Mandatory Requirement on Business To Disclose Cyber Attacks

Government should introduce legislation forcing firms to inform shareholders when they have been hacked, says ex British Defence Minister Liam Fox MP

Companies that do not “come clean” about being the victims of cyber crime should face prosecution, according to former defence secretary Liam Fox.

Fox was speaking at the Royal United Services Institute (RUSI) in a lecture entitled, ‘The war of the invisible enemy’.

He believes the government should introduce legislation that makes it a legal requirement for companies to inform shareholders and other stakeholders when the organisation has been hacked.

The lecture was aimed at addressing the fact that society has to consider the whole range of cyber vulnerabilities as it becomes increasingly dependent on technology.

According to Fox, cybercrime, cyber espionage and cyber warfare are all part of the same continuum, which has substantial implications for national security.

He said organisations that leave themselves vulnerable to these activities make themselves part of a national security threat.

“On a security and defence level, it is clear to me that one of the greatest of these new threats is cyber crime – including cyber terrorism and cyber warfare,” Fox wrote recently in the Telegraph.

Writing on the same theme as the RUSI lecture, he said that, as society becomes more dependent on technology, everyone has become more vulnerable. “We are being drawn inexorably into the era of the war of the invisible enemy,” he wrote.

Against this backdrop, Fox told attendees of the RUSI lecture that it is necessary to develop proper cyber doctrine and persuade both the public and the military to spend more on the invisible technology that will protect us from some of these threats.  

Cyber security central to business

Fox called on all organisations to commit to greater cyber defence and transparency in the event of a breach.

Nicole Eagan, chief executive of security firm Darktrace said greater transparency is an important step in acknowledging the importance of improving the country’s resilience to cyber threats.

“Cyber security is a topic for businesses of all sizes and sectors and increasing awareness of the risks to business leaders is welcome,” she said. More than 70% of executives say their organisations do not fully understand the risks associated with data breaches.

  • Most large enterprises already know much of what they need to put in place to protect themselves against data breaches they just have not done it all.
  • Most large enterprises already know much of what they need to put in place to protect themselves against data breaches they just have not done it all.
  • The benefits of the digital world are central to modern business, said Eagan, and cyber security is fundamental to playing the game.

“It is impossible to guarantee that no attack can enter a company network and we recommend companies work on the assumption that there is always some level of hostile presence,” she said.

Eagan said businesses need to get smarter and break away from the legacy approach. “They should shift instead to a more realistic mindset that accepts there will be problems and that things will go wrong, but enables the swift adoption of effective strategies to address an ongoing and inevitable issue.

“Modern self-learning immune systems that look inside company networks can identify in-progress attacks and allow companies to respond before they become a business crisis. This is the future of cyber defence,” she said.

Mitigating the inevitable

Terry Greer-King, director of cyber security at Cisco UK and Ireland, said cyber attacks have become inevitable.

“It is critical that organisations protect the business and their customers by adopting an integrated, threat-centric security policy that addresses the entire threat continuum – before, during and after an attack,” he said.
    
Given the extent of the issue, Greer-King said businesses of all sizes need greater awareness of the current threat landscape to ensure they are prepared to protect against the risks.

“We welcome the call for greater disclosure around the number and severity of hacks taking place,” he said.

Collaboration between enterprises, government and law enforcement is vital to allow for efficient detection and remediation of cybercriminal activity, said Greer-King.

Proactively addressing cyber risk is crucial, he said, because Cisco research reveals 60% of data is stolen in the first few hours of an attack, while 50% of attacks manage to persist for months – if not years – without detection.

“This means that, by the time a company realises they have been breached, the damage has most likely already been done. Addressing the time it takes to detect an attack will have a huge impact on the severity of an attack – yet greater awareness and industry collaboration is needed to solve this.”

Discrepancy between protocol and trust

Greg Sim, chief executive of security firm Glasswall Solutions said Fox’s comments on the level of threat posed by criminal and state-sponsored hackers reflects what many in the cyber security industry already know to be true.

“Neither governmental legislation nor organisational protocol have been able to keep up with the level of trust we have placed in the security of our online infrastructure, resulting in an incredibly high amount of risk in regards to our personal data, finances and our nation’s security,” he said.

As has been demonstrated by data breaches such as the one at TalkTalk, Sim said cyber criminals are ready to exploit these shortcomings.

To stay one step ahead of the hackers, he said the time has come for businesses to change their mindsets to stop concentrating on detecting known threats to focus on validating “known goods’’.

“As cyber-security continues to rise up the boardroom agenda in 2016 – no doubt emphasised by inevitable high-profile breaches – expect to see more changes to legislation, corporate cultures and practices,” said Sim.

Computer Weekly

 

« Can the Warfare Concept Of Manoeuver Be Usefully Applied In Cyber Operations?
Drone Market Worth $14.9 Billion by 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Conference-Service.com

Conference-Service.com

Conference-Service.com provides a categorised calendar of conferences and events which includes Information Security.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Dice

Dice

Dice is a leading recruitment platform, helping technology professionals manage their careers and employers connect with highly skilled tech talent in specialist areas including cybersecurity.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

Seavus Accelerator

Seavus Accelerator

Seavus Accelerator's goal is to create an enabling and stimulating environment for start-ups growth and provide continuous high quality acceleration and investment support.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.

Cyber Grant

Cyber Grant

Cyber Grant excel in designing cybersecurity solutions for data protection. Our approach and vision, centered on ease-of-use, establish us as a benchmark in the industry for safeguarding information.