
Sector
Financial services
Services
Digital, data and technology
Related Services
Lead Partner
