At the start of 2022, The World Economic Forum published its Global Cyber Security Outlook for 2022. If we look back to the year that preceded this year, security teams on the digital front lines grappled with increased risk of cyberattacks and a surge in ransomware. In 2021 alone, organisations faced an average of 270 cyberattacks and ransomware attacks increased by 151%.
Due to these statistics, it is clear that it is a critical time for firms to invest in both their cybersecurity and their cyber resilience. However, it is interesting to note that the report also uncovered that 59% of global leaders within the cyber realm believe there is no difference between cybersecurity and cyber resilience. However, this belief is false. By definition, cybersecurity is the ability to provide protection to data storages, computers and the internet. Cyber resilience, however, is the capacity to anticipate and adapt to cyberattacks. At present, 21% of businesses within the European Union do not have a cybersecurity strategy in place to manage their cyber resilience. In essence, this means that 1 in every 5 businesses do not have a cohesive way to combat crime and the strategic means to mitigate such an attack if it occurs.
Key drivers behind the need for cyber resilience and legal consequences
The Global Cyber Security Outlook report showed that 81% of respondents believed a key driver behind developing cyber resilience is due to the acceleration of digital transformation. Digital transformation has been influenced by both automation and machine learning and remote and hybrid work environments. The increase of digital developments have led to an increase of cybercrimes.
With the increased threats of cybercrime looming, the European Commission made a proposal to the Network and Information Security (NIS) directive that each Member State must be able to define Computer Security Incident Response Teams (CSIRTs) as part of their EU Cybersecurity strategy. In addition to this, they must also include competent National NIS authority. In addition to this, firms within Luxembourg must be able to have a cyber security strategy that meets the demands and requirements from The Financial Sector Supervisory Commission (CSSF) for Banking and Financial Market Infrastructures and private entities must adhere to legislation put in place by the Computer Incident Response Centre Luxembourg (CIRCL). With the increase demand of legal obligations, firms in The Grand Duchy can build cyber resilience through the following methods:
Have a managed detection and mitigation strategy in place
In 2022, firms must invest in a managed detection and mitigation strategy to develop and build cyber resilience. Firms must focus on establishing a resilience team that can manage their cybersecurity, strategy and risk compliance so that they can have a clear understanding of their present cyber risk posture and capabilities. From this analysis, they will be able to make an informed decision about how, where and why to invest in the management of their cyber risks.
Breed a culture of awareness and constantly test systems
Awareness of cyber threats is critical. Firms must be in a position where they know of existing cyber threats and have the capacity to repel them. Another key feature to cyber resilience is being able to test and improve a firm’s competence and systems. Running constant tests keeps them healthy and up to date. Finally, a fundamental part to cyber resilience is being able to understand that no firm or company is safe. Should the event of an attack occur, a firm with strong cyber resilience will have sophisticated reflexes and behaviour to detect such attacks and be able to respond quickly.
Recruit and retain cybersecurity talent
The Global Cyber Security Outlook reported shared a key finding that 59% of the respondents interviewed believed it would be difficult to respond to a cyberattack because their team has a skills deficit. In the climate of increased digital developments and advancements, this is an alarming statistic. As the digital world grows more sophisticated, so does the work of cybercriminals. By consequence, firms in The Grand Duchy should seek to work with outsourced professional experts in cybersecurity who can implement cyber resilience strategies so they are protected.
To conclude, firms within the EU are entering a new era of digital transformation which in turn is opening the door to an unprecedented world of cybercrime and attacks. Firms cannot afford to fall behind and must invest in their own technological abilities to be able to keep their security systems up to date and healthy, whilst working with the best talent to ensure they are cyber resilient. In short, any misalignment between cybersecurity efforts and digital transformation will lead to business challenges and potential losses.
Originally posted at AmCham (https://www.amcham.lu/newsletter/why-cybersecurity-calls-for-cyber-resilience-2/)