Communications providers are ahead of their communities in addressing these risks, especially as they look at techniques like the NIST cybersecurity framework. When we look at the NIST cybersecurity framework we see a methodology with a number of components for tackling a complex problem. The framework is a progressive approach to learning about cybersecurity risk. Then it guides the creation and adoption of mitigation strategies. As a result organizational alignment and collaboration emerges around cybersecurity.
It has various “tiers” to progress through as organizations mature their understanding of cybersecurity. An interesting aspect, as organizations mature understanding, cybersecurity expertise emerges across the organization. The primary purpose of that expertise is to service the organization’s own purposes at becoming a more secure and less susceptible target.
We discussed communication providers’ communities also face similar risks. Communication providers already have a business model where they provide services and even expertise in communication technologies. Why not use that new expertise in cybersecurity and offer services around it.
As communication providers advance through the Tiers of the NIST cybersecurity framework maturing cybersecurity practices, the expertise that gathers from the previous Tier can be the foundation of a service. For example, once there is familiarity with establishing a risk management process and prioritization of cybersecurity activities, then consult to other businesses, organizations, and customers in the community. As communication providers invest in technologies to mitigate their risks like firewalls, antivirus programs, and intrusion detection services, then offer those technologies to customers.
Many communication providers have already expanded service offerings to applications like VOIP, data center services, backups of critical data, etc. Reselling cloud based anti-virus, firewall, and offering managed cybersecurity services is something large data centers firms and new market entrants have moved into. OpenDNS (now a Cisco company) offers the capability to become a channel partner and resell their cloud based cybersecurity platform. MAXfocus is a company that provides a Managed Anti-virus service that offers managed anti-virus, patching, and related services to your customers.
The framework is a great place to start for not only maturing an organization’s cybersecurity expertise but building upon that expertise for service offerings to the community.
Beyond the framework, there are other areas it does not directly address that communication providers can develop expertise in or may already have expertise. Creating a privacy policy is one area that the framework does not address but is a good business practice and many have already created one for their website.
Another area in which communication providers can offer guidance is with respect to meeting regulatory obligations, they have been in that business for decades. Other organizations in their communities might be new to cybersecurity regulations and answering to regulatory obligations.
I think if communications providers look around at some of the other business practices that they perform, they will see that many of their customers may have to start incorporating those practices as they use more communication services, for instance regular patching and upgrade processes.
I hope that as a result of reading this series, communication providers don’t view cybersecurity as a black hole that is going to suck up time, money, and other resources. But as a potential opportunity where they can recapture the efforts that they put into it and use them not only to offer new services and revenue opportunities but improve their organizations and their communities. As a result communication providers will be a resource that can lead their communities in all the aspects of the high speed broadband services they provide.