The yearly workshop on cybersecurity for EU Agencies and Institutions took place on 16 April in Athens. The EU Cybersecurity Agency ENISA hosted the event.
Around 45 participants from EU Agencies and EU Institutions attended, and among the speakers were Mr. Luca Zampaglione, EU-LISA’s Head of Security, Mr. Jon Broughton, Head of Information Management of Eurojust, and Dr. Ken Ducatel, Acting Head of CERT-EU.
The objective of the workshop was twofold:
- to raise awareness of cybersecurity and offer some guidance and advice through practical presentations given by experts from ENISA, EU-LISA, EUROJUST and CERT-EU;
- to discuss internal and external cybersecurity risks for EU agencies and EU Institutions, and to discuss the challenges that their IT teams are facing.
Many organizations are struggling to balance the need to cut costs, the increased reliance on IT systems, the increasing number of IT systems, and the need to make these IT systems more secure and keep them well protected from cyber-attacks.
The topics discussed during the conference were:
- the current state of play in cybersecurity: There has never been a moment in history with so many reports of data breaches as the one we have been experiencing lately;
- it has been recurrent for hardware and software vendors to issue regular updates patching software flaws and vulnerabilities;
- organisations’ exposure to new devices. Threats continue to grow as technology evolves;
- malware continues to lead the cyber threat landscape;
- phishing is here to stay and is becoming a more sophisticated threat;
The presentations delivered were: ENISA Cyber Threat landscape, Security awareness and spear phishing, Cyber Europe E2018, Mobile malware, Cybersecurity at the EU-I and the role of CERT-EU, Preparing for the new Data Protection Regulation for EU institutions.
Specialists present at the conference made the following recommendations:
- adopt security-by-design in system and software architecture, adopt GDPR, revision of security policies and change management;
- organizations are strongly advised to implement patch management processes to maintain their system up-to-date;
- organizations are advised to review their security policies in light of all these new technologies being carried into the workspace, but also user behaviour when dealing with corporate information through these devices;
- network, server, web application and end-point (laptops and mobile devices) detection, revision of security policies and change management;
- in security, a multilayer approach is suited against phishing. Users’ education continues to be key. Specialised security e-mail gateways for filtering spam.
The workshop had a positive outcome resulting in opportunities to exchange experience, discuss common challenges, and further enhance cooperation between agencies.