Making transparency a norm in cybersecurity

2021-06-03 05:24

The general lack of transparency around cybersecurity continues to be one of the largest factors holding back the combined ability of the public and private sector to truly defend against the impact of cyberattacks.

In terms of the latter, practitioners have established guardrails around the truly useful information that can be safely shared without impact to company brand or strategy; collaborators respect the fact that any information shared should only be used in support of bettering their company's program and capabilities.

Why? Because most companies and their leadership remain concerned that reporting an incident to law enforcement could lead to one of three outcomes of concern and potential business impact: the incident could become public, law enforcement may slow down the ability for the company to recover operations or the need to pay ransoms to recover operations, and/or data may result in downstream penalties.

The impact associated with failing to report such attacks to law enforcement is broad. The less information shared with law enforcement regarding cyberattacks experienced by a company, the more likely it is that the bad actor will operate unopposed for years.

The larger impact comes in the lack of awareness among industries, companies, and their senior most leaders in regard to the actual threats and types of attacks that are having a material impact on other companies considered to be their peers.

Though the cybersecurity executive order will likely have the single largest impact on our ability to truly deliver on this partnership and the beneficial outcomes that we've just discussed.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/o5ztb93jfhc/

#cybersecurity