Cybersecurity: Delivering Confidence to CSC Customers
News Article -- July 20, 2011
Download this article (PDF, 265KB)
Source
Premium, CSC's business magazine | Summer 2011 | No. 16
Read the full magazine
If some agencies and companies still view cybersecurity as a question of compliance, more and more people are now asking what information is really at risk, what that risk represents to their organisation, and how cybersecurity can help them manage that risk.
Cybersecurity can no longer be a simple matter of compliance. In a world of sophisticated threats to intellectual property, citizen information, critical infrastructures, and financial transactions, equal cybersecurity protection is not available to every aspect of a global enterprise. New architectures for cloud and mobile computing offer both opportunities and concerns.
A more nuanced approach, one that relies on risk assessment and intelligence use of cybersecurity resources, is needed in today’s challenging cybersecurity environment. There are, of course, areas of activity, like financial services firms, that have always been at persistent risk and have taken serious measures in this field. But on the whole, companies that have taken a low-level compliance-based approach to cybersecurity – an approach that attempts the “spread” cybersecurity standards equally across an entire enterprise – are vulnerable; the same is true for those who believe it is baked into whatever information system they buy, so they don’t have to worry about it.
Add to this that more and more systems are being connected through the Internet – in particular for certain companies who own and operate critical infrastructure – with formerly isolated systems linking to public systems and introducing a whole new set of risks.
Cybersecurity as a Competitive Advantage
Today, a number of companies in the private sector are beginning to question their risk and how cybersecurity can give them a competitive advantage. Aircraft manufacturers are looking into cybersecurity to check the origin of each plane part and that its test data is valid; similarly, pharmaceutical companies can see it as a means to check test data as well, and track the origins of their raw materials. In both cases, this is a matter not only of compliance, but also of improving product confidence, which can become a competitive discriminator.
In the public sector, government agencies, much like the private sector, compete for business, particularly in today’s challenging budget environment. Some savvy agencies are also beginning to understand that an agency that doesn’t have good cybersecurity will lose the confidence of its citizens, who then may decide its services are no longer useful. Furthermore, people tend to focus on the safety of customer data, operational data… but a company’s intellectual property – their marketing plans, product design, and research and development – may be the thing of most value to preserve their business from adversaries and competitors.
In the years to come, global competition for business will include efforts to develop and acquire intellectual property and intellectual capital – those things that set a company apart. As these become more valuable than ever before, the threat to them will increase.
Innovations to Help Tackle New Threats
Organisations must respond to new threats like polymorphic viruses and advanced persistent threats, which can get into a system, remain resident there surreptitiously for a long time and be difficult to spot. And threats will continue to become more adaptive and subtle, with changing signatures and sets of fingerprints making them more difficult to detect. Such threats can even imperil formerly isolated, embedded systems, including Industrial Control Systems used in factories and critical infrastructures.
Many companies have systems that were built piecemeal and are segmented into individual stovepipes. They simply don’t have the ability, at the enterprise level, to look across the whole organisation, making it difficult to determine if a system has been infected. In this respect, situational awareness represents an important innovation, enabling companies to understand what’s happening inside their enterprise, as well as in the global environment. This way they will be able to see threats as they evolve, before they hit their operations. New computer-aided tools are being developed so companies can become more rapid and effective in assessing a threat and selecting the right defence for it.
Finally, more and more companies are adopting new architectures, like the cloud, which offer tremendous operational advantages, but also present security issues of a new kind. These must now be addressed with cloud security and Trusted Cloud capabilities, which will enable organisations to develop secure new architectures. A similar challenge exists associated with the rise of new mobile operating systems and platforms.
CSC Delivering Confidence in Cybersecurity
Our nearly 2,000 cyber professionals, led by some of the most respected names in global cybersecurity, serve both commercial and public sector clients worldwide providing vulnerability analysis, penetration testing, data loss prevention, managed security, and cyber forensics training and analysis. We also have a global StrikeForce available 24x7 to respond to cybersecurity incidents; a worldwide infrastructure of Security Operations Centres; and the ability to test software’s cybersecurity characteristics at our Common Criteria Test Laboratories – the world’s largest installed base – located in North America, Europe, and Asia.
We are the first organisation to achieve an independent, third-party Software Engineering Institute Capability Maturity Model (SEI-CMM) Level 3 rating, and have secured a SEI-CMM Level 4 rating for our strength in protecting the integrity of client information. For Sam Visner who leads CSC’s cyber strategy, “To succeed in the future, companies will need to move from compliance, to using cybersecurity as a competitive discriminator and managing the risk to their intellectual property, Attention to cybersecurity will rise. It won’t be a question of compliance – it will be a question of survival.”
“At CSC, we’re doing a lot!” states Visner. “At this point in time, we are further upgrading our Security Operations Centres so we can monitor threats even more effectively, and give clients greater situational awareness of what’s happening inside their organisations as well as the general external environment in which they operate. We are also introducing advanced cybersecurity consulting capabilities that will let clients assess risks to their information, including their intellectual capital. If people Google ‘cybersecurity’ and ‘CSC,’ they should say it looks like somebody’s trying to make a point, and we are!”