Cybersecurity is often put in the spotlight during crisis situations, as you saw with our attack on the Everwell Hospital, which received a great deal of media coverage. What you haven’t yet seen is a whole host of people busily working behind the scenes every day to prevent these crises and reduce their frequency and impact. These people form part of a complex ecosystem working around specific regulations and various organizations. Here’s a quick overview to give you more information!
As this ecosystem is very close-knit and has been suffering from a shortage of talented people for decades, there’s a real need to collaborate and share resources. Let’s take a look at how we could organize this ecosystem to meet these challenges.
Consider the Regulations Governing Cybersecurity
We can’t talk about cybersecurity without mentioning the regulations that impose obligations on organizations:
The protection of personal data via the EU General Data Protection Regulation (GDPR), which requires in particular that you keep personal data of EU citizens secure (Article 32) and that you report any personal data breaches to the supervisory authority (Article 33). Equivalent directives can be found in the UK under the Data Protection Act and across some states in the USA.
There are many other regulations imposing security constraints, such as the Health Data Hosting (HDS) certification and the Payment Card Industry Data Security Standard (PCI-DSS).
Identify the Various Organizations Working in the Field of Cybersecurity
As we now know, any type of business or organization could potentially fall victim to a cyberattack, so thinking about cybersecurity is essential.
Luckily, there are many specialized organizations in the field, working together to pool knowledge and resources and improve the overall level of security.
First, there are the regulators, who lay down rules and legal obligations that all organizations must comply with.
Service providers specializing in cybersecurity can also provide their customers with consultants, trainers, auditors and other specialists. All cybersecurity roles can be outsourced! Service providers provide a pool of skills in specific areas of expertise and are a way of responding to the shortage of talent within organizations. During the hospital crisis, external experts were the ones who helped analyze the logs from the time of the cyberattack and fix the security weaknesses. Other specialists with different skills can help organizations before a crisis strikes.
Specialist security software publishers develop and sell software to manage and automate cybersecurity-related issues. Even though they may not be part of a cybersecurity team, there are many other jobs related to the cybersecurity field, such as software developers, integrators, salespeople, researchers, marketing specialists, legal experts and so on. The key contacts for people in these roles are, of course, their customers’ security teams.
For example, in response to the crisis, the hospital decided to install an Endpoint Detection and Response (EDR) solution on all workstations, which enhances the ability to detect malicious behavior on the hospital’s information system.
Public bodies provide assistance and can step in at short notice to help organizations under attack. They share guides and best practices to speed up the pooling of skills and knowledge. As Everwell Hospital is considered part of its country’s critical infrastructure, it quickly contacted their dedicated Cybersecurity Agency.
These kinds of public bodies collaborate with government cybersecurity agencies, which play a crucial role in their own jurisdictions.
These cybersecurity agencies have remits that include:
coordinating cybersecurity efforts in their jurisdiction.
supporting organizations and individuals in the fight against cyberattacks, mostly by providing resources and services.
taking political, diplomatic and military action to protect the critical infrastructures of the country or countries concerned.
In addition to this complex landscape, there are a number of international non-governmental organizations that publish landmark documents on cybersecurity. Two of these are:
the International Standards Organization (ISO) which is an independent, international non-governmental organization that develops standards for a whole host of areas. The ISO 27000 family of standards (in particular ISO 27001 on information security management) address cybersecurity.
the National Institute of Standards and Technology (NIST), which is an agency of the United States Department of Commerce. It has published a number of cybersecurity guidelines, such as the “cybersecurity framework,” which we’ll come to later in this chapter.
Lastly, there are a number of specialized groups whose members are all eager to share best practices and strive for improvement. Some examples of these are:
ISSA (Information Systems Security Association)
CEPIS (Council of European Professional Informatics Societies)
ISC2 (International Information System Security Certification Consortium)
Note the Strong Values That Cybersecurity Professionals Uphold
As you saw, many people were involved in the Everwell Hospital cyberattack:
The hospital’s own staff, either from the IT security team or other teams (IT team, legal team, hospital management, doctors involved in crisis management, etc.)
External specialists, including cybersecurity experts brought in to help with the crisis
All these people work in and around the world of cybersecurity, and we’ll be talking about them in the rest of this course. We’ll be focusing in particular on a group you haven’t met yet: those involved before a crisis hits.
It’s important to highlight the values that cybersecurity professionals uphold:
Cooperation between all those involved. Everyone is united on the same line of defense against attackers and they all have the same goal: to help the attacked organization resume its critical operations as quickly as possible, while maintaining the security of its information system.
Resilience. This is key to ensuring that organizations can recover from incidents and crises by being fully prepared and having well rehearsed procedures.
Humility and continuous improvement. Cybersecurity professionals cannot rest on their laurels and must constantly monitor and improve their organization’s level of security, because no one is 100% protected.
This extensive ecosystem provides a wealth of resources on all aspects of cybersecurity! So, there’s something for everyone in cybersecurity, and curiosity is the key to improvement.
Let’s Recap!
In this chapter, you learned about the collaborative cybersecurity ecosystem and its main components:
Regulations, which impose obligations on organizations and drive improvements in their cybersecurity maturity
Organizations such as regulators, service providers, cybersecurity software publishers, public organizations and specialized groups
The people who live and breathe cybersecurity on a daily basis and who uphold strong values
Now that you know more about the cybersecurity ecosystem, how about finding out more about the teams working to prevent cyberattacks? If you’re up for that, join me in the next chapter!