Companies urged to devise cyber security strategy to combat cyber attacks

“Companies should consider devising a cybersecurity strategy to combat the various forms of cyber attacks,” affirmed Keystone Technical Director Hosni Tounsi.

Speaking at a seminar on the theme: “Cyber-security: Issues and Challenges” organised on Thursday at the initiative of the Tunisian-French Chamber of Commerce and Industry (CCITF), he added that this strategy must target three main components, namely the guarantee of an efficient security technology, the deployment of qualified human resources in this field and the use of an organisational process through cyber security policies and procedures.

The reported cyber attacks have generally targeted email addresses, administration services, remote access (VPN, cloud services, etc.) and laptops, WIFI connections, etc.), which has caused the loss of computer data, damage to the brand image and even the cessation of activities of some companies.

The rise in the number of cyber attacks is explained by technological development and cybercrime, against a basic and static security approach, he considered.

Taking the floor, director in charge of the audit of information systems at the National Agency for Computer Security (ANSI) Saber Issa said that in response of the growing number of cyber attacks, Tunisia had devised in 2019 a National Strategy for Cyber Security (SNCS) for the period 2020-2025.

He further explained that this strategy has five objectives, namely, to steer and manage the national cyberspace, prevent cyber threats, improve cyber resilience through national capacity building, protect the critical digital infrastructure, build digital trust, achieve digital leadership and foster international cooperation.

Issa indicated that the SNCS is based on five key lines of action, including sectoral orientations and strategies, the legal and regulatory framework, the culture of cybersecurity, technical standards and scientific research, etc.

Referring to the sectoral orientations and strategies, he specified that the ANSI will contribute to protect the vital digital infrastructures against cyber threats by drawing up a Government Security policy.

This policy, he further clarified, will help define the minimum security measures at the level of the State’s information systems while taking into account the national and sectoral needs in terms of information security based on an assessment of risks and international experiences of reference and good practices and globally recognised standards.

For the legal and regulatory framework, the official advanced that a law on the classification of public data and a new law on cybersecurity to replace the law No. 5-2004 are being drafted to harmonise the legal texts with the digital development at the international level.

Source: Agence Tunis Afrique Presse