CYBER SECURITY FOR CORPORATE SERVICE PROVIDERS

kEY tHREATS

When dealing with large sums of cash, it is imperitive that cyber defence strategies are in place to proactively prevent any data breach. This is of particular relevance to those using third-party services, as data in multiple places is an increased security risk. At Riela Cyber we stop these events from occurring by using preventative SOC services, such as network monitoring and threat intelligence.

Loss of confidential information can damage the reputation of your business and undermine your reputation. Inevitably, creating long-term negative impacts for your clients. At Riela Cyber we use protective SOC services to ensure that your data is secure. Our team of Cyber Engineers do this by actively hunting for threats before they even arrive.

Like any business, employees can be both your biggest strength and your biggest weakness, it all depends on training. With phishing scams on the rise, cyber security training is more important than ever. 

CYBER COMPLIANCE

In September 2020, the Isle of Man Financial Services Authority (FSA) updated their regulatory guidance on cyber security. The IA2008, CGC2020 and the CGC2018 contain provisions broadly requiring regulated entities to have the following in place for effective corporate governance. The following information is copied from the FSA’s original document, which can be found here.

FSA Best Practices:

  • Promotion of organisation-wide support for cyber risk management by the board;
  • Regular inclusion of cyber security on board agendas;
  • Appointment of someone appointment of someone suitably senior within
    the organisation to be responsible for cyber security matters;
  • Establishing the risk tolerance of the firm and overseeing the design, implementation and
    effectiveness of a cyber security framework which is tailored to the nature, size, complexity, risk profile and culture of the business;
  • Articulating lines of reporting and escalation.

Where relevant legal and regulatory requirements apply, the FSA expects regulated entities to:

  • Identify and assess risks associated with IT vulnerabilities such as cyber attacks as part of
    their risk management framework;
  • Implement appropriate and effective controls, for example systems, policies, procedures and training initiatives, to help protect against and manage the risks associated with cyber attacks;
  • Proactively monitor activity within your network to detect potential cyber incidents;
  • Review, and where appropriate revise, the controls associated with cyber threats at
    appropriate intervals.

 

FSA Best Practices:

  • Identification of functions, activities, systems, assets, information, products and services –
    including interconnections, dependencies and third parties – prioritising their relative
    importance, and assessing their respective cyber risks;
  • Implementation of appropriate policies and procedures, including procedures to verify the
    legitimacy of all requests received by all methods of communication (the verification procedures should require the verification of all details, for example, including the beneficiary’s name and bank details rather than just the amount in relation to payment requests);
  • Management and control of user privileges, control of removable media usage, and
    monitoring of mobile and home working procedures;
  • Ensuring that systems are secure, for example, by keeping operating systems, software and web browsers up to date, installing anti-virus solutions on all systems, backing up important information on a regular basis (it is advisable to store backup files in a secure offsite location), and ensuring that mobile devices with access to their systems are secure (e.g. via encryption and password protection using strong passwords);
  • Monitoring the use of all equipment and IT systems to detect anomalies and events indicating a potential cyber incident;
  • Ongoing cyber awareness and training initiatives to ensure that staff understand the risks
    associated with cyber attacks and the procedures that have been put in place to mitigate the risks associated with the same;
  • If a firm is involved in payment card processing or it stores, processes or transmits cardholder data and/or sensitive authentication data, it should consider the best practices set out in the Payment Card Industry (PCI) Data Security Standard;
    Conducting cyber security tests, for example penetration testing of systems (firms may wish to consider engaging the services of an external specialist to carry out such tests);
  • Keeping up to date on current cyber threats and where appropriate revising controls accordingly – being alert and responsive to new cyber threats is crucial given the escalating risks that cyber threats pose.
  • Where the relevant provisions require a written agreement between the regulated entity and the service provider, that agreement should include the respective responsibilities of the parties to it. Consequently, such an agreement may need to include provisions dealing with each respective parties responsibilities relating to IT security.
  • Whether an activity constitutes a material management or business function/significant outsourced function will depend, for example, on the nature of the business concerned and the services that have been outsourced. However, the significance of the risks that service providers pose is not necessarily proportionate to the materiality of the service that is outsourced or delegated. Therefore, the risks in relation to all outsourced services and delegated functions should be managed as part of the broader risk management framework, for example by taking measures to prevent access to systems and confidential data or taking appropriate measures to determine that service providers have appropriate and adequate cyber security standards and procedures in place to protect assets and client related information.
  • Where relevant legal and regulatory requirements apply, regulated entities ought to have in place business resumption and contingency arrangements which would enable them to suitably respond to, and recover quickly from, a successful cyber attack.
  • The associated policies and controls should clearly set out decision making responsibilities, define escalation procedures and establish processes for communicating with appropriate stakeholders (see also reporting incidents below).
  • In the event that a cyber incident occurs, the response should also involve an assessment of scope, nature and impact of the incident and steps to contain and mitigate the impact of it, including removing any ongoing threat such as malware.
  • The response and recovery plans should also take into account the fact that communication methods such as email may not be operational.
  • The resumption and contingency arrangements should be tested and reviewed at appropriate intervals in order to make contingency planning effective.
  • Recovery should include remediating vulnerabilities to prevent similar incidents occurring in future.
  • Successful cyber attacks have the potential to cause significant and long term detriment to affected clients.
  • Successful cyber attacks also have the potential to undermine.
  • Therefore, relevant regulated entities should ensure that these factors are taken into account within their governance arrangements and risk management framework in the context of cyber risks.

