Cyber-attacks are costly, disruptive and pose a growing threat to businesses, governments and society. Fortunately, an arsenal of standards helps keep pace.
Cybercrime has increased. And as we enter the digital age, the era of the so-called fourth industrial revolution, it is becoming increasingly sophisticated and harsh, with serious consequences. As cybercriminals become more skillful, cybercrime has affected all of our lives somehow.
Cyber-attacks can include system and social media hacking, phishing attacks, malware, including ransomware, identity theft, social engineering, and denial of service attacks. This situation is painful both on a personal and financial level, causing countless damages and destruction, in addition to making society and citizens vulnerable. According to McAfee, the IT security software company, the cost of these cyber-attacks is on the rise, reaching approximately $1 trillion in 2020.
GLOBAL RISK ON THE RISE.
The COVID-19 pandemic has strengthened our growing dependency on digital systems, not surprisingly, the 2022 Global Risk Report once again included the threat of cyber security as one of the growing risks facing the world. Cyber security failures have become much worse and threaten long-term prosperity.
But how do you maintain a head start?
The construction of a good cyber-defence system and the anticipation of threats are key elements in the fight against cybercrime. But resilience and governance are not achievable without credible and sophisticated cyber risk management plans. “Cybercrime is a growing domestic and international phenomenon that affects businesses, governments and society as a whole. The scope and complexity of this criminal activity is significant, adverse consequences and the situation fades as cyber criminals operate, using technical infrastructure, across national borders,” says cybersecurity expert Dr Edward Humphreys.
Cybersecurity failures have grown substantially worse.
Accordingly, he adds, international cooperation is essential and international standards are essential for global protection. Mr. Humphreys refers to his many years of business experience. He is also a senior researcher with expertise in cyber risks. Safety and Cyber Psychology Research and ISMS Innovation Studies and the ISO/IEC coordinator for the managing working group, ISO/IEC 27000 development & maintenance, a family of Information Security Management Systems (ISMS) 27001 standards.
SOLUTIONS AND INSPECTIONS
International standards offer solutions, he says, allowing organizations to put in place frameworks and systems to assess and manage the situation – to protect information, secure applications and services, and the country’s infrastructure.
The first step in tackling cybercrime is to understand the risks you face and then decide what controls to put in place to mitigate these risks.
Humphreys promotes norms such as the ISO/IEC 27000 family, developed by ISO and the International Electro technical Commission (IEC), as a de facto choice for any organisation wishing to build robust solutions to cybercrime. The set of international standards specifies a management system that is part of the risk management process, which involves assessing risks and identifying the controls necessary to address them.
Humphreys reiterates that businesses must be prepared to deal with these attacks. “Cyberattacks can happen at any time and anywhere, and what is certain is that these attacks are certain to happen, but we can never be certain of the time and place” he says and what is certain is that these attacks will not be missed, but we will never know when or where,” he says.
This is a company that has a process for anticipating and identifying, detecting and reporting incidents and analyse those incidents to determine how to respond.” All this must be done quickly and in a timely manner to minimize the impact the incident could have.
Cyber-attacks can happen anytime, anywhere.
So how do companies become better prepared? When a company finds the presence of a malicious code attack or denial of service, the faster it responds with appropriate safety precautions. The greater the chances of limiting the spread of such attacks and limiting impact and damage.
And, as Dr Humphreys says, there are standards that help businesses to become ready and better prepared to respond, like ISO/IEC 27035 Incident Management Standard, ISO 22301 Business Continuity Management Standard and ISO/IEC 27031 ICT Readiness Standard.
In today’s uncertain world, cybercrime can have dire financial consequences, disrupt business activities and national infrastructure, and affect citizens and society. For example, an attack against one part of a supply chain can spread, disrupt and damage other parts of the supply chain. To encourage safer and more resilient cybersecurity systems. According to Humphreys, managing a supply chain is a good example of when collective action is required in all parts of the chain to keep it safe.
He further adds, there are standards which help in the security of the supply chain, such as ISO 28000 and ISO/IEC 27036. Collective measures are also necessary in a variety of scenarios that involve business relationships and communications with other organizations. There is a set of management standards that will help build resilience to disrupt operations and ensure survival and the governance system. These include ISO 22301 (BCMS) and ISO/IEC 27001 (ISMS) and ISO/IEC 27014 (Information Security Governance).
Considering the growth and reliance of firms on connectivity, the infrastructure to support it and the use of the Internet and mobile devices. There is an even greater need for the system to be secure and resilient. Humphreys recognizes that standards must evolve to keep up with rapid advances in technology. The third edition of ISO/IEC 27002, for instance, was released in the first quarter of 2022.
This high-level standard focuses on information security controls and has been updated to reflect technological advancements, developments and business practices, as well as new legislation and regulations.
In 2021, he says, there were many other developments in standardization, including the security and privacy of the Internet of Things (loT), the security and protection of big data, the security and confidentiality of artificial intelligence, and the protection of biometrics. All these elements are complemented by up-to-date technical specifications such as ISO/IEC TS 27570, which provides guidance on the protection of the confidentiality of the smart cities ecosystem, and ISO/IEC TS 27100, which describes how to build or improve robust cyber systems to protect against cyberattacks. The comprehensive ISO/IEC 27000 family of standards and these technology-based specifications are the basis for building and managing a safe future.