Tomorrow the UK government will identify ‘operators of essential services[1]’ that will be required to comply with the security and incident reporting requirements set out in the European Security of Network and Information Systems (NIS) Directive. The Directive requires the identified businesses and service providers to ensure their technology, data and networks are secured and cyber resilient.
The NIS Directive ties into the UK government’s National Cyber Security strategy of ‘Defend, Deter and Develop’. Under this strategy, organisations within vital sectors will be required to take appropriate and proportionate security measures to manage risks to their network and information systems and report their plans accordingly.
Cyber attacks are on the rise; a recent report by the National Cyber Security Centre highlighted that the UK has been hit by more than 1,000 serious cyber attacks over the past two years[2]. The increasing threat of cyber attacks has also led to greater spending on security with 69% of UK organisations reporting an overall increase in their IT security spending[3].
However, the growing sophistication of cyber attacks requires a more robust approach to cybersecurity than increasing spend on cybersecurity products, warns systems integrator World Wide Technology. The first step for companies should be to gain enhanced visibility across their systems and identify the gaps within their security infrastructures, and then integrate dynamic policies to maintain resilience against cyber security threats.
Dave Locke, Chief Technology Officer at World Wide Technology comments: “The increase in regulations combined with the augmented risk of cybersecurity attacks has led to an exponential rise in companies focusing on revamping their security and compliance infrastructures. Strategies have been remodelled to move on from corrective measures to a more proactive approach to cybersecurity. Businesses are increasingly undergoing full assurance exercises to map out applications and processes in their existing system before embedding new controls into their target environments.
“But due to the complex nature of existing systems which have been built with different and sometimes conflicting metrics over the years, legacy infrastructures now consist of a complex patchwork of applications which communicate with each other in complicated ways.
“This network of opaque interdependencies creates a significant challenge to businesses, which means they have to undertake an extensive discovery phase to create a real-time picture of the entire network. They can then adopt a zero-trust model allowing applications to speak to each other only after passing several layers of authentication. Once this has been done, dynamic controls can be embedded so the IT networks are not only immune to cyber vulnerability, but also increasingly transparent and self-auditable –future-proofing in the face of cyber threats.”
About World Wide Technology
World Wide Technology (WWT) is a technology solution provider with more than $10 billion in annual revenue that provides innovative technology and supply chain solutions to large public and private organizations around the globe.
Through its culture of innovation, WWT inspires, builds and delivers business results, from idea to outcome. It has won a number of accolades from the likes of Glassdoor, Fortune and Best Place to Work, recognising the inclusion and diversity within WWT’s workplace. WWT is one of America’s largest minority owned businesses.
WWT works closely with industry leaders including Cisco (NASDAQ: CSCO); Dell Technologies (NYSE: DVMT); Hewlett Packard Enterprise (NYSE: HPE); Microsoft (NASDAQ: MSFT); NetApp, Inc. (NASDAQ: NTAP); VMware; AT&T Inc. (NYSE: ATT); Boeing (NYSE: BA); and the U.S. Air Force.
WWT employs more than 4,000 people and operates over 2 million square feet of warehousing, distribution and integration space in more than 20 facilities throughout the world.
For more information about World Wide Technology, visit www.wwt.com.
[1] https://www.legislation.gov.uk/uksi/2018/506/made
[2] https://www.ncsc.gov.uk/annual-review-2018/
[3] https://www.thalesesecurity.co.uk/2018/euro-data-threat-report