GET A QUOTE

we’re Here
To Assist You

Something isn’t Clear?

Feel free to contact us, and we will be more than happy to answer all of your questions.

Andrew Clucas

Network Engineer

Andy is a qualified Network Engineer with in-depth knowledge of architecting, implementing and supporting networking solutions in the SMB, Enterprise and Service Provider environments.

He has over 20 years of experience working across multiple vendor operating systems, including Cisco, Juniper, Linux and Microsoft, and has also been responsible for implementing a variety of large scale network services deployments, taking projects from design to rollout and support.

Andy also has experience of deploying and migrating a range of virtualisation technologies including VMWare, Hyper-V and KVM based systems.

Luke dawood

Infrastructure Engineer

Luke is an Infrastructure Engineer for the Riela Group with over 7 years of experience providing infrastructure support and solutions.

He currently holds his BSc in Computer Science, Microsoft Azure Administrator, Comptia A+, and Comptia N+ qualifications.

Most of his experience has been gained by working for Managed Service Providers that provide full IT support and solutions to companies ranging from small to large enterprises.

He is extremely passionate about technology and excellent customer service delivery, ensuring he is always kept up to date with the latest technologies and providing the best solutions to clients.

Josh Kingett

Technical Sales & Support

Josh is a Cyber Security Engineer specialising in Technical Sales and Support. Josh builds trust into each client relationship by working closely with business functions to deliver professionally tailored solutions for our clients from sales through to production and after care.

Having spent 4 years as an Officer Cadet in the British Army, Josh has had a great opportunity to develop his interpersonal and management skills to the highest standard possible. Josh is an avid public speaker and presents material regularly across different industries through seminars and online hosted events.

With an extensive competitive background in eSports and eGaming, both as a sponsored player and coach, Josh has been at the forefront of evolving technology, security and mitigation. It is this sort of experience that enables Josh to help facilitate the growth of Riela Cyber, alongside a highly qualified team of Cyber Security professionals.

Email: josh@riela-tech.com

Marc Dorey

Infrastructure & Managed Services Lead

Marc is our Group’s Infrastructure and Managed Services lead with over 18 years’ experience in delivering infrastructure projects across multiple industry verticals and international jurisdictions.  From projects in Aerospace and Engineering through to Banking and Insurance, from Europe, China, Africa and Australia.

This experience is matched with a varied list of certifications from leading industry vendors such as Hp, Cisco, Microsoft, Ruckus, CompTIA and more.  As a qualified technical trainer Marc is comfortably able to take complicated technical concepts and deliver them in simplistic terms to key decision makers and end users alike.

Most of Marc’s experience has been gained working for managed service providers, both large and niche and as such is able to take real world experience and blend it with industry standards to help align our service delivery with our clients values and processes.

Alex Halsall Riela Cyber

Alexandria halsall

Marketing Executive

As a Marketing Executive, Alex is responsible for all marketing duties spanning the Riela Group.

Alex joined the Riela Group in August 2020, shortly after graduating with a Psychology degree from Nottingham Trent University.

With past work experience in content marketing, event management and web design, Alex is able to apply her creative and analytical skills into the Riela strategy.

Email: alex@riela-group.com

Telephone: +44 7706 806443

Matthew Roberts Head of Sales

Matthew Roberts

Group Head of Sales

As the Head of Group Sales at the Riela family of companies, Matthew leads the company’s sales strategy, execution, and growth.

