Today’s threat landscape in cyberspace is dynamic, and we need to be candid and coordinated to keep pace as mobile technology evolves at unprecedented rates. While rapidly changing technology ultimately gives us more power in the digital world, it also makes our systems more vulnerable as they rush to market; and as hackers develop more sophisticated tools to penetrate security measures designed to protect us.
No individual company or enterprise is fully equipped to navigate the perils of cyberspace anymore. Our global digital infrastructure — the Internet — connects all entities including governments, businesses, and individuals, and leaves us exposed to our weakest links. This integrated threat landscape has required governments and organizations to develop a nationally integrated response to address cybercrime – starting now.
(This article is by Jeffrey Bleich, former U.S. Ambassador to Australia, and a partner at Dentons law firm. An advisor to the U.S. government under President Obama on cybersecurity, Bleich wrote this article for The Australian newspaper.)
Recently, I attended a ‘Think Tank’ hosted by BlackBerry in Sydney, Australia, with a group of experts and executives from business, government and security backgrounds. We discovered that while we recognized the same threats, we lacked a nationally integrated response. We identified areas of overlapping responsibility between governments, private enterprise and industry bodies, and even some available solutions and bodies to address them. But we also acknowledged that there had been too little formal information-sharing within and between sectors to make a difference. While bad actors are getting better at sharing information and distributing malicious code through the deep web, businesses still tend to guard their knowledge from one another and from regulators. Business is looking for clear direction in terms of what an organization should do to defend itself, how they can coordinate safely against common threats, and where the government’s role begins and ends.
Traditionally, ongoing collaboration within industries or across sectors has been a challenge. Companies within an industry have been reluctant to disclose information about a security breach for fear of conceding a competitive edge. Companies have been reluctant to share information with the government for fair of incurring liability, onerous regulations, or inviting lawsuits. However, with the recent passing of mandatory data breach notification laws in the Senate, Australia could soon follow the path of some U.S States where organizations must reveal if their systems are compromised. The truth is that failing to share information poses a much greater risk. Whenever one company experiences a breach, consumer confidence falls in all companies. In addition, by not sharing information, companies inevitably lack the knowledge they need to avoid or patch vulnerabilities and enlist the resources to locate and punish bad actors.
By changing the mindset that has inhibited enterprises from sharing information about cyber-threats and solutions, we could all make cyberspace safer, and reduce the impact of any breach. For me, the first step is for the private sector to be candid about the risk, and develop a communications plan as part of their Incident Response Plan.
Recent findings from a research study by Telsyte found only half of Australian organizations are well prepared to quickly communicate internally in times of crisis. They have made virtually no provision for external communications — to customers, regulators, or trade associations with common interests in responding to cyber threats. Unfortunately, only 10% of organizations said they had increased their spending on crisis communication during the past two years, while 48% had made no investment or disregarded the need for better communications tools. By refocusing an organization’s priorities to include the need for enhanced communications around security threats, they will be better prepared in a crisis, and more importantly, may prevent a crisis from happening at all.
Next, we need to improve the dialogue between government agencies and the private sector, particularly in the area of breach reporting. Although some industry bodies have formed that focus on preventing security breaches, these groups have not been well-coordinated with the public sector. That has to change, both for their own protection and for the security of the nation. The foundations are there, but industry should work with government to establish a single administrative head responsible for maintaining consistent and effective communication flows. The United States has recently shown leadership in this by establishing that role within the Department of Homeland Security.
All in all, digital technology has given us unprecedented ability to stay connected and to improve our security — whether it is rapidly accessing vital medical information, locating a missing loved one, identifying a threat, or capturing a criminal. But this same life-saving technology can also imperil us if we do not cooperate. While it will require some work to develop a nationally integrated response, there is no choice but to make that effort. Within Australia, we are fortunate to have the basic collaborative foundations in place. All that remains is the will to act.
To learn more, download the below white paper from BlackBerry’s SlideShare channel: Is Your Organization in Crisis?