An evolving geopolitical landscape has impacted cybersecurity in Europe this year, posing specific challenges for safeguarding critical infrastructure and sensitive data.
The Ukraine war and the conflict in Gaza have led to a rise in hacktivism, and ransomware gangs have excelled in capitalizing quickly on new critical vulnerabilities to gain initial access within many organizations.
This is exacerbated by threat actors having more access to various means of automation, be it readily available command-and-control toolkits, generative AI to support their spear-phishing efforts, or commercially available ransomware from the Dark Web.
Hacktivism and Critical Infrastructure The conflict in Ukraine dominated the early part of the year, with the threat of nation-state cyberattacks and counter attacks potentially escaping from the theater of war into the wider European cyber ecosystem, says Gareth Lindahl-Wise, CISO at Ontinue.
The NIS2 Directive text includes provisions to raise the cybersecurity requirements for digital services used in critical sectors of the economy and society, including sectors such as waste management and manufacturing.
Hybrid Work and Its Security Challenges Digital transformation is leading to increasing complexity for defenders, with the past few years bringing significant increases in remote and hybrid work, bring your own device policies, multicloud adoption, and industry 4.0 trends, along with more digitalized supply chains, says Darktrace's Heinemeyer.
Ontinue's Lindahl-Wise says GDPR has undoubtedly driven a significant amount of focus and energy in people who staff security functions to better understand the data they have, where it is, how it is secured, and who it is shared with.
In recent years, the EU has taken numerous measures to strengthen cybersecurity in Europe in a sustainable manner, says Jochen Michels, head of public affairs in Europe for Kaspersky.
Some of the examples include the aforementioned NIS2 Directive, an EU-wide law taking measures for a high common level of cybersecurity across the union.
The Cyber Resilience Act, which aims to safeguard consumers and businesses using digital products, is currently under negotiation but expected to take effect in early 2024.
Other efforts include the creation of the European Cybersecurity Skills Academy and the European Cybersecurity Competence Center, as well as the development of European Cyber Security Schemes, a comprehensive certification framework.
While GDPR has led to an increasing scrutiny on data privacy and data processing - e.g., who is using our data, where, and for what purpose - NIS2 is driving European organizations to significantly step up their cyber maturity, Heinemeyer adds.
Securing AI/ML Security Through the EU AI Act, which is currently in trialogue negotiations, the EU has reacted to potential cybersecurity risks from GenAI and AI/machine learning, Michels points out.
An agreement on the act and its adoption, at least tentatively, is expected by the end of 2023.
ENISA is working on mapping the AI cybersecurity ecosystem and providing security recommendations for the challenges it foresees.
Specifically, the proposed EU AI Act foresees cybersecurity requirements for high-risk AI systems to ensure compliance, identify risks, and implement necessary security measures.
There are two different aspects to consider about the cybersecurity impact of AI, Heuvinck notes.
AI is used in ENISA's Open Cyber Situational Awareness Machine, which automatically gathers, classifies, and presents information related to cybersecurity and cyber incidents from open sources.
On the other hand, AI techniques can be used to support security operations - but this can come with risks.
From her perspective, the importance of cybersecurity and data protection in every part of the AI ecosystem to create trustworthy technology for end- users is undeniable.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 26 Dec 2023 19:45:05 +0000