Matthew has a successful record building trusted client relationship and delivering upon set expectations. An accomplished sales leader, he delivers a sales process that provides clients with the information and support they need to make the right decisions for their organisations and their constituents.

Matthew has significant experience within the maritime industry having previously worked across various sectors including insurance, security, satellite communications and managed IT. Matthew’s most recent experience encompasses almost 5 years spent with the leading satellite communications and managed IT provider in the maritime industry, focusing on their superyacht clientele.

Email: matthew@riela-group.com

Telephone: +44 7425 314973

Carey Cooper

Cyber Security Engineer & Security Operations Lead

Carey is the Cyber Security Operations team lead at the Riela Group of Companies.

He has a wealth of infrastructure and cyber security experience across the medical, financial, retail, and telecom sectors.  In addition he has a strong entrepreneurial spirit which is an asset in bridging the divide between technical and business.

Carey also holds numerous certifications in Microsoft, Cisco, Linux and the Cyber Security Disciplines.  He has a passion for anything related to technology.

Said

SAÎD

Cyber Security Engineer & Incident Response Lead

Saîd is a Cyber Engineer & Incident Response Lead in the Security Operations Centre team.  Saîd brings his vast wealth of technical knowledge of security technologies to analyse and respond to security threats.  After 13 years experience in Cybersecurity, focusing on Identity & Access Management, PKI, Incident Response and SIEM, Saîd is instrumental in helping formulate our strategic approach.

Saîd has a Master’s degree in Computer Engineering and specializes in Information Security with certifications in CEH, CCSK, and Splunk.

Joseph Ikhalia

Cyber Security Engineer & Threat Management Lead

Joseph is a Cyber Security Engineer and Risk lead in the security operations centre team. Joseph is responsible for internal audit and cyber risk management, vulnerability assessment, threat hunting and penetration testing to provide effective oversight of internal and client risk postures.

Joseph brings 8 years’ experience in risk & cybersecurity research, focusing on web-based technologies, security awareness innovation, malware threats, reverse engineering and systems audit.

With a PhD in Computer Science and a penchant for security innovation, Joseph specialises in threat detection using an avalanche of industry tools, techniques and methodologies to efficiently mitigate known and emerging threats facing our high valued clients.

christian goelz

Director

Christian is involved across the Riela family of companies with particular attention to the technology businesses, Cyber and Tech.

Christian gained a postgraduate Master in Finance degree at the University of Neuchatel, Switzerland and completed his MBA at the University of Chicago Booth School of Business.

Before joining us, Christian worked for six years at Argosy Capital, an Isle of Man-based private equity and venture capital business focusing on early-stage growth businesses. At Argosy, he focused on managing investment companies, research and financial analysis and served as a director on several boards.

ROBERT TOBIN

Riela Group Managing Director

Robert Tobin is the Managing Director of the Riela Group of Companies and is responsible in overseeing our business operations, our people and driving excellence in all we do.

Rob brings over 25 years’ of successful leadership and entrepreneurial experience across a range of industries including Family Office, corporate services, construction engineering, Superyachts, cyber security and information technology development to our Group, and to our customers.

In the past 15 years Rob has gained a prominent reputation within the Superyacht industry for his passion, integrity, innovation and achievements to date.

“Being part of an awesome, capable and forward thinking team that have a shared passion for Superyachts, people and the environment is the highlight of my career and puts a smile on my face and a spring in my step everyday”.

Email: rob@riela-group.com

Telephone: +44 1624605650

Peter Astell Burt

Director

Peter is an experienced technology consultant with a demonstrated history of working in the IT and cyber security industry.  Skilled in Search Engine Optimization (SEO), IT Strategy, Start-ups, Regulations, and Online Gaming. Strong consulting professional with a DPhil focused in Natural Sciences from ChristChurch, Oxford.

Tim Bliss

Tim Bliss

Director

Tim Bliss, Managing Director of Riela Tech since the company foundation in 2015 and Director of Riela Cyber, brings over 20 years’ of successful leadership experience across a range of industries including finance and banking, software development, and manufacturing, as well as cyber security and information technology. Prior to forming the company he led the technology for Manx Financial Group PLC, where he was instrumental in business systems transformation.

“It is our hugely capable team of experts that drives our business – it is fantastic and rewarding to be able to use technology, intelligence, and great customer service to help make our clients’ business and staff progressively more efficient resilient and secure”

Email: tim@riela-tech.com

Phone: +44 7624 469677