The perfect storm is a meteorological term for a phenomenon that implies that multiple weather systems interact to create extreme conditions with immense powers that often cause great devastation.
Today this is typically predicted by advanced computer simulations and algorithms that prove in detailed accuracy that this will happen, and that society needs to prepare for the worst.
We have seen several cases in the United States where people have been evacuated from large areas in good time, prepared communities for the worst and proactively changed structures so that they can "ride out" the storm with the least impact on societal functions.
What’s the forecast for critical infrastructure?
The "Weather Forecast" for critical infrastructure is that the perfect storm will be triggered in May 2018. Why just then? That’s when several phenomena in the cyber world will collide which can have major consequences. GDPR is the hot topic right now. What is not mentioned so much is the NIS Directive. These two contribute to the legal aspect of the perfect storm.
Add to this another weather system - "media with hunts". Cybersecurity and information management has never been first page news for so long. It started in Sweden this summer with reporting on the Swedish Transport Agency outsourcing sensitive information to a third party without adequate protection, but news about information security keeps popping up in one report after another.
Only journalists know the reason for this, but my interpretation is that cybersecurity and information management is something that affects everyone in society. This makes it news that sells and influences ordinary people. It is highly likely that this will not change, it will become increasingly commonplace.
The third force is the changing world situation. It is a fact that the amount of cyber attacks, cybercriminals and methods of creating chaos in the information world has dramatically increased in the last 3-5 years.
Like lots of other things in the digital world, everything increases exponentially. The same development curve applies to cybersecurity but in a negative way. Efforts to counter this will require completely different methods, budgets and methods. The question is, who can you trust?
Directive (D) + Media witch-hunt (M) + Cyber threat (C) = Perfect Storm
What can you do about it?
A good idea is to look at all aspects and conditions that apply to your own business. Then put a budget alongside each aspect or condition. Assess the risk, value and against what you have assessed and invest accordingly. If you realize that you haven’t reached the point you need to be at until the date we have identified, you need to start prioritizing, as you would in any other project based on quality, cost and time.
Anders Strömberg, VP Markering, Advenica AB