Mimic: The ransomware exploiting Windows search
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreLast week, Dr. Erdal Ozkaya (Group CISO at MAVeCap) shared his perspective on cybersecurity in education right now – and particularly what’s missing.
This week, we’re digging deeper into one aspect of Ozkaya’s work right now: striving to create ways for cybersecurity to be more transparent.
But what does transparency in this sector really mean; and how could increased transparency improve both perceptions of cybersecurity across different industries, and the strength of cybersecurity programs?
“In a nutshell,” Ozkaya said, “cybersecurity transparency is about being open and honest about cybersecurity risks, incidents, and the measures an organisation takes to protect itself. This includes:
Crucially, transparency builds trust – even when you’re revealing information about negative events. Because the act of revealing that information ”shows a commitment to accountability and builds trust with customers and the public.”
Proactively disclosing incident information also reduces misinformation, helping to minimise the spread of rumours and inaccurate details. And it enables rapid problem-solving and informed decision-making – “stakeholders can make better risk assessments when they have clear information about an organisation’s security posture,” Ozkaya pointed out.
There are numerous obstacles to transparency. One is the fear that “disclosing too much information will aid attackers,” putting the company at risk of exploitation.
Disclosing worrying information about attacks has the potential to cause unnecessary panic among users or customers, too – damaging the organisation’s reputation and sales. And prematurely announcing breaches that haven’t yet been verified, or when full details of the breach haven’t been gathered, can cause more mistrust than not disclosing the breach at all.
There are also complexities from a legal and regulatory standpoint: “There are evolving regulations around what and when security incidents need to be disclosed,” Ozkaya noted, and companies must do due diligence to ensure they’re complying with current rules before they announce a breach.
Ultimately, it’s a balancing act. “It’s about finding the right level of transparency – enough to be informative and accountable, but not so much that it creates additional risks.”
More and more organisations are realising that a culture of transparency brings benefits for their work and reputation, and contributes to a more secure digital world. As we move forward, transparency is likely to become a differentiator in itself – with customers seeking businesses that have clear, accessible cybersecurity policies and disclosure protocols.
“Overall, cybersecurity transparency is moving away from being seen as a weakness and more toward a sign of good security practices,” Ozkaya added. “It's a complex area, but increasingly important in our digitally connected world.”
Thanks to Dr. Erdal Ozkaya. Do you want to learn more from the world’s leading cybersecurity experts? Join us in Riyadh for Black Hat MEA 2024.
Join the newsletter to receive the latest updates in your inbox.
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreWhat are non-human identities (NHIs) and why are they driving a paradigm shift in identity security?
Read MoreNew research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read More