Cyber security can be defined as the protection of an organisation’s data and assets through policy, risk management, software, tools, training, best practice and technologies. The remit of cyber security is the same as that of information security: protecting the confidentiality, availability and integrity (CIA) of corporate information assets.
Assets susceptible to cybercrime include devices capable of connecting to networks and the Internet, telecommunications, personnel, infrastructure, and any information sent or stored in the cyber domain. Cyber security aims to achieve and uphold the security of organisational and user assets against security threats in the cyber domain.
Cyber Security in Europe
In February 2013, a directive of the European Parliament proposed measures to ensure a high common level of network and information security across the European Union. The measures proposed aim to strengthen European cyber security efforts by creating a system for reporting security incidents.
A recent report commissioned by the Department for Business, Innovation & Skills (BIS) and conducted by PWC reported that a large number of organisations in Europe experienced incidents of data corruption, infection by viruses and cyber-attacks by unauthorised outsiders. The report shows that 74% percent of respondents in Europe were attacked by unauthorised outsiders, attacks which included hacking attempts. 66% said that they suffered systems failure or data corruption, and 65% had been infected by viruses or malicious software. 11 organisations stated that they experienced significant attempts to break into their company’s network hundreds of times a day.
Download our free Cyber Security: A Critical Business Issue Green Paper
This green paper contains an overview of Cyber Security and details how to apply effective cyber security measures.
Download your free Cyber Security Green Paper today >>
Data breach examples from the EU:
|22/05/2013 ||XCount3r hacked Audi Switzerland ||More than 2,000 accounts dumped |
|08/05/2013 ||Dutch government websites suffered DDoS ||10 million citizens unable to pay taxes and bills online |
|22/12/2012 ||Belgian railway company data breached ||Internal error – inadvertently published 1.46 million sets of customer data online |
|26/12/2012 ||Renault Bulgaria hacked ||7,000 accounts, including administrative accounts and passwords, leaked |
|08/11/2012 ||UNESCO website hacked ||60 usernames and passwords leaked |
|7/11/2012 ||LG Hungary’s site hacked ||1,300 user credentials, names, locations, emails and passwords leaked |
|23/10/2012 ||Italian police database hacked ||3,500 private documents leaked |
|15/10/2012 ||WHO website hacked ||Part of database dumped |
|11/05/2015 ||Website of the Romanian National Authority for qualifications hacked ||Administrator and user accounts breached |
How is Europe coping with cyber threats?
Although there is no over-arching approach to cyber security in Europe, a number of countries have their own regional strategies in place to mitigate the cyber threats.
France has drawn on findings from the 2008 French White Paper on Defence and National Security to significantly strengthen national cyber defence capabilities. Actions include managing risks, detecting attacks and protecting information systems.
The Cyber Security Strategy for Germany is more generic in that it is working towards improving the framework conditions in cyberspace, but recognises that it needs national support to achieve its objectives.
Finland recognises that it may not be a direct threat for cyber terrorists but acknowledges that no country is safe from threat. It has criminalised cyber offences to a great extent, with punishments including prison sentences enforced by the Penal Code, and has plans to introduce new legislation for the misuse of cyberspace.
France, Ireland, UK, Belgium, Germany and the Czech Republic have adopted regional legal requirements relating to cyber-crime. They require organisations operating in these countries to notify government agencies and affected individuals when they experience breaches of personal data.
European members states and European institutions are protected by the European Union Agency for Network and Information Security, (ENISA). ENISA’s role is to enhance cyber security prevention and to respond to cyber security challenges across the European Union. The agency seeks to develop awareness of Information Security for the benefit of EU citizens, consumers, businesses and public sector organisations. The European Cyber Security month held last October 2013 was organised and developed by the Member States and the Commission to raise awareness of information security issues as a joint EU campaign with an intended global reach.
ISO 27001 has cyber resilience at its core. Cyber resilience is the resistance of organisations’ systems and processes to cyber attack or natural disaster.
The new, 2013, final draft standard of ISO27001 is now available. Buy now to get ahead in the updating process and prove your commitment to adhering to international best practice. Buy a copy of the ISO/IEC 27001 today >>
The ISO27000 family of standards includes standards which set out best practice methodologies to manage cyber resilience:
- ISO/IEC 27001:2013, the specification for an information security management system (ISMS).
- ISO/IEC 27002:2013, which details how to go about initiating, implementing, maintaining, and improving information security management within an organisation.
- ISO/IEC 27031:2011 (Download), which deals with how organisations can ensure their IT processes and systems are prepared for business continuation should an incident occurs.
- ISO/IEC 27035:2011 (Download), which provides a guideline of how to cope should an information security incident occur.
Apply Cyber Security best practice
Our Cyber Security Governance & Risk Management Toolkit helps you integrate a number of cyber security approaches into a single framework. This toolkit enables you to combine the individual strengths of the top cyber security approaches to enable you to get the best from each of them collectively.
- PAS 555:2013, the new standard for cyber security risk governance and management.
- ISO/IEC 27032, the international guidance standard for managing cyber security risk.
- The Cloud Controls Matrix, developed by the Cloud Security Alliance for cloud service providers.
- Ten Steps to Cyber Security, the methodology developed by the UK’s Department for Business to help organisations secure their cyber defences.
- ISO/IEC 27001, the internationally recognised standard against which an information security management system can achieve accredited certification.
Find out more about the Cyber Security Governance & Risk Management Toolkit >>
IT Governance is a specialist in helping organisations with cyber security, cyber governance and cyber compliance. Find out more about our products and services here.
You may also be interested in: