MVP

Tag: Cybersecurity

  • Data breach — Bank of Cyprus Oncology Centre Investigates Possible Data Breach

    Data breach — Bank of Cyprus Oncology Centre Investigates Possible Data Breach

    data breach — The Bank of Cyprus Oncology Centre has detected indications of a possible data breach in its systems, the centre announced. The potential breach was identified on Monday, 1 December, leading to immediate action.

    • In the interim, the Bank of Cyprus Oncology Centre has stepped up its protective measures, reinforcing its systems to safeguard against any potential threats while the review unfolds.
    • Importantly, the centre has stated that no patients have been affected in any way by the detected breach, providing reassurance to both patients and staff.

    Upon discovering the anomaly, the centre promptly notified the Digital Security Authority to ensure that appropriate measures could be taken. To further bolster their response, they activated an agreement with a specialised cybersecurity firm tasked with conducting a thorough technical investigation.

    As part of the ongoing investigation, the Office of the Commissioner for Personal Data Protection has also been informed. The centre is currently working diligently to determine the exact nature and scope of the incident, with a commitment to transparency and thoroughness.

    In the interim, the Bank of Cyprus Oncology Centre has stepped up its protective measures, reinforcing its systems to safeguard against any potential threats while the review unfolds.

    Importantly, the centre has stated that no patients have been affected in any way by the detected breach, providing reassurance to both patients and staff.

  • Cyprus Forum Brussels: Vision for Digitalisation and Competitiveness in EU Presidency

    Cyprus Forum Brussels: Vision for Digitalisation and Competitiveness in EU Presidency

    digitalisation — The Cyprus Forum Brussels has set a clear vision for digitalisation and competitiveness as Cyprus prepares to take on the rotating Council Presidency of the European Union.

    Digitalisation: Steering the EU Digital Agenda

    During the event, a high-level panel discussed how Cyprus intends to influence the EU’s digital strategy, particularly through significant legislative initiatives such as the Digital Omnibus, the Business Wallet, and cybersecurity reforms. Cyprus aims to create a coherent and investment-friendly digital environment that enhances European competitiveness.

    Key Panel Participants

    Key figures in the discussion included Giorgos Ioannides, Deputy Permanent Representative of Cyprus to the EU; Despina Spanou, Deputy Director-General for Networks & Technology at the European Commission; Tzvetoslav Mitev, Director for Data Economy & Public Administration; and Antoine Mathieu Collin, Visiting Fellow at Bruegel. The session was moderated by Eddy Wax from Euractiv.

    Presidency Philosophy and Principles

    Giorgos Ioannides articulated the overarching philosophy of the Cyprus Presidency, emphasising that digital transition is essential for enhancing competitiveness, resilience, and European sovereignty. He stated that rather than introducing new regulations, Cyprus aims to serve as a “guardian of balance,” ensuring that negotiations around digital files remain coherent and streamlined.

    Ioannides highlighted three guiding principles for the upcoming presidency:

    • Proportionality
    • Avoidance of regulatory overlaps and inconsistencies
    • Predictable rules that attract investment

    He stressed the importance of agility in the EU’s approach, especially as companies operate in a competitive global market. He suggested that strategic public procurement could act as a catalyst for innovation and enhance the EU’s technological capabilities.

    Understanding the Digital Omnibus

    The Digital Omnibus package is a significant initiative from the European Commission aimed at simplifying the EU’s digital regulatory framework. Despina Spanou clarified that the focus of the Omnibus is on simplification without lowering existing standards. She reiterated that the General Data Protection Regulation (GDPR) remains a global reference standard, and the emphasis is on clarifying obligations rather than diluting rights.

    The Omnibus is designed to provide a consistent regulatory framework, reducing administrative burdens on businesses, especially small and medium-sized enterprises (SMEs). It aims to replace fragmented obligations with clearer, more predictable rules that align with cornerstone laws such as the GDPR, Digital Services Act, and Digital Markets Act.

    Cybersecurity Reforms

    During the forum, Spanou also touched on upcoming cybersecurity initiatives. A unified cyber-incident notification mechanism, referred to as ‘report once, reach many’, is set to replace the current fragmented reporting system under GDPR and other frameworks.

    The review of the Cybersecurity Act will focus on clarifying the mandate of ENISA and streamlining certification schemes, thereby addressing supply-chain security gaps more effectively. Spanou emphasised that while simplification is essential, it will not come at the expense of maintaining robust cybersecurity standards.

    Business Wallet: A Tool for Competitiveness

    Both Spanou and Tzvetoslav Mitev highlighted the Business Wallet as a crucial element for enhancing Europe’s digital economy. Described as “an eID for businesses,” the Business Wallet will allow companies to authenticate themselves securely and conduct administrative or financial procedures without the need for paperwork or physical presence.

    Mitev pointed out that for the Business Wallet to achieve its intended impact, public administrations must adopt and integrate it into their core procedures. He warned that a purely voluntary approach could lead to low uptake, a concern that has affected previous eID initiatives.

    Caution on Regulatory Simplification

    Antoine Mathieu Collin provided a cautionary perspective on the implications of regulatory simplification. He argued that while easing compliance requirements could foster innovation, it might also disproportionately benefit major platforms that already dominate the digital landscape. Without appropriate safeguards, such simplification could exacerbate the competitive disadvantages faced by smaller European firms.

    Collin highlighted the EU’s challenge of finding a balance between fostering innovation through simplification while preventing excessive concentration of digital power in the hands of a few large players.

    Looking Ahead: Making Existing Rules Work

    Across the panel, a consistent theme emerged: the Cyprus EU Presidency aims to be evaluated not by the number of new initiatives launched but by the effectiveness of implementing existing rules. The priorities include cutting overlaps, simplifying compliance, and ensuring that cybersecurity regulations remain robust yet workable.

