The impact that COVID-19 has had on cybersecurity has shown how much work businesses still need to do when dealing with cyber threats. From attacks such as the SolarWinds hack, there is a need for CISOs to build awareness, prevention, and security practices into their organization’s culture.
As the Secretary-General and Founder of the European Cyber Security Organisation (ECSO), Luigi Rebuffi shares with us his insights on the role of Public-Private Partnerships (PPP) in digital security, the challenges that come with it, and how organizations are bridging the talent gap within cybersecurity.
Understanding The Role of Public-Private Partnerships in Digital Security
Private-Public Partnerships (PPP) in cybersecurity continue to be a necessity for both the government and the private sector to overcome the increase in cyber threats. While PPPs can serve as a foundation for effective critical infrastructure security and resilience strategies, there is still a need for clarity from both sides.
Rebuffi highlights how cooperation will be key in setting up an effective relationship between the government and businesses to effectively use PPP in cybersecurity.
How can PPP be used effectively for both the private and public sectors to overcome digital threats?
When looking at a public-private partnership, the traditional relationship in the private sector gives information to the public sector, which will then assess the situation and give guidance on how to solve the crisis.
However, a more dynamic cooperation must be continuously built up in order to be ready and react rapidly in an efficient partnership in case of a crisis. That is what we’re trying to set up with ECSO, since 2016, where there is full cooperation in different elements of the cybersecurity ecosystem.
Cooperation with the public for policy and legislation to give certain advice and standards, certifications, investments, discussion on the cyber threats, and what are the cyber threats that the private sector is facing every day, not only during the crisis periods.
And the cooperation should not only be about overcoming the crisis but also about how you support the companies, including SMEs and startups through education training in the development of certain innovative technologies and services.
It is a full spectrum of cooperation. Not just a quick fix in the case of a crisis, like the SolarWind attack. And we need to change that, to have that full public-private cooperation across different ecosystems. It is a bilateral relationship, not just a transfer of information.
Establishing Trust and Overcoming the Challenges In Public-Private Partnerships
The creation of the PPP was meant to improve the collaboration between private stakeholders and the public agency for Information Sharing. However, establishing trust has always been the biggest barrier for many businesses to engage in PPP.
Rebuffi reiterates the point that the key foundation in building a solid bridge between the private and the public sector will be on CISOs to build trust while overcoming the challenges that come with incorporating PPP within their organization.
What can organizations do to foster trust and improve the relationship between the public and private sector and bridge the gap in PPP?
Trust is not easy to build, especially in this period characterized by COVID-19. Establishing trust via remote connection is not an easy task, especially when you are working on sensitive matters such as cyber security. You need a kind of bottom-up approach where you first build up trust in your sector.
For example, if you are in the private sector, it is easier to build up trust with the people that you know, the people who are around you, in your region, in your country, and your sector. So you build trust from the bottom up.
The problem then is to see how you can link with other sectors or from other countries.
What challenges does the CISO face in establishing and nurturing PPP within their organization?
CISOs are still struggling because they are still trying to convince their management of the importance of cybersecurity, IT systems, and the investments needed. It is something that I imagine will be exacerbated by the acceleration of the digital transformation due to COVID-19.
The challenge will be more pushed towards getting the system working to have better control of data so that when we talk about digital sovereignty, we can think about better control of data. Looking ahead to cybersecurity trends in 2024, CISOs will likely encounter evolving challenges in managing these aspects, necessitating even more robust and forward-thinking strategies. They will need to stay abreast of the latest developments and adapt to the rapidly changing cyber landscape. And CISOs who are dealing with security, sensitive applications, and services, would need trusted and reliable supply chains.
So, on one end, they have to overcome the skepticism within their organization while finding resources to “feed” their systems correctly and find trust in reliable solutions. Of course, there’s also the problem of educating employees, as the human factor is also non-negligible.
Fostering Talent to Bridge The Cybersecurity Skill Gap
With cybersecurity becoming an integral part of an organization’s business strategy, the demand for talent has grown significantly as well. However, the number of skilled and qualified workers is still well below the demand, with gender balance still being a major issue.
Rebuffi continues to advocate for more gender balance in cybersecurity through the Women4Cyber Foundation and highlights how CISO and IT leaders can still help nurture an environment for building talents in cybersecurity.
How can IT leaders and CISOs attract, retain, or build cybersecurity talents within their organization?
CISOs, IT leaders, and I would also say human resources, have to show to the talents that they have the opportunity in this cybersecurity domain for a structured and well-paid career.
Some people are interested in working in cybersecurity as it is a career that is evolving continuously. You keep learn and you face challenges in a very dynamic environment while somehow contributing to the growth of the society or organization. But talents want to be properly compensated and want to see a path in their career.
And of course, IT leaders and CISOs have to show their employees that they can give adequate education and training to those who want and are looking to transition from a traditional job to one that is more linked to the digital sector due to the digital transformation.
How have initiatives such as Women4Cyber helped in fostering cybersecurity talents?
We are at the beginning stages with Women4Cyber, which is growing like a strong wave, and now we see the creation of national chapters across Europe. We are starting to see that people want to cooperate with different activities, support inclusion, and increase the participation of women in cybersecurity.
And this is important to us because we cannot exclude 50% of the population from the talent pool simply because they are women, and businesses are slowly learning that and trying to be better.
I will say that we are seeing smaller companies, like IT startups, and larger companies awakening and looking for experts, as well as hiring more women. But as I said, the movement is a strong wave that will come up and businesses have to realize that we desperately need people and they need to support that.
