ENISA and CERT-EU publish set of cybersecurity best practices for public and private organizations

The European Union Agency for Cybersecurity (ENISA) and CERT-EU published a joint set of cybersecurity best practices for public and private organizations in the EU.

ENISA reported a substantial increase of cybersecurity threats for both private and public organizations across the EU. Three factors are at play in such a trend:

• Ransomware remains a prime threat, putting millions of organizations at risk.
• Cybercriminals are increasingly motivated by the monetisation of their activities.
• Attacks against critical infrastructure are rising exponentially and other economical sectors as well as society at large can be exposed.

An analysis of the rise in major threats is made available in the Agency’s 2021 Annual Threat Landscape report.

In its Threat Landscape Report Volume 1, CERT-EU, the CERT of all the EU institutions, bodies and agencies (EUIBAs), reported that the number of attacks conducted by Advanced Persistent Threats (APTs) against EUIBAs increased by 60% in 2020 compared to 2019. These attacks have further increased by 30% in 2021, bringing the total number of significant incidents experienced by EUIBAs to 17, up from only 1 in 2018.

In light of the above, ENISA and CERT-EU strongly encourage all public and private sector organizations in the EU to adopt a minimum set of cybersecurity best practices.

This publication is mainly intended for decision makers (both in IT and general management) and security officers (e.g. CISOs). It is also aimed at entities that support organizational risk management. By following these recommendations in a consistent, systematic manner, organizations in the EU will be able to substantially improve their cybersecurity posture and in doing so will enhance the overall cyber resilience of Europe.