Why was the ECCO established?
The establishment of ECCO was part of the settlement between Cispe and Microsoft in July. This settlement resolved an antitrust complaint filed with the European Commission against Microsoft. The company was accused of engaging in unfair competition. This vendor increasingly sells products such as Microsoft 365 and Windows alongside its own Azure Cloud and other services. As a result, other cloud providers with their own SaaS services are being sidelined. End customers who purchase the software ultimately suffer from this as well. In addition to co-founding the ECCO, the company paid compensation to Cispe and promised to develop an improved version of its Azure Stack HCI product for European cloud providers that is comparable to their own cloud solutions.
This is how ECCO monitors European software suppliers!
The ECCO will monitor European software vendors for unfair practices, but initially its focus will be on ensuring that Microsoft adheres to the agreements. Members of the watchdog are currently testing Microsoft’s modifications. A meeting with the company’s technical leadership will take place in Redmond, Washington, in December, after which a progress report is expected. Further evaluations of progress regarding the agreements with the company will follow in February and March. The ECCO will also apply this approach to other software suppliers in Europe, thereby keeping the cloud market fair and open to competition!
Independent audit by ECCO
ECCO is therefore a completely independent organization, managed by the CISPE secretariat and operating under an independent governance model. A group of French companies and organizations under the name Cigref and a Belgian association of CIOs and digital technology leaders under the name Beltug will act as observers on behalf of consumers. This ensures that ECCO’s assessments and statements are 100% independent and based on the truth.
1. Dora: for the financial sector
DORA stands for the Digital Operational Resilience Act. This law primarily targets the financial sector. The European regulation is intended to strengthen the operational resilience of financial institutions. This sector is, of course, already quite strictly regulated, but new laws continue to be introduced, particularly from the EU. The law applies not only to the financial sector but also to third-party IT suppliers, especially when it comes to cloud computing that supports critical functions.
2. NIS2: One of the most important European laws on cybersecurity!
The NIS 2 Directive is primarily focused on improving the digital and economic resilience of European member states. There are eighteen sectors that will be affected by the NIS-2 Directive, and it primarily focuses on measures related to cybersecurity risk management and the reporting of incidents in this area. Companies sometimes tend not to report cybersecurity incidents because they fear it could damage their reputation. However, reporting incidents is actually a crucial source of data for preventing such incidents in the future!
3. EU Cloud Certification Scheme
The EU Cloud Certification Scheme is a framework for certifying the digital security of cloud service providers. The EUCS is part of the Cybersecurity Act (CSA) of 2019. The schemes used under this directive are not mandatory, but there is a strong likelihood that they will become mandatory in the future.
4. Cyber Resilience Act: One of the European laws on product cybersecurity
This EU regulation primarily focuses on hardware and software products. It therefore does not concern the digital resilience of organizations, but rather the products that organizations use. The Cyber Resilience Act sets requirements for the cybersecurity of digital products sold in the EU, such as software and IoT devices. These requirements are mandatory, so all products must comply with them—no exceptions. All products that are directly or indirectly connected to a network are subject to this regulation!
What does ChatGPT Search bring to the table to compete with Google?
Of course, ChatGPT has long been used to perform searches in a similar way to how we would use Google. However, its capabilities in this regard were still limited. For example, the search function did not yet provide links to external sources, and search results were displayed only as text. ChatGPT Search not only provides answers in text but also includes links to external sources relevant to your query and, where possible, even photos, images, and visual data—such as graphs or tables. This makes the application a much stronger competitor to Google than it was before.
ChatGPT Search is an AI chatbot that cites sources
So ChatGPT actually offers real added value compared to Google, just like the AI bot Perplexity. After all, you don’t just get an answer to your question, but also a full list of sources with various links, so you can verify whether the answer is actually correct. This solves a major issue people have with using ChatGPT: you can never be sure if the answer it provides is accurate or where it gets its information from. OpenAI also recently announced that it has partnered with several companies to provide up-to-date information on topics such as the weather, sports scores, locations, and the news.
When will ChatGPT Search be available to everyone?
According to OpenAI, their search feature is now ready for the general public, but when will we all be able to use ChatGPT Search? Basically, starting right now! You can set ChatGPT as your default search engine if you want, instead of Google. In the Google Chrome browser, you can install an extension for this. The search feature is coming to the ChatGPT website and all apps. If you were on the waiting list for ChatGPT Search or have a ChatGPT Plus or Team account, you can start using the new feature right away. If you have an Enterprise or Edu account, the feature will become available to you sometime in the coming weeks. As a free user, you’ll have to wait a few more months, but eventually, everyone will be able to use ChatGPT Search instead of Google if they want!
