Friday, April 19, 2024

How the EU is Ensuring that Companies take Cyber-Security Seriously

By GBHackers on Security

European Union

The Official Journal of the European Union published the new Regulation 2019/881, which addresses key aspects related to cybersecurity.

It entered into force on June 27 and aims to make a substantial leap in terms of improving protection against cyber vulnerabilities. We break down its highlights with the help of Virtual Armour who helped us in analyzing the regulations.

The Digital Transformation that the processes and services of the companies are experiencing at an almost dizzying pace means that the laws and regulations related to it have to be drafted or modified with some frequency to adapt to the current situation.

Cybersecurity has become a key aspect in this regard. There are more and more cyber attacks that can create big problems for companies, public organizations, and individuals.

According to a report by F5 Labs, which shows the results of cyberattacks received in Europe from December 2018 to March 2019, the Old Continent receives more cyberattacks than other areas of the planet.

It is noteworthy that the majority of the IT attacks the EU receives come from within its borders, with the Netherlands as its main source of origin.

In addition, the increasingly necessary interconnection and integration of different technologies and devices open the door to new vulnerabilities.

Previously, legislation related to cybersecurity was the responsibility of each country, but the fact that these threats did not understand borders made it necessary to develop a legal framework that would regulate cybersecurity management at the European level.

In this environment, the European Regulation 2019/881 has been developed, which deals with an aspect as current and transcendent as that of cybersecurity at all levels within the countries of the European Union.

This new law on cybersecurity, which repeals Regulation 526/2013, consists of two main axes on which it is developed. On the one hand, it lays the foundations of the structure and operation of the European Agency for Cybersecurity (ENISA) and, on the other, it defines the standards that will allow certifying the cybersecurity of ICTs within the Europe of the 28.

The European Agency for Cybersecurity (ENISA)

The European Network and Information Security Agency were founded in 2004 with the aim of establishing computer security measures for the well-being of citizens.

Based in Greece, this European Union agency works with both governments and private entities. Its main activities focus on the study and development of activities and policies related to cybersecurity in all its areas, including:

  • Development of cybersecurity capabilities.
  • Improve cooperation between governments, institutions, and organizations of the European Union.
  • Design and implementation of cybersecurity exercises.
  • Writing reports on the current European situation in cybersecurity.
  • Standardization and certification of cybersecurity.
  • Activities for awareness and dissemination.

With the new European Regulation 2019/881, it is intended that ENISA is responsible for bringing together all member countries by becoming the reference body on cybersecurity issues, reducing existing fragmentation.

In order to achieve this objective, its activities, organization chart, work teams and budget items for the agency have been redefined.

The European cybersecurity certification framework

As we have commented, this law was considered as one of its objectives to unify the criteria for the normalization of cybersecurity measures, another step in the creation of a single European digital market.

In order for technological products and services to enjoy all security guarantees, it will be necessary to define schemes that certify their cybersecurity. These schemes must be properly defined (objectives, elements, levels of application, adoption processes, evaluation, review, etc.).

In addition, lists of products, services, and processes that have been evaluated according to the cybersecurity conditions required in these schemes will be published. All this information, including the schemes, will be published on the ENISA website.

Manufacturers wishing to benefit from these measures must meet certain requirements, among which we can highlight:

  • Provide users with recommendations regarding the installation, configuration, operation, and maintenance of their product or service.
  • Have your updates available.
  • Send the user information about possible cybersecurity problems.
  • Give access to records where the vulnerabilities of the product or service are reflected.

This cybersecurity certification will, with exceptions, be voluntary and will serve as a method for the company’s self-assessment in terms of computer security.

In an increasingly digital society, protecting the availability, authenticity, integrity, and confidentiality of the data that is stored, processed and/or circulated has become one of the main workhorses of national and international authorities.

As a result of this desire for improvement in cybersecurity, the new Cyber ​​Security law of the European Union has emerged, which reforms the structures and work mechanisms involved in this aspect.

We will continue working to achieve the digital security of the signature processes in the companies. Advances like the one the European Union is now making are great steps for all-natural and legal persons in our Community. We will keep you informed!

The General Data Protection Regulation (GDPR) applied on 25 May 2018, this new law applies to all companies that collect and process data belonging to the European Union (EU) citizens.

Managed WAF Protection

Website

Latest articles

cyber security

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing...
Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
GBHackers on Security
GBHackers on Security

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]