NATO survey respondents identify software supply chain and cybersecurity skills shortages as key challenges; cyber defence coordination and threat data sharing identified as areas of opportunity for government leadership.
Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), has released a global Cyber Readiness Report gauging technology adoption and perceptions of government cybersecurity leadership related to cybersecurity standards and the cooperation between the public and private sectors.
The Trellix report shows 87% of respondents from NATO countries of Germany, France and the UK believe formalised, government-led initiatives can play an important role in improving their nations’ protection against cyberthreats. Respondents from these countries see opportunities for improvement in their partnerships with government in areas such as cyber defence coordination, threat information sharing and software supply chain integrity.
The study, based on research conducted globally by Vanson Bourne, surveyed 900 cybersecurity professionals from organisations with 500 or more employees, including 200 respondents in the three European NATO countries of Germany, the UK and France.
“Global tensions and cyber-warfare incidents in Ukraine sharpen our focus on the cyber-readiness of government and critical infrastructure,” said Bryan Palma, CEO of Trellix. “Our report assesses the progress of new technology implementation, like XDR. It also identifies areas of opportunity for stronger public-private partnerships, where increased coordination will keep us ahead of our adversaries.”
Cybersecurity technology adoption
Among German respondents, cloud cybersecurity modernisation appears to be furthest ahead in implementation. Just under half (40%) claim to have fully implemented the advanced technology in this area, whereas only 27% appear to have fully implemented endpoint detection and response and extended detection and response (EDR-XDR) capabilities.
Among British respondents, 37% claimed to have fully implemented EDR-XDR and cloud cybersecurity modernisation, whereas Multi-Factor Authentication (MFA) and Zero Trust appear to be behind. A total of 47% of French respondents reported having fully deployed MFA, apparently placing the French furthest ahead in this area compared to their British and German peers.
Software supply chain risk
The majority (82%) of global respondents believe software supply chain risk management policies and processes are of either high or crucial importance to national security.
Over half (76%) of UK respondents said these policies and processes are extremely or highly difficult to implement and only 39% claim to have fully implemented such practices. A total of 63% of German respondents and 58% of French respondents identified these policies and processes as difficult to implement. Only 40% of the Germans and 36% of the French acknowledge fully implementing such measures.
The European respondents agree software security standards would improve across the entire software industry if their governments demanded higher software security standards within government implementations. But only 56% of German, 51% of UK and 48% of French respondents support government mandates demanding cybersecurity standards for the entire software industry.
Cyber skills challenges
While survey respondents identified a variety of barriers to implementation of advanced technologies, a cybersecurity talent shortage was revealed across the three countries. A total of 48% of German, 41% of British and 35% of French respondents acknowledged a lack of in-house cyberskills as a key challenge to their implementation efforts. Around a third of each group also identified a lack of implementation expertise as key barrier. These findings mirrored cybersecurity skills shortages in the US and Asia Pacific.
“The cyberskills gap is well known; the report highlights the deficit is stifling the deployment of cybersecurity technology,” said Palma. “Whatever innovation advantage the US and its allies believe we have is irrelevant if we cannot implement the solutions.”
Public-private partnerships
A large number (95%) of German and French respondents and 86% of British respondents believe there is room for improvement in the level of cybersecurity partnerships between their national governments and organisations.
Over half (52%) of British, 46% of German and 35% of French respondents favoured a combination of incident notification and liability protection to facilitate sharing of cyberattack data between impacted organisations, government partners and industry audiences. A total of 44% of British and 41% of German and French respondents favoured tighter cooperation on cyber incident management while cyberattacks and campaigns are in progress.
In terms of the types of data government should share to help organisations better protect themselves, nearly two-thirds (60%) of British respondents would like to receive more data on cyberattack campaigns in progress. Around half of German respondents said they would like to receive more information on different cybercrime and threat actor groups. Some French respondents (58%) say cybersecurity vulnerability data would be preferred above other data types.
“Cyberattacks are as much a part of modern warfare as the use of physical weapons,” said Fabien Rech, VP EMEA, Trellix. “Attacks against critical infrastructure are nothing new, but the last few months have opened more eyes to the activities of many governments and hacking groups as they directly target those assets and systems vital to a nation’s economic security, safety and public health.
“The UK Government has previously set out the admirable vision to be a leading cyber power in 2030, able to protect and promote its interests in and through cyberspace in support of national goals,” Rech continued. “Yet as cybercriminals backed by nation states up the ante, the UK – and every other country – will need to do the same if it is to achieve this goal. This will require a joint effort across public and private sectors. To combat the heightened risk of hostile cyber activity today, the UK Government’s push to strengthen collaboration with businesses and shore up defences needs to be accelerated.
“Government-led initiatives have an important role to play, but it will also be down to organisations across every sector – particularly those in critical infrastructure – to facilitate the sharing of threat intelligence as well as make the most of advanced cybersecurity technology and the adaptive protection it enables. Static, siloed security falls short against the agile approach cybercriminals and nation states employ for their dirty tactics. The government and UK organisations will need to not only collaborate, but also ensure their security teams are able to respond quickly with security that spots, stops and adapts quickly to incoming threats. This will be core to government agencies and critical infrastructure providers remaining resilient and ready to fend off new attacks which come their way,” said Rech.
Click below to share this article