    As Cyprus prepares to assume the presidency, the choices made in the coming months will significantly impact Europe’s digital competitiveness for the next decade. Ensuring that the simplification efforts empower small and mid-sized firms remains a critical challenge for the EU.

  • Nis 2 — EU Members Urged to Implement NIS 2 Directive Amid Ongoing Cyberattack

    Nis 2 — EU Members Urged to Implement NIS 2 Directive Amid Ongoing Cyberattack

    In light of a recent cyberattack, EU members are urged to implement the NIS 2 directive to ensure a high common level of cybersecurity across the Union. The European Commission has stressed that until all 27 member states adopt this directive, vulnerabilities will persist across the bloc.

    As of now, Cyprus is among the few countries making strides in compliance, having recently completed the full implementation of the NIS 2 directive after facing non-compliance procedures. This compliance comes after Cyprus received warnings in November 2024 and a reasoned opinion in May 2025, highlighting the urgency for all states to align with the directive.

    During a midday briefing, European Commission spokesperson Thomas Regnier addressed concerns regarding an ongoing cyberattack that has severely disrupted check-in and boarding systems at multiple airports. Passengers are facing significant delays, though air traffic safety and control remain unaffected, providing some reassurance amidst the chaos.

    Regnier noted, “the Commission has been closely monitoring the cyberattack, both over the weekend and today, which has caused disruptions.” He assured the public that efforts are underway to restore operations swiftly. “On our side, I can confirm that the Commission is working with Eurocontrol, Enisa, national authorities, airports and airlines to restore operations and support affected passengers,” he added.

    Currently, 12 member states have successfully incorporated the NIS 2 directive into their national laws, including Belgium, Croatia, Cyprus, Denmark, Greece, Italy, Latvia, Lithuania, Malta, Romania, Slovakia, and Slovenia. However, until all nations comply, the risk of cyber threats remains a pressing concern.

    The urgency surrounding the NIS 2 directive and its implementation is underscored by the current situation, as it illustrates the potential vulnerabilities in the EU’s cybersecurity framework. As the bloc grapples with these challenges, the call for swift and effective action has never been more critical.

  • Phishing emails — EAC Issues Alert on Phishing Emails About Unpaid Electricity Bills

    Phishing emails — EAC Issues Alert on Phishing Emails About Unpaid Electricity Bills

    The electricity authority of Cyprus (EAC) has issued a warning to consumers about phishing emails falsely claiming that their electricity bills remain unpaid. These deceptive communications have been reported recently and are designed to mislead customers into thinking they owe money and must act immediately.

    Understanding the Phishing Threat

    The EAC stated that the emails, which bear the subject line “Urgent Warning: Unpaid Electricity Bill”, typically encourage recipients to click on a link that leads to a payment portal. However, this link does not originate from the EAC and is instead a trap set by cybercriminals to harvest personal and financial information.

    Recent Incidents Highlight the Risk

    In an official statement to the Cyprus News Agency, the EAC confirmed that it has seen a rise in reports from consumers receiving these fraudulent emails. The authority emphasised that these messages are part of a broader trend of phishing attacks targeting individuals and organisations alike.

    How to Identify Phishing Emails

    Phishing emails often exhibit certain characteristics that can help recipients recognise them as fraudulent. The EAC recommends looking for:

    • Generic Greetings: Phishing emails often use non-specific salutations like ‘Dear Customer’ instead of personalising the message.
    • Urgency: Many phishing attempts create a false sense of urgency, prompting recipients to act quickly without thinking.
    • Unusual Attachments or Links: Legitimate organisations rarely send unsolicited emails with attachments or links. Hover over links to see the actual URL before clicking.
    • Strange Email Addresses: Check the sender’s email address for discrepancies; often, phishing emails come from addresses that do not match official domains.

    By staying vigilant and recognising these signs, consumers can better protect themselves from falling victim to such scams.

    What to Do If You Receive a Suspicious Email

    For anyone receiving an email that appears to be from the EAC or any other organisation, the first step is to verify its authenticity. The EAC advises consumers to:

    • Do Not Click: Avoid clicking on any links or downloading attachments until the email’s legitimacy is confirmed.
    • Contact the EAC Directly: Reach out to the EAC using official contact details found on their website to confirm whether they sent the email.
    • Report the Email: If the email is confirmed to be a phishing attempt, report it to the relevant authorities or the EAC directly so they can take appropriate action.

    Taking these precautionary steps can help prevent personal data from being compromised.

    Broader Implications of Phishing Scams

    Phishing scams are increasingly common in today’s digital environment, affecting not just individuals but also businesses and public services. These attacks can lead to significant financial loss and damage to reputation. The EAC’s warning serves as a reminder of the importance of cybersecurity awareness and the need for ongoing education regarding online threats.

    Protecting Yourself Online

    Consumers are encouraged to adopt good online practices to safeguard their personal information. Some effective strategies include:

    • Use Strong Passwords: Employ unique and complex passwords for different accounts and consider using a password manager.
    • Enable Two-Factor Authentication: This adds an extra layer of security by requiring a second form of verification when logging in.
    • Regularly Monitor Accounts: Keep an eye on bank statements and online accounts for any unusual activity.

    By implementing these measures, individuals can significantly reduce their risk of falling victim to phishing and other online scams.

    Continuing Education and Awareness

    The EAC continues to prioritise consumer awareness around such threats through various educational initiatives. They aim to inform the public about recognising phishing attempts and understanding the importance of cybersecurity.

    As cyber threats evolve, remaining informed and cautious is essential for all consumers. The EAC encourages everyone to stay alert and take proactive steps to protect their personal information.