Cybersecurity and Sustainable Business Development

Securing systems and data is key for any sustainable organization

The management of cybersecurity risks involves identifying, assessing, and taking appropriate steps to reduce or prevent the effects of cyber-attacks on an organization’s operations, processes, products, services, and data.

No organization is immune to a cyber-attack or data breach. Managing cybersecurity risk protects an organization from the impacts of an incident. According to Ed Chandler, cybersecurity expert and National Sales Manager at TÜV SÜD America, organizations should factor cybersecurity into their sustainability goals.

Webinar: Cybersecurity 101

Organizations should also regularly review their cybersecurity risk management strategies to ensure they remain up to date with current best practice standards. As cybercrime continues to evolve, organizations must stay ahead of the curve in order to effectively mitigate risks associated with cyber-attacks.

Organizations should start by conducting a cybersecurity risk assessment. This will help identify any existing threats or vulnerabilities in their systems that could be exploited by hackers. The assessment should look at all areas of the company's network including hardware and software applications as well as user access points. Additionally, companies should also evaluate outside networks such as the Internet and any connected third parties.

Once the assessment is complete, organizations should develop a comprehensive cybersecurity risk management strategy. This should include basic security measures such as firewalls, antivirus software, encryption techniques and data access control. It is also important to ensure that staff are properly trained in security practices and procedures. Such steps will help protect against threats from both internal and external sources.

However, cyber-attacks cannot always be avoided. Organizations should implement measures to secure information that would be vulnerable to data breaches.  “Over the last several years, the cybersecurity professionals focused on achieving ‘they will never get in’ to ‘it’s not if, but when, and how quickly we can react’. Implementing an information security management system like ISO 27001 addresses the security of valuable information,” says Ed.

Organizations should also consider completing assessments or audits based on industry- or customer-specific requirements.

This includes, but is not limited to, the following:

• NERC CIP GAP Assessments for critical infrastructure such as electrical power generation, transmission, and distribution.
• HIPAA Audits for healthcare providers and organizations.
• IEC 62443-3 GAP Assessments for the security of industrial automation and control systems. The IEC 62443 standard applies to assets owners, system integrators, and component suppliers.
• NIST 800-171: A requirement for winning and retaining contracts with the U.S. Department of Defense, NASA, and other federal and state agency contracts subject to Defense Federal Acquisition Regulation Supplement (DFARS).
• NIST 800-53: Federal government agencies and contractors in the United States must secure information systems and protect data according to this framework.
• CMMC GAP Assessments are designed to evaluate compliance with Cybersecurity Maturity Model Certification (“CMMC”) program. The program’s goal is to protect the U.S. defense supply chain from external cyber threats.
• ISO 27001 is a certifiable standard that provides the basis for information security. The framework outlines a set of policies, procedures, plans, records, and other documented information required for compliance. It is often compared to the NIST Cybersecurity Framework (CSF).
  • ISO 27701 is an extension of ISO 27001. The ISO 27701 standard focuses on the protection of Personally Identifiable Information (PII). It enables organizations to comply with privacy regulations around the world including the General Data Protection Regulation (GDPR).
  • ISO 27017 is the cloud computing security standard. It provides a set of guidelines for safeguarding cloud-based environments and minimizing the potential risk of security incidence.
  • ISO 27018 provides a framework for assessing how well an organization protects PII in public clouds.
• Supplier Security Audits
• Physical Security Audits
• Data Center Walk Throughs

Since regulators may struggle to react and provide clear guidance, organizations should proactively implement their own cybersecurity risk management frameworks. Like the concept of sustainability, cybersecurity continues to evolve. There is no “one size fits all” approach, so partnering with a third-party consultant and auditor will assure the best outcome.

Learn more about our cybersecurity services