Why is risk assessment critical to cybersecurity

The Austrian Ministry of the Interior and the Kuratorium Secure Austria (KSÖ) have been intensively concerned with the topic of cyber security since autumn 2011. Awareness for this topic could be massively increased among political decision-makers as well as representatives from authorities and top decision-makers from the economy and the alliance between the representatives from these areas was successful. A detailed cyber risk analysis for Austria, including the relevant stakeholders, was carried out, strategic considerations were made and many fundamental questions were discussed, e.g. on the KSÖ's cyber platform. Now is the time to move from strategic considerations to action planning and concrete implementation. That is also the topic of this year's KSÖ security congress. Cyber ​​security is a global issue that one country cannot solve on its own. In the congress we are therefore choosing a DACH approach in which Germany and Switzerland are taken into account and experts from these countries are involved. We also involve experts who deal with the topic at European and international level.

KSÖ presents cyber risk matrix for Austria

In 2010 alone, cybercrime caused damage of 81 billion euros. * Around 70% of all adults have been victims of cybercriminals at least once. * And the attacks are continuing to rise rapidly. However, the danger from cyber space is often still greatly underestimated. In order to clarify the existing threat scenario, the Safe Austria Board of Trustees (KSÖ) has had national and international experts analyze the risk potential of cyber threats for Austria for the first time. The result is a cyber risk matrix for Austria, which is to be incorporated into the creation of a national cyber security strategy for Austria and which is unique in this form in international comparison. “One thing is certain: the danger from cyber space is largely underestimated - especially on the corporate side. If attackers from the Internet want to damage a state today, it is not about attacks on government websites, but rather attacks on strategically important infrastructure such as energy and water supply, financial systems, telecommunications networks, etc., which is largely in the hands of private companies . Therefore we want to raise awareness here. Because only by joining forces and by joining forces between politics, administration, economy and science can we protect ourselves effectively against attacks from the web ", explains KSÖ President GD Mag. Erwin Hameseder. As a national security cluster and interface between politics, economy and science , The media and the general public sees its task in raising the awareness of those responsible and creating the possibility of integrating strategically relevant operators of critical infrastructure into the national security policy. Internationally unique:Before creating the risk matrix, experts analyzed around 15 national cyber security strategies from other countries. Of course, similar risks are addressed in some cases, but such a comprehensive matrix as has now been created in Austria has not yet been found anywhere. methodologyTo create the cyber risk matrix, the KSÖ organized expert workshops with high-ranking officials, representatives from business and science in August 2011. The cyber risks for Austria were analyzed and discussed on the basis of recognized scientific methods and under the direction of the internationally renowned strategy expert Prof. Karl Rose. “We chose a two-stage countercurrent process for the workshops - a widely recognized and often tried-and-tested method for risk management. In the first stage, a top-down brainstorming session was carried out, which led to an inclusive overview of existing risks. The present result is therefore deliberately broad. The second stage then involves a bottom-up detailed analysis with experts from the respective sub-area. We will come to this next step in further workshops, "explains Prof. Karl Rose. In the draft of the risk matrix that is now being presented, risks such as possible manipulation of the ICT systems of providers of critical infrastructure are included as well as inadequate political and legal framework conditions, and a lack of institutionalized cooperation and a lack of information exchange between business and authorities, a lack of awareness of cyber threats, the human factor as a security risk and specific technical weak points and attack possibilities. Appeal to the economy“In order for us to be able to protect ourselves effectively against attacks from cyber space in the future, business decision-makers must recognize that cyber security is a corporate strategy issue and that comprehensive concepts are required in order to protect oneself effectively. We therefore appeal to companies to take the necessary steps here and also to participate in the necessary exchange of information between authorities, business and science, "concluded Hameseder. Moving on towards a cyber security strategyThe cyber risk matrix was also presented at the Cyber ​​Security Conference, which the KSÖ organized in cooperation with the Federal Ministry of the Interior (BM.I) on September 20, 2011. Around 90 decision-makers from the areas mentioned have come to this event, which is intended to be the start of the development of a national cyber security strategy for Austria. Underestimated danger “We can assume that every company is affected by cyber attacks. And many don't even know. The CIA recently informed 90 US companies that they had been hacked - 63 of which had not even noticed before. This illustrates the high risk potential of unrecognized ICT anomalies, as it was also recognized in the cyber risk matrix for Austria ", said the US cyber security and anti-terrorism expert Richard Clarke, who was invited to the cyber security conference as a guest speaker * Source: Norton Cybercrime Report from Computer Security Firm Symantec