Building cyber capacity and resilience for our digital future
Our cyber resilience is only as strong as our people, knowledge, resources, and tools.
While cyber resilience is imperative for every government and business worldwide, the journey to resilience is never the same. It depends on what stage of the digital journey they are navigating, and often nations take a slightly different path.
But cyber threats rarely affect just one country - instead, they typically affect many different countries, each of which may have different cyber resilience capacities. Therefore, nations need to work together to protect governments, organisations, infrastructures and consumers.
Kaspersky Asia Pacific managing director Chris Connell notes that security challenges are putting pressure on resources, but investing in talent and promoting awareness and education amongst users are important ways of helping to reduce this pressure.
At an Online Policy Forum hosted by Kaspersky this month, Connell explained, “It is the responsibility of all governments and businesses to provide cyber training and education awareness. We are the sum of our joint efforts.”
There are three key ways to achieve cyber capacity building. The first is by bridging the skills gap. This means providing higher education institutions with resources to develop students’ critical cybersecurity skills.
Cyber Security Association of China secretary-general Li Yuxiao said on the Forum that resources should include data-driven exercises, and institutions should act fast to develop cyber capacity.
Another way to develop cyber resilience is to build trusted partnerships - for example, partnerships between INTERPOL and CERTs or industry.
INTERPOL cybercrime director Craig Jones explained that whilst there are gaps in law enforcement cyber capabilities and capacity locally and globally, cybercriminals can keep expanding their infrastructure and activities.
“To overcome this challenge, law enforcement must be a trusted partner beyond national borders and sectors. Being collaborative, inclusive and open will help us reduce the gaps, bridging the divides in capabilities and capacity.”
Data sharing is also important to building trusted partnerships. Li Yuxiao noted organisations must think beyond sector silos to exchange information if cyber defence is to be successful. However, as head of the department of cyber defence at Korea University, Professor Gabriel Kim Seungjoo commented, there are difficulties around data sharing.
“We talk a lot about partnerships but in reality it’s not so easy. Partnerships begin with the information sharing and data gathering. This is based on mutual trust between each country, organisation and so on, but it’s not an easy procedure for governments and companies to share data for education. We need to discuss effective information sharing systems and effective ways to establish mutual trust,” says Seungjoo Kim.
The third way to enable cyber resilience is through prioritisation. This means cybersecurity needs to be at the forefront of the agenda. For some nations, however, combating COVID-19 has set them back in terms of formulating or implementing their cybersecurity strategy, while some businesses still struggle to digitalise safely.
“The fight is not over, and we need to work together across borders and organisations to have the best shot at winning, together,” adds Connell.
To help businesses, government agencies and academia build cyber capacity and understand how to conduct security assessments of all ICT products they use, Kaspersky offers a Cyber Capacity Building Program.
The training program aims to help participants:
- Build capacity in companies, government organisations and academia to identify, evaluate and estimate risks related to external applications in their ICT infrastructure
- Manage identified risks and conducting an assessment of external applications for their integrity and security
- Form a list of requirements for external applications to minimise cybersecurity risks related to them
- Develop an understanding of industry best practices for building a secure ICT ecosystem with regard to external applications.
Previous participant CERT India director-general Dr Sanjay Bahl explains, “The topics covered in the program were very relevant to the participants and also provided them with valuable information and insights.
“I would like to appreciate the entire Kaspersky team who were behind this meticulously planned and well-organised program packed with quality content.
“The interactive sessions and the problems given to the participants clearly showed the dedication and the level of efforts taken by your team to organise this program.”