The Russia-Ukraine conflict has defined a new era for cyberwarfare. Particularly in the last quarter of 2022, there was a clear transition from a cyber war focused mainly on Ukraine and Russia to a cyber conflict across Europe.
Although Poland – along with other Baltic and Nordic countries – has been the preferred target for months , now most of the European Union (EU) is being affected by cyber escalation. In other words, cybercrime is increasing in number and sophistication across Europe.
Whereas in the beginning of 2022 EU countries suffered 9,8% of global cyberattacks, in the third quarter that percentage rose to 46,5%, according to Thales’ 2023 report. Moreover, in the first quarter of 2023 80,9% of cyber incidents have taken place inside the EU.
Let’s understand what this means for Europe and how the EU members are reacting.
Why is Europe being targeted?
First and foremost, because of geopolitics. Due to the unstable international situation driven by the Ukraine-Russia conflict, the European Union Agency for Cybersecurity (ENISA) expects “to observe more cyber operations being driven by geopolitics in the near to mid-term future”. This means more malicious and potentially damaging cyberattacks will occur within the EU, especially on critical infrastructures.
The main motivations of cyberattackers targeting Europe are to access sensible or classified data, as a way of provoking disruption or damage. Financial gain is behind some incidents as well, but in these cases there is more of a personal motivation, not necessarily linked to the Ukraine-Russia circumstances.
Which sectors are more at risk?
There has been an increasing focus on critical infrastructure in sectors like public administration/government, energy, aviation, healthcare, and banking. Companies located near areas with geopolitical tensions – such as Ukraine or Russia – are also more likely to be targeted by cyberattackers.
More recently, several European countries – such as the United Kingdom, Denmark, Norway or the Netherlands – have warned that their energy infrastructures are on high alert, due to suspicions that gas pipelines, wind farms, power and internet cables, among others, are being targeted.
Types of cyberattacks
In the first quarter of 2022, cyberattacks included, more or less equally:
- Data leaks and theft;
- DDoS (Distributed Denial of Service): when the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites;
- Malware: malicious software that aims to steal or damage data. It includes rootkits, trojans, viruses, dialers and worms;
- Ransomware: it’s one of the most destructive cyber threats, since it’s basically a malware that encrypts data, leaving victims in the position of having to pay a ransom to avoid losing access to their data;
- Phishing campaigns: malicious e-mails or messages that look legitimate in order to trick users into providing sensible information or downloading malware;
- Social engineering: activities that attempt to exploit a human error or behavior to gain access to information or services.
However, the last quarter of 2022 saw an increase in the number of DDoS attacks (to around 75%), specifically against companies and governments. Additionally, ENISA warns that this type of threat is getting larger and more complex.
How is Europe tackling these threats?
Considering that one cyberattack in a particular country could affect Europe as a whole, the EU has been carrying out several initiatives to help neutralise cyber threats and protect critical infrastructures across the continent.
One of those initiatives is the regular meeting of European Cyber Commanders (CYBERCO), which aims to improve cooperation between cyber defense decision-makers and to contribute to a better response in case of large-scale cyber incidents or cross-border crisis.
In terms of policy and legislation, the NIS2 Directive is the EU-wide legislation on cybersecurity and therefore the most important. There is also to consider the EU Cybersecurity Act, the Cyber Resilience Act, and the Cyber Solidarity Act.
When it comes to addressing the Ukraine-Russia crisis specifically, the EU has deployed its Cyber Rapid Response Teams (CRRTs) across Europe in order to support Ukraine – this initiative helps member states ensure cyber resilience and collectively respond to cyber incidents.
Overall, investing in cyber defence seems to be a trend that extrapolates the European reality – according to Gartner, spending on information security and risk management products and services is expected to reach more than $188.3 billion in 2023. Within 3 years, this same investment is expected to increase by over 40%.
One thing is for sure: the cyberwar is not going anywhere.
How can individuals and companies protect themselves?
The European Union Agency for Cybersecurity (ENISA) shares some valuable tips with employers who want to secure their business and staff working from home. Here are some of those recommendations:
- For employers:
- Develop good cybersecurity culture;
- Provide appropriate training;
- Ensure effective third party management;
- Develop an incident response plan;
- Secure access to systems;
- Secure devices;
- Secure your network;
- Improve devices’ physical security;
- Secure backups;
- Engage with the cloud (although with some precautions);
- Secure online sites;
- Seek and share information related to cybercrime.
- For staff:
- Use corporate (rather than personal) computers where possible;
- Connect to the internet via secure networks;
- Avoid the exchange of sensitive corporate information (e.g. via e-mail) through possibly insecure connections;
- As far as possible, use corporate Intranet resources to share working files;
- Data at rest, e.g. local drives, should be encrypted (this will protect against theft / loss of the device);
- Antivirus / Antimalware must be installed and be fully updated;
- Lock your screen if you work in a shared space;
- Do not share the virtual meeting URLs on social media or other public channels.
Alter Solutions has been developing its cybersecurity services and providing certification to its consultants, namely in France – as part of the Cyber Campus initiative – and Germany. Our services include Cybersecurity Management, Architecture & Build, Audit & Control, and Cyberdefence.