With 100 per cent security just an unachievable dream, organisations must embed cyber resiliency within their organisation, the Information Security Forum (ISF) urged today.
In doing so, companies need to look at how to prepare for the unforeseen, alongside integrating strategies for information sharing in post-breach scenarios, the ISF said.
"There is going to be a range of attacks you can't protect yourself from," said ISF chief executive Michael de Crespigny during a press briefing this morning. "We've concluded the real issue is to create cyber resiliency.
Security as a concept isn't owned by IT
"It's not about more control, not about more cost, it is about anticipation of unpredictability."
It is hugely difficult to predict how the threat landscape will evolve in the future, de Crespigny added, pointing to Anonymous' tactic of recruiting unwitting Twitter users into a distributed denial of service (DDoS) attack last week by simply posting links.
The hacktivist group embedded JavaScript into specially-crafted sites, which would have visitors repeatedly attempt to access a targeted website, thereby including them in a DDoS attack.
Essential collaboration
"Organisations must embrace uncertainty and develop resiliency. It's essential to collaborate and share information," de Crespigny added. "You can't act alone."
As an example of how effective collaboration could be enacted, the ISF CEO pointed to the global coordination over dealing with the H1N1 virus otherwise known as bird flu.
"There was a lot of international collaboration, huge amounts of communication," he added. "But if you look at Sony there were long periods where there was very little communication and delays in response time."
Sony was heavily criticised for not speedily disclosing a data breach involving its Playstation Network, which saw information on over 100 million of its customers compromised.
EMC-owned security giant RSA was also panned for not telling customers information on its SecurID product had been placed in jeopardy thanks to a hack attack.
In building resiliency, businesses need to look at who would be impacted by a breach of its network, which organisations it could cooperate with and when to disclose information, the ISF said.
This includes the need to connect functions internally, as well as externally across the business' supply chain. To support this a facilitator is required to bring together different parties, according to the ISF, which itself can act as if companies want to recruit an external body to mediate.
Despite IT being a key part of a cyber resilience strategy, they should not lead it, the ISF said. Instead, the body repeated the adage that "cyber security is a business issue."
"Security as a concept isn't owned by IT," de Crespigny said.
The ISF has released a report and tools to help companies create cyber resiliency.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
'You need your own bots' to wage war against rogue AI, warns Varonis VPNews Infosec pros are urged to get serious about data access control and automation to thwart AI breaches
-
CrowdStrike CEO: Embrace AI or be crushed by cyber crooksNews Exec urges infosec bods to adopt next-gen SIEM driven by AI – or risk being outpaced by criminals
-
Microsoft security boss warns AI insecurity 'unprecedented' as tech goes mainstreamNews RSA keynote paints a terrifying picture of billion-plus GenAI users facing innovative criminal tactics
-
APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source componentsNEWS Apps and APIs bear the brunt as threat actors pivot to living off the land
-
AI is changing the game when it comes to cyber securityNews With AI becoming more of an everyday reality, innovative strategies are needed to counter increasingly sophisticated threats
-
RSAC Chairman urges collaboration to ensure collective defense in securityNews Chairman emphasizes the critical need for cooperation among cyber security experts
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
PyPI attack: Targeting of repository 'shows no sign of stopping'News Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats
