Europe’s response to growing cybersecurity threats

Governments and businesses alike are girding themselves against cybersecurity threats, as hackers keep finding new ways to steal and reveal our data. These threats will become the new normal, but as John Higgins warns, we can still do a lot to protect ourselves.

Amid all the recent cyberattacks on governments, business and individuals, there was one that struck me particularly. It happened last May, at a cyber-security conference in the Netherlands. In a demonstration onstage, one of the speakers pulled out Raspberry Pi device and downloaded dozens of numbers from the smartphones of attendees. The speaker was just 11 years old.

That an 11-year-old “cyber ninja” can hack into Bluetooth devices is alarming. As the boy, Reuben Paul from Austin, Texas, told the audience at the World Forum in The Hague, any connected device can be used to steal private information such as passwords. “From terminators to teddy bears, anything or any toy can be weaponised,” he said.

Computers, smartphones, the internet are so integral to our lifestyles that it is now almost impossible to imagine living without them. And this is only the beginning. From connected cars to smart factories and supply chains, robots to artificial intelligence, we’re rapidly building our whole world on top of a massive network of servers and telecommunications.

Where the money is

The notorious thief Willie Sutton was known for his apocryphal reply to the question of why he kept robbing banks: “Because that’s where the money is.” Whether he said it or not, his answer tells us why cybercrime is on the rise: The past 12 months has seen a surge in malevolent cyber activity. Organised crime is seizing opportunities online, and the bad guys are as well organised as any industry. Earlier this year, businesses and national cyber security authorities across the EU were shaken by large-scale hacking attacks, like the WannaCry and Petya viruses.

The criminals have efficient supply chains, and according to some figures, cybercrime will cost  $2.1 trillion globally by 2019, an almost four-fold increase on 2015. Money’s parallel allure, power, explains the other big and growing abuse of this infrastructure, political manipulation and through fake news and propaganda; much of it state-led, well-disguised and difficult to trace.

In September, Commission President Jean-Claude Juncker said in his annual State of the Union speech that there were more than 4,000 ransomware attacks per day in the last year and emphasised that 80% of European companies experienced at least one cyber security incident in that period. Cyber security attacks can be “more dangerous to the stability of democracies and economies than guns and tanks” he said.

 The EU’s cyber plan

The good news is that Europe is increasing its capability to tackle the threat. In his speech, Juncker announced a massive cyber security overhaul, adding funds and new powers for the EU Agency for Network and Information Security (ENISA), which has been operational since 2005. The Commission’s proposal gives the Crete-based ENISA a set of new powers: it will be in charge of a new EU-wide certification scheme, and will coordinate between member states’ national authorities when there is a wide-scale cyber security attack.

Industry has a big part to play; too the risks of getting it wrong are significant and potentially costly. The private sector operates most of the technical infrastructure and has a big stake in making sure that Europe’s future plans work. Industry must help make sure the certification scheme is effective. We need risk-based, agile and proportionate responses, an approach which is counter-cultural for many security professionals. Fortunately, ENISA and Europe’s cyber policy makers have a good track record of listening to industry. The private sector needs to step up and engage.

Strengthening Europe’s cyber defences also depends on the very best co-ordination with and between member states. It’s a cliché that cyber security does not stop at a national border, but it does not make it any less true. Today many large countries have their own national certification schemes in place. History shows us that when security is at stake, EU member states find it harder to operate at a European level, let alone at an international level. This will not be good enough to deal with cyber threats.

Everyone needs to be vigilant

There are things we as individuals can do too. Technology alone is not the answer, people and processes are important. The cyber world reflects the physical world. We can never guarantee 100% safety but institutions, the private sector and individuals must learn about and then take sensible steps to minimise risks – in the cyber world as we do in the physical world. As the threats evolve, so our approaches to staying safe need to evolve too. We no longer think we need a man with a red flag to walk in front of cars, and likewise, we need to adapt to what is happening online.

Even if the online world is not always as intuitive as the real world, we need to keep learning new tricks. Staying safe is vital for individuals and organisations. It is good news that the cyber threat got called out in Juncker’s State of the Union speech: more money and resources will be needed. But industry and we as individuals need to play our parts too.


Burson-Marsteller Senior Advisor John Higgins is the former Director General of DIGITAL EUROPE, and former chief executive for TechUK. John also chairs the Global Digital Foundation.



Leave a Reply