Cyber Security News

How the EU is Ensuring that Companies take Cyber-Security Seriously

The Official Journal of the European Union published the new Regulation 2019/881, which addresses key aspects related to cybersecurity.

It entered into force on June 27 and aims to make a substantial leap in terms of improving protection against cyber vulnerabilities. We break down its highlights with the help of Virtual Armour who helped us in analyzing the regulations.

The Digital Transformation that the processes and services of the companies are experiencing at an almost dizzying pace means that the laws and regulations related to it have to be drafted or modified with some frequency to adapt to the current situation.

Cybersecurity has become a key aspect in this regard. There are more and more cyber attacks that can create big problems for companies, public organizations, and individuals.

According to a report by F5 Labs, which shows the results of cyberattacks received in Europe from December 2018 to March 2019, the Old Continent receives more cyberattacks than other areas of the planet.

It is noteworthy that the majority of the IT attacks the EU receives come from within its borders, with the Netherlands as its main source of origin.

In addition, the increasingly necessary interconnection and integration of different technologies and devices open the door to new vulnerabilities.

Previously, legislation related to cybersecurity was the responsibility of each country, but the fact that these threats did not understand borders made it necessary to develop a legal framework that would regulate cybersecurity management at the European level.

In this environment, the European Regulation 2019/881 has been developed, which deals with an aspect as current and transcendent as that of cybersecurity at all levels within the countries of the European Union.

This new law on cybersecurity, which repeals Regulation 526/2013, consists of two main axes on which it is developed. On the one hand, it lays the foundations of the structure and operation of the European Agency for Cybersecurity (ENISA) and, on the other, it defines the standards that will allow certifying the cybersecurity of ICTs within the Europe of the 28.

The European Agency for Cybersecurity (ENISA)

The European Network and Information Security Agency were founded in 2004 with the aim of establishing computer security measures for the well-being of citizens.

Based in Greece, this European Union agency works with both governments and private entities. Its main activities focus on the study and development of activities and policies related to cybersecurity in all its areas, including:

  • Development of cybersecurity capabilities.
  • Improve cooperation between governments, institutions, and organizations of the European Union.
  • Design and implementation of cybersecurity exercises.
  • Writing reports on the current European situation in cybersecurity.
  • Standardization and certification of cybersecurity.
  • Activities for awareness and dissemination.

With the new European Regulation 2019/881, it is intended that ENISA is responsible for bringing together all member countries by becoming the reference body on cybersecurity issues, reducing existing fragmentation.

In order to achieve this objective, its activities, organization chart, work teams and budget items for the agency have been redefined.

The European cybersecurity certification framework

As we have commented, this law was considered as one of its objectives to unify the criteria for the normalization of cybersecurity measures, another step in the creation of a single European digital market.

In order for technological products and services to enjoy all security guarantees, it will be necessary to define schemes that certify their cybersecurity. These schemes must be properly defined (objectives, elements, levels of application, adoption processes, evaluation, review, etc.).

In addition, lists of products, services, and processes that have been evaluated according to the cybersecurity conditions required in these schemes will be published. All this information, including the schemes, will be published on the ENISA website.

Manufacturers wishing to benefit from these measures must meet certain requirements, among which we can highlight:

  • Provide users with recommendations regarding the installation, configuration, operation, and maintenance of their product or service.
  • Have your updates available.
  • Send the user information about possible cybersecurity problems.
  • Give access to records where the vulnerabilities of the product or service are reflected.

This cybersecurity certification will, with exceptions, be voluntary and will serve as a method for the company’s self-assessment in terms of computer security.

In an increasingly digital society, protecting the availability, authenticity, integrity, and confidentiality of the data that is stored, processed and/or circulated has become one of the main workhorses of national and international authorities.

As a result of this desire for improvement in cybersecurity, the new Cyber ​​Security law of the European Union has emerged, which reforms the structures and work mechanisms involved in this aspect.

We will continue working to achieve the digital security of the signature processes in the companies. Advances like the one the European Union is now making are great steps for all-natural and legal persons in our Community. We will keep you informed!

The General Data Protection Regulation (GDPR) applied on 25 May 2018, this new law applies to all companies that collect and process data belonging to the European Union (EU) citizens.

GBHackers on Security

Recent Posts

Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could…

14 minutes ago

NetWalker Ransomware Operator Sentenced to 20 Years in Prison

A Romanian man has been sentenced to 20 years in prison for his involvement in…

54 minutes ago

CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild

 The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability…

1 hour ago

CISA Releases Eight New ICS Advisories to Defend Cyber Attacks

 The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting…

2 hours ago

NotLockBit – Previously Unknown Ransomware Attack Windows & macOS

A new and advanced ransomware family, dubbed NotLockBit, has emerged as a significant threat in…

3 hours ago

Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a…

20 hours ago