The end of the European Cybersecurity Month: what’s on the EU’s mind?

October 2022 marked the tenth anniversary of the European Cybersecurity Month, the EU’s annual campaign dedicated to promoting cybersecurity among EU citizens and organizations. The Cybersecurity Month provides up-to-date online security information through awareness raising activities and sharing of good practices. Countless activities took place across Europe, tackling cybersecurity threats and opportunities from the maritime to the health sector. Also, as part of the tradition, the EU’s cybersecurity agency, ENISA published its Threat Landscape report. 

The 2022 European Cybersecurity Month focused on phishingi and ransomwareii. These two types of attacks increasingly impact both European citizens and companies: the Cybersecurity Month website notes that the number of phishing attacks has tripled since the start of 2020. In addition, 2021 saw a 234% increase of ransomware in Europe. 

The increase in cyber attacks demonstrates that European citizens are spending more time online than ever due to both digitalization and the COVID-19 pandemic. With threats always lurking in the background, the EU is proactive in strengthening cybersecurity.  

In this regard, the European Commission has actively responded to the rapidly changing cybersecurity threat landscape by introducing several legislative proposals. The Cyber Resilience Act (CRA) introduces common cybersecurity rules for manufacturers and developers of products with digital elements, covering both hardware and software. Software provided as part of a service is not covered by the proposed CRA. However, the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive) and other sectorial legislation ensure that systems provided as a service or developed in-house provide the same level of protection against cyber threats as products covered by the CRA.  

Want more information about the Cyber Resilience Act? Read our recent blog post here. 

ENISA Threat Landscape 2022 

On 3 November, the European Union Agency for Cybersecurity (ENISA) published its Threat Landscape for 2022, its annual report published following the Cybersecurity Month on the status of the cybersecurity threat landscape. It identifies the top threats and major trends observed with respect to threats, threat actors and attack techniques. 

The Threat Landscape 2022 identifies eight prime threat areas: 

  • Ransomware 
  • Malware 
  • Social Engineering threats 
  • Threats against data 
  • Threats against availability: Denial of Service 
  • Threats against availability: Internet threats 
  • Disinformation – misinformation 
  • Supply-chain attacks 

The Threat Landscape identifies several trends. Among others, ENISA acknowledges the impact of geopolitics on the cybersecurity threat landscape, with a rise in cyber operations by state actors and hacktivism. Furthermore, in the past year, threat actors have increased their capabilities through continuous ‘retirements’ and the rebranding of ransomware groups. This has led to an increased interest from threat or hacker groups in supply chain attacks and attacks against Managed Services Providers (MSPs). ENISA notes that ransomware and attacks against availability, particularly DDoSiii, ranked the highest in the past year. Other increasingly common attacks are phishing, malware and extortion.

Moreover, novel, hybrid and emerging threats – see for example the Pegasus spyware case – are marking the threat landscape with high impact. Cyber attacks are increasingly targeting critical infrastructure. Belgium is one of the countries which is increasing its digital security for critical energy infrastructure. According to its national center for cybersecurity, the threat towards the energy sector in Belgium has increased. Data compromise is increasing year on year, while Machine Learning (ML) models are increasingly becoming the target of attacks. Finally, AI-enabled disinformation and deepfakes are increasingly popular forms of cybersecurity threats. 

The Cyber Resilience Act and the NIS 2 Directive demonstrate that the EU is taking cybersecurity seriously. This is necessary because, as the 2022 Threat Landscape shows, the cybersecurity playing field is changing rapidly.  

Learn more about our EU Digital & Tech services 

Thanks to its expertise working with clients in the digital sector, Dr2 Consultants is expertly placed to assist your company in identifying the impact of and leveraging the opportunities offered by developments in EU cybersecurity policy. 

Dr2 Consultants offers tailor-made solutions to navigate the evolving policy environment at EU level and anticipate the impact of the EU digitalization legislation on your organization. Visit this webpage to learn more about our EU Digital & Tech services. 

For more information on Dr2 Consultants’ full range of services, don’t hesitate to contact us.