IT security represents only around 5-13pc of IT expenditure which is alarmingly low, according to the EU’s Information Society and Media Commissioner Viviane Reding. She said that this leaves companies wide open to profit-oriented cyber criminals.
She was speaking at the unveiling yesterday of a new IT Security Strategy for Europe policy document.
Reding said that businesses, individuals and public administrations in Europe still underestimate the risks of insufficiently protecting networks and information.
She called for a partnership amongst member states involving the IT industry as well as the European network security agency ENISA.
“The nature of the threat is changing and so must our response,” said Reding. “In the past hackers were motivated by a desire to show off whereas today many threats come from criminal activities and are motivated by profit. What we need is a renewed strategy based on dialogue, partnership and empowerment.”
She said the European Commission believes that an open dialogue involving all stakeholders is essential for building consumer trust and confidence and for supporting the widespread take-up of digital services.
The Commission, she continued, aims to promote a general security consciousness and an awareness of the actions that people and organisations need to take for themselves, in order to protect their own information and equipment.
Specific proposals of the commission include the benchmarking of national policies on network and information security to improve the dialogue between public authorities, to identify best practices and to raise the security awareness of end users.
ENISA, the European Network and Information Security Agency, which was established in Heraklion, Greece, will be entrusted to develop an appropriate data collection framework to handle security incidents and measure levels of consumer confidence from all over Europe.
ENISA will also be asked to examine the feasibility of a multilingual information-sharing and alert system. Finally, member states and the private sector are invited to play a more proactive and energetic role in enhancing network and information security.
In parallel, the commission is carrying out a public consultation on the security and privacy implications of RFID (radio frequency identification) and will present its conclusions later in the year.
These initiatives are part of a coherent European policy on network and information security, which also covers spam and spyware, cybercrime, the integrity and protection of critical communication infrastructures and related European research activities.
By John Kennedy