In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
Cyber Talk: After the hack – be prepared with this First Aid legal toolkit – 18 June 2020
18 juni 2020 – Cyber Security Coalition
The Cyber Security Coalition, in collaboration with VBO/FEB and Agoria, kicked off a new series of ‘Cyber talks’ with a presentation on legal responses and consequences after a hack, by Catherine Van De Heyning (Artes, Antwerp). And a hack is a matter of ‘when’, not ‘if’, so be prepared. Not only plan for the necessary technical/ICT reaction, but also prepare in advance the legal, communication and business continuity response actions. And do test those plans, considering an increasingly strict legal and contractual environment. Also, preparedness does involve intensive awareness raising of all personnel, from the most junior employee to top management, providing intra-company notification procedures (e.g. a ‘911’-line).
Of critical importance is prompt notification of incidents under the GDPR and/or NIS legislation, even if not all information is available. To notify or not? It is better to err on the safe side, i.e. to notify (or be able to demonstrate the lack of risk!). Do understand that a data breach constitutes a breach of trust, and to regain trust is difficult. An open communication practice does help in restoring trust.
A lack of response preparedness can also result in increased liabilities, both legal and/or contractual based, with the bar of ‘sufficient preparedness’ steadily rising. Increasingly, companies will request more stringent cyber security measures from partners, contractors etc. or face expensive liabilities. Companies involved in security consulting/services could share these liabilities. Also, cyber insurance will probably become a standard part of the legal toolkit.
Ultimately, do file a criminal complaint, to get more information about the criminals who and why, and to strengthen the information base on criminal incidents.
Even more advice is available in this presentation, including click through links, making this an extremely practical and enlightening session.
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.