Kaspersky Security Network
The figures illustrating this come from the Kaspersky Security Network list. This list has been maintained since 2013, and this year marks the first time the Netherlands has topped the list. Between July and September 2024, over 116 million cyber incidents occurred via servers in the United States. Germany follows in third place with 13 million attacks. This gives the U.S. a 25% share of all cyberattacks worldwide, while Germany accounts for just 3%. Compare that to the Netherlands, whose servers were the target of 41% of all cyberattacks worldwide in the third quarter of this year.
Increase in cyber incidents in the Netherlands since 2022
According to the Kaspersky Security Network report, the number of cyber incidents on Dutch servers suddenly surged in early 2022. At that time, the Netherlands ranked third on the global list of server abuse. It didn’t take long for our country to rise to second place, with only the United States ahead of it in terms of the high number of cyberattacks. The Netherlands remained in second place through the second quarter of 2024, but this changed in the last quarter. Although the number of attacks in our country did drop somewhat after mid-2022, we still ranked first in Q3, even ahead of the U.S.
The Netherlands has become a popular target for cybercriminals
It seems, then, that our country has suddenly become a haven for cybercriminals. When we compare the Netherlands’ share in the third quarter to that of three years ago, the difference is 36%. In 2021, it was 5%, and this year it’s 41%. The cybersecurity expert can’t explain why this increase is so massive. In 2023, the number of cyberattacks on Dutch servers dropped by more than 100 million. But unfortunately, there seems to be another rise in the number of incidents this year, keeping us in first place.
Where does this data come from?
Kaspersky Security Network compiles this list using data it receives in response to cyberattacks. When one of the cybersecurity provider’s customers is attacked online, they record the source of that attack. A WebAntivirus component then pinpoints the location of the threat. Their analysis focuses on malware samples, which are often found in multiple countries worldwide. One explanation for the Netherlands’ top ranking is our position within transatlantic internet traffic. A large portion of this traffic passes through the Amsterdam Internet Exchange. Our robust infrastructure is highly attractive to cybercriminals, as it allows them to easily reach many companies all over the world!
Ransomware remains one of the biggest cyber threats
Ransomware has been a major threat for years, and it remains a significant risk today. The number of cases in which people fall victim to ransomware hasn’t necessarily increased, but cybercriminals have found new ways to scam people with it. Criminals combine ransomware with data exfiltration and then threaten to make sensitive information public. For companies that work with sensitive data, it is now therefore especially important to ensure their systems are properly secured. Hackers are also increasingly exploiting legitimate tools within systems to stay under the radar. This makes it increasingly difficult to detect them.
Social engineering is becoming more inventive
Social engineering also remains a common threat. Phishing is one of the most common forms of social engineering. Businesses, in particular, are increasingly affected by this, as fake emails are becoming harder and harder to distinguish from genuine ones. Today, cybercriminals use AI to make these emails look as real as possible. Through these emails, they try to gain access to company data or payments. As a business, it’s therefore wise to keep your staff vigilant about filtering out fake emails. This way, you can avoid a lot of trouble!
Malware is becoming increasingly difficult to detect
Of course, malware isn’t exactly a new phenomenon in the world of cybercrime. However, it’s becoming increasingly difficult to detect, which naturally makes it more dangerous. Advanced cybercriminals are now even offering malware-as-a-service. This allows criminals with less technical expertise to easily launch attacks on companies. Malware is also becoming increasingly sophisticated and thus better at evading detection. To achieve this, polymorphic techniques are used, which allow the malware to change its form to bypass antivirus software.
The manipulation of information using AI is one of the biggest new cyber threats
Unfortunately, AI has opened up a lot of opportunities for cybercriminals. It has become easier to manipulate and deceive people by manipulating information with the help of artificial intelligence. For example, it is possible to mimic someone’s voice using AI. If you think you’re on the phone with a family member or close friend asking for money, it could just as easily be a cybercriminal. In addition, a lot of misinformation is being spread to manipulate people’s views and ways of thinking using AI. Do you receive a suspicious call from someone you think you know? Be vigilant and don’t jump to conclusions too quickly!
DDoS attacks are a nightmare for businesses
A DDoS attack has always been something every company fears, but this risk has now become much greater than it ever was. It is the most frequently reported threat, even more so than ransomware. Here, too, it is striking that cybercriminals are increasingly offering to carry out DDoS attacks for others in exchange for payment. This significantly increases the risk of large-scale attacks. As a result, DDoS attacks are currently one of the biggest cyber threats
Data breaches and attacks on supply chains
Finally, the threat of data breaches is increasing dramatically this year. This is because attackers are taking a much more targeted approach. Attackers also often put more pressure on companies, for example by threatening to make certain data public. As a result, companies are less likely to report a cyberattack or data breach to the police. Cybercriminals are also increasingly choosing to attack companies through their supply chains. They do this, for example, by spoofing emails from a supplier, which immediately gives them access to that supplier’s entire network.
