Why are there more and more cyber attacks on software development environments and how is software company security becoming a key issue in the supply chain?
Building cybersecurity is expensive. In a threat environment that is changing daily, newer and newer defence technologies are emerging that would need to be operated in a highly skills-scarce environment. Moreover, new cybersecurity technologies require knowledge that may not be available in the professional domain, such as artificial intelligence. However, compliance requirements such as NIS2 mean that building adequate defence cannot be neglected and money must be invested in this area.
The European Union has recognised that cyberdefence for European businesses is significantly underdeveloped, with a lack of skilled staff, European products on the market and a slow pace in bringing the latest developments to the mainstream. In order to avoid this competitive disadvantage, significant resources are available in the financial cycle from 2021 onwards to improve European cybersecurity, but these are poorly understood. We would therefore like to give some tips for those who want to build a high-quality Security Operation Centre and NIS2 compliant cyberdefence not only on their own budget.
Among the many possibilities, let’s get to know the Digital Europe Programme! This budget totals €7.5 billion, spread over five different areas. These are artificial intelligence, supercomputing, cybersecurity, digital skills development and ensuring widespread access to digital technologies. For the period 2023-24, €375 million is available for cybersecurity alone. A drop in the ocean, you might say, but still a relatively easy amount to access, not only for national cybersecurity centres but also for SOCs working with them, including those providing services to the private sector. For example, the call promises a 75% grant for procurement within joint tenders, which is not a negligible contribution considering the cost of modern solutions. But for example, €30 million is already available for NIS2 organisations in 2023 to help them prepare, typically at a 50% funding intensity. The EU’s key idea, in line with the European Cybersecurity Strategy, is therefore to support critical infrastructures covered by NIS2, in addition to public CSIRTs and private SOCs, to achieve the grand goal of European cyber resilience.
Other interesting features of the Digital Europe programme include the Digital Innovation Hubs (EDIH), which started operating at the end of 2022 and beginning of 2023. These aim, among other things, to help small and medium-sized enterprises access the latest cybersecurity knowledge. To this end, they organise training courses and provide free or low-cost services that can help interested parties to improve their cybersecurity in a meaningful way. Such hubs are available in all European countries and are well embedded in their own cybersecurity ecosystem, so whether you are a prospective customer or a potential service provider, it is worth contacting them to help you build successful national networks.
Finally, there is the Cybersecurity Skills Academy initiative, also to be launched in 2023, which aims to establish a single set of European educational requirements and an extensive list showing clearly where and what cybersecurity skills can be acquired. As a SOC operator or an organisation covered by NIS2, it may be worthwhile to seek out these training centres and access professionals with skills under the European Cybersecurity Skills Framework through them.
It is therefore important for the European Union to strengthen regional and national cyber defences. And access to resources can be greatly facilitated by the National Coordination Centres to be set up in 2023. The following steps are therefore recommended for SOCs or organisations covered by NIS2:
And if you get stuck anywhere, you should visit the National Coordination Centre for help navigating the sea of options: https://cybersecurity-centre.europa.eu/nccs_en
A webinar on how and why outsourcing your security to an MSSP can help transforms your organization and create a 24/7 available and alert attack detection and reaction capacity instantly – to help you protect your data and infrastructure even [...]
