Black Hat recently released The Cyberthreat in Europe, a survey of European information security leaders to get their views on the current cyber security climate.
It reveals that many feel they are unprepared for expected cyber attacks in the next two years, and because of the magnitude of the current threat, they don’t feel the Directive on Security of Network and Information Systems (NIS Directive) will begin to scratch the surface of what’s required to combat the threat.
The NIS Directive, which takes effect in May 2018, will be the first legislation on cyber security that applies to the whole of Europe. It aims to enhance security levels for operators of essential services (OESs) and digital service providers (DSPs) by ensuring that all European states are applying strict systems and policies for improved cyber security.
A major infrastructure breach is imminent within the next two years
77% of respondents believe a cyber attack will breach critical infrastructure across European countries within the next two years, and nearly two thirds of respondents believe they will need to respond to a major security breach in the next 12 months. Worryingly, almost 60% believe they don’t have the budget to adequately protect themselves from cyber risks.
The Directive aims to ensure that OESs and DSPs “take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which they use in their operations”. The objective is to improve cyber resilience among organisations operating in critical industries.
89% of security leaders in Europe lack confidence in the NIS Directive
Emphasising the magnitude of cyber threats on countries’ critical infrastructure, only 11% believe that the introduction of the NIS Directive will actually make Europe’s critical infrastructure more secure from cyber attacks.
The most effective way to protect yourself from breaches and comply with the Directive is an integrated cyber resilience strategy. IT Governance is a leader in the field of cyber resilience implementation, and can help with a range of requirements that will fit your specific needs.
Prepare for the NIS Directive
ISO 27001 provides a proven framework that helps organisations protect their information through effective technology, auditing and testing practices, organisational processes and staff awareness programmes. Implementing this alongside the ISO 22301 business continuity standard means you can build comprehensive and robust information security.