A Collaborative Approach to Cybersecurity
Check out this example of a more collaborative approach to cybersecurity.
Join the DZone community and get the full member experience.Join For Free
Recent data from security firm LogRhythm highlights the long way most companies still have to go before their cybersecurity is up to scratch. In their survey of 1,500 IT professionals, they found that just 15 percent were confident in their organization’s cybersecurity capabilities.
“These results are worrying as whilst firms have expressed concerns about the regular occurrence of data breaches hitting today’s headlines, it seems like there’s still a long way to go when it comes to addressing their own cybersecurity capabilities,”LogRhythm say. “Today’s hackers are smart, creative, and persistent enough for even the most well-equipped business to be compromised. Having the most up-to-date, sophisticated tools in place is key in combatting modern-day threats.”
While the study cites things like the need for automation to tackle the ever growing speed and complexity of threats, something they neglect to mention is the need for cooperation across the industry. That is exactly the rationale behind the creation of the Charter of Trust by German industrial giant Siemens. The charter, which was originally formed with nine members, has recently grown to 16, including AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total, and TÜV Süd.
“In the age of the Internet of Things, the Charter of Trust is a very important first step,” Siemens say. “We’re open to many more partners, making the real and digital worlds safer places for all of us. Cybersecurity is the key enabler for successful digital businesses. We hope that this initiative will lead to a lively public debate on cybersecurity and, ultimately, to binding rules and standards.”
One of the first areas tackled by the consortium has been on improving the security of supply chains, as these now represent approximately 60 percent of cyberattacks. The group has established baseline requirements that can be implemented throughout the digital supply chain. These requirements include a range of things, from people, process, and technology, and include:
- Data shall be protected from unauthorized access throughout the data lifecycle.
- The appropriate level of identity and access control and monitoring, including third parties, shall be in place and enforced.
- A process shall be in place to ensure that products and services are authentic and identifiable.
- A minimum level of security education and training for employees shall be regularly deployed.
The consortium is aiming to develop a risk-based methodology that will allow them to implement these requirements in their own supply chains, with their supply chain partners fully involved in the process. They have also developed ambitious goals for the coming year, with a particular focus on establishing cybersecurity by default, and improving education to ensure the skills are available in the marketplace.
With cybersecurity costing up to 500 billion euros in losses around the world last year, it’s clear that a coordinated and concerted effort is long overdue. Whether the Charter of Trust can crack the nut remains to be seen, but taking an industry-wide approach has to be commended.
Published at DZone with permission of Adi Gaskell, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.