Conclusion: Be aware of the biggest cyber threats right now
Over the past year, therefore, we haven’t really seen the emergence of new forms of cybercrime. Instead, existing threats have grown more severe due to new techniques and the refinement of existing ones. As a result, attacks are harder to detect, and threats are also more difficult to identify. Given the rapid changes in the field of cybercrime, it is important for every company to stay informed about current threats and take appropriate measures. You can never be too careful when it comes to today’s biggest cyber threats!
Warning from the AP
In its “Government Sector Policy,” the Dutch Data Protection Authority (AP) highlights this risk currently faced by government agencies. This risk involves not only the danger of being overly dependent on a service provider, but also all developments taking place within the government regarding privacy. To the public, it often seems that government agencies are still struggling to comply with privacy legislation. They are occasionally reprimanded by the AP for this. One of the concerns is that when the AP discovers vulnerabilities in government agencies’ systems, it often takes too long to address them. Reasons for this include outdated IT systems, a lack of knowledge, insufficient prioritization, or even a combination of all these factors. As a result, it sometimes takes far too long for data breaches or similar issues to be resolved.
The government lacks a great deal of knowledge
The biggest problem, therefore, is actually a significant knowledge gap within government agencies. As a result, it takes too long for outdated systems to be replaced and for problems to be resolved. Knowledge of privacy law is also often insufficient, particularly among executives. When GDPR violations occur, they are often the result of a lack of knowledge. The Dutch Data Protection Authority (AP) recently expressed concerns about GDPR compliance at the Tax and Customs Administration. For this reason, the authority will be scrutinizing this agency closely in the coming period.
The Impact of Generative AI on GDPR Compliance
Unfortunately, there are still many government agencies that believe they don’t need to fully understand privacy issues. The Dutch Data Protection Authority (AP) is now deeply concerned about the impact generative AI will have on government compliance with the GDPR. Many municipalities have already indicated that they intend to experiment with this technology, but this could have significant consequences—especially since many municipalities fail to conduct proper research before proceeding with such experiments.
Compliance with the amended Telecommunications Act
So what exactly has changed in the Telecommunications Act over the past year? We’ll explain. Last year, the Telecommunications Act was amended to include a reporting and duty-of-care obligation for internet service providers and companies offering other telecommunications services. These changes give internet service providers greater responsibility for identifying cyber threats and ensuring digital resilience. Apart from the new obligations, these stricter requirements also signal preparations for the NIS2 Directive, also known as the Cybersecurity Act.
What do the duty to report and the duty of care entail?
The reporting obligation means that internet service providers are required to report any outages or other issues to the RDI as soon as possible. Security incidents must also be reported immediately, so that the RDI can be certain that the appropriate measures are being taken to protect customer data. The duty of care stipulates that an internet service provider must “take appropriate technical and organizational measures to ensure the security and continuity of services.” The goal of the stricter legislation is to minimize security risks as much as possible and ensure that a provider’s services can be restored as quickly as possible following a disruption or other incident. Because incidents are reported quickly, security measures can be improved and greater insight into cyber threats is gained.
Preparing for the NIS2 Directive
In addition to the new obligations being imposed on internet service providers, the RDI will also examine preparations for the NIS2 Directive—which will become the Cybersecurity Act in the Netherlands—during its inspections. This is a technological directive established by the European Commission. The law has not yet entered into force, but it is expected to do so sometime next year. The directive sets stricter requirements regarding the security of network and information systems. During inspections, internet providers can therefore expect to be asked how they are already preparing for the Cybersecurity Act!
The hype surrounding artificial intelligence
Many tech companies currently claim that artificial intelligence will eventually surpass the human brain and be capable of doing everything we cannot. Ask Google, OpenAI, or any other tech company deeply involved in AI, and they will tell you that it is inevitable that this technology will one day be smarter than we are. Many people have even expressed concerns about the development of this technology and what it could be used for, including Elon Musk. As a result, most people are convinced that technology will one day become smarter than humans.
