Looking at tried-and-tested cybersecurity strategies is an integral part of any real business plan coming forward into the 2020 ‘cyber-war era. This is especially true in the last decade, where record levels of cybercrime have been recorded and thousands of businesses are falling to social engineering scams and blackmail ransomware scams. The world is increasingly dependant on the internet for fundamental daily conveniences, critical life services, and the survival of the global economic flow. First-world nations such as the United States, as well as some of the largest countries in the world like India and China, are heavily dependant on the internet infrastructure. Due to an exponential rise in internet access, internet usage, and enormous growth in the amount of networked (connected) devices during the past ten years, innovation and emerging technologies have taken the center stage in IT, communications, and technology. As the internet grows and expands, so does its nemesis – the various notorious cybercriminal organizations all over the world. The presence of cyber risk is, therefore, a very real concern. Threats are evolving as advanced nation-state cybercriminal groups, cyber-terrorism, blackhat hackers and social engineering fraudsters are becoming more sophisticated and merciless as each day passes. As more than half of the Earth’s population now relies on the internet, critical infrastructures have also become networked. This means that the delivery of essential infrastructure services such as transportation, water, health care, electricity and, finance are now highly vulnerable to cyber-physical incidents (e.g. hacked gas pipelines, government servers, and water systems).
What is more, the growing number of networked devices (like the billions of Android smartphones active globally) presents even more attack surfaces and vulnerable endpoints to breach for the cybercriminal. Global supply chains are at risk, which also means international and national cybersecurity surrounding trade is also at risk of potential cyber-attacks. With more than 20 billion devices connected to the internet (a Department of Homeland Security research statistic), the IoT (Internet-of-Things smart devices) industry is among those most at risk of disruption. Sophisticated threat actors are looking at exploiting victims on cyberspace motivated by ideological interests, politics, espionage, and last but not least, financial gain. The threat landscape has become very diverse, including both state and non-state actors, both of which are equally as dangerous to the stability of global cyberspace. The DHS has reported that the cyber incidents have grown ten times between 2006 and 2015. Another fact that facilitates cybercrime is the fact that cyber tools (hack tools) are broadly available at an affordable cost. The dark web, or the anonymous part of the web, also facilitates the very convenient sharing and proliferation of cyber tools (such as malware kits and ransomware kits) that can fall into the wrong hands. The fact that blockchain technology also facilitates the anonymous transfer of finances does not make it easier on global cybersecurity either.
For all of these reasons stated above, it is really important to look at what cybersecurity strategy is, and which ones have been proven to be helpful in the fight against cybercrime.
What is a Cybersecurity Strategy?
Cybersecurity strategy is the leveraging of resources and capabilities on an organizational or national level to create a sound cybersecurity framework that ideally keeps most cybercrime at bay. These strategies are the cornerstone of the cybersecurity industry where the implementation of best practices either for the individual, organization, or nation are evaluated and applied. Such practices can change and evolve as cybercriminals also adjust their strategies all the time. It is important to lay good groundwork and foundations with such strategies and implement security from the ground-up. Solid contingency plans further consolidate any good cybersecurity strategy. Cybersecurity strategies can be very simple as well as extremely complex. Organizations and governments must tailor a cybersecurity strategy that best fits their purposes, needs and approaches. There are several cybersecurity (data protection, privacy and data integrity) regulations and frameworks that have been instated in first-world nations and unions. These regulations play a key part in global cybersecurity strategy. The EU’s GDPR and the United States’ CCPA are key examples of such an approach. The EU’s GDPR requires the following according to RSA: “The GDPR requires organizations to know exactly what, when, and where they are collecting information from covered persons, processing the information, storing the information (and how long), and sending information to others, including across borders. Moreover, all of this has to be sufficiently documented, the risks assessed, and approproatie technical and organizational measures implement to bring residual risk within tolerable levels”. As for the U.S.’s CCPA, the following measures have been stated by Orionrisk; “Additionally, on January 1, 2020 the California Cyber Protection Act (CCPA) became effective. CCPA created the nation’s most far-reaching data privacy law, enabling California residents to have more control over their personal information. The regulations include certain provisions and penalties for any breach of that information. Now is a crucial time to concentrate on creating an effective cybersecurity strategy that maximizes protection and minimizes risk.” Both of these globally recognized regulations are an integral part of cybersecurity strategy.
