search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Governance, risk & compliance


The EU Cybersecurity Act seeks to foster trust by establishing a certification framework for the entire bloc.


in turn leading to organisational and business users not having enough information on the cybersecurity efficacy of these products. However, while the new act will give companies the chance to certify their cybersecurity offerings, certification is currently voluntary – unless otherwise specified. Indeed, in the case of ICT products and services with a low level of risk, Juhan Lepassaar, ENISA’s executive director, says they should be able to rely on self-assessment or third-party certification. Yet if certification is seen as playing a crucial role in increasing trust and security across the digital world, it is also being undermined by the number of different security certification schemes for ICT products that currently exist across the EU. So, in the absence of a common framework – such as EU-wide valid cybersecurity certificates embracing a common set of rules, technical requirements and so on – this will lead to an increasing risk of fragmentation and barriers between member states. Lepassaar agrees, stating that the ultimate aim of the act and the framework around cybersecurity “is to strengthen trust in the connected economy, boost resilience and trust in the infrastructure and services and keep society digitally secure”, adding that the pandemic and subsequent rapid digitalisation has meant that people rapidly moved activities such as work, schooling, shopping and healthcare online. More generally, Lepassaar points to the growing menace of cyberattacks, with malicious actors continually adapting to take advantage of the digital reality. “Different types of attacks have been observed, such as business email compromises and credential stuffing attacks,” he explains. “Ransomware attacks have increased too, particularly ransomware as a service, which has now become mainstream, with multiple high-profile cases.”


Finance Director Europe / www.ns-businesshub.com


A case in point was the ransomware attack on Ireland’s healthcare system in May 2021, which demonstrated – if proof was needed – that the potential is always there for catastrophic consequences at the corporate level.


Increasing attack vectors


As Lepassaar unsurprisingly says, attacks have therefore been increasing dramatically. That’s most clear with Covid-related email phishing attacks, which increased by 667% in just one month during the first lockdown. Phishing describes the practice whereby an attacker sends a fraudulent message, designed to appear as coming from a legitimate institution, and tricking a victim into revealing sensitive information. Logically, the more connected devices there are, the greater the likelihood of a successful phishing attack.


Indeed, connected devices already crowd out people on the planet, and their number is forecast to rise to 25 billion by 2025. Of these, an estimated one-quarter will be in Europe.


In response, Lepassaar invokes a Covid-19 analogy, arguing that individuals and companies need to improve their “digital hygiene”. In brief, that means increasing cybersecurity capabilities in order to be better prepared.


“Thus, one should be very cautious and suspicious of any emails asking to check or renew your credentials like passwords or pin codes even if it seems to come from a trusted source,” Lepassaar says, adding that “employees should always try to verify these types of requests through other means”. He also suggests people should be suspicious of emails that ask them to open attachments or click on links. In the meantime, certification fragmentation across the EU remains the reality – and it’s not necessarily helpful for companies and their finance directors.


22.3bn


The number of devices worldwide expected to be linked to the internet of things by 2024.


European Council 49%


The percentage of companies in Belgium that reported a cyberattack in 2020.


Statista 37


Alexandros Michailidis/Shutterstock.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41