All news with #enisa tag

🔐 ENISA is pursuing top-level root status in the CVE Program as it is being onboarded by the US Cybersecurity and Infrastructure Security Agency (CISA) to become a TL-Root CNA. Agency leaders told VulnCon26 attendees the move, targeted for 2026 or early 2027, would secure European representation on the CVE Program Board. ENISA plans to onboard EU national CERTs and CSIRTs as CNAs and is expanding its vulnerability team to support this role.

🛡️ In the first episode of Fortinet's Brass Tacks: Talking Cybersecurity season 2, host Joe Robertson speaks with Annita Sciacovelli, a professor of international law and cybersecurity advisor to the Italian Ministry of Defence, about how modern cyber conflict increasingly targets societies rather than only military or corporate assets. They explain that attacks on energy, transport, finance, and public administration aim to erode trust and create strategic psychological pressure, reframing cybersecurity as a public-interest challenge. The discussion highlights legal distinctions between terrorism and state use of force, the importance of ENISA, and EU frameworks such as NIS2, DORA, and the Cyber Resilience Act, while underscoring the need for cyber diplomacy, intelligence sharing, and continuous resilience-building.

🔐 The EU's NIS2 Directive requires organizations in critical sectors to strengthen identity and access controls, with Article 21 explicitly calling for access policies and practical protections. Modern password hygiene favours long passphrases (e.g., 15+ characters), breach screening, and avoiding routine rotations unless compromise is suspected, alongside user-friendly measures like password managers. While NIS2 doesn't always explicitly mandate MFA, national guidance and ENISA expect phishing‑resistant MFA for privileged and critical accounts.

📣 The EU security agency's ENISA Threat Landscape 2025 report, analyzing 4,875 incidents from 1 July 2024 to 30 June 2025, finds phishing was the initial access vector in 60% of intrusions, with vulnerability exploitation at 21%. Botnets and malicious applications accounted for 10% and 8% respectively, and 68% of intrusions led to follow-up malware deployment. ENISA highlights AI-powered phishing exceeded 80% of social engineering globally by early 2025 and warns of attacks aimed at critical digital supply chain dependencies and high-value targets such as outdated mobile and OT systems.

🛡️ ENISA has been allocated €36m to operate the EU Cybersecurity Reserve, a virtual pool of pre‑vetted private incident response providers established under the EU Cyber Solidarity Act. The funding, delivered through the Digital Europe Programme over three years, will be used to procure responders and to evaluate and fulfil support requests from member states, CSIRTs or CERT‑EU. Unused pre‑committed services can be repurposed for prevention and preparedness. ENISA will also lead a European certification scheme for managed security services, initially focusing on incident response.