Report on the “Risk Management Approaches and Practices” Session

Report | GFCE V-Meeting “Risk Management Approaches and Practices” | 29 May 2020

Organized by two company driven platforms working together to increase cybersecurity: the Charter of Trust & Cybersecurity Tech Accord, this session focused on explaining the current cybersecurity threat landscape, and discussing the adoption and implementation of risk management approaches and practices.

The session started with Mr. Kai Hermsen, Global Coordinator for the Charter of Trust Initiative on Cyber Security at Siemens, introducing this initiative to the participants; an initiative by seventeen companies, working on common cybersecurity principles which are driven by three different perspectives: technology, business, and politics. Today, businesses rely heavily on the internet due to the Covid-19 pandemic, and therefore, cyber risks have grown, and malicious actors have the power to disrupt operations and working processes. Mr. Hermsen highlighted that fundamental technological changes, cybersecurity workforce gap, and cyber security regulations worldwide, have driven the Chapter of Trust initiative to act and join forces with others on improving cybersecurity. Amongst others, they are working on: supply chain security, engaging businesses in the policy-making discussions, create more harmonization between regulation and standardization and turn cybersecurity into a real business opportunity. Mr. Hermsen ended his presentation by stating that more education in cyber security is essential, and that the goal of the initiative is to improve cyber security and trust in the digital world.

The second speaker, Ms. Kaja Ciglic, Senior Director of Digital Diplomacy at Microsoft, started by introducing the principles of the Cybersecurity Tech Accord: protecting costumers and users worldwide by developing secure products, oppose efforts to attack innocent citizens and enterprises, help empower cybersecurity protection and partner with likeminded groups to enhance cybersecurity. Cybersecurity Tech Accord has focused its work on international peace and security issues and has engaged especially in conversations with the United Nations bodies and other for a. One partnership is, with the UN Office for Disarmament Affairs, launching a competition where participants tried to find solutions on several cyber issues in innovative ways. Regarding cyber capacity building, Ms. Ciglic referred to the partnership with the UK Foreign and Commonwealth Office on developing a paper on cybersecurity awareness campaigns. Ms. Ciglic ended her presentation by pointing out that the Cybersecurity Tech Accord focuses on the collective response, working together with other similar initiatives to increase cybersecurity posture in industries, such as the campaign in IoT security for both consumers and manufacturers.

Mr. Ed Cabrera, Chief Cybersecurity Officer at Trend Micro, took the floor next to share an overview of today’s cybersecurity threat landscape. He highlighted that, although, state actors have collaborated effectively in the past years to create an ecosystem to tackle malicious actors, the 2020 global pandemic has created more opportunities for global threat actors to grow a mature malicious ecosystem. Mr. Cabrera also shared some figures regarding Covid-19 related threats in the first quarter of 2020: 907k spam messages, 737 detected malware, 48k hits on malicious URLs, 220x increase in spam, 260% increase in malicious hits, with the United States being the primary target of spam and malware detections. As stated, more and more malicious websites are created to deliver malware or steal credentials, and malicious messages on social media are being used for spam or phishing purposes. Mr. Cabrera ended his presentation by underlining that there is also an increase of cyber-attacks on the healthcare system, and therefore, responding to the threats, creating trust and engaging in several ways are necessary elements to support customers, partners and businesses.

The fourth speaker was Mr. Sebastian Stranieri, Founder and CEO of VU Security, an organization focusing on improving citizens and businesses quality of life, by providing fraud prevention and identity protection solutions. He pointed out that, according to figures from the IDB in 2019cybercrime costs Latin America and the Caribbean about $ 90 billion a year, and in Latin America there has been a sharp increase of malicious attacks such as phishing, since all businesses had to quickly transfer their operations digitally. At the end of his presentation, Mr. Stranieri listed the ways which VU Security is responding to the pandemic challenge: offering free technology solutions to governments, NGOs and educational organizations to improve digital connections with the citizens, enabling millions of Argentinians to obtain governmental economic help, and help Latin-America’s public institutions to validate citizens and protect sensible information.

The last presentation delivered by Mr. Karl Alles, Security Officer in charge of the Charter of Trust Principle at Atos, talked about Principle 2 of the Charter, which includes the responsibility for companies to expand CoT objectives throughout their digital supply chain, ensuring that confidentiality, availability and integrity is maintained throughout the digital supply chain. This is delivered through a common risk-based approach based on key concepts and aligned with international norms, by developing practical guidance for wider adoption by all stakeholders. Mr. Alles, highlighted the reasons for emphasizing the importance of supply chain security at Atos: suppliers have access to assets (e.g. IT infrastructures), suppliers play a key role in delivery activities and supply chain is a growing vector of cyberattacks. The presentation ended with an elaboration of the supplier security assessment principles, underlining that the primary aim of this Charter of Trust Principle is to help businesses better protect themselves.

The session ended with questions and an interactive discussion amongst the participants on the rise of cyber threats due to Covid-19 and the importance of strengthening daily digital operations of businesses. Mr. David van Duren, Director of the GFCE Secretariat, closed this last session of the GFCE V-Meeting program by thanking all speakers and participants.