Alyn Hockey, VP of Product Management at IT security firm, Clearswift, discusses why effective and smarter cyber security has to underpin Europe’s digital future
The European Union (EU) recently (19.02.20) announced a new strategy and series of proposals which made clear its approach to data, artificial intelligence (AI) and platform regulation over the next five years and beyond.
Two whitepapers on AI and data will be supported by a third document, ‘Shaping Europe’s digital future’ that will act as an overarching five-year policy roadmap. Collectively known as ‘Europe’s Digital Future’, the major policy initiatives are designed to position Europe as the global leader of digital transformation, and in doing so reduce dependence on non-EU owned tech firms.
Europe is a continent rich with digital talent and such lofty ambitions should be well within its compass, providing the EU can harness feedback from industry and national Governments over the next three months and utilise that to inform progressive but realistic policy.
But any major technology push must always be mindful of the evolving threat from cyber criminals. Collaborating around data can lead to vulnerabilities, and smarter cyber security must be a priority for Governments if Europe’s digital future is to thrive.
The need for a digital future
Making more effective use of AI and data for citizens, businesses and Governments is a pressing need. Such technologies can be incredibly powerful and have a true and lasting impact, with citizens able to flourish and engage in the digital society, and businesses able to benefit from a framework that allows them to ‘start up, scale up, pool data, innovate and compete with large companies’.
But such an open and collaborative digital environment needs to be secure from cyber-attacks and the hackers that perpetrate them. Safe collaboration is essential – between businesses, Government departments and Governments across borders. Yet there is more threat to collaboration than ever before. Nation-state attacks, data breaches, malware and ransomware are all factors that can and will impact this, taking down key infrastructure, stealing valuable data and impacting the ability to work with each other effectively.
There is also the looming issue of Brexit to consider. The UK has long considered itself a key player in European technology and London remains a hub for many of the continent’s most innovative technology businesses. The UK recently set a date for Brexit – 31 December 2020 – which means that from that point on it stands outside the EU and also the EU’s digital future strategy.
However, one would hope that at some point a new deal will be agreed that sees the UK remain a key partner of the EU, as in terms of technology, digital transformation and cyber security, such collaboration is highly beneficial to both parties.
The emerging cyber security threats
The cyber security threats facing Government and business are many and varied. Malware and ransomware have been two of the more high-profile types of attack in recent years and both remain a significant threat to Europe’s digital future.
Ransomware is malicious code loaded onto a PC and encrypt local and network drives connected to it, which the hackers then demand a ransom to unlock it and release back to the firm, or in some cases leave it in a useless encrypted state. With businesses and Governments increasingly collaborative, and with the much more open approach to data and analytics that forms such an intrinsic part of the EU’s digital future, ransomware could become even more effective as a means of cyber-attack.
Hackers could pose as officials from another national Government or business in another EU member state, and the unfamiliarity might mean the target would be more likely to click on a link or open an attachment. Once that happens, then an attacker has access to the network and can wreak havoc with the data.
But perhaps the biggest potential threat to the EU’s digital future, is the nation-state attack. These target Government departments and critical infrastructure facilities, and can interrupt operations and leak confidential information and data. The past few years have seen many Russian and Chinese state-sponsored attacks, that sought to influence elections, collect military and diplomatic information and disrupt operations.
With the EU’s digital future partly intended to cement Europe’s position in the world comparative to countries such as Russia and China, such state-sponsored attacks could easily grow in scale, frequency, and sophistication.
Combatting the threat
When considering nation-state attacks especially, understanding hacker motivations and capabilities are a good first step. Knowing this allows a Government department or business to better protect its data and networks and can then inform the training that must be given.
Individuals that work across the EU should be given centrally coordinated cyber training, that tells what to look out for in certain scenarios and how best to manage things when they do go wrong. Having established policies and procedures across EU member states and increasing collaboration around cyber security will only enhance over protection.
Technology will also play a major part, and advanced email and web security solutions can help ensure these attacks do not disrupt business, while threat detection systems can assist in the identification and quarantine of malware and ransomware. Such solutions can mitigate the risk, as they can automatically remove malicious links detected in email and attachments. This protects the business of Government department from staff mistakenly clicking on malicious links which is the most common reason behind cyber-attacks being successful.
In addition, employing technology such as Adaptive Redaction will ensure that any employees who might take the ‘bait’, are incapable of sharing critical information or credentials as the technology will automatically redact sensitive information being sent to a recipient that not authorized to receive it.
The EU has outlined its strategy and explained how important it is for Europe to take a central position in the world, but a failure to adequately protect member states, business and consumers could mean a failure to achieve overall objectives. These levels of protection will all be essential if the EU is to make good on its digital future.