Equivalent to brushing your teeth or visiting the dentist periodically, cyber hygiene comprises basic critical security controls which should become routine procedure in every company or organization says Jane Holl Lute, Director of the Washington based Center for Internet Security (CIS). During her intervention at the second International Cybersecurity Conference, which took place on the eve of the 52ndMunich Security Conference (MSC) in Munich, Germany, Mrs. Lute laid out some principle steps on how to improve cyber readiness for any private or public entity. From taking inventory of your hard- and software to limiting administrative permissions or automating network monitoring they should help to ward off the majority of cyber-attacks. Because to know what´s connected to the networks and what is running on them is critical for setting up cyber defenses.
The Security Network Munich – a dedicated research and development platform for information security experts from industry and academia- organizes once a year a gathering where decision makers from politics and business discuss and exchange views on how to tackle cyber risks.
One key topic of this year´s conference was Risk Management and the role of Management Boards in defining a cybersecurity strategy as part of their core responsibility. Experts and Executives from the financial services sector – one of the most targeted sectors by cyber criminals- highlighted approaches and best practices in their effort to protect customers and services from cyber attacks. Representatives from Bundesbank, Deutsche Bank, Allianz and Microsoft offered insights on the evolution of cyber risks (an underground business world based on principles of supply and demand with service portfolios just like in the normal business world) leading to the picture of an arms race between attackers and defenders but also urging the need to share instantly incidents and vulnerabilities within the business community, including government agencies. This would break the scalability of attacks and make them economically less attractive for criminals.
Tom Koehler, a leading cyber security expert with EY, underlined the importance of Risk Management and Governance on the Board level by pointing to recent results of an Information Security Survey where 88% of the respondents believed of not meeting their organization´s needs in information security.
In an ever more intertwined and connected globalized business world, the competition between the national economies is increasing. While spying on government agencies and secrets was kind of accepted as a legitimate way of pursuing national interests, the same cannot be said for spying on business secrets. Jobs are at stake and any effort to steal business or technical know-how is unacceptable, especially in the West, though other states may have differing views. This leads to tremendous efforts by nation state sponsored groups to penetrate the lucrative corporate world in their plight for advancing their economies explains Robin Niblett, Director of the Chatham House think tank in the UK.
The forum of nearly 200 executives, experts and law makers looked for possible answers on the afore mentioned threats. Executives of DCSO, Infineon, KUKA Robotics, Giesecke & Devrient and Huawei offered advice on how to safeguard digital identities and protecting critical data. For instance by using advanced authentication methods involving multiple credentials instead of the still so prevalent but not sufficiently secure username and password. Privacy is very important for users of digital services. The protection of personal data now and in future was one of the main topics in a panel discussion moderated by Prof. Manfred Broy, president of the newly founded Center Digitisation.Bavaria (www.zd-b.de). Bavarian legislator Markus Blume suggests a public debate on how such sensitive data shall be used and what legal restraints should be put in place to find the right balance of privacy in an internet based economy, where business models are essentially based on data.
Prof. Axel Stepken, CEO of Tuev Sued, closed the forum by encouraging the audience to engage in creating and managing an effective cybersecurity plan because only those deemed capable of managing the risks will be trusted as business partners in a digital economy.