Friday, January 20, 2023
The new regulation holds manufacturers, distributors and service providers accountable for device and network security, imposing fines of up to 15 million Euros or 2.5 percent of annual revenues to non-compliant parties, noted Jan Wendenburg, CEO of the cybersecurity company ONEKEY.
"The pressure on the industry – manufacturers, distributors and importers – is growing immensely,” he stated. “The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities."
Noting that ransomware attacks occur every eleven seconds, the EU cited numerous German firms affected by this trend, including a leading children's food manufacturer, global automotive supplier and manufacturer in January 2023. These incidents underscore the need to protect printers, routers, industrial control systems and smart home devices from malicious actors, the EU stated.
Wendenburg agreed, stating manufacturers, distributors and importers will be required to notify ENISA – the European Union's cybersecurity agency – within 24 hours if they detect a security vulnerability or intrusion. Any delays in notification will be met with fierce penalties and fines for non-compliance, he added.
"The time horizon is tight, considering that orders for IT products are already being placed with OEM manufacturers this year for the next 12 to 18 months,” he said. “Therefore, the timing situation needs to be considered and resolved now, before a product ends up not being launched or delayed due to defects."
As reported Jan. 20, 2023, by Reuters, “T-Mobile says investigating data breach involving 37 mln accounts,” beleaguered mobile carrier T-Mobile detected malicious activity on Jan. 5, and claims the attack was contained within 24 hours. However, the company acknowledged some personal information, such as names, billing addresses, email and phone number data may have been exposed. Reuters further noted the incident follows on the heels of last year’s epic 2021 attack, which is estimated to have impacted 76.6 million subscribers. Unsurprisingly, T-Mobile share prices fell 2 percent in morning trading and continue to drop precipitously following this latest disclosure.
“Last year, T-Mobile agreed to pay $350 million and spend an additional $150 million to upgrade data security to settle litigation over a cyberattack in 2021 that compromised information belonging to an estimated 76.6 million people,” Reuters reporters wrote.
Commenting on T-Mobile’s continuing challenges, Ted Miracco, CEO at cybersecurity firm Approov, stated more accountability is needed for data breaches.
“We live in an environment where companies would rather apologize for a data breach, and then offer their clients one year of free credit monitoring services, than invest in cyber security solutions that might have contained the breach before 40 million records were exfiltrated,” he said. “The bottom line is that companies like T-Mobile are focused on their bottom lines, and it is more cost effective to apologize than to correct the systemic problems in these cases.”
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.