A Thing
The Green SheetGreen Sheet

Friday, January 20, 2023

EU to enforce cyber resilience

In light of recent disclosures of yet another T-Mobile cyberattack, security analysts are openly wondering if U.S. policymakers will borrow a page from the European Union Commission’s Cyber Resilience Act. Enacted Jan. 18, 2023, the measure aims to protect connected devices against pervasive cybersecurity attacks, the EU Commission stated.

The new regulation holds manufacturers, distributors and service providers accountable for device and network security, imposing fines of up to 15 million Euros or 2.5 percent of annual revenues to non-compliant parties, noted Jan Wendenburg, CEO of the cybersecurity company ONEKEY.

"The pressure on the industry – manufacturers, distributors and importers – is growing immensely,” he stated. “The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities."

Ransomware attacks every 11 seconds

Noting that ransomware attacks occur every eleven seconds, the EU cited numerous German firms affected by this trend, including a leading children's food manufacturer, global automotive supplier and manufacturer in January 2023. These incidents underscore the need to protect printers, routers, industrial control systems and smart home devices from malicious actors, the EU stated.

Wendenburg agreed, stating manufacturers, distributors and importers will be required to notify ENISA – the European Union's cybersecurity agency – within 24 hours if they detect a security vulnerability or intrusion. Any delays in notification will be met with fierce penalties and fines for non-compliance, he added.

"The time horizon is tight, considering that orders for IT products are already being placed with OEM manufacturers this year for the next 12 to 18 months,” he said. “Therefore, the timing situation needs to be considered and resolved now, before a product ends up not being launched or delayed due to defects."

Will USA be next?

As reported Jan. 20, 2023, by Reuters, “T-Mobile says investigating data breach involving 37 mln accounts,” beleaguered mobile carrier T-Mobile detected malicious activity on Jan. 5, and claims the attack was contained within 24 hours. However, the company acknowledged some personal information, such as names, billing addresses, email and phone number data may have been exposed. Reuters further noted the incident follows on the heels of last year’s epic 2021 attack, which is estimated to have impacted 76.6 million subscribers. Unsurprisingly, T-Mobile share prices fell 2 percent in morning trading and continue to drop precipitously following this latest disclosure.

“Last year, T-Mobile agreed to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a cyberattack in 2021 that compromised information belonging to an estimated 76.6 million people,” Reuters reporters wrote.

Commenting on T-Mobile’s continuing challenges, Ted Miracco, CEO at cybersecurity firm Approov, stated more accountability is needed for data breaches.

“We live in an environment where companies would rather apologize for a data breach, and then offer their clients one year of free credit monitoring services, than invest in cyber security solutions that might have contained the breach before 40 million records were exfiltrated,” he said. “The bottom line is that companies like T-Mobile are focused on their bottom lines, and it is more cost effective to apologize than to correct the systemic problems in these cases.”

end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing