What constitutes good cybersecurity policy-making?

Posted: August 20th 2015

Hacking is becoming an increasingly organised, resourceful and well-funded business. The result: governments, enterprises and individuals are being subjected to an unprecedented number of sophisticated and damaging attacks.

Governments across the globe have recognised that to tackle the hackers, they too must be organised, resourceful and well-funded. For example, the UK government has recently pledged an additional £2 billion to combat cyberattacks.

The provisioning of funding is undoubtedly a good start. Throwing money blindly at a problem, however, rarely translates into success. To be effective, the money must be invested in sound policies.

But this begs a question, what constitutes good cybersecurity policy-making?

In search of an answer to this question, we can turn to Spain and, more specifically, the Spanish National Cybersecurity Institute (INCIBE). INCIBE is a publicly funded association that fosters cross-sector collaboration between government, academics, IT professionals, enterprises and the general public to promote the development of cybersecurity on both a national and international level.

INCIBE employs numerous strategies to combat cybercrime. A key initiative is the Security and Industry Computer Emergency Response Team (CERT). CERT works to identify, analyse and prevent threats, and provides assistance and support when security incidents do occur.

Another important aspect of INCIBE’s work is to tackle the misnomer that IT security is solely the concern of the geeks in the basement. Here at Swivel, we constantly talk about how enterprises must take a holistic approach to security from the ground level upwards. INCIBE shares this view, and has produced a comprehensive range of educational resources to raise awareness as to the role everyone must play in securing information.

It is important that enterprises are also empowered to take control and address vulnerabilities. To do so, INCIBE has produced a catalogue of registered solutions, which includes Swivel Secure, that can be utilised to protect systems and data from malicious attacks.

Governments around the world are finally starting to wake up to the threats posed by hackers. Those seeking an example of best practice need look no further than INCIBE. There are many lessons here that can be both learned and replicated in the search for stronger cybersecurity.