Defending Europe against cyber attack

How ENISA helps EU member states with national cyber defences, as well as securing European-wide business networks.

One of the European Commission's jobs for ENISA was to see whether it was feasible to collect data from all around Europe in a consistent way. After almost 100 different data collection initiatives using more than a dozen different indicators, ENISA said that it could not be done unless there was coordination between existing data collection initiatives.

"You have to agree about certain terminologies and indicators for the different sectors to explore," De Bruin said. "This is not a trivial exercise."

ENISA concluded that a consistent European-wide data collection was possible in theory, but in practice would be extremely difficult. It decided that making Europe more aware of the problems, risks, vulnerabilities and coming trends was more important.

"Rather than having to keep looking at the rear view mirror, we need to have a forward looking and prospective orientation," said De Bruin.

Advertisement - Article continues below
Advertisement - Article continues below

ENISA's three year programme

ENISA created a three year programme to develop trust and confidence with decision makers - who were not necessarily that well informed about risks and vulnerabilities - and provide them with a better insight which would allow them to make better decisions.

De Bruin said: "The goal of the programme is that after three years we have at least fifteen of the member states that refer to ENISA as their point of reference."

To do this, ENISA started rolling a programme of producing risk assessment papers on different security topics. It isn't just ENISA employees who work on the research - experts were employed to explore the risks.

Protecting European small businesses

Another of ENISA's jobs was to look after European business IT supporting small and medium businesses in coping with information security risks and therefore become more competitive

Advertisement - Article continues below

"I believe this is an important task," said Andrea Pirotti, executive director of ENISA, at its network and information security summer school held in Greece. "Small and medium enterprises have don't have resources, financial personnel or culture to manage these issues.

He added: "Almost 90 per cent of our commercial activities in Europe are based on small and medium enterprises."

ENISA has worked particularly with small micro-businesses consisting of one to nine employees. Many of these SMEs were aware of the security problems from news sources, but there wasn't any means for them to solve them - as well as a lack of resources to invest.

De Bruin said: "Those SMEs should be actively offered ready to use solutions to help them forward, and we believe that an EU wide network to deliver such tools should be developed."

"We're working together with industry associations and working groups to define what the actual needs are and what initiatives they can benefit from."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020