How Europe wants to protect its IT infrastructure in the future

The number of cyber attacks by various actors continues to grow. The Vectra AI Security Leaders Research Report provides clear results: The international study surveyed 1,800 IT security decision makers in companies with more than 1,000 employees. Three-quarters of respondents experienced a significant security event in their organization from February 2021 to February 2022. Nearly 75% believe they may have been attacked and were unaware (IT forensics, by the way, can fill this knowledge gap). Over 83% are certain that traditional approaches do not provide protection against modern threats.

The results of PwC’s 25th Global CEO Survey on cybersecurity paint a clear picture: more than two-thirds of global CEOs are concerned about IT security and see their company’s sales and productivity at risk.

Cybercrime Magazine estimates the annual cost of cybercrime worldwide will exceed $10,000 billion by 2025. A global survey conducted in 2022 found that around 46% of the companies surveyed in Germany had been the victim of a cyber attack at least once. On average, around 49 percent of the companies surveyed from the various countries said they had experienced at least one cyber attack in the last 12 months. The volume of ransomware attacks alone doubled in 2021 and now exceeds 600 million.

However, cybersecurity is not just about numbers and statistics, but about the existence of companies and organizations as well as the fate and health of citizens in Europe and around the world. For this reason, the European Commission, together with senior representatives of foreign and security policy and various national authorities, presented a European Cybersecurity Policy back in 2013, which has been significantly modernized and expanded since 2020.

The focus here is primarily on the security of critical infrastructure and basic services such as hospitals, energy networks and railroads. Here, too, IT is playing an increasingly important role. In addition, there are networked objects in private homes, offices and factories.

It’s also about the security of the ever-increasing number of connected objects in our homes, offices and factories..

The European Cybersecurity Policy focuses on collective capabilities in the fight against cybercrime

The European Cybersecurity Policy is intended to further promote the development of cross-border cooperation. In doing so, collective capabilities of participating states, companies and organizations should help European Union countries and their partners respond effectively together to major cyberattacks. Examples include the Horizon Europe program or cPPP. Within the framework of these programs, the EU invests in the security of public authorities and their international cooperation.in addition, there is the competence center for cyber security called Atlas. This pools the expertise in the European Union with regard to cyber security. The center aims to advance the use and development of security technologies in the EU. We address these and other areas in further sections of this paper.

To respond effectively to cyber threats, collective resources and shared expertise in the EU are important. To this end, the European Competence Center for Cybersecurity in Industry, Technology and Research (ECCC) will pool expertise and coordinate European development and deployment of cybersecurity technologies.

It is clear that most cyberattacks are carried out from abroad. The attacks are cross-border and at the same time many attacks have the potential to affect the entire EU. For this reason, the European Cybersecurity Policy stipulates that individual countries in the EU must have robust government agencies capable of monitoring cybersecurity in their own country and cooperating with authorities from other countries.

This is especially vital for the critical infrastructures mentioned above. Blueprints are already available for participating organizations to respond quickly and effectively to large-scale, cross-border cybersecurity crises. This lists objectives and modalities by which Member States should engage EU institutions in the response. This will allow the various cybersecurity assets to be shared at the EU level and deployed in the most optimal way.

The « Directive on security of network and information systems » (NIS) already ensures that the countries in the EU work closely together in this area. Already at the end of 2020, the NIS2 Directive is being implemented, which is intended to further advance cybersecurity in the European Union.

In the future, the EU wants to standardize and thus improve cybersecurity

The EU is striving within the framework of the European Cybersecurity Policy to ensure that the cybersecurity of IT products and services is tested and certified through uniform standardization. However, a uniform system can ensure that citizens in the EU can better trust a certified service and certified products. ENISA is to be the driving force here.

In this context, the EU-wide introduction of 5G also plays an essential role in the European Cybersecurity Policy. However, there are also numerous gateways for attackers.

Of course, those responsible are keeping a watchful eye on the Chinese company Huawei, which is suspected of using the technologies for espionage for China. The USA is also keeping a close eye on Huawei, even though the sanctions imposed are currently to be eased again.

Covid-19 was an accelerant for cyberattacks: the EU’s response is Horizon Europe

During the covid-19 pandemic, many companies connected their mobile or home office employees to their networks. This has further exacerbated the number of cyberattacks because criminals have focused on home-based employees in a big way. More than 80% of all reported security incidents are phishing attacks. Google recorded more than 2 million phishing sites in January 2021, up from 1.7 million in January 2020, a 27% increase in just 12 months. Criminals are using this to obtain user credentials, which they can also use to attack corporate and government networks. Remote access data is now a coveted object of trade in relevant Internet forums.

Horizon Europe is an EU security program with which the European Union aims to promote cybersecurity innovations for companies, especially in the electricity and energy systems and other critical sectors. Already in recent years, the EU has invested heavily in IT security and collaboration between public authorities and businesses through the Horizon 2020 and cPPP programs. The Horizon Europe budget is expected to be nearly €95 billion between 2021 and 2027.

The focus is on international cooperation in the EU to jointly respond to attacks from the community of states. In this context, the Digital Europe programme is to invest nearly €2 billion in services and solutions to improve cybersecurity. In addition, InvestEU is to bring together various financial instruments and promote cybersecurity products and services as part of the EU’s economic stimulus package. All these programs occupy a major place in the European Cybersecurity Policy.

The various programs and organizations already established in the EU under the European Cybersecurity Policy are tasked with protecting our free life in the EU as best they can. Problematic is the lack of security experts to help fight cybercriminals and state actors, and to ensure the protection of the IT infrastructure in the EU. Ultimately, the European Cybersecurity Policy’s main task is to protect our health and the stability of the community of states from cyberattacks.