By: Matt Middleton-Leal, regional director, UK and Ireland
The European Parliament has recently approved legislation aiming to improve cyber security cooperation between European Union member states. The Network and Information Security Directive will see all member states establish a computer emergency response team to deal with cybersecurity incidents. Each country’s team would then be supervised by a national authority, which would join forces with the corresponding authorities from the other EU countries, to combat cyber threats. This network of authorities will then be able to share intelligence and warnings regarding security incidents.
Efforts to ensure countries are putting up a unified front against growing cyber threats are certainly to be welcomed. Despite the constraints that such guidelines create and the inevitable complexities involved, the European Parliament has highlighted that data protection and privacy are priorities for all. Additionally, as European law must be implemented at a national level, best practices will be set in place in each country, which can only be a good thing.
In other news, earlier this week the UK’s Shadow defense secretary, Vernon Coaker, called for mandatory data breach reporting for all private companies, in a bid to protect national infrastructure. Making it a legal requirement for companies to report serious attacks on their networks may well help to tackle the complacency that exists within many organizations today. This has far reaching implications and should be considered from many angles before being legislated.
However, initiatives that aim to unite individuals and nations in the fight against cyber crime, and that encourage organizations to take proactive security seriously, are certainly long overdue. Cyber criminals are becoming increasingly sophisticated and it really is a matter of when rather if you will become a target. As we have seen in a number of high-profile incidents, cyber attacks are now used against nation states as well as enterprises, and it is vital that robust security measures are put in place to defend valuable assets, data and our critical infrastructure from attack.
With this in mind, organizations and nations should be putting themselves in the situation. If an attacker was on the inside of their network, would they be faced with locked doors at every turn? Or, would a sophisticated hacker find it relatively easy to hijack and exploit the powerful privileged credentials which exist in all networks? Unfortunately, I suspect the latter may be the most likely for the majority.