Implementing Cyber Standards for SMEs: A Commonwealth Approach

Transcription

1 Implementing Cyber Standards for SMEs: A Commonwealth Approach Commonwealth Cybersecurity Forum 2017 BT Centre, London, UK March 2017 Dr Martin Koyabe Manager, Technical Support & Consultancy Commonwealth Telecommunication Organisation (CTO)

2 Acknowledgement Botswana Cameroon Nigeria Jamaica Uganda

3 Considerations for developing an effective NCS Standards & Technologies Promote the use of Information Security (IS) Standards» ISO 2700x, COBIT, ITIL, Cyber Essentials Monitor compliance of IS standards» in public and private organisations Participate in IS standards development» at global forums such as the ITU etc Promote IS standards for procurement» especially for information technology assets/vendors Track and monitor new technologies & trends» especially tools used by hackers

4 Reality Check!! Potential targets for Cyber attacks Nearly 43% of attacks targets SMEs 60% of SMEs close after an Cyber attack most close with 6 months of an attack Most SMEs are concerned about data customer data is essential and critical

5 Cyber Essential Standard Motivation for implementing the standard More simple and affordable to implement» based on 5 key security controls, aligned to ISO 2700x Suited for Small-to-Medium Enterprises (SMEs)» SMEs contribute over 60% of the GDP in many countries Protects businesses from more common attacks» malware, viruses, data loss etc Enables SMEs to participate securely in the value chain» used as minimum procurement requirement by governments

6 Status of Cyber Essentials (CE) Implementation Cyber Standards Cyber standards CE Assessors Cyber Essentials Cyber Essentials Sensitization Workshop Selection Assessment Certification Pakistan Uganda Cameroon Botswana Bangladesh Nigeria Jamaica Planned for (Apr-Jun 2017) 6

7 Cyber Standards & CIIP Workshop (Oct 2016) Host Partner Participating Ministries, Departments & Agencies Number of Participants Ministry of Transport and Communications MoTC, DTPS, DIT, BDF, BIH, BOCRA, BOBS, E-Government, SME representative, and private sector > 62 Gaborone, Botswana Oct

8 Cyber Standards & CIIP Workshop (Oct/Nov 2016) Host Partner Participating Ministries, Departments & Agencies Number of Participants Ministry of Posts and Telecommunications and ANTIC MINPOSTEL, TRB, ANTIC and Other Ministries in Cameroon > 60 Yaounde, Cameroon Oct/Nov

9 Cyber Standards & CIIP Workshop (Nov 2016) Host Partner Participating Ministries, Departments & Agencies Number of Participants Ministry of Science, Energy & Technology E-Gov, Jamaica-CERT, OUR, Office of Prime Minister, Office CIO, USF, Bank, JDF and other private and public sector agencies > 70 Uganda Kingston, Jamaica Nov 2016 Fiji 9

10 A very encouraging story from Botswana Ms Gaongalelwe G.P. Mosweu Potential Cyber Essential Assessor» based in Gaborone, Botswana Owner Maze Meadow Consulting Ltd Involved in ICT advocacy in Botswana» active member of BIT Society, ICAAN and TLD Group in Botswana a.k.a Gao

11 The key question Sustainability Requires a sustainable business model assessors need to be incentivised (each country has 5 funded slots) Encourage supply & demand governments need encourage the demand for the standard in SMEs More awareness and outreach about the standard through local SME representatives & Standard Agencies» need to do more

12 Q & A Session Further Information Contact: Dr Martin Koyabe m.koyabe@cto.int Tel: +44 (0) (Off) +44 (0) (Mob) 12