The Looming Cyber Risk of Brexit
For the last few days, the news from every direction is covering Brexit. All of the reporting to date has focused on economic and social changes yet very little on the potential Cybersecurity risks of this massive change to the banking and financial industry. Yes, embracing migrants in need and handling economic bailouts for troubled economies are important, but why such limited discussion of the resulting Information Security implications to the financial industry?
There are some that feel cyber security will be negatively impacted as a direct result of Brexit. Tripwire recently conducted a poll and 38 percent feel Brexit will make the UK more vulnerable to cyber attacks. Currently, strong data-protection regulations are in place by the EU. But now the UK will have to create their own data protection programs for web-based attacks, stolen devices malware and potentially malicious insiders, assuming the government is skilled enough and prepared to do so. Keeping in mind the US government with all of their resources has had difficulties keeping on top of data breaches for the last few years.
Many believe England will experience breaches without the added benefit from shared intelligence with other EU states. The EU has established its Network and Information Security Directive (NISD) to address issues around data and cyber security. What will the UK put in place to mirror this effort? Michael Hack, senior vice president of EMEA operations at Ipswitch, told SCMagazineUK.com,
“Now the UK is out it will be governed by a different data protection regime, but it will still need to adhere to suitable data protection measures in order to transfer data to and from the EU.”
Still, the world will not come to an end with this decision but the private data of UK and EU citizens may very well be at risk now. Let’s hope England will prioritize information security and not be passive in this critical area. The popular sentiment in the EU and UK is to ‘keep calm and carry on’. Sounds nice to be calm, but clearly not a strong enough stance to properly deal with Botnets, Rootkits and Trojans.