This week, SecurityScorecard is participating in the US Chamber of Commerce’s Cyber Security Trade Mission to Israel. This has been a valuable experience to not only share our cybersecurity knowledge, but to learn more about Israel’s cybersecurity efforts, and those of other countries. We also had the opportunity to meet with delegations and governments from around the world, including: the UK’s National Cyber Security Centre; the Cyber Security Agency of Singapore; Spain’s National Cybersecurity Institute, and more.
The delegation started off by visiting Be’er Sheva, Israel’s cyber capital, where we toured several key cyber-focused facilities, including: the Israel Cyber Center for Intelligent Transportation Systems; the Israel Defense Force School of Computer Science; 119 Cyber Call Centre; and Energy and Finance SOCs.
While a lot of ground was covered over the last several days, three main takeaways from this trip have emerged:
- Governments need help managing the cyber digital supply chain
- Regulations are in flux and there’s a growing global emphasis on cyber rules on managing supply chains risk
- Public/private partnerships are key to protecting cyber resilience
The impact of cybersecurity regulations on third-party risk
With new and upcoming regulations from the European Union and the U.S. Securities and Exchange Commission (SEC), Chamber attendees have been understandably concerned about cloud certification rules and the Cyber Reliance Act adding a new layer of complexity onto already established standards. Many of the new cyber regulations are designed to manage digital supply chains and third-party providers. So it’s no surprise that third-party risk was a key topic of discussion.
Our team had the opportunity to demonstrate the value of having a platform in place that can help develop, implement, and monitor third-party risk to address regulatory requirements. Additionally, leveraging cybersecurity ratings can help to provide a quantitative, data-driven assessment of an organization’s overall cybersecurity posture.
Our recent report with The Cyentia Institute revealed that 61 percent of public sector agencies have open cyber vulnerabilities, taking a median of 309 days to remediate them. And the report on critical infrastructure that we released at this year’s World Economic Forum found that cyber resilience is getting worse, not better. To ensure the continued safety of our critical infrastructure systems and protect national security, we must foster close relationships and increased communication between the public and private sectors.
Increasing cyber resilience to protect global supply chains
In addition to the value offered by third-party risk management and cybersecurity ratings, we also discussed the value of a platform with proactive and reactive services. With the average cost of a data breach now at $4.35 million, organizations need to take measures to protect themselves, and their data, against cyber threats. Having a plan in place for how to mitigate cyber incidents and respond to them is an important step in increasing cyber resilience, protecting sensitive data, and saving money. Whether it’s penetration testing, tabletop exercises, red teaming, or digital forensics and incident response, these services supplement an organization’s security stack and make them much more secure.
Our time in Israel has been a fantastic opportunity to come together with members of the public and private sectors from around the world and discuss how to protect our critical infrastructures. Increasing this dialogue and communication will only help to make the world a safer place and increase our collective cyber resilience.
Learn more about SecurityScorecard and get your free account.