PROMISE: Our kitties will never sit on top of content. Please turn off your ad blocker for our site.
puuuuuuurrrrrrrrrrrr
Ann Brady
Published: Wednesday, May 25, 2022 - 12:01 Cybercrime is on the rise. And as we move deeper into the digital age, the era of the so-called Fourth Industrial Revolution, it’s also growing more sophisticated and severe, with serious consequences. As cyber criminals become more adroit, cybercrime has touched all our lives in one way or another. Cyberattacks can range from hacking into systems and social media, phishing attacks, malicious software including ransomware, identity theft, social engineering, and denial-of-service attacks. This is painful both personally and financially, causing untold damage and destruction, as well as leaving society and citizens vulnerable. According to McAfee, the computer security software company, the cost of these cyberattacks is increasing and amounted to about $1 trillion in 2020. With the Covid-19 pandemic having further embedded our growing dependence on digital systems, it’s not surprising that the Global Risks Report 2022 has yet again included the threat to cybersecurity as one of the growing risks facing the world. Cybersecurity failures, it says, have worsened significantly and threaten long-term prosperity. But how do we stay one step ahead? Building a good cyberdefense system as well as anticipating threats are key elements in the fight against cybercrime. But neither resilience nor governance is possible without credible and sophisticated cyber-risk management plans. “Cybercrime is both a national and international occurrence that is spreading with great speed, affecting businesses, governments, and society as a whole,” says cybersecurity expert Edward Humphreys. “The scale and complexity of this criminal activity has far-reaching and detrimental consequences, and the situation is blurred as cybercriminals operate, using technical infrastructure, across national boundaries.” As a result, he adds, international collaboration is essential, and International Standards are indispensable for global protection. Humphreys speaks from his many years of business experience. He’s also a senior research fellow specializing in cyber-risk, security and cyberpsychology research, and ISMS innovation studies, as well as the ISO/IEC convenor of the working group responsible for managing, developing, and maintaining ISO/IEC 27000, a family of standards on information security management systems (ISMS). International Standards provide solutions, he says, enabling organizations to establish frameworks and systems to assess and manage the situation—to protect information and secure applications, services, and national infrastructure. The first step in tackling cybercrime is knowing the risks you face and then deciding the controls that must be implemented to mitigate these risks. Humphreys points to standards such as the ISO/IEC 27000 family, developed by ISO and the International Electrotechnical Commission (IEC), as the de facto choice for any organization seeking to build robust solutions against cybercrime. The suite of International Standards specifies a management system that goes into the risk management process of assessing the risks and then determining the controls needed to treat them. “There are a range of standards supporting ISO/IEC 27001, such as ISO/IEC 27005 on information security risk management and the ISO/IEC 27003 implementation guidelines,” he says. “And there are many other standards that provide technical support for ISO/IEC 27001, for example, to secure networks and embed security features into technology, services, and applications.” Humphreys reiterates the need for companies to be prepared and ready to face these attacks. “Cyberattacks can take place anytime and anywhere, and what is certain is that these attacks are sure to happen, but we can never be sure when or where,” he says. “Being ready and prepared is an essential business activity for survival. It involves a business having in place a process to be able to anticipate and identify, detect, and report incidents, and to analyze these incidents to decide how to respond to them.” This all must be done in a quick and timely manner to limit the impact the incident could cause. So how can businesses be better prepared? Once a business detects the presence of a malicious code attack or a denial-of-service attack, the faster it responds with appropriate security measures, the greater the chance of limiting the spread of these attacks as well as limiting their effect and damage. As Humphreys says, there are standards that help businesses to become ready and better prepared to respond, such as the incident management standard ISO/IEC 27035, the standard for business continuity management ISO 22301, and the ICT readiness standard ISO/IEC 27031. In an already uncertain world, cybercrime can be financially devastating, disruptive to business operations and national infrastructure as well as citizens and society. For example, an attack on one part of a supply chain may spread, disrupt, and damage other parts of the chain. To foster more secure and resilient cybersecurity systems, Humphreys says the management of a supply chain is a good example of where collective action is needed across all parts of the chain to keep it secure. “Again,” he says, “there are standards that help with supply chain security, such as ISO 28000 and ISO/IEC 27036. Collective action is also needed in various scenarios that involve business relationships and communications with other organizations. There is a group of management standards that will help with building resilience to counter business disruption and ensure survivability and system of governance. These include ISO 22301 for business continuity management systems, ISO/IEC 27001 for information security management systems, and ISO/IEC 27014 for information security governance.” With the growth and dependency on connectivity for business, the infrastructure that supports it, and the use of the internet and mobile devices, there is an even greater need for system security and resilience. Humphreys acknowledges that standards need to evolve to match the rapid advances in technology. “The third edition of ISO/IEC 27002, for instance, was published in the first quarter of 2022. This high-profile standard deals with information security controls and has been updated to match the advancement in technology, business developments and practices, and new laws and regulations.” In 2021, he adds, there were many other developments in standardization, including internet of things (IoT) security and privacy, big-data security and privacy, artificial-intelligence security and privacy, and biometric information protection. All these are complemented by recent technical specifications such as ISO/IEC TS 27570, which provides guidance on smart-city ecosystem privacy protection, and ISO/IEC TS 27100, which specifies how to create or refine robust cyber systems to protect against cyberattacks. The complete ISO/IEC 27000 family of standards and these technology-focused specifications are the foundation for building and managing a secure future. First published May 4, 2022, on ISO News. Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types. However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads. So please consider turning off your ad blocker for our site. Thanks, Ann Brady is a contributing writer for ISO Focus of the International Organization for Standardization (ISO).Countering Attacks on Cybersecurity
Cyberattacks are costly and disruptive, but an arsenal of standards helps companies stay ahead of the game
A growing global risk
Solutions and controls
Being prepared
Collective action
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest Discuss
About The Author
Ann Brady
© 2022 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.