The progress of digital transformation has inevitably led to new cybersecurity threats. Cybercriminals take advantage of the Covid-19 pandemic, in particular by targeting organisations and companies working remotely.
Parliament has adopted its position on a new EU directive that reflects how cybersecurity threats have evolved and introduces harmonised measures across the EU, including on the protection of essential sectors.
Read more about how the Parliament wants to boost cybersecurity in the EU
Top sectors affected by cybersecurity threats
Cybersecurity threats in the European Union are affecting sectors vital for society. The top five sectors affected, as observed by the European Union Agency for Cybersecurity (Enisa) between April 2020 and July 2021, are public administration/government (198 incidents reported), digital service providers (152), general public (151), healthcare/medical (143) and finance/banking (97).
Main cybersecurity threats
During the pandemic, companies had to quickly adapt to new working conditions – and thus opened new doors and more possibilities for cybercriminals. According to the European Union Agency for Cybersecurity, there are nine prime threat groups:
- Ransomware – attackers encrypt an organisation’s data and require payment to restore access
- Cryptojacking – when cybercriminals secretly use a victim’s computing power to generate cryptocurrency
- Threats against data – data breaches/leaks
- Malware – a software, which triggers a process that affects a system
- Disinformation/misinformation – the spread of misleading information
- Non-malicious threats – human errors and misconfigurations of a system
- Threats against availability and integrity – attacks that prevent the users of a system from accessing their information
- Email-related threats – aims at manipulating people to fall victims to an email attack
- Supply chain threats – attacking, for example a service provider, in order to gain access to a customer’s data
According to the agency’s report, 76% of Europeans believe they are facing an increasing risk of falling victim to cybercrime.
Ransomware
Ransomware is considered the most worrying threat at the moment. It is malicious software designed to prevent a user or organisation from accessing files on their computer. The attackers demand a ransom payment to reestablish access.
Data quoted by the EU Agency for Cybersecurity shows that the highest ransomware demand grew from €13 million in 2019 to €62 million in 2021 and the average ransom pay doubled from €71,000 in 2019 to €150,000 in 2020. It is estimated that in 2021 global ransomware reached €18 billion worth of damages – 57 times more than in 2015.
The average downtime of attacked organisations was 23 days in the second quarter of 2021. In 2021, a corporate ransomware attack occurred about every 11 seconds.
