Joint Publication – Boosting your Organisation’s Cyber Resilience

Back to News

The European Union Agency for Cybersecurity (ENISA) and CERT- EU publish today a joint set of cybersecurity best practices for public and private organisations in the EU.

ENISA, the EU Agency for Cybersecurity, reported a substantial increase of cybersecurity threats for both private and public organisations across the EU. Three factors are at play in such a trend:

  1.  Ransomware remains a prime threat, putting millions of organisations at risk.
  2. Cybercriminals are increasingly motivated by the monetisation of their activities.
  3. Attacks against critical infrastructure are rising exponentially and other economical sectors as well as society at large can be exposed.

An analysis of the rise in major threats is made available in the Agency’s 2021 Annual Threat Landscape report.

In its Threat Landscape Report Volume 1, CERT-EU, the CERT of all the EU institutions, bodies and agencies (EUIBAs), reported that the number of attacks conducted by Advanced Persistent Threats (APTs) against EUIBAs increased by 60% in 2020 compared to 2019.  These attacks have further increased by 30% in 2021, bringing the total number of significant incidents experienced by EUIBAs to 17, up from only 1 in 2018.

 In light of the above, ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices, available here:  "Boost your Organisation's Cyber resilience - Joint Publication".

This publication is mainly intended for decision makers (both in IT and general management) and security officers (e.g. CISOs).  It is also aimed at entities that support organisational risk management. By following these recommendations in a consistent, systematic manner, ENISA and CERT-EU remain confident that organisations in the EU will be able to substantially improve their cybersecurity posture and in doing so will enhance the overall cyber resilience of Europe.

Background

In 2021, the EU Agency for Cybersecurity and CERT-EU signed an agreement on a structured cooperation to work together on capacity building, operational cooperation and knowledge and information sharing. The provision for a structured cooperation was included in the Cybersecurity Act of 2019. ENISA and CERT-EU meet regularly to agree on joint activities to implement the Annual Cooperation Plans. This week, ENISA Executive Director, Juhan Lepassaar and Saâd Kadhi, the Head of CERT-EU will meet to further develop the cooperation.