On Friday 9 November the UK government will define exactly who counts as ‘operators of essential services’ and thus required to ensure their technology, data and networks are secured and cyber resilient in line with the European Security of Network and Information Systems (NIS) Directive requirements.
The NIS Directive ties into the UK government’s National Cyber Security strategy of ‘Defend, Deter and Develop’, requiring organisations within vital sectors to manage security risks to their network and information systems and report their plans accordingly.
The move comes as the National Cyber Security Centre reports that the UK has been hit by more than 1,000 serious cyber-attacks over the past two years, with 69 percent of UK organisations now saying they are increasing their IT security spend.
Dave Locke, chief technology advisor at World Wide Technology emailed SC Media UK to comment: "The increase in regulations combined with the augmented risk of cyber-security attacks has led to an exponential rise in companies focusing on revamping their security and compliance infrastructures. ...But due to the complex nature of existing systems which have been built with different and sometimes conflicting metrics over the years, legacy infrastructures now consist of a complex patchwork of applications which communicate with each other in complicated ways.
"This network of opaque interdependencies creates a significant challenge to businesses, which means they have to undertake an extensive discovery phase to create a real-time picture of the entire network. They can then adopt a zero-trust model allowing applications to speak to each other only after passing several layers of authentication. Once this has been done, dynamic controls can be embedded so the IT networks are not only immune to cyber-vulnerability, but also increasingly transparent and self-auditable –future-proofing in the face of cyber-threats."