What does the term ‘cyber resilience’ mean to you? The chances are the answer is not very much. Yes, you could hazard a guess about it roughly relating to the protection of valuable online assets and data against third party theft or hacking, but the probability is that that’s as far as your definition would extend. To the World Economic Forum, however, the phrase means so much more. The organisation, which is an international non-profit foundation committed to improving the state of the world through public-private cooperation, cyber resilience is the ability to recover from online adversity and return to the original form and position.
Because of the WEF’s global nature it is ideally placed to give an overview on the current position of the world’s cybersecurity landscape. The WEF believes that the world’s cyber defences are ineffective, principally because they are reactive, and because of that it argues that any form of reactive solution is outdated before it is even released. WEF also believes that globally we have now reached the point where the world’s societies can only function effectively by using internet connectivity. It argues that that makes internet connectivity as important as other vital shared resources like water, air and oil. It believes that the only way in which these vital resources can be adequately protected is by global cooperation among multiple organisations. With this premise in mind, the WEF has come up with its own plan for cybersecurity – its Partnering for Cyber Resilience strategy.
So what exactly does this Cyber Resilience plan say? Well, the WEF has highlighted several key points which it argues will lead to a more secure and robust cyber-resilient infrastructure. The key parameters of the strategy are:
• Recognition of interdependence: all parties have a role in fostering a resilient, shared digital space.
• Role of leadership: encourage executive-level awareness and leadership of cyber-risk management.
• Integrated risk management: regular risk assessments will inform company leaders of cyber-security status, the company’s cyber resilience, and what improvements or changes are needed.
• Extended security chain: where suitable, encourage suppliers and customers to develop a similar level of awareness and commit to cyber resilience.
In order for the strategy to be successful, WEF believes it is vital that management buys into the process wholeheartedly, as it will only ever succeed if the organisations are totally committed. Once company management have bought into the programme, WEF believes it is then possible to track a company’s progress from having zero cyber resilience to a company that is easily capable of withstanding and weathering the effects of any cyber-attack that comes its way:
Step 1: Organisations which do not take matters seriously consider the need for cybersecurity irrelevant. Therefore there is no cyber-risk management programme in place, and no regard for the security posture of companies they network with.
Step 2: Following a cyber-breach a company starts to understand that being connected to other organisations is a source of risk, but at this stage management still believes there is little need for a cyber-risk management programme, other than isolating what the company IT department considers important data.
Step 3: When the situation reaches this point, C-level executives begin to appreciate the value of a cyber-risk management programme, without fully understanding it or considering its competitive advantages.
Step 4: By this stage the company has developed and implemented a working cyber-risk management programme, and the process is embraced by all of the company’s leaders. Senior managers have also come to terms with the numerous exploitable weaknesses within the company and within the interconnections with third parties.
Step 5: When companies reach the final stages of the strategy they put cyber-risk assessment at the forefront of every business decision. By this final stage cyber-risk information is cascaded across all departments in the company and between companies.
If you are concerned about the escalating security challenges and risk management issues facing your business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping your business assess its security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.
Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].