ISF: Businesses need 'cyber resiliency'

There are some attacks companies won't be able to protect themselves from, so drawing up a resiliency strategy is essential, the ISF says.

Data protection

With 100 per cent security just an unachievable dream, organisations must embed cyber resiliency within their organisation, the Information Security Forum (ISF) urged today.

In doing so, companies need to look at how to prepare for the unforeseen, alongside integrating strategies for information sharing in post-breach scenarios, the ISF said.

"There is going to be a range of attacks you can't protect yourself from," said ISF chief executive Michael de Crespigny during a press briefing this morning. "We've concluded the real issue is to create cyber resiliency.

Security as a concept isn't owned by IT

"It's not about more control, not about more cost, it is about anticipation of unpredictability."

It is hugely difficult to predict how the threat landscape will evolve in the future, de Crespigny added, pointing to Anonymous' tactic of recruiting unwitting Twitter users into a distributed denial of service (DDoS) attack last week by simply posting links.

The hacktivist group embedded JavaScript into specially-crafted sites, which would have visitors repeatedly attempt to access a targeted website, thereby including them in a DDoS attack.

Essential collaboration

"Organisations must embrace uncertainty and develop resiliency. It's essential to collaborate and share information," de Crespigny added. "You can't act alone."

As an example of how effective collaboration could be enacted, the ISF CEO pointed to the global coordination over dealing with the H1N1 virus otherwise known as bird flu.

"There was a lot of international collaboration, huge amounts of communication," he added. "But if you look at Sony there were long periods where there was very little communication and delays in response time."

Sony was heavily criticised for not speedily disclosing a data breach involving its Playstation Network, which saw information on over 100 million of its customers compromised.

EMC-owned security giant RSA was also panned for not telling customers information on its SecurID product had been placed in jeopardy thanks to a hack attack.

In building resiliency, businesses need to look at who would be impacted by a breach of its network, which organisations it could cooperate with and when to disclose information, the ISF said.

This includes the need to connect functions internally, as well as externally across the business' supply chain. To support this a facilitator is required to bring together different parties, according to the ISF, which itself can act as if companies want to recruit an external body to mediate.

Despite IT being a key part of a cyber resilience strategy, they should not lead it, the ISF said. Instead, the body repeated the adage that "cyber security is a business issue."

"Security as a concept isn't owned by IT," de Crespigny said.

The ISF has released a report and tools to help companies create cyber resiliency.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
AOL users are the target of a new phishing campaign
phishing

AOL users are the target of a new phishing campaign

1 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021