The European cybersecurity organisation published a new analysis for cybersecurity in the health sector. This sector needs its complicated infrastructure to work. But what happens if this structure gets hacked? The digital age is among us now, but online attacks are not physically visible for society until it has consequences and gets to the news. The European organization for cyber security (ECSO) from Brussels published a call of action for national governments and companies to share stakeholders and become a community.
”We want to defragment the market a little bit” tells Nina Olesen senior policy manager from ECSO. ”What we want to do is we want to bring together the European cyber range community to promote and support the development of best practices and guidelines that kind of define the European cyber range.”
Last year ECSO released a paper for citizens and companies to improve their understanding of cyber range. Cyber security is a multi-level issue. ”In order to protect collectively, it needs to start also with the society and general awareness-raising. But I think that the public and private actors in the cyber security community need to lead from the front.”
That there is a problem is also clear in the cyber security in health care analysis from ENISA. The number of attacks on health care is growing and could impact multiple stakeholders such as citizens, public and private organizations. Furthermore, the growing number of attacks is not only visible in the health care industry. Security officer Rutger Kuiper from TKP pension is also noticing an increase in attacks in his sector. Luckily TKP pension has not experienced it for themselves yet. But what if a company like TKP pension gets hacked?
”If our company is hacked and they get some personal data and they are holding it hostage and say: ‘You pay us 30 bitcoins then we will not release the data publicly.’ We will not pay.” He understands the risk of personal data getting leaked but when they give the money the online hackers will come back in a few years and ask for more. ”As a company, we get tested every year by a hacking prevention company.” These kinds of companies can do multiple checks on leaks and hand out a report for you to remedy as to a company. Later, they can check again if it is better now or if there are other weaknesses.
But some companies are not doing anything with these reports tells Kuipers. ”They told me that there are companies where they go year after year, and they get the same results” He recommends being aware of the cyber security regulations companies use as a customer and if they are lacking cyber security interests choose another company to go to.
The European Commission has created a new cybersecurity package in December 2020. The main problem that seems to come forward is collective awareness. But they also created multiple actions that must be done in the cyber security development.
Technological sovereignty, creating operational capacity for prevention, and making open global cyberspaces are the three-pointers for the Commission. They also recognize the importance of all the EU institutions for development. Just as the risk of attacks on institutions because of the importance of the information there could be stolen.
Listen to the audio fragment underneath to get deeper intel on this topic from Nina Olesen from ECSO and Rutger Kuiper from TKP Pension.[embed]https://soundcloud.com/kelly-kroeze-316077419/interviews-with-nina-olesen-and-rutger-kuiper?si=5ee2712f6edb4564a94d67ec8d2125ef[/embed]