15 Sep 2023
Standardising Cyber Security Management
Cyber threats are increasing with digital transformation, reliance on third-party service providers, and geopolitical tensions. Investment in Cyber Security has become essential for businesses.

"With a more exposed attack surface where data has no borders, collaboration between Cyber Security and Cyber Resiliency actors is crucial."
To have a better understanding of the evolution of the cyber threat landscape in our region, BIRGER. launched an annual survey in 2017 dedicated to Cyber Security to understand the diversity of threats that differs from one region to another which are relevant for the Eastern African region. This survey provides an overview of the most frequent and disruptive cyber threats in our region. It also analyses the diversity of threats by sector, region, and country. After analysing the responses obtained from the respondents, BIRGER. developed the "BIRGER. CYIndex" to evaluate the Cyber Security maturity level, thus enabling us to make recommendations.
BIRGER. proposes the following approach:
- Detect Cyber Security threats. This includes collecting data from sensors, processing data with algorithms, and respond as quickly as possible. We have moved from computer viruses to more sophisticated attacks, such as advanced persistent threats. It is no longer just about providing real time 24/7 monitoring solutions through our Cyber Defence Centre, but about strengthening the Cyber Defence structure of businesses through continuous vulnerability management, data protection, and good governance.
- Respond to Cyber Security threats by developing effective tactics and strategies through Artificial Intelligence (AI) Machine. algorithms can today operate at near human levels and assist businesses to identify cyber threats more effectively. Cyber defenders must also react proactively to potential threats.
- Develop standard reporting for attacks:
- Set objectives that define delays within which cyber threats are reported as well as annual reporting to share past experiences and adopt best practices to mitigate relevant threats;
- Propose reporting templates with accurate information for specific periods. Data to be communicated may differ for a specific attack or for attacks forming part of the evolving threat landscape over a given period;
- Define in advance terminologies and categorise risk levels to report a cyber threat;
- Share information between countries. Industries and regulators from different countries should collaborate to address national, legal and confidentiality concerns whilst sharing data;
- Periodic assessments and audits must be carried out to evaluate the effectiveness of procedures, processes, and controls in place to defend against potential cyber threats.
Business recovery plans must foster collaboration to identify and implement Business Continuity processes to ensure proactive business recovery. Resiliency is based on appropriate risk management and best practices to withstand disruptions and recover as quickly as possible.
Author: Tarvind Moosun, Head of Cyber Security Services
Source: JANVIER-FÉVRIER 2023 - Supplément de L’Éco austral n°375