Content type
Pill

Protect your business: Cyber Resilience Act and its usefulness for SMEs

20 Jan 2025. 14:48
Tiempo lectura
5 min. of reading
Published by
Imagen colaborador
Logo Acelera pyme
Acelera pyme

Términos de uso

You can use the resource for personal or informative use with attribution to the entity red.es following our terms of use.

Tags

  • SME maturity
    All
    Topic
    1. Ciberseguridad
    Scope to digitize
    1. Cybersecurity

Compartir píldora

Entradilla

The new Cyber Resilience Act of the European Union strengthens the digital security of all businesses, including SMEs. We explain what it entails and how it protects businesses.

Imagen o video destacado
Image
Ley ciberresiliencia
Descripción

The EU has adopted strategies and legislative frameworks to strengthen cybersecurity across the region. Among these efforts is the NIS2 Directive (Network and Information Systems Security), which sets requirements for the security of network and information systems in critical sectors.

Additionally, the European Union Agency for Cybersecurity (ENISA) plays a crucial role in coordinating incident responses and promoting good data protection practices.

The growing importance of cybersecurity is seen in the economic impact of cyberattacks, which can cause significant financial and reputational losses for businesses.

Three of the most notable cyberattacks this decade have been:

  • JBS Foods: In mid-2021, it suffered a ransomware attack that disrupted its operations in several countries. The company paid $11 million to hackers to avoid further damage.

  • Microsoft Exchange: This series of cyberattacks, which took place in early 2021, affected tens of thousands of organizations worldwide, with repair and mitigation costs estimated in the billions of dollars.

  • Major IBEX 35 companies: Up to six publicly traded companies were victims of cyberattacks in 2024. These companies confirmed that the attacks resulted in data theft and system outages.

Another of the European Union's initiatives to foster a secure digital environment is the Cyber Resilience Act. Let us tell you what it entails!

Cyber Resilience Act: A Measure to Ensure Digital Protection

The EU Cyber Resilience Act, which came into force on December 10, 2024, represents a milestone in the protection of digital products in the European market. This law aims to improve the security and resilience of products with digital components, both hardware and software.

The law imposes obligations on manufacturers, importers, and distributors to ensure that products are secure throughout their lifecycle, including the implementation of security measures at the design stage, vulnerability management, and security incident reporting.

Additionally, companies are required to conduct regular risk assessments and keep their products updated to protect against new threats.

The most notable aspect of the Cyber Resilience Act is its focus on transparency and accountability. Companies must provide information on the security measures implemented and ensure that consumers can configure their devices securely.

Key Actions to Comply with the Cyber Resilience Act

For SMEs, complying with the Cyber Resilience Act may seem challenging, but there are several key actions that facilitate this process:

  • Risk Assessment: Conduct regular risk assessments to identify and address potential vulnerabilities in your products or systems. This includes: reviewing software, hardware, and cloud support services.

  • Secure Design: Implement security measures, including mechanisms to protect against cyberattacks and ensure that products can be protected against new threats.

  • Vulnerability Management: Establish processes for identifying, assessing, and mitigating risks so that SMEs are prepared and can respond quickly to security breaches that should be reported to the relevant authorities.

  • Transparency and Documentation: Provide clear and detailed information on the security measures implemented in the products. This includes user manuals, secure configuration guides, and privacy policies.

  • Training and Awareness: Train employees on best cybersecurity practices to act together and recognize new threats.

  • Collaboration with Suppliers: Work with partners to ensure that components and services meet the requirements of this law, from conducting audits to requiring security certifications.

  • Updating and Maintenance: Keep products updated with the latest security patches. SMEs should establish a regular process to ensure that their products remain secure throughout their lifecycle.

Complying with the Cyber Resilience Act is not just an obligation but an opportunity to strengthen the security and trust in your business. Protect your SME, improve your reputation, and make your digital products synonymous with trust. Start today!

¿Te ha gustado este contenido?
0
No votes have been submitted yet.