“Cybersecurity in Europe” Workshop-Part 4
E-Crime Expert started a series of posts that is summarizing the “Cybersecurity in Europe” Workshop. You could read the first blog post here, the second post here and the third one here. The First presenter in the series was CERT (Computer Emergency Response Team), followed by ENISA and by CERT Hungary.
Specific particularities of the cyber domain:
-The cyber domain is a world of opportunity-yet media coverage of attacks has created a perception that is mainly characterized by threats and risks
-business and government must raise their game as cyber is different from the traditional physical world: it is an environment without barriers
-organizations need to reshape themselves, by adopting new structures, governance and roles that transforms their ability to manage cyber opportunities and threats.
Taxonomy of attacks:
I. Financial crime: this involved criminals, often highly organized and well-funded using technology as a tool to steal money and other assets
II. Espionage: theft of intellectual property is a persistent threat, and the victims often do not even know it has happened
III. Warfare: this may involve states attacking private sector organizations and especially the critical national infrastructure
IV. Terrorism: this overlaps with warfare but attacks are undertaken by terrorist groups, again attacking either state or private assets
V. Activism: this overlaps with other categories, but the attacks are undertaken by proponents of an idealistic cause.
Same key barriers to effective cyber security:
-the people engaged in securing cyberspace face the challenge of continuing to raise their game faster that attackers
-cyber security is still pigeon-holed as an IT issue, creating a communications gap between managers in the business and the security team
-traditional organizational structures tend to be too slow and rigid to enable the speed and flexibility of response needed in the cyber world.
The presentation given by PricewaterhouseCoopers identifies that processes and people are overlooked components when developing approaches to cyber security. There will be a reversion to technology driven by increases in the volume of data, speed of processing and communication technology, and the emergence of more complex threats. All these may lead to:
1) Infrastructure revolution
2) Data explosion
3) An always-on, always connected world
4) Future finance (online) models
5) Tougher Regulations and Standards
6) Multiple Internets
7) New identity and trust models
The PricewaterhouseCoopers’s presentation explains five steps that help to become a cyber-ready organization:
1) Clarify roles and responsibilities at the ‘C-Suite’ (may require the creation of new roles at boardroom level)
2) Achieve 360 degrees situational awareness (gaining a clear understanding of the scope and scale of the organization’s evolving risks and opportunities)
3) Create a cyber response team which cuts across the organization (they should create a cyber response team to ensure information, intelligence and decisions can flow quickly)
4) Nurture and share skills (investment in skills for the cyber world)
5) Take an active and transparent stance (by adopting a more active stance towards attackers)
To find more about PricewaterhouseCoopers, click here.
Any questions can be submitted to: firstname.lastname@example.org
Additional information can be found at: www.e-crimeexppert.com
How do you find these predictions? How do you find the advice given for organizations Has your country participated in such an exercise? How do you find the future of the internet(s)?
Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog. The blog post is the final part of the Cybersecurity in Europe Workshop series summarized by E-Crime Expert.
*Many thanks and credits for their wonderful presentations, are given to:
CERT. Visit: http://www.enisa.europa.eu/act/cert
ENISA. Visit: http://www.enisa.europa.eu/
CERT Hungary. Visit: http://www.cert-hungary.hu/en
The PricewaterhouseCoopers. Visit http://www.pwc.com/