WannaCry’s impact is still being deciphered all across the globe. A known vulnerability for which patch is available can do such damage to most of our systems is still beyond the imagination of the Cyber Security experts if not the top management of the companies & the government alike. What can a Zero Day or an unknown vulnerability would do the world can be anybody’s guess. Post the cyber incidents unfolding the organisations have to still come out in the open to confirm the success of their patch management & declare that their systems are running fine for customers.
Mandating Security Audit in all its dimensions through legal enablement is the only answer. The periodicity of the audit is critical given the nature of the issues; fast moving, dynamic & realtime. The prioritisation would be another technical issue. That the audit should be more on the technical side rather than a management process has been proven with clarity in the current case.
In this Information Age, the information on the information systems being unavailable on public domain can be called as a travesty of justice. The critical information infrastructure ought to be open to public scrutiny & added to that it should be mandated that they should keep giving updates on a daily basis at least when crisis hits. Any major incident should be made aware to the public through the public mass media officially. Any speculation can completely erode the trust in the system, which has so meticulously evolved.
Breach reporting should be a part of the audit mechanism & companies & organisations who fail to comply should have to pay a price for it, in a legally prescribed manner. Confusion reigns supreme & what is reported in the mass media is final & not validated to trashed officially. Top management is not there only to maximise profit, the interest of customers is primordial. With complete lack of knowledge of the Cyber Security status of the company, it is impossible to fathom out the impact .
CYBER SECURITY AUDIT CAN MAKE THE DIGITAL WORLD SANER & ACCOUNTABLE.