Security by Design: Is Europe Playing it Safe?
One way the European Union is responding to these threats is through the new Cybersecurity Act, adopted by the European Parliament on March 11. Not only will this act serve to reinforce the mandate of the EU Agency for Cybersecurity (ENISA) but it will also establish an EU framework for cybersecurity certification, designed to strengthen the security of online services and consumer devices. This will have particular implications for the Internet of Things (IoT) which is becoming an increasingly large part of our lives, and thus a more common target of attacks.
With the growth of the IoT set to continue indefinitely, it is important to think of cybersecurity in terms of connected ecosystems. As we know from recent experience, attacks on these systems can reach unprecedented levels. In 2017, the WannaCry attack affected more than 230,000 systems in over 100 countries within a matter of days. And cyberattacks are not limited to computers alone. Last year, a team of researchers at Ben Gurion University demonstrated how attackers could drain a city’s water tower by exploiting IoT irrigation systems, forcing them to overdraw from the city’s reserves. This indirect attack on infrastructure reflects the harsh new reality of the world: as the public and private sectors alike find more value in working within rich ecosystems, risk and vulnerabilities increase, widening the scope of possibilities for intruders.
…as the public and private sectors alike find more value in working within rich ecosystems, risk and vulnerabilities increase.
Security by design
One of our 2019 Tech Trends highlights the importance of security by design, where networks are approached as the ecosystems they are and not as individual pieces of the puzzle. Without taking a bird’s eye view of security, organizations risk making fatal oversights resulting in serious repercussions lasting many years. In a fast-paced digitized economy, architecture and planning are everything. Security must be integrated into overall development processes and not approached after problems have already occurred. In the post-digital world, organizations will also need to widen their horizons when conducting threat modeling and risk assessments to prepare flexible, interoperable and future-proof solutions. This is one critical part of the preparing for a cybersecure future, but not the only one.
...organizations will also need to widen their horizons when conducting threat modeling and risk assessments to prepare flexible, interoperable and future-proof solutions.
In addition to prioritizing security by design, cybersecure organizations will need to have well-established collaboration and cooperation at all levels of the ecosystem. Security should be a shared responsibility with strong private-public and public-public partnerships. Without cooperative foresight and coordinated responses, it will be very difficult for any organization to truly secure itself. One way the European Union has set out to change this is through its sponsorship of the Cyber Rapid Response Force, which will allow Member States to collectively respond to cyber-incidents through training, diagnostics, attribution forensics, and assistance in operations. The aim of this is to better blend Member State expertise in the field of cyber-defense. Initiatives like this need to be further supported so that Member States can continue to support and learn from each other. Security is no longer about protecting individual organizations; it is about protecting everyone.
A resilient digital economy is central to the future growth and prosperity of the EU.
Susceptibility to cyberattacks by unknown intruders is increasing and the consequences will be felt at national and international levels. A resilient digital economy is central to the future growth and prosperity of the European Union. For this to happen, the EU must ensure that everyone feels safe in investing in this economy, something that is impossible without proper cybersecurity measures being developed and practiced. After all, cybersecurity threats do not stop at national borders.
Want to know more about how Accenture can help your organization become cybersecure? Feel free to contact us for a chat!