Cybersecurity: Risks, Mitigation and Collaboration
Today’s cyber ecosystem represents diverse participants including multi-national corporations, private firms, NGOs, governments, and individuals. Intelligent adversaries exploiting vulnerabilities in any part of this ecosystem, create incidents that rapidly propagate to unsuspecting members. The World Economic Forum’s “Global Risks 2012” identified cyber attacks as the fourth most likely risk on its top 50 list. It also identifies “the dark side of connectivity” as one of three risk cases that describe the links across the many risks. Corporations and governments alike face risks ranging from denial of service attacks from activists to advanced persistent threats involving government sponsorship. Cybersecurity must address these threats by providing innovative solutions to ensure uninterrupted communications, service availability, and protection of critical corporate or government information and infrastructure.
In this workshop, we discussed what this means for corporations, seeking to address how we each see these challenges, and what we are doing to mitigate them. Specifically, we addressed questions such as:
- What does the cyber landscape look like for corporations? How different is it than three years ago? What are the trends we each see and how do they fit together?
- What are you most concerned about for your corporation? Denial of service? Mobile connectivity? Advanced persistent threats? Industrial espionage? Security of industrial control systems? Comprise of financial or payment systems?
- What are the particular cyber risks emanating from the hyper-expansion of mobile connectivity? How are you dealing with BYOD? What directions are you headed with mobile device management (MDM)? Is your corporation developing mobile apps, and if so, what particular concerns does this raise?
- What are the cyber vulnerabilities that result from all the outsourcing, partnering and cloud-storing we do? What about the increased collaboration with customers?
- What are you doing to mitigate the cyber threats you see for your firm and its extended enterprise? Do you do modeling and analysis? Cyberforensics? How are such efforts integrated into your security organization?
- What expectations do we have from government? How are they being met? Are they realistic?
- What should public-private partnerships look like in this space? What about corporate information sharing networks?
- How should international governments and multinational corporations collaborate to address this borderless threat?
Special thanks for support and sponsorship of this event go to Cisco Systems.