Ciberseguridad: Conocemos los riesgos, pero debemos hacer más | SITA

 
¿Le gustó este artículo?
Acceda a otros similares apenas se publiquen
Volver al blog

Ciberseguridad: Conocemos los riesgos, pero debemos hacer más

Published on  06 December by Michael Schellenberg , Director of Integration and Services, SITA
2 comentario(s)
 

I’m both encouraged and reflective about the results of SITA’s new Air Transport Cybersecurity Insights research. Sí, las inversiones de ciberseguridad no dejan de aumentar. Airports and airlines are allocating bigger budgets for the year ahead – airlines by 9% and airports by 12%.

More than that, they’re planning a shift in emphasis from compliance to detection and prevention. That’s excellent news. It’s a clear sign of the growing importance of protecting aviation data and systems. But the research also cautions that cybersecurity isn’t getting the investment it deserves, and there’s still a way to go to effectively bolster the aviation industry’s defenses.

4 Key Insights and recommendations

With that in mind, let me summarize the headline news from the 2018 Air Transport Cybersecurity Insights research, calling on its four key messages and SITA’s recommendations:

Se la...

The first key message is that airlines and airports are highly aware of the importance of cybersecurity. The rise in spend shows this. Yet existing challenges are delaying progress. Having too few resources impacts 78% of aviation organizations; budget constraints frustrate 70% of them; and trouble recruiting, retaining and training staff hits around half. Complementing internal resources with external expertise is a fact of life for most.

Recommendation no. 1 in SITA’s Insights research is that airlines and airports must empower their cybersecurity teams. Not only that, cybersecurity needs to be represented at the top table. Only a third of respondents said they’d appointed a dedicated Chief Information Security Officer (CISO).

Yet at SITA we see this as crucial to achieving visibility, empowerment and implementation.

El seg...

Most airlines and airports have set up core safeguards. They’re now poised to advance beyond that. Over 44% have a formal Information Security Strategy. In three years’ time, nearly half will have a formal cyber strategy. That’s more good news.

The pressing task is to make further advances. It’s encouraging that the vast majority are conducting a formal risk assessment, while a third have a Security Operations Center (SOC). Yet with just 40% of airlines and airports maintaining an inventory for critical business processes, the research shows a missing link between business processes and IT systems.

Recommendation no. 2 in our Air Transport Cybersecurity Insights research concerns the criticality of a long-term Cybersecurity strategy, one that is aligned with business objectives and the IT environment. Only then can you advance an organization’s ‘cybersecurity maturity’.

Third…

The THIRD key message relates to my introductory point about the shift in spend. Proactive protection is certainly becoming a primary driver for building cybersecurity capabilities, rather than compliance.

Again, that’s encouraging. Business continuity is top of mind for all: over 70% of airports say disruption of operations is their biggest concern. Airlines feel the same, though assign a similar level of importance to protecting passenger data. Ransomware, phishing and advanced persistent threats are constant threats. Our research shows that more attention must go to insider threats too.

So, SITA’s no. 3 recommendation? Make sure your organization clearly understands the most business-critical factors and their associated threat levels. This is a key prerequisite for advancing your airline’s or airport’s cybersecurity maturity.

And Fourth…

Key message no. 4: our Cybersecurity Insights research reveals that one in two organizations will implement a SOC in the next three years. It’s an immediate priority for many, which is yet again encouraging. With 8 of 10 SOCs run by external providers, there’s a major trend to outsource because that addresses many of the resource and skills challenges.

Our fourth recommendation is focused on Security Operations Center (SOC)SOCs are critical projects, but they’re complex. You need to implement a SOC in stages, and that means starting with what’s business critical. Then extend out. Only that way can you get faster ROI.

For anyone in the air transport industry charged with the responsibility of cybersecurity in their organization, I thoroughly recommend our Air Transport Cybersecurity Insights. This worldwide study, commissioned by SITA, is the most comprehensive study investigating cybersecurity trends within the air transport industry.

Deje su comentario

Tiene que haber iniciado sesión para publicar comentarios

Comentarios

  • Published on06 December 2018 05:39 PM by Michael Schellenberg
    Hello Wolfgang, Thanks for your post and we fully agree ! Detection is actually the 4th point in the blog (as SOC is all about detection). Overall, to advance cybersecurity maturity effectively, improvements should be made across the whole cybersecurity spectrum: Identify, Protect, Detect and React but today those 4 areas do not all get proper attention/investments. Kinds regards, Michael
  • Published on06 December 2018 01:16 PM by Wolfgang Mers@sita-airport-it aero
    Hi Michael, thanks for your insights. I almost agree on your points, but your 3rd key is just one part of the truth. Detection within your environment is at least as important as prevention. One successful attack can be harmful enough, so you have to take care detecting any breaches as early as possible to take corrective actions. Best Regards, Wolfgang (CISO @ SITA Airport IT)
Volver al principio
  • sita tweet
    “The question of whether or not to innovate doesn’t exist anymore” notes @BigBl_nk CEO, Hubert Riondel at the… https://t.co/7zFsVFCLcT

    9 minutes ago from SITAonline
  • sita tweet
    Barbara Dalibard continues: “By linking mobile and biometrics, and putting everything in the cloud, you have a stro… https://t.co/ruZ1mFpTrX

    16 minutes ago from SITAonline
  • sita tweet
    SITA CEO, Barbara Dalibard, opening the #SITAInnovationForum: “It’s not just about collaboration, it’s about being… https://t.co/q0EY5E8jmJ

    29 minutes ago from SITAonline
  • sita tweet
    Come to booth B09 and talk to the SITA team about the cutting-edge #biometrics innovations that are driving new mod… https://t.co/y94eMIz4Ae

    2 hours ago from SITAonline
  • sita tweet
    The breadth of expertise coming together in the next few days at the SITA Customer Innovation Forum is so exciting.… https://t.co/w48VFsvhJw

    4 hours ago from SITAonline
  • sita tweet
    Free movement of people was a hot topic at #ID4Africa today, particularly its role in regional development. As show… https://t.co/nZar6scAaE

    5 hours ago from SITAonline
  • sita tweet
    Day 2 of #ID4Africa 2019 continues to explore the potential of digital identities for accelerating economic develop… https://t.co/P6JJGxkv3j

    7 hours ago from SITAonline
  • sita tweet
    RT @ozuistanbulhub: https://t.co/e7LIfqwl9d Dr. Carlos KADUOKA, Director of Consulting, SITA ”Digital Everywhere –… https://t.co/siEmCDRurz

    22 hours ago from SITAonline
  • sita tweet
    We gathered some great insights from an informative and productive first day at the #ID4Africa event. We look forwa… https://t.co/oOsudav0f3

    23 hours ago from SITAonline
  • sita tweet
    Emad Muhanna, General Manager for SITA’s Government & Security Business in the MEIA is speaking today at #ID4Africa… https://t.co/5Vt6VcrTIW

    yesterday from SITAonline
  • sita tweet
    Your face is your identity. Visit SITA booth B09 at the #ID4Africa event to learn more about the #biometric ID mana… https://t.co/EioNuYSUgv

    yesterday from SITAonline
  • sita tweet
    We are at the 5th Annual Meeting of the #ID4Africa movement in Johannesburg this week. The theme for this year’s ev… https://t.co/ce5hNoeI1K

    yesterday from SITAonline
Conéctese con SITA