Page 84 - Cyber Defense eMagazine April 2023
P. 84

the Security Legislation Amendment (Critical Infrastructure Protection) Act in 2022 providing additional
            obligations and guidance for critical entities.

            All these activities demonstrate how nations are taking concerted measures to address growing cyber
            threats  to  critical  infrastructure  industries.  Some  governments  are  also  engaging  and  seeking
            international partners to develop mechanisms to share learnings and improve collaborative action.



            How to transform cyber resilience into a global team sport?



            The dependency on the digitalization and connectivity of critical infrastructures is growing exponentially
            and  so  are  the  risks.  At  the  World  Economic  Forum,  multistakeholder  communities  have  been
            collaborating to take global action at both an industry and cross-industry level to strengthening cyber
            resilience.

            Independent of the industry, there are three key actions that would help organizations and ecosystems
            strengthen cyber resilience.



               1.  Make cyber a business imperative while capitalizing on digitalization.

             Businesses are moving towards more digitalization, connectivity and emerging technologies for strategic
            and competitive value. These drivers, along with the growing sophistication of cybercriminal operations,
            increase the risks and the potential impact of a cyberattack. It is important, therefore, to ensure that cyber
            resilience is part of the business strategy from the outset. To that end, business executives need to
            recognize and understand the associated challenges in order to apply correct prioritization and mitigation
            actions  to  capitalize  on  the  business  benefits.  Organizations  should  establish  a  comprehensive
            cybersecurity  governance  model  while  leveraging existing  global  frameworks  and  standards,  build  a
            holistic view of the ecosystem and its broader impact, and ensure that resilience and security by design
            is embedded in operations and business decisions.



               2.  Embed cybersecurity in the organization’s DNA

            To achieve this, organizations need to cultivate a cybersecurity culture in the workplace at all levels –
            from operations to leadership. At the leadership level, cyber leaders should proactively communicate with
            executives and the board to convey cybersecurity as a business imperative and strategic priority. Cyber
            practitioners  should  communicate  in  business  terms  rather  than  confusing  executives  with  technical
            jargon. The leadership should also understand that organizational cybersecurity is a shared responsibility
            guided and coordinated by the chief information security officer and, as such, is not the responsibility of
            any single individual. At the employee level, a cyber-aware culture can be promoted through periodic
            training and cybersecurity campaigns to increase education and highlight secure procedures.






                                                                                                              84
   79   80   81   82   83   84   85   86   87   88   89