Concepts like cyber warfare, cyber terrorism and cyber crime are becoming more and more common in our lives, not anymore relegated to IT people’s vocabulary. Who will win the chase for cybersecurity? And how to win that chase? The answer is the most “social” ever.
Nowadays human beings’ life depends on information and communication technology. Not just economy and finance, as most of media say. Any kind of interaction among people in most cases depends on that.
Work, production of goods and services, administrative tasks depend on that.
Financial transactions depend on that.
Transportation and highways’ safety depend on that.
Even healthcare depends on that.
And driving a car, booking a holiday or a restaurant or a flight, researching more information about any kind of subject… well, hundreds and hundreds more things, actions, thoughts depend on that.
Some people are perfectly aware of how their special talent in mastering software, networking, communication can give them a dramatically powerful weapon to damage or disrupt and kind of computer resident information, or, even more often, threaten to do so to blackmail other people or even governments or corporations.
Against these people and their actions, governments, international agencies, communities of States as the EU, associations of companies keep on striving to tackle these cyber attacks and possibly win over them.
It actually looks like a never-ending chase in which either parties run after the other’s last minute achievements, findings and countermeasures.
In the current interconnected world, we can even say that cybersecurity is one of the most “social” issues ever: no one is immune, no one should forget that the relief expression “thank goodness! It was not me!” may no longer be applicable in this case.
It has been not too long since the US in 2015 issued the Cybersecurity Information Sharing Act (aka CISA) and nevertheless in late 2016 several federal regulators as the Department of Treasure, Federal Deposit Insurance Corporation and Federal Reserve gave birth to an Advance Notice for Proposed Rulemaking (ANPR) addressing “enhanced cyber risk management standards for large and interconnected entities under their supervision and those entities' service providers”.
The purpose is to define enhanced standards able to ensure the financial industry’s resilience to cyber-attacks and reduce the impact of such attacks on the financial system.
The Incident Life Cycle
Deterrence => Avoidance => Prevention => Detection => Reaction => Recovery
In my opinion as in many others', a modern cybersecurity system should rather focus on promptly detecting attacks and threats than just preventing them. It is quite impossible to eliminate any breakthrough point an attacker may exploit to get into a system. I do not mean that detection (an ex-post action) should replace prevention (an ex-ante action), but rather be added to it in order to increase the overall defense capabilities.
In this scenario, a cycle made up with analyzing, auditing, detecting and preventing is an example of a sound and effective protection life cycle approach.
Analysis: an in-depth, comprehensive phase, oriented to investigating cause-effect relationships, that is not only cyber threats and their impact, but also criticalities some even unknown risks of intrusion may arise from.
Audit: mixing human-sourced information with KPI’s directly and systemically coming from IT systems. Because not always it’s enough to control hardware and software, people should be controlled too.
Detection: capable to provide defenders with complete information about any attacks: where, when, why they have overcome the defenses, what their nature, probability and impact are; in this perspective, the outcomes of the previous phases will prove vital to define the most comprehensive, accurate and sensitive set of alerts possible
Prevention: at this point, on the feedback path, once the threat or even the attack has been detected and the relevant alerts have been ignited, systemic countermeasures can be activated thus preventing similar intrusions from occurring again in the future. Information gained this way about the threat/attack itself can go back to the analysis phase increasing the whole cycle’s self-learning ability and ultimately its protection effectiveness.
This is a necessarily brief synthesis of the approach we are following in defining our cybersecurity focused risk management systems.
You may want to learn some more details about our models: so feel free to ask, you only need to post a comment to this article, or send us an email.