ENISA - CERT-EU MINIMUM SET OF CYBERSECURITY BEST PRACTICES
On 14 February, the European Union Agency for Cybersecurity (ENISA) and the Computer Emergency Response Team for the EU Institutions, bodies and agencies (CERT-EU) published a joint set of cybersecurity best practices for public and private organisations in the EU.
ENISA reported a substantial increase of cybersecurity threats for both private and public organisations across the EU. Three factors are at play in such a trend:
- Ransomware remains a prime threat, putting millions of organisations at risk.
- Cybercriminals are increasingly motivated by the monetisation of their activities.
- Attacks against critical infrastructure are rising exponentially and other economical sectors as well as society at large can be exposed.
An analysis of the rise in major threats is made available in ENISA’s 2021 Annual Threat Landscape report.
In its Threat Landscape Report Volume 1, CERT-EU reported that the number of attacks conducted by Advanced Persistent Threats (APTs) against EU institutions, bodies and agencies (EUIBAs) increased by 60% in 2020 compared to 2019. These attacks have further increased by 30% in 2021, bringing the total number of significant incidents experienced by EUIBAs to 17, up from only 1 in 2018.
In light of the above, ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices, available here: "Boost your Organisation's Cyber resilience - Joint Publication". This publication is mainly intended for decision makers (both in IT and general management) and security officers (e.g. CISOs). It is also aimed at entities that support organisational risk management. By following these recommendations in a consistent, systematic manner, ENISA and CERT-EU remain confident that organisations in the EU will be able to substantially improve their cybersecurity posture and in doing so will enhance the overall cyber resilience of Europe.
Source: ENISA