This article is more than 1 year old
Definitions matter. For crying out loud, securobods, BE SPECIFIC – ENISA
Use your words or the DDoSers will GET you....
Definitions matter when your infrastructure is under threat says European Union Agency for Network and Information Security (ENISA).
ENISA’s latest report, published on Thursday, concludes that there is an increase in the occurrence of routing threats, DNS threats and DDoS attacks to internet infrastructure. Its advice? Get your definitions sorted out, now. “Words matter: Ensure the right use of terms and definitions,” is one of the key recommendations.
It also advises internet infrastructure owners to cooperate with the wider community and tells users to report gaps found. Internet infrastructure owners should also “commit third-party vendors to apply security measures,” says ENISA.
The report, "Threat Landscape 2014", also says that overall there are shortcomings in the “application of skill-sets in all important specific threats, as well as to system configuration and essential addressing protocols for DDoS”.
A separate ENISA report, also published today, focused exclusively on the banking sector and found there was a the “need to improve proactive cooperation on (network and information security) challenges”. Although bigger banks have introduced good IT governance practices, smaller banks are lagging behind. “Differences as such are to be expected. The aim is to understand where such prospects could actually impair financial resilience altogether,” said the report.
“Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of prevention and protection measures in all sectors, including the finance sector,” said ENISA exec director Udo Helmbrecht.
The EU is currently preparing a so-called Cybersecurity Directive on NIS (Network and Information Security) but negotiations have stalled over definitions of which sectors are of sufficient significance and importance to fall within its scope. ®