Cyberattacks that threaten the security of companies within the European Union are becoming more frequent, complex and increasingly more destructive. Back in December 2020, following a year of adjusting to social distancing and téléworking, the EU shared its Cybersecurity Strategy (EUCSS). A key focus to the strategy was to help the EU build and strengthen resilience against major security breaches and state targeted cyberattacks.

In the year that followed, Covid19 complications continued to create a climate of hybrid working formats whereby people relied on technology to connect to colleagues and carry out tasks. As such, 2021 was a key year for digital transformation and by consequence, conversations surrounding multi-cloud and hybrid cloud systems became a common occurrence.

At the end of February 2022, Russia launched its invasion of Ukraine, signalling a new era of cyber warfare. The Financial Times documented how Russia was able to target state banks and Ukrainian ministries, as well as defacing 70 Ukrainian websites leaving behind the message: “Be afraid and expect the worst.” It was further stated in the same article that Russia has been the most active nation state hacker and by consequence, has been able to develop dangerous cyber capabilities. In October 2021, Microsoft published its Digital Defence Report, stating that 58 per cent of all known nation state cyber attacks were caused by Russia in 2021. Such evidence has caused some commentators to speculate that it is only a matter of time until the western world experiences a ‘cyber Pearl Harbour’.

In the context of Covid19, increased digitisation and the onset of war, we are reminded once again that cyberattacks can often be events driven and a direct reflection of a crisis situation.

Since 2020, the conversation surrounding cybersecurity and cyber defence in the EU has intensified. As a result, the European Union continues to invest in cybersecurity. In April 2022, Locked Shields took place. It is the globe’s largest and most complex cyber defence exercise that takes place internationally in real-time. It has been organised yearly, every year since its inauguration in 2010 by the NATO Cooperative Cyber-Defence Centre of Excellence (CCDCOE). The event included over 2000 participants from 33 countries. The exercise enables experts within the cybersecurity space to deepen and develop their skills in the context of defending national IT systems. There is a great focus on providing candidates with realistic scenarios, whilst using cutting-edge technologies and engaging a complex strategy that requires legal and communication aspects.

Whilst the above example is an example of government and state supported training to intensify efforts for robust cyber-defence, companies and organisations in the EU must also do the same. Cyber-defence must become a priority for European based firms as the continent continues to explore ways to shape Europe’s digital future. No matter how small the business, once it interacts with technology, it is exposed to cybersecurity risks. By consequence, businesses must be prepared for such events and implement cyber insurance policies so that, if and when they are exposed to an attack, they will be able to recover from it. However, recovery is one piece of the jigsaw. Building resilience, increasing awareness and strengthening defence is just as important. Businesses must work alongside cybersecurity experts and invest in training their staff to appropriately and intelligently deal with any breaches. In 2022, the cyber climate is only becoming more and more sophisticated and the threat of attacks is intensifying. Investing in cyber-defence is therefore a key priority for all business owners moving forward.

Source: written by George Ralph, Global Managing Director & CRO at RFA.