Skills watch

Skills Watch is a rolling review of the key opinions, practices and policy decisions shaping cybersecurity skills training in Europe and worldwide. Grounded in a careful selection from the best sources, and regularly updated.

A significant majority - 69% - of European countries have either no or only a basic understanding of their exposure to cyber risks. There is also a low uptake of cybersecurity insurance, notable under-reporting of cyber incidents, and a lack of the skills and training required to implement cybersecurity measures. 

 
These are just four of the cybersecurity threats faced by small businesses in Europe. A total of seven are identified in the recently published Cybersecurity & Privacy Interim Roadmap, a deliverable from the  EU-funded coordination and support action Cyberwatching.eu.
Tuesday, 16 July, 2019

Cybersecurity education is one of the top three cybersecurity research priorities for EU-US collaboration, alongside Data Security and Privacy, and Security Management and Governance. This finding appears in the White Paper on Research and Innovation in Cybersecurity published last year by the EU Horizon 2020 AEGIS project (Accelerating EU-US Dialogue in Cyberwatching and Privacy) and updated to a policy brief in May 2019.

 

 

The promulgation on 27 June 2019 of the European Cybersecurity Act effectively reinforces the mandate of ENISA, enabling the agency to take on increased responsibilities and resources, and offer better support to Member States as regards tackling cybersecurity threats and attacks. The Act also establishes an EU framework for cybersecurity certification across the full gamut of ICT products, processes and services throughout the EU, and also for skills training for cybersecurity professionals.

The new Insider Threat Report from Verizon gives companies of all sizes a better understanding on how to deal with insider threats.
According to the report, 47.8% of malicious insiders are driven by financial reasons.
A striking data, is that while it can only take minutes for an employee to compromise a system, it can take months to discover the misuse.
The report also categorizes the five different insider threat actors:

In the last years, cyberattacks have increased dramatically.
To prevent unpleasant situations, every company should assess their cybersecurity-related risks.
According to information security experts, security controls are deployed after a security incident, which means that most companies do not have a proper cyber risk management.
However, eventually, every company has to do a cybersecurity risk assessment, to identify security vulnerabilities and how to mitigate them.

Since cybersecurity threats are becoming more sophisticated and harder to prevent and detect, every company really need to adapt its cybersecurity risk management.
The first step toward the improvement of your cybersecurity risk management, is to understand whether your company is at risk of cyber breaches.
If your information security department does not know where to start, you can begin by reflecting wheter your company identifies with any of the following statements.

Your company is at risk of cyber breaches, if:

With the increasing number of cyberattacks, cybersecurity is gaining importance for a lot of companies.
There are a lot of options to consider if you want to improve your cyber risk management strategy, but one of the first things you should do, is deal with internal potential threats.
According to Veriato’s 2018 Insider Threat Report, 90% of cybersecurity professionals feel their company is vulnerable to insider attacks, and about 50% have experienced at least one of these attacks.

The cybersecurity landscape is constantly changing, and companies need to adapt to it if they do not want to risk major breaches.
Below, is a list of future trends in cybersecurity, and therefore a way to forecast how company can start to adapt from the future.

Data theft turning into data manipulation
We can expect to see attackers to start attacking the integrity of data, causing reputational damage, by getting people to question the integrity of the manipulated data.