Three Ways to Boost Cyber Security in Europe
Europe’s digital transformation brings new opportunities for businesses, governments and citizens. But the increase in connectivity also creates new security risks.
During the EU Cyber Security Month, leading experts have shared their take on how users, businesses and governments can strengthen cyber security in this increasingly complex environment. Their advice is simple: apply the same principles underpinning Europe’s digital transformation to cyber security, i.e. cyber security should be open, interoperable and accessible.
In practice, this means that businesses and governments should go through a cultural change within their organisations, whereby security and their digital transformation cycle are seen as two sides of the same coin. European and national policymakers can also help foster collective cyber security efforts in promoting open, interoperable and accessible approaches to new cyber security rules and open standards.
Cyber security should be open
The surge of personal and industrial devices connecting to different infrastructure systems through multiple public and private networks means that companies, their employees, governments and their citizens can do more in a better way. For instance, companies can improve and speed up their manufacturing processes, employees can work at home, and citizens enjoy ever increasing levels of egovernments empowering everything from e-health to simplifying electronic tax returns.
But from a security perspective, it means more endpoints and vulnerability risks to manage, oftentimes involving multiple cyber security vendors. Public and private organisations can maximise their cyber security defences if these vendors openly share information across common platforms or through common communications languages, particularly around threat vulnerabilities. This can provide their customers with a 360 degree visibility of device, systems and network activities and help them reduce the risk of costly security breaches or data loss incidents. Adam Philpott, EMEA Sales President at McAfee, has more on this.
Cyber security should be interoperable
In today’s dynamic IT environment where organisations deploy multiple and often overlapping infrastructures, products and processes, having tools and architectures that can cut through this complexity and fragmentation is vital.
In today’s complex and fastly evolving threat landscape, no single security vendor can claim being able to develop and deploy best in class security solutions. Instead, taking an integrated interoperable approach is key to future success and improved cyber resiliency. This means breaking down the walls separating vendors’ individual security products, and fostering open and interoperable cyber security architectures and open-source communications languages.
Cyber security should be accessible
As Cloudflare’s Chief Technology Officer John Graham-Cumming explains, it is important that all users, and not just enterprises, have access to good cyber security solutions. Industry must take complex technological solutions and make them accessible and simple for users to understand. Scare tactics and inflated security risks can often be detrimental to the overall aim of broad adoption.
Advancing these principles across EU cyber security policies
EU policymakers have certainly done their part to help foster a cyber security cultural change across Europe. But more can be done.
First, fostering open and secure information-sharing among relevant market participants and regulators is key. The Network and Information Security Directive, one of the EU’s flagship cyber security laws, laid the groundwork for more information-sharing at the community level. But as European Commission Cyber Security Director Despina Spanou explains, more initiatives are underway at the European level, including a proposed Cyber Security Act which will help develop EU-wide voluntary certifications of ICT products and strengthen ENISA, the EU’s cyber security agency, as an information-sharing coordinator among others.
Luukas Ilves, Deputy Director and Senior Fellow at the Lisbon Council, points out that this also means that laws and regulations should be “interoperable” with one another. Ensuring that security requirements in various EU and national laws are compatible with one another is key to reducing regulatory complexity and to facilitating their smooth implementation in a way that is cost-efficient for public and private organisations.
Last but not least, avoiding a prescriptive and regional approach to cyber security is essential to allow organisations of all sizes, particularly SMEs, to deploy and adapt their cyber security framework in an agile way, and to keep pace with the evolution of the technology and the threat landscape. Mike Bursell, Red Hat’s Chief Security Architect, has more on that. Organisations need to be able to adapt the policies and day-to-day processes that they have in place to the regulatory framework they need to follow. If they can do this they can satisfy their auditors, meeting their regulatory requirements while also being ready to react quickly to changes in the market and competitive landscape.
Watch experts’ takes on how Europe can strengthen cyber security