“Business leaders recognize the huge opportunities and benefits cyberspace offers in terms of increasing innovation, collaboration, productivity, competitiveness and customer engagement and they will continue to work hard to exploit the opportunities it presents,” said Michael de Crespigny, CEO of ISF. “Unfortunately, many are having difficulty determining the risk vs. reward aspect, preparing for adverse surprises, and understanding that with benefits come significant risks.”
The ISF’s latest report comes at a time when international organizations, such as the World Economic Forum (WEF), are highlighting the increasing risks of cyber-crime and the possibility of a greater number of cyber-attacks in the year ahead. The ISF believes the change in benefits from cyberspace is accompanied by a change in the profile and seriousness of today’s security threats, driven by two key factors:
• Cyber criminals (hacker groups, criminal organizations and hacktivists)
• Cyberspace is constantly evolving and presenting new opportunities. The desire of businesses to quickly adopt new technologies, using the Internet to open new channels and adopting cloud services, provides enormous opportunity. But, this also brings unforeseen risks and unintended consequences that can have a negative impact.
Cyber Security Strategies: Achieving Cyber Resilience addresses this change by recommending a way forward for public and private sector organizations and provides advice on how to anticipate and respond to the threats. As well as identifying the problems, the report introduces the ISF Cyber Resilience Framework, a vision for organizational resilience that can be used to deal with threats head-on, while building on existing security practices and infrastructure.
“Cyberspace is critical to all organizations today – from the supply chain to customer engagement – and slowing adoption or disconnecting is simply not an option,” said de Crespigny. “Based on insights from our global membership and research, our Cyber Resilience Framework identifies the key capabilities that organizations need in order to enhance their security posture and protect their business against ever-evolving cyber threats.”
There are 10 key findings in the Cyber Security Strategies: Achieving Cyber Resilience report:
1. The benefits of cyberspace are immense, as are the risks – the more successful you are in cyber space the greater the impact of risk
2. Organizations must embrace uncertainty and develop cyber risk resilience
3. Malspace is a global industry that has evolved to facilitate cyber crime
4. Impacts from cyber threats can have a very long and disproportionate risk tail
5. Hacktivism presents significant threats to the organisation, not just its information security
6. Cyberspace vastly increases information security risk
7. Information security is fundamental and more important for security in cyberspace
8. The complexity of cyberspace enables threats to combine quickly in unpredictable and dangerous ways
9. It is essential to collaborate, share intelligence and influence good practice across cyberspace
10. Cyber security is more than information security - it’s a business issue.
The ISF report also includes practical guidance on getting support from senior management to address cyberspace threats; creating a Cyber Resilience Group to drive and coordinate all cyber resilience activities; and collaborating with others, including customers, supply chain partners and suppliers, to share intelligence and best practice. An executive summary of the report is available from the ISF website www.securityforum.org and the full report is now available to non-members to purchase from ISF’s online store: https://store.securityforum.org/
Input for the report was gathered through workshops around the world, interviews with ISF Members and other experts, as well as previous ISF research and reports, including Information Security Governance, Hacktivism and the ISF 2011 Standard of Good Practice for Information Security.
About the ISF
Founded in 1989, the Information Security Forum is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.
ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.
Further information about ISF research and membership is available from www.securityforum.org.