Cybersecurity for Financial Industry: An Analysis of the Cyber Resilience Assessment Framework

61 62 C-RAF AND REAL-LIFE MEASURES C-RAF AND REAL-LIFE MEASURES SSL CERTIFICATION ADOPTION As set out at the beginning of the report, one of our aims is to identify if C-RAF and hence the Maturity Assessment are able to reflect the actual cybersecurity practice of the AIs. To achieve this, we have gathered data on the SSL certification adoption data for the AIs’ official websites across 17 six-month periods, which allow us to identify the AIs’ actual level of maturity practice beyond the self-assessment exercise. Later in this section, we have also conducted analyses on the time trend and adoption rate of suboptimal SSL certifications, including the self-sign certificates and weak hashing algorithm certifications. While the adoption of SSL certificates is only a small part of the vast measure an AI ought to take, we believe it reflects the AI’s awareness and willingness to implement the fundamental measures in cybersecurity. We looked at the longitudinal average adoption rate of SSL certificates for each AI over the 17 periods and have calculated the average SSL certificate adoption rate. The idea behind is that it allows us to see the full picture of the AI’s implementation instead of merely a snapshot. More specifically, if an AI adopts no SSL certificates at a given time, it will have a score of zero at that period and one otherwise. For example, an AI who started using SSL certificates to secure their websites at the final ten periods would have an adoption rate of 10 17 = 59% SSL CERTIFICATES Secure Sockets Layers (SSL) certificate is a global standard security digital certificate that enables encrypted communication between a web browser and server. Companies need SSL certificates for their websites to keep user data secure and to verify the validity on the website, preventing malicious attackers from creating a counterfeit version of the site. When a website is secured by an SSL certificate, HTTPs will appear in the start of the URL [ Exhibit 54 ] SSL certification adoption rate calculation SSL CERTIFICATION ADOPTION Rate Calculation Example- An AI started using SSL certificates to secure their websites in the last ten of the 17 six-month periods . Hence a percentage adoption rate of: 10/17 = 59% The number of SSL certificates is less than one The number of SSL certificates is at least one 0 7 17 SSL