Recent data from security firm LogRhythm highlights the long way most companies still have to go before their cybersecurity is up to scratch.  In their survey of 1,500 IT professionals, they found that just 15% were confident in their organization’s cybersecurity capabilities.

“These results are worrying as whilst firms have expressed concerns about the regular occurrence of data breaches hitting today’s headlines, it seems like there’s still a long way to go when it comes to addressing their own cybersecurity capabilities,” LogRhythm say. “Today’s hackers are smart, creative and persistent enough for even the most well-equipped business to be compromised. Having the most up-to-date, sophisticated tools in place is key in combatting modern-day threats.”

Whilst the study cites things like the need for automation to tackle the ever growing speed and complexity of threats, something they neglect to mention is the need for cooperation across industry.  That is exactly the rationale behind the creation of the Charter of Trust by German industrial giant Siemens.  The charter, which was originally formed with nine members has recently grown to 16, including AES, Airbus, Allianz, Atos, Cisco, Daimler, Dell Technologies, Deutsche Telekom, Enel, IBM, NXP, SGS, Total and TÜV Süd.

“In the age of the internet of things, the Charter of Trust is a very important first step,” Siemens say. “We’re open to many more partners, making the real and digital worlds safer places for all of us. Cybersecurity is the key enabler for successful digital businesses. We hope that this initiative will lead to a lively public debate on cybersecurity and, ultimately, to binding rules and standards.”

Collaborative cybersecurity

One of the first areas tackled by the consortium has been on improving the security of supply chains, as these now represent approximately 60% of cyberattacks.  The group have established baseline requirements that can be implemented throughout the digital supply chain.  These requirements include a range of things, from people, process and technology, and include:

• Data shall be protected from unauthorized access throughout the data lifecycle.
• Appropriate level of identity and access control and monitoring, including third parties, shall be in place and enforced.
• A process shall be in place to ensure that products and services are authentic and identifiable.
• A minimum level of security education and training for employees shall be regularly deployed.

The consortium are aiming to develop a risk-based methodology that will allow them to implement these requirements in their own supply chains, with their supply chain partners fully involved in the process.  They have also developed ambitious goals for the coming year, with a particular focus on establishing cybersecurity by default, and improving education to ensure the skills are available in the marketplace.

With cybersecurity costing up to 500 billion euros in losses around the world last year, it’s clear that a coordinated and concerted effort is long overdue.  Whether the Charter of Trust can crack the nut remains to be seen, but taking an industry-wide approach has to be commended.