Independent information security body, the ISF (Information Security Forum) is offering advice and guidance on cyberspace threats business leaders and information security professionals.
Its newly published report, Cyber Security Strategies: Achieving cyber resilience, comes at the problem from a risk vs reward perspective, and identifies key capabilities that manufacturers, along with any other business, need to adopt to increase their resilience to Internet threats.
"Business leaders recognise the huge opportunities and benefits cyberspace offers, in terms of increasing innovation, collaboration, productivity, competitiveness and customer engagement," observes Michael de Crespigny, CEO of ISF.
"Yet many are having difficulty determining the risk vs reward aspect, preparing for adverse surprises, and understanding that, with benefits come significant risks," he cautions.
In fact, ISF believes the step change in benefits from cyberspace has been accompanied by a step change in the profile and seriousness of the threats – driven primarily by increasingly organised hacker groups, criminal organisations and hacktivists, as well as the constantly evolving nature of the web.
"Based on insights from our global membership and research, our Cyber Resilience Framework identifies the key capabilities that organisations need in order to enhance their security posture and protect their business against ever-evolving cyber threats," states De Crespigny.
The report highlights 10 key findings:
First, benefits of cyberspace are immense, as are the risks – the more successful you are in cyber space the greater the impact of risk.
Second, organisations must embrace uncertainty and develop cyber risk resilience.
Third, malspace is a global industry that has evolved to facilitate cyber crime.
Fourth, impacts from cyber threats can have a very long and disproportionate risk tail.
Fifth, hacktivism presents significant threats to the organisation, not just its information security.
Sixth, cyberspace vastly increases information security risk.
Seventh, information security is fundamental and more important for security in cyberspace.
Eight, the complexity of cyberspace enables threats to combine quickly in unpredictable and dangerous ways.
Ninth, it is essential to collaborate, share intelligence and influence good practice across cyberspace.
And finally, cyber security is more than information security -- it's a business issue.