Why cybersecurity is a social responsibility

Why cybersecurity is a social responsibility


The primary goal of cybersecurity is to keep an organization’s digital assets safe from theft, leakage, or destruction. But there is a growing awareness that securing these assets depends not only on the organization itself, but also on an external community of open source software vendors, researchers, and developers.

Similarly, not only organizations suffer when cybersecurity violations occur. In fact, they may be more harmful to customers, employees, or other third parties.

For these reasons, cybersecurity must be seen as a dimension of social responsibility as well as self-preservation. At Technical monitors At last month’s digital responsibility symposium, Thomas Quinlan, director of solutions architecture at Zscaler, the event’s sponsor, made the case.

The case of cybersecurity as a social responsibility

The primary concern of all cybersecurity leaders is to protect their own organization’s digital assets. That is unlikely to change, however, Quinlan explained, the extent to which this task depends on external parties has inevitably become clear in the last decade.

NotPetya, the malicious encryption software that appeared in 2014, was an extreme example. Initially targeted at Ukrainian institutions, it caused billions of dollars in collateral damage to organizations around the world.

More recent examples include Log4Shell, the vulnerability discovered in the Log4J open source log management tool late last year, which revealed the extent to which companies around the world depend on the security of their tools. open source and the rise of cyberattacks in the supply chain.

These developments require cybersecurity professionals to think beyond their organizational boundaries, Quinlan said.

Content of our partners
Closing the loop: why quality assurance should take advantage of stand-alone testing

AI in the energy sector: the Middle East must take advantage of machine learning to better monitor and reduce emissions

Webinar: Secrets of Industry - Cybersecurity for Retail

This calls for more consideration from external stakeholders, including suppliers and customers, when assessing and mitigating cybersecurity risk, Quinlan argued. “We need to look at risk management in general, whereas before we could have looked at risk management only from our immediate perspective.”

Considering cybersecurity as a social responsibility can help leaders understand and manage this risk, he said. “First of all, it’s generally better for everyone. Secondly, it’s generally better for the organization itself. And thirdly, it leads to a more holistic picture, not just cybersecurity. [risks] they are directly concerned, but what kind of things can they look at to mitigate potentially coming from outside. “

All sessions of the Digital Responsibility Symposium can be viewed on demand. Register here.

Cybersecurity driven by responsibility

What would cybersecurity driven by social responsibility look like in practice?

Quinlan argued that taking responsibility for customer data in an ecosystem of vendors and other third parties coincides with the need for “zero trust” security architectures. “It’s important to pay attention to how you treat the physical reality of third parties, supply chains, [and external parties that need to interact with your data and services,” he explained. “You have to start pretending that you don’t trust anybody.”

Organisations that produce software must be more mindful of the security implications for users, Quinlan said. “We have to start looking at how our programming practices, the various things that we’re doing around software development, could have impact elsewhere,” he explained. “Because if I release a piece of software, I also have to keep in mind that that software may have bugs, that software may be co-opted to be used in ways I hadn’t considered.”

And, in light of Log4Shell, they should think how they can support the open source projects on which they depend, Quinlan said. One way would be to support the Apache Software Foundation, a non-profit that funds a number of open source projects. “I think corporations also have [a] responsibility to be able to look at the things they use and move away from the traditional ‘This was not invented here’ syndrome and start thinking about how they can get back to it ”.

These are some of the ways in which organizations can go beyond a cybersecurity approach where self-preservation is the only priority. Instead, a position of “enlightened self-interest” can help them to protect themselves, their stakeholders, and the world at large.

Register here to see the full Digital Responsibility Symposium on Demand.



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.