In an initial report BAE gathered a range of voices, from technology businesses to cybersecurity analysts, to propose an alternative to the current security climate.
Commenting in the report Professor Alan Woodward Surrey Centre for Cyber Security Surrey University notes that: “There has been a rise in the number of ransomware and malware attacks, largely due to the emergence of cybercrime as a service.”
“You no longer have to be adept at cybercrime to carry out an attack; you can simply pay someone else to do it for you.”
“Rather than focusing on individuals, criminals will increasingly target data hubs – places where they can scoop up lots of information and get away with it quickly.”
Andrzej Kawalec CTO, Head of Strategy and Innovation for Vodafone Enterprise Security Services adds: “A lot of traditional criminal gangs and cartels are moving into cyber crime due to lower risk and higher value opportunities.”
“This has resulted in the creation of hybrid criminal gangs – established organised crime and drug cartels working with cyber experts to circumvent security measures,” he added.
Three Pillars of collaboration
BAE Systems has outlined three pillars in its manifesto that it hopes to achieve by 2025.
The first is collaboration: it wants organisations to work together in addressing cybersecurity events and to share information of breaches rather than contain them internally.
This would require large enterprises to share knowledge, expertise and resources openly: “For this to become a reality, we must build radical trust among businesses that until now have viewed each other in adversarial terms,” the report states.
The second pillar revolves around changing the mindset of how we react to cyber-attacks. The current system is to forewarn people about the dangers they face from risky online behaviour.
It wishes to set up new behaviour patterns through the use of gamification and incentives. It doesn’t go into details of how this would work in reality.
“It’s time to stop victim-shaming businesses, organisations and people who are hacked. In the words of Professor Alan Woodward, there are two types of business, ‘those who have been breached and those who will be breached.’”
“A lot of businesses and organisations have been hacked despite doing all the right things. If all we do in the wake of a security breach is look to assign blame, then we discourage transparency and miss the opportunity to learn from the experience,” the report notes.
The last pillar is the creation of widespread transparency: “Cyber security should not be an opaque world that is understood by specialists, but shuts out everyone else.”
“We need to create transparency and a degree of readiness, so people are no longer surprised by security breaches and are well prepared to act decisively when they find themselves under threat.”
The report comes 12 weeks after 35 signatories also promised to work together to fight cybercrime and combat the exploitation of technology products during their development stage.
Microsoft joined fellow tech giants Arm, Cisco, Facebook, Github, Nokia and 28 others to sign a joint Cybersecurity Tech Accord – which includes a promise not to help any government launch cyberattacks “against innocent citizens and enterprises”.
Microsoft CEO Brad Smith said described the move as “an important step that already has road support from many of the tech sector’s leaders and cybersecurity firms. And in the coming weeks and months, we are confident that these numbers will grow further.”
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.