WHY TO BUILD A COHERENT CYBERSECURITY STRATEGY ?
By Television Host, Journalist Elena Chobanian
INTRODUCTION
Information exists since the word’s birth. It has been and it is still one of the most important matters of our society. It means that the information can be used such positively, as negatively based on interests. Hence, it must follow protection, otherwise the consequences have to be endured in many forms, such as national security threat. The cybersecurity refers to the information security, technologies security, digital security, etc. Cyberattacks, mainly through internet technologies, may concern both ordinary individuals, celebrities, small and large companies, banks, oil, gas and the pharmaceutical industry, hospitals, legal units, universities, but also other organizations and Governments leading, therefore, to citizens’ personal information offense. Thus, each side has various cyber risks (even by social networks where users provide their personal data knowingly or unknowingly, such as Facebook – it gathers and stores all personal data, which can be used to target users with ads, including what users share and add, and their likes and clicks, each friend in the network, even friends which have been deleted, – Twitter, Instagram, Linkedin, skype, whatsapp, or separate hackers through suspicious links sent by them, etc., the data being processed based on each national legislation or human rights. According to the Strategic Communication Laboratories, affiliated with Cambridge Analytica, the collected data goes to the third-party app to sell the data to other party), on the other hand representing a financial (e.g. for business commercials and other benefits) convenience for attackers, since everyone has different sorts of sensitive information, even if ordinary citizens might think that they do not have anything to hide. Attackers’ interests may be connected to some human resources, for instance, business, finance information; investor-client-company relationship items, communication methods, management and other secrets, or close information to the public. In order to secure, somewhat, the existing information in our computers, or the government’s software, we must find different ways or coherent strategies to do so.
SLY CYBER ACTORS
Whether they are sophisticated hackers (criminals, terrorists, states for espionage, influence, warfare), or amateur attacker with specific interests, the citizens and government workers must know how to protect their sensitive information. Although, some international organisations cannot manage or do not think to secure their devices and PCs due to overconfidence, and not from the reason funding issues (maybe some of them do have). Cyberattack can be fulfilled in different forms, such as electronic attacks via network, internet (wi-fi, wired), mobile phones, computers, web-servers, or subversion of the supply chain, by implanting malicious programs, through manipulation of the radio signals, and so on.
COHERENT CYBERSECURITY STRATEGIES
As the Internet (especially free, open wireless connections, even telephone services) is already crucial for the economy of the states, it is used by cyber attackers based on different methods of invasion, as it was mentioned before, with different effects and consequences. This is an ongoing process without any stable balance or super-protective measures. However, thanks to well-processed strategies – a set of procedures with guiding different principles to secure the sensitive data, by building a flexible and solid network, or creating data classification, resilient IT with awareness, but also managing the budget, – the information can be secured. That means, cyber risks require leadership, effective decision-making steps and recognizing the weak sides of the unit (e.g. companies, government, individual computers). In case of a large company, for instance, the cyber threat can be controlled by a senior officer connecting directly to the Chief Executive Officer (CEO). It is important to remember that separated cybersecurity and IT bring important and useful effects. In case of government, the strategy must include the actions of the Energy and Natural Resources, the Department of Communications, also the Office of Emergency Planning within the Department of Defence and the Government Task Force on Emergency Planning, chaired by the Minister for Defence, just to mention a few.
In order to protect our sensitive personal and business data from cyberattacks, companies or government have to develop an effective cyber security strategy by implementing an Industrial Control System cybersecurity program and focusing on identified risks (such as undetected malicious software installed on a system); building a cross-functional cybersecurity team to manage the cybersecurity program; developing security policies specific to ICS devices and IT systems connected to the OT environment; understanding all connection between the IT and OT environments; applying controls to confuse or hinder attackers, performing production-system and network security reviews of the OT environment, developing training programs by linking safety with good cybersecurity customs; understanding the cyber security threat in accordance to the business operations of the organization; reducing adversary’s motivation and capability; establishing protective monitoring to prevent and deter the threat (e.g. in countering terrorism Improving knowledge, with the help of a crossgovernment programme of work, new structures), and the list of must-actions may continue.
Thereby, the Government has to establish a multi-agency unit (the Cyber Security Operations Centre), to spend a certain budget, to monitor developments in cyber space, analyzing trends to improve technical feedback coordination towards cyber attacks.
CONCLUSION
The most sophisticated cyberattacks come not only from individual hackers, but also from established, developed states (with the help of the aforementioned social networks) in the sake of gathering information on government, banks, military, industrial, economic units through communication networks and different creative methods and techniques going beyond so-called traditional understanding and imagination.
Thus, an international and broad approach to digital security would lead to valuable use and protective effect. The business sector and government, as well as the OCS and Home Office must collaborate (in some case they do) in the name of securing and protecting products and society property. The rest depends on our mind, intellect and technological skills.
Elena Chobanian
Posted by
Thanks for the post admin, I love your blog.