Gaps in the security of online devices can invite cyber criminals. EU regulations to improve the situation

44 percent of businesses in Poland suffered financial losses due to cyberattacks in 2017. Cyber threats are a growing concern. One of the challenges is to ensure the security of IoT devices. As we're speaking, 70 percent of these devices have gaps enabling hackers to take control of them. Efforts have been undertaken to prevent this. The EU is working on regulations to make it mandatory to certify devices for their cyber-vulnerability.

“The scale and range of cyber threats throughout the world is attributable to the digital transformation, the widespread use of digital devices and the fact that these devices are connected to the Internet. This is a mass-scale phenomenon that concerns major corporations, small businesses and private individuals alike. While major corporations have relatively more to lose than private individuals, it is the online identity of the latter that will be of special value, requiring very strong protection,” Sławomir Panasiuk, Vice-President of the Board, the Central Securities Depository of Poland (KDPW), pointed out in an interview with the Newseria Biznes news agency.

Cyberattacks are becoming more common. According to a Cisco Visual Networking Index report, the number of DDoS attacks will grow two and a half times to reach 3.1 m a year by 2021. As these attacks are growing in severity, they are capable of completely compromising networks of businesses, effectively leaving them without Internet connection.

A PwC report entitled “Cyber-Roulette in Polish. Why Polish Businesses Count on Good Luck in Fight Against Cyber Crime” showed that 44 percent of Polish businesses suffered financial losses due to cyber attacks in 2017. McAffy has estimated global losses caused by illegal cyber activities at USD 440-600 m.

“As the worlds keeps on moving towards the digital economy, it is imperative to raise awareness of potential threats and counteract them. At this point, there is no way you can have full protection against cyber threats, but you should be aware that these threats exist and know what to do when you're exposed to them,” argued Sławomir Panasiuk.

According to PwC data, only 8 percent of businesses in Poland have reached cyber maturity – meaning that they have appropriate protection tools and systems, and cybersecurity task forces in place, and that cybersecurity makes up at least 10 percent of their IT budgets. By contrast, only 3 percent is set aside for this purpose in an average budget. Moreover, one in five major companies in Poland do not have a cybersecurity expert on their payroll, while 46 percent do not have any procedures in place to respond to possible cybersecurity incidents.

“It is essential to have a security policy in place and to have your business audited, as well as to improve your solutions and educate your staff. These methods work the best. Unless you do regular auditing, improve your solutions and shift responsibility for cybersecurity to the management board, it will be very hard to achieve efficient spending in this area. The only solution that works is to plan measures in this area, plan budgets, shift responsibility all the way up to the management board and consider cybersecurity as a matter of everyday business,” KDPW Vice-President noted.

Another challenge is to ensure cybersecurity for IoT devices. Cisco has estimated that the number of online devices will grow from 17 bn in 2016 to 27 bn in 2021. What is concerning is that according to EY, 70 percent of IoT devices have security gaps that make them an easy target for hackers. Consequently, according to a Cyber Security Market by Solutions report entitled “Global Forecast to 2021” published by Markets and Markets, IoT cybersecurity spending will grow to nearly USD 29 bn by 2020 (from USD 6.9 bn in 2015).

“We use IoT not only in our household appliances such as web cams, refrigerators, washing machines, microwaves and light bulbs, but also in printers and industrial machinery. The latter involve much more serious cyber threats. Manufacturers of these devices and machines will be required by law to certify and test their products for cyber vulnerability. At this moment, most of these products offer little to no protection. It seems that small electronic devices in particular are not tested for cyber vulnerability,” said Panasiuk.

This might change, though, as the EU has come up with the idea to regulate the certification of devices and systems for their cyber vulnerability.

“I hope that this regulation will shift at least some of the responsibility for cyber protection to manufacturers and solution providers, and also that it will substantially improve security by patching up the simple security gaps that have been at fault for the majority of attacks. Once manufacturers start incorporating protection in their devices and solutions at the design stage, it won’t be that easy to mount a cyber attack,” said Sławomir Panasiuk.

Not long ago, the Polish government passed the National Cybersecurity System Law. This piece of legislation aims to protect key public services and digital services against interruptions. The Law has been passed to implement the NIS Directive (Directive of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union) in Poland.