Through a presidential commission and executive order, the presidencies of the former and current administrations have been linked in a shared effort to bolster our nation’s cyber security.
The report deftly set the stage for modern cyber risk management, but there is also a need to turn recommendations into practical applications that businesses of all sizes can implement.
On May 11, 2017, President Trump issued an executive order on “Strengthening the Cyber Security of Federal Networks and Critical Infrastructure.” This came on the heels of a commission issued by President Obama on enhancing national cyber security. With the increasing concentration and sophistication of cyber attacks, it is not surprising that cyber risk prevention and mitigation is being consistently raised to the executive level of concern.
The Commission on Enhancing National Cyber Security (Commission Report) resulted in 100 pages worth of assessment and recommendations in the form of six imperative next steps. The report deftly set the stage for modern cyber risk management, but there is also a need to turn recommendations into practical applications that businesses of all sizes can implement.
An initiative has since been launched to fulfil that need.
As of July 19, 2017, the Cyber Readiness Institute (CRI) launched to focus on key issues that the private sector can advance that were recommended in the Commission Report. The Cyber Readiness Institute is a joint initiative by two nonprofit, nonpartisan organizations, The Center for Global Enterprise (CGE) and the Center for Responsible Enterprise and Trade (CREATe.org).
The Institute has its sights set on developing cyber security content and tools designed to help secure global value chains. These resources will be developed through collaborative information sharing between global thought leaders.
Subscribe: Get the Ethics & Compliance Matters Blog in Your Inbox
A Focus on Small & Medium-sized Businesses
As a strategy to strengthen global security, the Cyber Readiness Institute is prioritizing the security of small and medium-sized businesses. Just as 21st-century cyber risk stretches across the people, processes and technologies within an organization, it is also not limited to a single threatened organization, but stems across all the individuals and organizations within a given value chain.
through the interdependencies that define supply chains, the security of global businesses rest on the security of small to medium-sized counterparts.
Global companies, including those whose CEOs are co-chairing CRI, Mastercard and Microsoft, have made significant investments in seeking to understand and implement the necessary personnel, budgets and resources to effectively manage cyber risk. However, these global companies are part of value chains that include a myriad of smaller businesses. Therefore, through the interdependencies that define supply chains, the security of global businesses rest on the security of small to medium-sized counterparts. These are the organizations that are more susceptible to cyber security breaches and therefore targets of attacks ultimately aimed at permeating an entire value chain.
Emphasizing Containment as well as Prevention
Education has always been and will always be key to preventing cyber risk. Proper education helps mitigate the impact of cyber attacks. However, cyber breaches will occur, and we need to be prepared to effectively mitigate damages.
“The challenge that we often have,” says Kiersten Todt, Managing Director of CRI and Former Executive Director of the Commission, “is that we think that a breach is a sign of failure. If we have that mentality, it’s like the Titanic – if we think we are never going to sink then when something does happen, we’re not prepared.”
The Cyber Readiness Institute will be working to promote a culture of security that ensures organizations are formidable against attacks but also agile enough to respond swiftly to mitigate the disruption of an attack.
To learn more about the Cyber Readiness Institute, please visit www.CyberReadinessInstitute.org.