From the EU to companies to individual users
With their massive walls and rising towers, fortresses are among the most impressive creations of humanity. They remind us that not that long ago people would feel protected from invaders only when hiding behind strong walls and deep moats.
Today, fortresses are tourist attractions that have little common with our dynamic, modern lives. However, the reality is rather different. Just like our forefathers, we are exposed to constant attacks on our security, finances and business. As we are living in an increasingly immersive digital environment, we are under the invisible threat of cybercrime of all types and scales – data, identity and crypto theft, ransom, disinformation... The scale of the threat is impressive. According to the annual report of Cybersecurity Ventures, the global damages caused by cybercrime will reach $8 trillion in 2023 and are projected to amount to $10.5 trillion in 2025.
The growing digitisation of life along with the ongoing digital transformation of companies and governmental organisations are a key factor for the growth of cybercrime. The Covid-19 pandemic and the war in Ukraine additionally deepened these processes. The lockdowns forced thousands of companies to send their employees to work from home on unsecured personal devices and Internet connection. The hot war in Europe, for its part, went cyber as well, including disinformation.
The most important threats on Europe's cybersecurity today, according to the EU's Cybersecurity Agency (ENISA), are ransomware, malware, social engineering (phishing belongs to it), data theft, Denial of Service attacks, disinformation, supply chain attacks. The most affected sectors in the EU are the public and governmental institutions (24% of reported incidents), digital services providers (13%), the general public and the services (both 12%), banks and finance institutions (9%), healthcare organisations (7%).
On this background it is clear that the companies should reconsider their attitude towards their cybersecurity if they want to stay in business and to protect their and their clients' crucial data and assets. "In order to be properly protected, the companies should be adaptable and should build a complete cybersecurity strategy with clear goals, policies and procedures for data and IT protection," says Ralitsa Karamfilova, Strategic Development Manager at LIREX (www.lirex.com), a leading IT company in the field of ICT. "The companies need regular auditing and employee training to be sure that their resources meet the latest cybersecurity standards. It is crucial to encourage use of complex passwords and two-factor authentication, and to build backup copies of all the important data and systems that will allow a quick recovery after a possible cyber breach."
Threats are developing with such speed and are so diverse that the creation of dedicated teams of cybersecurity professionals is beyond the capacity of most companies. The only effective solution is the partnership with a reliable partner who knows in detail the modern cybersecurity landscape and can offer an adequate solution and service to the particular business and company. In the best case scenario, it covers not only the technological side of the task, but also offers maintenance services and focuses on training the employees of the client company to recognise threats such as phishing and to react adequately. In short, such partnership is an investment that pays off in more than one way.
In the equation of modern cybersecurity there is an important variable that should not be underestimated – the increasingly rapidly developing AI.
"AI will play an increasingly important role in cybersecurity, and its use is sometimes referred to as an arms race, as malicious actors and security agents race to ensure the most sophisticated algorithms are working on their side, according to Forbes," says Iva Tasheva, co-founder of the consultancy company CyEn (phone: +32 493 405 612, www.CyEn.eu). "As a threat, ENISA positioned 'AI abuse' at 10th place in its recent 'Top 10 emerging cybersecurity threats for 2030' report. However, AI in itself does not pose a different threat than other systems. All people, systems and processes need to be secured and whether threats are operated or targeted by a machine or a human should not make a difference. Having a solid cyber resilience strategy is the key for protecting any business. AI is also an opportunity, used for cybersecurity threat hunting, incident detection, and reaction (e.g. compromised devices containment). Because AI reduces the time to respond to cyber incidents, organizations can potentially save an average of more than $2.5 million in operating costs by investing in AI-enhanced cybersecurity solutions."
Organisations and individual users are not alone in the battle for protecting their data, finances and business. States and supranational organisations recognised the importance of this threat and initiated a series of measures designed to curb cybercrime. Last November, for example, the European Parliament upgraded the European law to bolster investments in strong cybersecurity for essential services and critical infrastructure. The Parliament also approved stricter cybersecurity requirements in 11 key sectors such as energy, transport, banking, healthcare, digital infrastructure, and public administration. The NIS2 directive requires organisations and companies in these sectors to take risk management measures. The obligations of the separate EU countries for cyber risk management are also expanded.
"Until recently, cybersecurity was not perceived as a topic of national and transnational importance. This is changing before our own eyes and will continue to change even faster in the years to come," says Sezen Anefi, Co-Founder and CEO of Diamatix (Kavarna, 57 Bulgaria St, phone: +359 875 328 030, diamatix.com), a Bulgarian cyber security and resilience company. "The main goal of the European and global regulatory bodies is to achieve a unified high level of cybersecurity and cyber hygiene in general on a national and global scale that will provide harmonised resistance to and prevention of organised international cybercrime. It is also interesting to note the trend of shifting the focus of cybersecurity towards manufacturing – the so-called shift left paradigm. It aims to implement good practices and technologies in the manufacturing cycle of each made-in-EU product with a digital component that will guarantee that the item meets high standards of cyber security as early as the design stage."
When cybersecurity is seen from this angle, the association with the erstwhile fortresses becomes even more relevant. Both then and today, strong walls and advanced technological solutions were not enough to guarantee the security of the fortress or the organisation. The people who know how to organise the defence, find allies and provide key resources are the ones who will actually stop or prevent the attacks of invaders and bad agents. Once, thanks to them, fortresses could repel invaders. Today, with their help, individual users, companies and organisations of all sizes and character can calmly do their jobs and live freely despite the digital threats.