AI will never be smarter than humans
According to scientists at Radboud University, that is certainly not the case. They suspect that the current hype surrounding AI is leading to misunderstandings about what is and isn’t possible with this new technology. Their new publication, titled “Reclaiming AI as a Theoretical Tool for Cognitive Science,” explains why claims about artificial intelligence are exaggerated. Their findings show that there will never be enough computing power to create “artificial general intelligence” that delivers the same cognitive performance as the human brain. In addition, the article explains why pursuing this goal is a futile endeavor and a waste of energy resources and raw materials. After all, some of these are already scarce at the moment!
Collaboration among various universities
The publication is a collaboration between several universities, including Radboud University, Aarhus University, the University of Amsterdam, the University of Bristol, and Memorial University of Newfoundland. All researchers who contributed to the publication are experts in the fields of cognitive science, neuroscience, computer science, and philosophy. People often fail to realize that cognitive science is crucial for understanding claims about the capabilities of AI. People tend to overestimate what computers can do and underestimate what our own brains are capable of. According to the researchers, it is important for the general public to gain more knowledge about AI. Currently, everyone believes the claims made by major tech companies, but that is not a good thing. The goal of the universities is to build a better understanding of AI systems so that people can continue to view the tech industry with a critical eye.
Working from home part-time is the new norm at many companies
A survey by the employers' association AWVN shows that many employers plan to continue allowing remote work. Nearly all employers offer their staff the option to work from home, and seven out of ten do not plan to require employees to return to the office more often. The survey was conducted among more than 350 employers who are members of the association. The association also reports that half of employees regularly work from home and come to the office an average of three days a week. 94% of employers indicate that working from home is practiced in their company.
Employers are positive about the work-from-home policy
Three out of four employers say they are satisfied with the current balance between working from home and working in the office. However, they do indicate that they would prefer to see the office workload spread out a bit more evenly. Currently, the office is always extremely busy on Tuesdays and Thursdays, while there are often very few people there on the other days. Otherwise, however, employers are very satisfied with how working from home is organized. According to the AWVN, employers are so positive about working from home because, in most cases in the Netherlands, there is good consultation regarding working from home. In addition, many employers see the benefits of working from home, according to the association. Consider, for example, a better work-life balance without negative effects on performance.
Employers provide internet allowance for remote work
The AWVN survey also shows that one in three employers—or 33%—contributes to their employees’ internet costs. This is usually done through a fixed allowance, either as a one-time payment or on a monthly basis. In addition, 37% are considering introducing this policy in the near future. A survey by KPN of more than 300 managers in the Netherlands confirms these figures.
Alternative to the internet allowance for working from home
KPN recently introduced an alternative to the employer’s contribution toward internet costs: Internet van de Zaak. This allows employers to easily determine how much they want to contribute toward their employees’ internet costs. The amount they contribute is automatically deducted from the employee’s monthly bill. Of course, both the employer and the employee must be KPN customers for this to work. Easily arranging financial reimbursement isn’t the only benefit of Internet van de Zaak. Through this subscription, employees also gain access to a comprehensive help desk that offers support beyond just internet connectivity. If something goes wrong with the connection at home, this help desk ensures employees are back online in no time!
The government's digital accessibility efforts are lagging behind
Under the Digital Accessibility Act, the government is required to ensure that its apps and websites are accessible, understandable, and user-friendly—including for people who struggle to keep up with the latest technological developments in society. Unfortunately, this is not yet the case in many instances; it appears to remain a problem, particularly at the municipal level. In 2023, only 6% of government apps and websites met the legally mandated accessibility requirements. While 36% of websites complied with the legal obligation, they did not include the tools that people with limited technological skills need to use them effectively.
Improvements over the past year
In the first half of this year, the government invested a great deal of time in making websites and apps more accessible. As a result, the number of accessibility statements increased by 16%. Such a statement indicates that your websites and other applications can be used by people with disabilities. If a resource meets the legal accessibility requirements, it is awarded an A rating. Figures from DigiToegankelijk show that only 6% of government websites and apps currently have an A status, following the improvements made. A B status means that improvements have been made, but that further adjustments are still needed to comply with the accessibility law. The number of declarations with a B status has increased significantly over the past year, by an average of 62% among municipalities. The government is therefore making significant improvements, but still has a long way to go in the area of digital accessibility.
What's behind these improvements?
Why has the government suddenly made such significant progress this year with its improvements in digital accessibility? One reason is that the providers of these websites and apps have made audit reports available to government agencies. This makes it easier for the agencies to justify why they deserve a compliance certificate. In addition, it naturally gives them more insight into what they can still improve on their websites and other digital applications!
What’s next for digital accessibility in the public sector?
The government’s digital accessibility has thus improved significantly over the past year, but it still has a way to go before it is fully compliant with the law. Currently, 40% of government websites and apps meet the legal requirements. That is still less than half, but it represents significant progress compared to 2023.