Project blog

Enhancing your security with open-source tools

With cybersecurity gaining increased attention in Italy, it has emerged as the top priority for digital investment among businesses in 2023. Notably, both large enterprises and SMEs recognize the significance of robust cybersecurity measures. Recent data reveals that a staggering 61% of organisations with over 250 employees have chosen to boost their cybersecurity budgets in the past year. Moreover, the Italian cybersecurity market is projected to witness remarkable growth, reaching a value of 1.86 billion euros in 2022, reflecting an exceptional acceleration of +18% compared to the previous year. In this article, we delve into the realm of monitoring and analysis, exploring the potential of open-source solutions to strengthen cybersecurity defences and address the evolving challenges faced by Italian organisations. Fluentd

Continue reading

Cybersecurity challenges in Greek companies – Study by EY Greece and Microsoft

ΕΥ Greece and Microsoft have carried out a study on the challenges concerning cybersecurity in Greece. The study attempts, for the first time in the Greek market, to thoroughly analyse the current national and European legal and regulatory framework of cybersecurity. European regulations, such as NIS, NIS II and CERD, the main legal acts on cybersecurity in Greece (4577/2018, 4961/2022), their field of practice and the next steps for the compliance of the Greek companies with those, are presented in the study. In addition, the study describes the goals and the respective actions of the National Cyber Security Strategy 2020-2025 that was presented by the Ministry of Digital Governance.

Continue reading

Συμμετοχή της ΔΕΥΑΛ στην 3η συνάντηση του Ευρωπαϊκού Προγράμματος CS-AWARE-Next στην πόλη Caltagirone της Κατάνια

https://www.deyal.gr/el/enimerwsi/nea-anakoinwseis/item/3058-symmetoxi-tis-deval-stin-3i-synantisi-tou-evropaikoy-programmatos-cs-aware-next-stin-poli-caltagirone-tis-katania

Continue reading

NIS2 – Key Challenges on the Horizon

About ten years ago the proposal of the original NIS-Directive was introduced into our lives. It was the first cybersecurity act in the EU, creating a new baseline for cybersecurity. Unfortunately the effects of the original NIS weren’t as good as initially hoped. Its objectives of increasing the level of security of network and information systems across the union were hindered by problems regarding different levels of resilience among member states, insufficient resilience of individual organisations, and ineffective oversight by government authorities. The decision was made to issue an updated act to take its place. In a little over 1,5 years, by October 18th 2024 to be precise, the successor will be incorporated into national law by each member state.

Continue reading

Data-driven cybersecurity

The availability of a large amount of data facilitates the spreading of a data-driven culture in which data are used and analyzed to support decision-making. This is also true for the cybersecurity environment in which the increasing number of threats appearing over time and related public data caused a “paradigm shift in understanding and defending against the evolving cyber attacks, from primarily reactive detection toward proactive prediction”.

Conventional data analysis approaches cannot address the complexity of the new threats and the velocity with which they are generated and spread throughout the Internet: more flexible and efficient mechanisms are needed. Artificial Intelligence (AI) systems based on Machine Learning (ML) tools and exploiting the power provided by big data architectures seem promising solutions to detect and mitigate many of the novel cybersecurity attacks. They can analyze large volumes of data, identify anomalies and suspicious behavior and investigate threats by correlating many data points. Techniques such as regression, classification, and clustering are already used to identify network threats, detect software vulnerabilities, monitor email, and design advanced antivirus applications.

Continue reading

Cyberattack in Thessaloniki

Five years ago the security of the digital infrastructures of the organisations was not even an object of discussion. Most though of security as a store room with a lock on the outside, a back-up external drive, that usually remained connected on the server, and an antivirus that in most of the cases was a free one.

It comes without saying that file sharing policies, back-up check in portable devices, active directory, firewall, certified connection of the users in the internet, GDPR, website access restrictions and in everything that we today consider digital security. All of the above though, change for the best in the past few years. The Covid era was a milestone in this process as the safe remote access to the information systems became a non-negotiable necessity.

Continue reading

Cyberattack in Thessaloniki

Five years ago the security of the digital infrastructures of the organisations was not even an object of discussion. Most though of security as a store room with a lock on the outside, a back-up external drive, that usually remained connected on the server, and an antivirus that in most of the cases was a free one.

It comes without saying that file sharing policies, back-up check in portable devices, active directory, firewall, certified connection of the users in the internet, GDPR, website access restrictions and in everything that we today consider digital security. All of the above though, change for the best in the past few years. The Covid era was a milestone in this process as the safe remote access to the information systems became a non-negotiable necessity.

Continue reading

Users are not stupid

This article from Julie Haney of NIST deals with some of the misconceptions and pitfalls that cyber security professionals fall victim to. These pitfalls reflect a tendency in the cyber security community “to focus and depend on technology to solve today’s security problems while at the same time failing to appreciate the human element: the individual and social factors affecting security adoption.”

To appreciate the importance of the human element in cyber security, Haney suggests it would be best to understand the concepts of usability and usable cyber security. The International Organization for Standardization definition of usability is ‘the extent to which people can use systems, products, and services with effectiveness, efficiency, and satisfaction to accomplish their goals in a specified context of use’.

Continue reading

Why old school thinking?

For many years, a report from Govloop in the US writes, government agencies have applied a “hodgepodge of cyber-security strategies” to counter both internal and external risks. Many relied on firewalls to manage external activity and potential threats. In the end, the Govloop authors conclude that Legacy firewalls tend to be more concerned with activity attempting to penetrate their perimeter defenses and do not monitor internal activities within the local network.

Continue reading

Greece's new Cybersecurity Bill

A bill on cyber security, telecommunication privacy issues and personal data has been submitted to the Greek parliament. In particular, the bill aims at “ensuring the necessary balance between privacy protection and national security, within the constitutional frame and in the foundation of the best international policies.” Additionally, the bill strengthens the “citizen’s rights against the threats that are connected to the technological evolution”.

The bill in question deals with issues of counter surveillance with the use of right tools, the foundation of Information Academy and counterintelligence and the setting of a stricter privacy frame. A major part of the bill though is about cybersecurity and the enforcement of the privacy protection. A coordination committee is assembled with the task of breaking down of the related structures. A Unified Reporting Center for Cybersecurity is running in the ministry of Digital Governance. Also, for the first time, a National Plan for Valuation of Technology and Communication Systems hazard levels is structured. It is used for recognition, analysis and valuation of the hazards and their repercussions on the safety of the national technology, information and communication systems. Prior ambiguities in the embedding of this frame for privacy protection were lifted. The ministry of Justice embodies in this bill, a number of suggestions that were made during its consultation and further improvements were made. A number of amendments were carried out and they are outlined below:

Continue reading