Organisations that are more cyber resilient are better able to cope with cyber attacks.
The benefits of collaboration
Given the significant consequences of a cyber security breach, many organisations are calling for greater collaboration — the benefits of which include greater intelligence sharing, a cohesive response to threats and robust international infrastructure. Cyber-resilience is the ability to recover from cyber-attacks and cyber-attacks are on the rise.
Intelligence sharing
According to a study by the for IBM by the Ponemon Institute, organisations with high cyber-resilience were more likely to participate in some form of threat-sharing program (e.g., open source, commercial sources, threat intelligence platforms). Sharing intelligence allows organisations to identify likely threats in their industry and develop appropriate responses based on what similar organisations have tried. Intelligence sharing between public and private sectors as researched by RUSI, is vital because of the distinct perspectives each sector has. For example, government agencies can conduct cyber espionage operations and, therefore, have insight into adversary networks. In contrast, business providers often have greater understanding of cyber-attack victims.
Increased cross-sector talk could vastly improve cybersecurity responses, and even prevent attacks before they occur. Microsoft’s new initiative, The Asia Pacific Public Sector Cyber Security Executive Council, aims to facilitate private-public partnerships, to share information and strengthen government cyber defences. The council plans to meet quarterly going forward.
each sector has. For example, a public sector organisation may have a strong interest in knowing the activity of private sector organisations, whereas a private sector organisation may be concerned about the potential for misuse of their own data by the public sector.
The NIST Cybersecurity Strategy Framework was designed to be a framework that organisations can use to address cybersecurity issues and be compliant with the relevant laws. It is a step-by-step process that organisations can use to identify, assess, and respond to cybersecurity threats.
Consistent threat response
Having a clear response to cybersecurity incidents helps to protect organisations against cyber threats — particularly for smaller organisations that may lack expertise and/or resources. IBM have often emphasised the importance of having an incident response process that is consistent, repeatable and measurable, and has worked with organisations across sectors to help develop resilient solutions.
However, there is still remarkable variation in the cybersecurity industry because of the lack of professional regulation. The UK Cyber Security Council plans to correct this issue, bringing private and public sectors together to create regulatory standards in cybersecurity, similar to what already exists in industries such as accounting and finance. This hope is that this will create a set of standards that improves the quality of cyber defence strategies and the efficiency of incident responses.
Next steps in the process will include the establishment of a new regulatory body, the National Cyber Security Centre, and the development of a new UK Cyber Security Strategy.
In the absence of a regulatory body, it is left to individual organisations to create their own incident response processes. A UK government report found that the majority of UK organisations (69%) were not prepared for a cyber incident, and that only one in three (30%) had a well-developed plan in place. In fact, one in five (20%) had not yet started developing a plan. In order to create a consistent incident response process, organisations should look to examples of best practice, including those provided by the National Cyber Security Centre.
Responsibility and liability
Organisations need to have clear ownership of their cybersecurity strategy, and it is the responsibility of every individual to work to develop and maintain the organisation's cybersecurity strategy.
To demonstrate that the organisation has a strong and effective cybersecurity strategy, the organisation should implement and maintain a cybersecurity strategy in line with the requirements of the CISO. The CISO should be responsible for the organisation's overall cybersecurity strategy and should have the authority to manage and control the implementation of the strategy.
The CISO should have a strong and effective cybersecurity strategy, this is also relevant for SMEs and micro businesses. in place and be responsible for the development and implementation of the strategy. The CISO should be the first line of defence and should ensure that the organisation has appropriate cybersecurity measures in place.
To demonstrate this, an organisation's cybersecurity strategy should be integrated into its strategy, organisational and IT policies, and processes.
All organisations should have a strategy that describes their cybersecurity stance and provides a basis for cybersecurity risk management. A strategy provides a way of aligning cybersecurity with the organisation's strategy, provides a clear picture of the organisation's current cybersecurity stance, and helps to ensure that the organisation's cybersecurity risk management practices are aligned with its strategy.
The organisation's strategy should be informed by the organisation's mission, vision, and values. The cybersecurity strategy should also align with the organisation's governance and legal frameworks.
To demonstrate ownership of cybersecurity strategy, organisations need to establish a clear vision and strategy, and demonstrate alignment across the business and the C-suite.
IT Security
IT Security is a critical component of any business’s cybersecurity strategy. IT Security is more than just network and endpoint security, it includes securing cloud services, data, mobile devices and more. An organisation's cybersecurity strategy should have a clearly defined IT Security strategy, including:
· A clearly defined scope of IT Security.
· A clearly defined risk assessment methodology and process.
· A clearly defined strategy for the identification and prioritisation of vulnerabilities.
International collaboration
Many organisations operate internationally and therefore, so are the attacks. For example, while the impact of the SolarWinds attack was the most severe in the US, at least seven additional countries were impacted (including the UK, Belgium, Spain, Canada, Mexico, Israel and the UAE). However, the response from US allies was far from cohesive, and none matched the impact of the sanctions the US imposed on Russia for their suspected role in the attack.
It’s crucial that private-public partnerships are not only encouraged on a national scale, but globally. Participating in global forums, like FIRST, sharing intelligence and developed global frameworks will inevitably improve cyber-resilience. Finally, co-ordinated global responses may deter nation state attacks, and increase trust between co-operating countries.
Clearly, many are working hard to facilitate cross-sector collaboration. However, there is much further to go. Cybersecurity is no longer optional — protected digital environments are crucial for organisations of all kinds, so they must work together to secure a cyber-resilient future. The ability to cope with cyber-attacks is critical to organisations' survival. A resilient organisation is more likely to survive an attack than a less resilient one.
No comments:
Post a Comment