Types of Cybersecurity Strategy
There are different approaches to cybersecurity strategy, and it is important to mention two real-world examples of tried-and-tested cyber-strategy such as the step-by-step U.S DHS and GDPR cybersecurity strategies which are as follows;
- Risk prioritization
- Cost-effectiveness
- Innovation and agility
- Collaboration
- Global Approach
- Balanced equities
- National values
In Europe, The European Commission and the High Representative of the Union for Foreign Affairs and Security Policy cybersecurity strategy is as follows;
- Resilience, technological sovereignty, and leadership
- Operational capacity to prevent, deter and respond
- Cooperation to advanced a global and open cyberspace
Both approaches are very similar, with small differences. The EU’s new Cybersecurity Strategy for the Digital Decade, for example, is a part of ‘Shaping Europe’s Digital Future’ the ‘Recovery Plan for Europe’, and ‘the Security Union Strategy 2020-2025’. All cybersecurity strategies and regulations are based on real-world threats and are structured around protecting the individual, the SMB, the largest organizations, and finally entire nations from cyber threats;
- Phishing attacks and targeted spear-phishing campaigns
- Nation-state advanced persistent threats (APTs)
- Ransomware
- All types of denial-of-service (DoS) attacks
- Financial disruption
- IoT security vulnerabilities
Another example is the ANSI (American National Standards Institute). This institute has outlined 50 questions in a cyber awareness guide which include; determining any financial impact, re-evaluation of resources, forecasting vulnerabilities, testing scenarios, continuity plans, vendor access, disposal of legacy technologies, physical security, and many more.
Best Practices in Cybersecurity
The financial impacts of insufficient cybersecurity strategies are shocking. Trillions of dollars in damage have been accrued in the last decade from cyber attacks, as a result of weak or non-existent cybersecurity mitigations. A cybersecurity strategy is not something the industry at large had to think about until rather recently, and adding this to any security framework takes up financial resources, time and requires training and education. In general, a sound foundation for any cybersecurity strategy includes the following approaches and practices;
- The initial step for any cybersecurity strategy framework is to assess the possibility of a cyberattack and consequent vulnerabilities
- Subsequently, Identifying and protecting the most sensitive and valuable information, such as personal information is crucial
- Before implementing any safeguards, it is critical to establish a secure backup process for all data
- After establishing a backup process, the next step is to mitigate (resolve) any risks by establishing security safeguards
- Once the mitigation tools are established, it is on to cybersecurity training and education for the workforce
- Finally obtaining cyber-insurance against cyber risks, especially for SMBs, is a must
It is a fact that most organizations at this point are not ready with a solid cybersecurity strategy and cyber-awareness plan. In fact, most organizations go with a ‘reactive’ plan as opposed to a ‘proactive’ plan simply because fewer resources, time and disruption take place to the already established work process. Industry reports show that around 70% of organizations do not have a proactive plan in place and 56% know that they have gaps in their cybersecurity. What is more, 40% do not monitor, audit, or track ‘IT security posture’ at all. However, more and more organizations and institutions are quickly changing their minds, in light of recent cybercriminal attacks, and securing their organizations the right way.
According to AT&T Cybersecurity, the benefits of a ‘proactive’ cybersecurity strategy that manages risk well are;
- Drastic improvements in incident prevention, response, and detection
- Allows an organization to understand its high-risk areas
- Alligning cybersecurity with the business vision
- Compliance with regulations such as GDPR, CCPA, NIST, ISO, HIPAA, and more
As emerging technologies take the world into new frontiers, and the internet expands into every atom of life cybersecurity is only going to become more important every passing day. If regulations are instated on time, with nations collaborating against a common enemy, the future of cyberspace looks to be bright, innovative and will evolve our species to new heights. The adverse would be that not enough resources are given to cybersecurity, which may result in big blows to the economy and global distrust towards the internet sphere.