Cyber security is not just about technology; it is about people, laws, incentives and disincentives. While there is undoubtedly a focus on the design, development, and deployment of technology, equal attention must be given to all other processes, including human resources, legal, sales, finance, marketing, and supplier management.
Tech giants like Huawei have integrated cyber security requirements into their processes, with each executive, manager and individual personally accountable for their responsibilities. This level of accountability implies several underlying factors, including continuous training, striking the right balance between incentive and personal liability, and continuous feedback processes to enhance capabilities and validate companies’ assurance levels.
By adopting the “many eyes” and “many hands” approach, Huawei provides openness and transparency on its operations. There is therefore the need for companies to positively encourage audits, reviews and inspections of all technology vendors, in a fair and non-discriminatory manner. Each audit or review challenges their thinking, policies and procedures, ultimately enhancing their capability, product quality and product security.
With the growth of mobile and cloud computing, tech companies need to closely follow the increased demands on network capability brought about by this explosive growth. They can actively participate and undertake cloud computing research, developing industry-leading technologies and products in virtual platform security, virtual network defense and cloud computing data security to build comprehensive security capabilities in cloud computing.
Huawei as a core members of the International Standard Council (ISC) of the influential Cloud Security Alliance (CSA) proactively communicates with governments, operators and industry experts to discuss establishing a global Cyber Security Advisory Committee. This is to guide their capability building in cybersecurity and reinforces the need to learn from the experiences of industry experts to build on their competence.
To validate product security, telecom companies also need to collaborate with industry partners, customers and governments to conduct independent security testing of their products and provide verification reports on quality and security capability.
Just as Huawei has done with its Cyber Security Verification Lab, companies can establish deep cooperative relationships with organizations focused on key cyber security areas, such as threat modelling, malware detection and attack behavior analysis, to effectively share security capabilities.
In summary, tech companies need to believe and accept that the resolution of cyber security challenges is a shared responsibility. We must therefore come together in an open and transparent manner to make positive contributions to improve our own knowledge, processes and products.
Additionally, we must actively support the development and implementation of international laws, standards, policies and best practice so that together, we can foster a global culture of cybersecurity awareness and resilience.