Cyber threats are taking serious shape, ‘policymakers and businesses urgently need new strategy’
In 2021, records were shattered in terms of ransom paid as a result of ransomware. Small businesses are also vulnerable, with nearly two-thirds going out of business within six months of an attack. Governments have also suffered breaches, including the SolarWinds hack that came from Russian intelligence, and the Iranian cyberattack that cracked voter databases and spread disinformation about the 2020 election. Author Kris Lovejoy writes about this in her (Dutch) blog on Computable. She is Global Security and Resilience Practice Leader at Kyndryl.
Closer to home are also examples of cybercrime and serious threat to Dutch business. For example, in late June 2021, The Mandemakers Group, with more than two hundred branches throughout the Netherlands, was the victim of a ransomware attack, blocking much of its IT systems. In October 2021, industrial group VDL Groep was severely hit by a cyber attack, which toppled all 105 (including international) companies that fall under VDL Groep. Only a month after the attack, all 105 operating companies were back in full operation.
And yet, despite the urgency, two-thirds of chief information security officers (ciso’s) say their companies are not prepared for cyber attacks.
Just as the approach to the pandemic has shifted from complete prevention to managing the inevitable consequences of the disease, we need to rethink the international attitude toward cybersecurity. It is time for a comprehensive cyber resilience strategy, not just cyber security. Cyber resilience is about anticipating, protecting against, resisting and recovering from attacks on cyber-based services. This goes beyond conventional cyber security; it emphasizes continuity and recovery. Because attackers will eventually breach our defenses.
Cyber incidents affect the whole of society; they create uncertainty in society, in governments and in markets. Therefore, in order to keep attackers at bay and limit the damage they cause, the public and private sectors must jointly adopt a comprehensive approach to both defense against and recovery from cyber attacks.
In the US, the Biden administration announced last summer that it will work with a number of major companies, including Google, Microsoft and IBM, to establish a new framework for improving cybersecurity in the technology supply chain. Investing in cyber resilience is also very important in the Netherlands, especially in view of the current geopolitical situation. 2022 should therefore be the year in which we implement an economy-wide strategy for cyber resilience. Part of this is a consistent set of cyber resilience principles to prepare the economy and critical institutions for attacks.
Time is of the essence as the world goes through digital transformations at a breakneck pace. This creates new opportunities and new risks, and organizations must meet their cyber resilience commitments to keep up with developments. Meanwhile, new technologies such as ai, blockchain and internet of things are growing at a rapid pace. This offers cyber attackers more entry points into our lives and increases what cyber experts call the attack surface.
One of the greatest resources we have in the fight against cyber risk is the easiest to overlook: human talent. Jen Easterly, director of the Cybersecurity and Information Security Association (CISA), says investing in human capital is “the most important thing we can do” to address cyber threats. And yet more than half of business leaders say their organizations are lacking cyber skills and millions of cyber security jobs remain unfilled.
We must remember that prioritizing cyber resilience does not mean being overly cautious or suddenly halting all kinds of activities. On the contrary, building cyber resilience enables leaders to take smart risks and proactively pursue their ultimate goals. Cyber resilience does not impose limitations on us; it gives us the freedom to do the crucial work at hand.
The world is changing rapidly, and we are all part of it. 2022 should be the year when business and policymakers collectively embrace cyber resilience principles and prepare our economy and democratic institutions to survive and thrive amidst all threats.
Register for free for Cybersec Europe 2022
Interested in the future of cyber security? With keynotes from security experts like Mikko Hypponen, hacking experts like Tobias Schroedel and inspiring sessions from innovative and leading organisations, Cybersec Europe, former Infosecurity.be, Data & Cloud Expo, will be a 2-day all-round IT-security event at Brussels Expo on 11 and 12 May.