Europe gets serious about digital hygiene as cyber threats mount

Recently the European Commission, the executive arm of the EU, presented its plan for a formal cybersecurity unit.

With ransomware attacks continuing to rise across the globe, the European Union is attempting to turn challenge into opportunity with a joint cyber security unit lavishly supported in part by Covid-19 recovery funds.

Recently the European Commission, the executive arm of the EU, presented its plan for a formal cybersecurity unit. When implemented it will enable national governments of member countries hit by cyberattacks to ask for help from other countries and the EU, including through rapid response teams that can swoop in and fight off hackers in real time.

Clearly a new day is dawning as countries emerge from a once-in-a-century pandemic. With it is the new reality of heightened cyber awareness — and the money and institutions to back it up.

The world moved even more online due to the Covid-19 pandemic and with that came an even greater number of cyberattacks. Today literally hundreds of ransomware attacks are ongoing as hackers hold businesses and institutions hostage, often demanding untraceable digital currency to supply codes to stop the destruction. Many of the attacks might be undisclosed as compromised companies avoid publicity.

One recent attack with global reach also hit companies in Europe. Swedish grocery chain Coop kept most of its 800 stores closed for several days last week because their cash register software supplier was crippled in the attack. In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised. Two big Dutch IT services companies were also among reported victims.

In a separate, rather perplexing incident, the district of Anhalt-Bitterfeld in the eastern German state of Saxony-Anhalt says it was the victim of a cyberattack and formally declared a disaster after hackers infiltrated its computer systems.

Officials in the relatively small district wondered why hackers would be interested in such an obscure target — but it was newsworthy for the precedent it set. The district was able to declare a formal emergency and receive federal funds for recovery, a mechanism normally used in natural disasters.

Even before the pandemic, as more work and business went online, the European Commission had already identified cybersecurity along with climate change as crucial in the coming years. President Ursula von der Leyen placed an emphasis on Internet security, privacy and policy when she took office in 2019.

And as the world moved even further online, ransomware and other cyberattacks surged. At the recent meeting to formally adopt the EU Joint Cyber Unit, European Commission vice-president Margaritis Schinas said a recent hack on US fuel supplies was the “nightmare scenario that we have to prepare against”.

With incidents in Europe rising from 432 in 2019 to 756 in 2020, the commission says cyberattacks already pose national security threats to member countries.

The European Union Agency for Cybersecurity (Enisa) will oversee the formation of the special cyber unit. It plans to have assessment and organisational plans in place by the end of this year and be operational at the end of 2022.

Apostolos Malatras, a team leader at Enisa, told the Press that with the pandemic “a lot of services were provided online and that happened in a kind of rush, so security was an afterthought”. At the same time people stayed indoors and had time to explore vulnerabilities in systems and critical infrastructure, he added.

Based on surveys of businesses by the British security firm Sophos, the average cost of a ransomware attack has doubled to about $1.85 million this year, including insurance, business lost, cleanup and any ransomware payments.

But the cost is immeasurable when it comes to human health and lives. An ongoing ransomware attack on Ireland’s health service will reportedly take months and 100 million euros to clean up. It will also have “large human costs”, said health service chief Paul Reid.