Information Security Forum Releases Cyber Security Strategies Report to Help Organizations Achieve Cyber Resilience
Cyber Security Strategies: Achieving Cyber Resilience, addresses the "risk vs. reward" aspects of cyberspace, explores the nature of existing and emerging cyber threats, discusses potential common root causes for cyber security breaches and provides guidance on cyber security strategies and approaches organizations should consider adopting.
“Business leaders recognize the huge opportunities and benefits cyberspace offers in terms of increasing innovation, collaboration, productivity, competitiveness and customer engagement and they will continue to work hard to exploit the opportunities it presents,” said Michael de Crespigny, CEO of ISF. “Unfortunately, many are having difficulty determining the risk vs. reward aspect, preparing for adverse surprises, and understanding that with benefits come significant risks.”
The ISF’s latest report comes at a time when international organizations, such as the World Economic Forum (WEF), are highlighting the increasing risks of cyber-crime and the possibility of a greater number of cyber-attacks in the year ahead. The ISF believes the change in benefits from cyberspace is accompanied by a change in the profile and seriousness of today’s security threats, driven by two key factors:
· Cyber criminals (hacker groups, criminal organizations and hacktivists) worldwide are better organized and more professional in their approach. They innovate just as business does and their financial rewards increase as business use of cyberspace grows. They have access to powerful, evolving capabilities, which they use to identify, target and attack and have well-developed marketplaces for buying and selling tools and expertise to execute sophisticated attacks. The ISF calls this "Malspace."
· Cyberspace is constantly evolving and presenting new opportunities. The desire of businesses to quickly adopt new technologies, using the Internet to open new channels and adopting cloud services, provides enormous opportunity. But, this also brings unforeseen risks and unintended consequences that can have a negative impact.
Cyber Security Strategies: Achieving Cyber Resilience addresses this change by recommending a way forward for public and private sector organizations and provides advice on how to anticipate and respond to the threats. As well as identifying the problems, the report introduces the ISF Cyber Resilience Framework, a vision for organizational resilience that can be used to deal with threats head-on, while building on existing security practices and infrastructure.
“Cyberspace is critical to all organizations today – from the supply chain to customer engagement – and slowing adoption or disconnecting is simply not an option,” said de Crespigny. “Based on insights from our global membership and research, our Cyber Resilience Framework identifies the key capabilities that organizations need in order to enhance their security posture and protect their business against ever-evolving cyber threats.”
There are 10 key findings in the Cyber Security Strategies: Achieving Cyber Resilience report:
1. The benefits of cyberspace are immense, as are the risks – the more successful you are in cyber space the greater the impact of risk
2. Organizations must embrace uncertainty and develop cyber risk resilience
3. Malspace is a global industry that has evolved to facilitate cyber crime
4. Impacts from cyber threats can have a very long and disproportionate risk tail
5. Hacktivism presents significant threats to the organization, not just its information security
6. Cyberspace vastly increases information security risk
7. Information security is fundamental and more important for security in cyberspace
8. The complexity of cyberspace enables threats to combine quickly in unpredictable and dangerous ways
9. It is essential to collaborate, share intelligence and influence good practice across cyberspace
10. Cyber security is more than information security - it’s a business issue.
The ISF report also includes practical guidance on getting support from senior management to address cyberspace threats; creating a Cyber Resilience Group to drive and coordinate all cyber resilience activities; and collaborating with others, including customers, supply chain partners and suppliers, to share intelligence and best practice. An executive summary of the report is available from the ISF website www.securityforum.org and the full report is now available to non-members to purchase from ISF’s online store: https://store.securityforum.org/shop/.
Input for the report was gathered through workshops around the world, interviews with ISF Members and other experts, as well as previous ISF research and reports, including Information Security Governance, Hacktivism and the ISF 2011 Standard of Good Practice for Information Security.