Increasing resilience to fight cyber-threats in Europe
Europe is facing a growing cyber-threat against its physical infrastructure. According to the latest FireEye-Marsh & McLennan Cyber Risk Report, financial services, manufacturing and telecommunications feature among the sectors that are most frequently targeted in Europe. Moreover, governments are a primary target for hackers across the continent. At the same time, companies in Europe take three times longer than the global average to detect a cyber intrusion.
What the Wannacry and the recent Nyetya attacks clearly reveal is that while thousands of computers have been attacked in the world, millions have not. This shows that if proper security measures are taken, they work. Measures such as software updating, encryption of sensitive data and periodic back-up of data on independent systems or in the cloud could dramatically reduce the damaging effects of these cyberattacks.
Europe needs to increase the resilience of its infrastructure through raising cyber awareness, especially among SMEs, improving cybersecurity capacity-building of its infrastructure and playing a more prominent role in the global cybersecurity policy arena.
The report of the High-Level Group of Scientific Advisors on Cybersecurity to the European Commission underlines that too many people in Europe still use weak passwords (such 1234) and whereas individuals care a lot about their privacy in the offline world, they easily give out private data online via social media. It is mandatory for Europe to engage citizens and SMEs on strong cybersecurity awareness programmes and develop a long-term approach to deal with the shortage of cybersecurity skills in Europe.
In terms of cybersecurity capacity-building, the EU and its members have made significant progress since 2013, when the Cybersecurity Strategy was launched. Recently the Commission launched the Private Public Partnership on Cybersecurity to foster the development of a European cybersecurity industry. Still, there are big differences among the member states in terms of cybersecurity policies, legal frameworks and operational capabilities, such as risk management practises. The Implementation at national level of the network information security (NIS) Directive should offer the opportunity to reduce gaps in cybersecurity across Europe. It is also important to realise the role that economic tools such as legal liability and the creation of a cyber-insurance market could play to change companies’ attitudes and behaviour towards cybersecurity.
The forthcoming revision of the Cybersecurity Strategy also calls for the definition of specific principles for member states to follow in developing a European ‘vulnerability equity process’ with a clear priority given to reporting software vulnerabilities to vendors.
Finally, the new international landscape after the election of President Trump in the US could represent an opportunity for Europe to play a major role at the global cybersecurity policy level. The Budapest Convention on Cybercrime has played an important role so far. At the moment, however, we face a stalemate on global measures to combat cybercrime. Europe should attempt to break this stalemate with ad-hoc initiatives toward states such as China, India and Brazil.