Mandatory Requirement on Business To Disclose Cyber Attacks

Government should introduce legislation forcing firms to inform shareholders when they have been hacked, says ex British Defence Minister Liam Fox MP

Companies that do not “come clean” about being the victims of cyber crime should face prosecution, according to former defence secretary Liam Fox.

Fox was speaking at the Royal United Services Institute (RUSI) in a lecture entitled, ‘The war of the invisible enemy’.

He believes the government should introduce legislation that makes it a legal requirement for companies to inform shareholders and other stakeholders when the organisation has been hacked.

The lecture was aimed at addressing the fact that society has to consider the whole range of cyber vulnerabilities as it becomes increasingly dependent on technology.

According to Fox, cybercrime, cyber espionage and cyber warfare are all part of the same continuum, which has substantial implications for national security.

He said organisations that leave themselves vulnerable to these activities make themselves part of a national security threat.

“On a security and defence level, it is clear to me that one of the greatest of these new threats is cyber crime – including cyber terrorism and cyber warfare,” Fox wrote recently in the Telegraph.

Writing on the same theme as the RUSI lecture, he said that, as society becomes more dependent on technology, everyone has become more vulnerable. “We are being drawn inexorably into the era of the war of the invisible enemy,” he wrote.

Against this backdrop, Fox told attendees of the RUSI lecture that it is necessary to develop proper cyber doctrine and persuade both the public and the military to spend more on the invisible technology that will protect us from some of these threats.  

Cyber security central to business

Fox called on all organisations to commit to greater cyber defence and transparency in the event of a breach.

Nicole Eagan, chief executive of security firm Darktrace said greater transparency is an important step in acknowledging the importance of improving the country’s resilience to cyber threats.

“Cyber security is a topic for businesses of all sizes and sectors and increasing awareness of the risks to business leaders is welcome,” she said. More than 70% of executives say their organisations do not fully understand the risks associated with data breaches.

  • Most large enterprises already know much of what they need to put in place to protect themselves against data breaches they just have not done it all.
  • Most large enterprises already know much of what they need to put in place to protect themselves against data breaches they just have not done it all.
  • The benefits of the digital world are central to modern business, said Eagan, and cyber security is fundamental to playing the game.

“It is impossible to guarantee that no attack can enter a company network and we recommend companies work on the assumption that there is always some level of hostile presence,” she said.

Eagan said businesses need to get smarter and break away from the legacy approach. “They should shift instead to a more realistic mindset that accepts there will be problems and that things will go wrong, but enables the swift adoption of effective strategies to address an ongoing and inevitable issue.

“Modern self-learning immune systems that look inside company networks can identify in-progress attacks and allow companies to respond before they become a business crisis. This is the future of cyber defence,” she said.

Mitigating the inevitable

Terry Greer-King, director of cyber security at Cisco UK and Ireland, said cyber attacks have become inevitable.

“It is critical that organisations protect the business and their customers by adopting an integrated, threat-centric security policy that addresses the entire threat continuum – before, during and after an attack,” he said.
    
Given the extent of the issue, Greer-King said businesses of all sizes need greater awareness of the current threat landscape to ensure they are prepared to protect against the risks.

“We welcome the call for greater disclosure around the number and severity of hacks taking place,” he said.

Collaboration between enterprises, government and law enforcement is vital to allow for efficient detection and remediation of cybercriminal activity, said Greer-King.

Proactively addressing cyber risk is crucial, he said, because Cisco research reveals 60% of data is stolen in the first few hours of an attack, while 50% of attacks manage to persist for months – if not years – without detection.

“This means that, by the time a company realises they have been breached, the damage has most likely already been done. Addressing the time it takes to detect an attack will have a huge impact on the severity of an attack – yet greater awareness and industry collaboration is needed to solve this.”

Discrepancy between protocol and trust

Greg Sim, chief executive of security firm Glasswall Solutions said Fox’s comments on the level of threat posed by criminal and state-sponsored hackers reflects what many in the cyber security industry already know to be true.

“Neither governmental legislation nor organisational protocol have been able to keep up with the level of trust we have placed in the security of our online infrastructure, resulting in an incredibly high amount of risk in regards to our personal data, finances and our nation’s security,” he said.

As has been demonstrated by data breaches such as the one at TalkTalk, Sim said cyber criminals are ready to exploit these shortcomings.

To stay one step ahead of the hackers, he said the time has come for businesses to change their mindsets to stop concentrating on detecting known threats to focus on validating “known goods’’.

“As cyber-security continues to rise up the boardroom agenda in 2016 – no doubt emphasised by inevitable high-profile breaches – expect to see more changes to legislation, corporate cultures and practices,” said Sim.

Computer Weekly

 

« Can the Warfare Concept Of Manoeuver Be Usefully Applied In Cyber Operations?
Drone Market Worth $14.9 Billion by 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Shift5

Shift5

Shift5 focus on securing operational technology (OT) by building best-in-class, dual-use products serving military and commercial entities.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions is a leader in the design, manufacture, testing, and support of hardware and software solutions for the embedded computing market.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.

Post-Quantum Cryptography Alliance (PQCA)

Post-Quantum Cryptography Alliance (PQCA)

The alliance seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.

SafeAeon

SafeAeon

SafeAeon is a leading Cybersecurity-as-a-Service provider, offering 24x7 premium Managed Security Services with AI-powered and Human-driven 24x7 SOC.