The ambition of Ursula von der Leyen, President of the European Commission, to leverage the EU’s recovery effort and fund to accelerate the digital transformation of our economy has gathered a large consensus in Brussels and in member states. Rightfully so.
One thing the pandemic has made clear: a more digitized economy calls for ever-reinforced security.
In the coming weeks, the EU will release two policy milestones as part of its cybersecurity strategy: the review of the Directive on security of network and information systems (NIS), and the presentation of a ‘European Cyber Shield’ strategy. No doubt the pandemic will have an impact – there are many lessons you learn in a real-world crisis that you cannot from a table-top exercise.
While the pandemic has accelerated digital adoption and transformation, it also exposed how unprepared and vulnerable both businesses and consumers were, when prompted to move their activities online overnight. The disruptive effects of the pandemic suddenly extended the enterprise network into the home environment for both the public and private sector. This presented an obvious business continuity challenge, with security struggling to keep pace.
At a time when healthcare is under unprecedented strain, there was a migration to virtual health services – to advise the public, make medical diagnoses and connect isolated patients with their loved ones. Field hospitals and testing centres needed secure connectivity. And in the education sector, our homes were suddenly our classrooms.
Sadly, no human tragedy goes unexploited. Cyber criminals have been using the financial promise of relief funds to lure unsuspecting victims to malicious sites and targeting hospitals for ransomware attack. State-backed operatives were allegedly responsible for CoViper wiper malware attacks on hospitals in the Czech Republic and for attempts to steal vaccine research.
In two recent global surveys published by Cisco in September, we found that 85% of organisations view cybersecurity as even more important now, than before COVID-19. We also found that secure access was the top cybersecurity challenge for 62% of our respondents.
From a public policy perspective, we believe this strengthens the case for robust, convergent technical and organizational information security measures across sectors vital to our economy and society. The review of the NIS Directive presents an opportunity not only to expand coverage to the likes of public administration but also to harmonise the confusing web of security requirements that apply to the current ‘Operators of Essential Services’ in the Directive. From a vendor perspective, it is nigh on impossible to implement a clear and cohesive security vision when expectations are pulling in different directions.
But policy can only be part of the answer. It’s all very well telling someone to do something, but they will only be able to put it into practice if they have the necessary resources.
Companies recognize this challenge and are making needed investments to increase their own security: 66% of executives we surveyed, in fact, said this was already underway. But the EU and Member States should also be investing – in the security of public services, in essential services and in SMEs. We need to secure remote access, manage data and identities and protect endpoints. We need management buy-in and the right policies and processes in place. And we need awareness and an educated workforce. Digitisation sits on a foundation of security. And if Europe wants to lead in the former, it needs to be best-in-class in the latter.