Russia's invasion of Ukraine put additional pressure on policymakers in Europe to urgently deliver better rules to improve the European Union (EU) cybersecurity shortcomings, whether it is for its critical infrastructure, its own resilience, or addressing the skills gap.
With the growing number of attacks on public and private actors, cybersecurity has plainly grown to become amatter of national security. On April 18 2023, the European Commission presented another initiative to strengthen cyber capabilities to face growing hybrid threats: the EU Cyber Package. It includes two crucial building blocks for cyber defense.
First, the Cyber Solidarity Act that consist of a European "cybersecurity shield" to help detect and respond to cyber threats and considers the build-up of an EU "cyber reserve" gathering private providers to intervene in cases of significant cross-border incidents. Second, a proposal for a Cybersecurity Skills Academy with the aim to close the professional cyber skills gap in a fast-evolving environment.
If the three pillars of cybersecurity are people, process and technology, the Cyber Package
leans briefly on Process and Technology but the real load-bearing weight is on People.
The European Commission proposes to establish a 'Cyber Shield' of national and cross border public Security OperationCentres as well asa 'Cyber Reserve' of incident response services from trusted providers. These are sensible investments that we wholeheartedly support.
The 2023 Cisco's Security Outcomes Report showed just how the latter services are to a successful cybersecurity programme.
Although keeping a large number of security staff doesn't necessarily mean a high-level of security resilience, maintaining a reserve of internal staff and resources in order to better respond to unexpected cyber events makes a significant difference. Organizations with the capacity to do so achieve 15% higher security resilience scores on average than those without "flex" resources to tap into when needed.
Our analysis also points to an 11% average improvement in security resilience among firms that retain external incident response services. Moreover, internal resources and external services are even better together. Having both internal and external resources ready to respond to a major cyber event gives another 13% bump to security resilience scores versus having just one or the other.
Identifying trusted providers in advance of an incident and maintaining them on standby is sound preparation. If and when incidents occur, one should not be wasting time and resources understanding which organizations can be trusted to respond effectively. Moreover, holding the providers on retainer ensures they are on the front foot to respond whenever called. This is already a tried and tested approach in certain EU Member States, such as Germany.
The Act identifies various criteria trusted providers are expected to meet. Most of them are eminently sensible, such as integrity of personnel, protection of data, suitable technical capacity and experience. Careful assessment will need to be made, however, that the language requirements across all services and Member States where it is delivered, and the future certification of services, is not unduly limiting.
For incidents such as a data breaches or ransomware, organizations need teams and providers who can quickly address the most pressing concerns: move to isolate the attacker, scope out and contain the situation, identify the root cause, and design strategies to remedy the underlying issues.
When minutes and seconds matter for a quick, effective business recoveryCisco TalosIncident Response (CTIR) supports countless organizations and are ready to mobilize quickly to contain the threat. Deep experience and real-time access to Talos intelligence allow for rapid triage, coordination and execution in critical response.
The Commission has rightly identified the need to close the professional cybersecurity skills gap as a priority for building cyber resilience.
Recruiting and retaining security talent is one of the most important factors to success in preventing breaches and mitigating losses, and yet also extremely challenging for most organizations. The hidden costs of talent retention are high, and the ripple effects can impact an entire security strategy and incident response implementation.
The Cybersecurity Skills Academy seeks to create a governance framework around cyber skills, focusing on knowledge generation and training, and capacity building. At its heart it's about bringing all the stakeholders around the table to work towards a common set of objectives.
We are particularly supportive of the measures called out for stakeholder action, including cyber
pledges, addressing cyber skills gap in national cyber strategies and working towards gender
convergence in cybersecurity roles.
At Cisco, we know better than anyone the need to bring relevant parties together, having trained security professionals for years through our Networking Academy. The Cisco Networking Academy is one of the world's longest running skills-to-jobs programs, offering tech education through strong public-private partnerships, a high-quality curriculum, and inclusive workforce development programs.
In the run up to the Cyber Skills package announcement, Cisco's CEO and Chairman, Chuck Robbins met with European Commission Vice President Margaritis Schinas in March 2023 and announced Cisco's goal to train 250,000 people with cybersecurity skills across the EU over the next three years.
"With our goal to train 250,000 people in cybersecurity skills across Europe over the next three years, we are pleased to actively support the European Commission's efforts to bring digital skills to more citizens."
-Chuck Robbins, Cisco Chair and CEO
For the past months, the EU has been working thoroughly to improve its security posture in the midst of accelerate digitization, new hybrid models, and an evolving threat landscape exacerbated by the war in Ukraine.
The latest Cyber initiatives from the European Commission are aboutcybersecuritythrough People.It's an element we, like the European Commission, believe to be fundamental to effective cybersecurity. We stand ready to contribute our expertise in both cyber skills and cyber defense to build a stronger Europe.
Visit SkillsForAll to browse through free Cisco Networking Academy Cybersecurity courses and more.