Wie, seriously, do you think the EU is taking cybersecurity? Let’s look at the numbers.
As of 1 day ago, there were 2,289,599,662 breached records from 556 publicly disclosed incidents in the EU. The most common attack was ransomware attacks, and it was predicted that as many as 60 % of businesses affected by ransomware attacks paid the ransom fee.
In 2022, the EU broke the record for the largest-ever DDoS-Attack, reaching 853,7 Gbps and 659,6 Mbps over 14 hours. One final statistic for you: There was a 57 % Surge in cyberattacks in the EU in 2023. Even with regulations like the Nis2 directive and GDPR, there’s still surging attacks.
So, with all that in mind, do you think EU-governing bodies are taking cybersecurity seriously enough? Read on to find out.
The Most Common Cyber Attacks in the EU
As cyber threats are on the rise, Europe faces several key threats. Here are some of the most common:
- Phishing: Phishing is another prevalent form of attack. Cyber-criminals deceive people into providing sensitive information such as their login IDs or bank account details by sending deceptive E-Mails or Messages to them. Such attacks commonly result in identity theft or unauthorized access to systems.
- Distributed Denial of Service (DDoS): With DDoS, outages, networks, or services are overloaded with massive amounts of traffic simultaneously, rendering them inaccessible to users. These Attacks might hit critical infrastructures, causing massive disruptions.
- Advanced Persistent Threats (APTs): These come from hackers who gain access to private networks over long periods to steal confidential information gradually.
There are more, like ransomware, that you can read about here.
EU’s Cybersecurity Policies
The European Union has put in place various policies aimed at securing its digital infrastructure and citizens. For example, the General Data Protection Regulation (GDPR) is a regulation that imposes strict requirements regarding data protection and privacy that organizations should comply with, including highly punitive penalties for Breaches.
Another crucial policy is the Network and Information Security (NIS) Directive, which seeks to ensure the high-level security of networks and information systems within the EU domain.
The Directive prescribes security measures for operators of essential services and digital service providers and requires the reporting of significant incidents.
The EU Cybersecurity Act strengthens the role of ENISA – the European Union Agency for Cybersecurity – while establishing an EU-wide cybersecurity certification framework for IT products, services, and processes meant to create trust and security in digital products and services.
One final measure – the EU has created the Cybersecurity Competence Centre and the Network of National Coordination Centres to facilitate cooperation and exchange of knowledge between member states.
What Does the EU Do to Protect Against Cyber Attacks?
The EU has done several things to protect itself against cyberattacks – some are better than others. One of the best is the ENISA we mentioned above, which should enhance Europe’s Cybersecurity Capabilities.
ENISA provides technical expertise, coordinates responses to cyber incidents, and assists member states in implementing European Union Cybersecurity Directives and Regulations.
Another measure the EU takes is through public-private partnerships, which can help strengthen cybersecurity. You could argue this creates more channels of vulnerability, but the EU thinks it works well.
One key initiative is the European Cyber Security Organisation (ECSO), which combines professionals from different sectors to develop and deploy security solutions.
ECSO focuses on promoting innovation, conducting cybersecurity research and development, and adopting best practices across Europe. We like this approach because it’s more proactive.
And, through the Cybersecurity Act, the EU has implemented a framework for certifying IT products, services, and processes. By doing so, it wants to guarantee digital products are developed with high-security levels, thus increasing trust and confidence within digital-economy-environments. The EU’s Cybersecurity Act is pretty comparable to other areas of the world, like the US.
The EU has also performed regular cybersecurity exercises, including the Cyber Europe Exercises, to test and enhance the resilience of its digital infrastructure.
Member states, EU institutions, and private-sector-partners follow these exercises, which aim to improve coordination and response mechanisms in case of Cyber-attacks. Does it always work? Not. But it’s the thought that counts.
The Effect of Cyber Attacks on European Citizens
EU-Citizens are heavily affected by cyberattacks – the statistics show it. But we’re not just statistics, we’re people, so how is it affecting us? If critical infrastructures like healthcare systems, transport networks, or financial services are targeted, there can be serious disruptions affecting daily life.
Hospitals, for example, may experience extended treatment periods and compromised quality of health care because of ransomware attacks. Even with identity lifecycle management to manage user access, these types of attacks are common. And yes, hackers don’t care that it’s a hospital with sick people; they want the money.
Identity Theft is also a major concern. The research is outdated now – but in 2020, 50% of EU citizens reported experiencing at least one type of fraud. And yes, the figures might be old, but if cyber threats are increasing across the board, we can assume identity theft cases are the same.
Cyber attacks can quickly fade trust in digital platforms and services. When companies fail to protect their customers’ data, the growth of the global economy will be hampered, reducing confidence in online transactions and digital communications.
And it’s already happening. How can we only be halfway through the year and already have billions of breached records? Does it not put you off shopping online?
The implications on people’s mental state are also worth mentioning. Whether it’s being part of cyberattacks, fear of becoming a victim increases anxiety, or having to deal with the aftermath of resetting passwords, wondering if someone will take the money from the bank account, they’re all things people become consumed by.
Yes, the EU does just as much as any other governing body to take cyber security seriously – perhaps it’s just the fact that cyber-attacks are becoming impossible to avoid.
If you look at everything we’ve discussed, the EU almost has an endless list of defenses and organizations to protect against cyber attacks. But come on, if the Pentagon can become a victim of a cyber attack, can’t we all? Still, maybe.