With cyber attacks on the increase around the world, the need for greater cybersecurity resilience is crucial. It is of the utmost importance when it comes to vital infrastructures and networks such as power grids, financial and transportation systems.
Digital technologies are the backbone of our society and economy. The consequences of critical infrastructure outages due to a cybersecurity incident – be it from a cyber attack or from human error, a catastrophic weather event or technical failure – are becoming bigger and more complex to deal with.
As we have gone digital so have the criminals. Governments and the private sector rightly have identified the need to continue to focus and grow capabilities.
With the European Union’s (EU) soon to be approved Network and Information Security (NIS) Directive, Europe has taken a step in the right direction. For the first time, network and information systems throughout the EU will benefit from a graded and harmonised approach to cybersecurity.
The directive provides a solid basis for better collaboration between governments; it concentrates on highly critical infrastructures and networks such as power grids, financial and transportation systems and it allows for continued investment in private-sector R&D.
The directive’s risk-based approach makes a clear distinction between digital services and critical infrastructures, thus allowing national authorities and critical infrastructure operators to better prioritise their efforts. This means that Europe can focus efforts on those infrastructures which carry the most socio-economic risk.
The directive establishes a series of graded thresholds for reporting cyber incidents. Such an approach is appropriate and will improve responses to genuine cyber threats.
However, cybersecurity requirements continuously evolve over time. All organisations – not just critical infrastructure operators – need to be vigilant and plan for cybesecurity resilience.
IBM is taking concrete steps to help our clients, governments and partners address such evolving cyber threats. Our X-Force Exchange platform allows cybersecurity experts to access a vast database of cyber threat data and share insight into the latest attacks.
According to the latest IBM X-Force Threat Intelligence Quarterly report, 2015 has been a challenging year for cybersecurity as insider threats, malware and stealth attacks affected enterprises. The top four cyber threat trends of 2015 and a lot more besides are highlighted in the report: http://ibm.co/1OJkd8
According to the United Nations, 80% of cyber threats involve highly-organised criminal networks that actively share tools and information. This underscores the need for better sharing and coordination between the cybersecurity professionals working to defeat them.
Sharing technical information such as malware code, malicious IP addresses and information about product vulnerabilities and the techniques used to exploit them can boost cybersecurity resilience.
Initiatives like the NIS Directive are a good start, but around the world more legal clarity is necessary to scale cyber threat information sharing to the levels required.