Managing security risks for sustainable development

Event report

‘Cyber Security is more than abstract and is no more only a technical issue’ said Nicolas Seidler, ISOC Policy Advisor, and moderator for the workshop focusing on managing security risk for sustainable development.

While it is understood that the real economic cost of any cyber-attack is hard to identify and calculate due to each event having multiple tangible and intangible affects, the workshop aimed to identify and discuss the challenges faced by stakeholder in managing cyber security risks. Additionally, it sought to connect their impact on achieving sustainable development, and economic and social growth.

The panel consisted of representatives from the Organisation for Economic Cooperation and Development (OECD), Cloud Flare, Computer Emergency Response Team Brazil, CGI.br and JP Morgan Chase.

Laurent Bernat, OECD, highlighted the economic impact of cyber security attacks on governments and organisations. He cited an OECD recommendation, Digital Security Risk Management for Economic and Social Prosperity, which is a non-binding but important legal instrument for governments and organisation to follow. It seeks to ensure that risk management is included as an important facet when making any economic decision, in order for businesses and governments to gain operational and competitive advantages.

The panel agreed that the ICT world is no different from the physical world and hence is not completely secure from inherent risk exposures.

The following recommendations were made to ensure that a risk management approach is adopted in order to address cyber security challenges in the ICT domain:

• Security awareness and training for all involved stakeholders has to be an integral part of the security program of addressing cyber security risks
• Preventive and detective controls are required to ensure that the impact of cybersecurity breaches are limited
• Collaborations and data sharing between various stakeholders, such as business organisations, government, and civil society is mandatory to build upon individual expertise
• Innovative solutions, such as cloud security, can be utilised to offload some of the cost of security implementation for small and medium scale enterprises

The panellists expressed concerns over the limited availability of global statistics on cyber-attacks, thereby limiting the scope of policies that can be developed to address cyber threats. However, there was a general consensus that this should not lead to “paralysis by analysis” leaving the world vulnerable to cybersecurity exposure.

By Mohit Saraswat