NISA recommends 14 measures to increase cyber resilience
Cyber attacks against European companies and public authorities are on the rise, according to the European Cybersecurity Agency (ENISA) and the Computer Emergency Response Team for EU Agencies (CERT-EU). According to both parties, the increase can be explained by the threat of ransomware, cybercriminals are increasingly financially motivated and there is an exponential increase in attacks against critical infrastructure. In response to this development, ENISA and CERT-EU have called on all public and private organizations in the EU to increase their cyber resilience and adopt a minimum set of best practices. Those best practices, fourteen in total, have been collected in a new publication called “Boosting your Organization’s Cyber Resilience”. These include the mandatory use of multi-factor authentication (MFA) for remote services such as VPNs and webmail. Whenever possible, the use of SMS for MFA is discouraged. Organizations must also ensure that employees do not reuse passwords and apply MFA where possible. It is also recommended to keep all software up-to-date and to secure cloud environments. In addition, ENISA and CERT-EU recommend changing default passwords, drawing up a backup strategy, applying network segmentation, periodically training staff, setting up a secure e-mail environment, regularly organizing cyber awareness events, protecting systems against ddos attacks, restricting internet access to servers and having procedures in place to reach computer security incident response teams.