The Log4j vulnerability has demonstrated the importance of supply chain security. In this blog post we consider the best course of action that companies can take to protect their software supply chain.
Cyber security has many facets and affects all areas of our digital lives, both professional and private. In some environments, information security is mandatory where regulatory requirements foresee legal compliance or at least clear policies. Mostly, however, this only affects organizations: Companies, authorities, legal entities. Although the private digital domain is by no means beyond the law, as every politician should now be aware, security measures are voluntary, meaning that they are often not implemented at all or poorly understood.
Similar to a corporate awareness campaign, the European Cyber Security Month (ECSM), aims to raise awareness of cyber security among citizens. It aims to promote "information, awareness-raising and active consumer protection in the field of cyber security", according to the official mission statement of the campaign, which is now running for the eighth time. In Germany, the Federal Office for Information Security (BSI) is the national coordinating body of the ECSM. It has the role of motivating the state, business and society to participate strongly with its own initiatives. In the previous year, around 100 partners took part in the ECSM with almost 200 activities throughout Germany.
The initiative underlines a strength in numbers approach or as BSI President Arne Schönbohm puts it: "We're not defenseless, every user and every company can help improve security." The more actions take place in October and the more diverse they are will in turn raise greater awareness among the different target groups. Authorities, companies and institutions wishing to participate in the ECSM with their own activities designed to raise awareness of cybersecurity can register their interest through the BSI. Events and activities may be public or restricted entry, online or offline and targeted at professionals or the general public. The BSI has compiled more information on participation and registration in an action guide available on its website(https://www.bsi.bund.de/ecsm).
The Allianz für Cyber-Sicherheit and the Deutsche Industrie- und Handelskammertag are inviting companies and institutions to a Cyber Security Day in Berlin on 26 September 2019 to mark the start of the European Cyber Security Month. BarCamps and match-making sessions offer opportunities for exchange and networking as well as inspiration for projects. In addition, cyber security initiatives and companies will showcase their planned actions for ECSM 2019. The BSI is accepting applications for participation in the presentation until 30 June 2019 at https://www.allianz-fuer-cybersicherheit.de/CfP_ECSM2019 .
Measures for greater security awareness are generally to be welcomed, especially the ECSM as it attracts such a wide variety of interest groups. Security is still considered as "somebody else's problem" by far too many end users. Security is either left up to the manufacturer to deliver, or it's just not interesting as long as it doesn't hurt. Technical knowledge has little to do with it – if end users demanded secure software and services, the manufacturers would follow suit. However, this does not happen as long as banks settle hacked accounts more or less without comment and as long as the (unwitting) participation in a bot net for a DDoS attack has no consequences for the user. In the current situation, raising awareness is the only way to increase levels of cyber security for all users. We hope to see as many, if not more, entertaining and enlightening contributions this year, as last year.