Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybersecurity Funding

With War Next Door, EU is Warned on Cybersecurity Gaps

As Russia’s invasion of Ukraine accelerates European Union defense cooperation, a watchdog said Tuesday that EU institutions face vulnerabilities on another front: cybersecurity.

As Russia’s invasion of Ukraine accelerates European Union defense cooperation, a watchdog said Tuesday that EU institutions face vulnerabilities on another front: cybersecurity.

The warning by the European Court of Auditors covers the wide range of EU bodies — from the executive arm based in Brussels to specialist agencies located across Europe — that run the 27-nation bloc’s day-to-day business.

“The EU must step up its efforts to protect its own organizations,” Bettina Jakobsen, a member of the ECA, said in a statement accompanying a special report on cyberthreats. “Such attacks can have significant political implications.”

Cyberattacks against EU bodies are increasing “sharply,” with major incidents jumping more than tenfold between 2018 and 2021, according to the Luxembourg-based ECA.

Cybersecurity has jumped up the political agenda in Europe following attacks in recent years that targeted EU nations such as Germany and other industrialized countries including the United States, Britain and Australia.

In 2020, the EU imposed cyber sanctions for the first time, blacklisting a number of Russian, Chinese and North Korean hackers.

Nonetheless, the European auditors said Tuesday that EU organizations were failing to enact some “essential” cybersecurity controls and underspending in this area. The auditors also alleged a lack of “systematic” cybersecurity training and information sharing.

Advertisement. Scroll to continue reading.

EU entities as a whole handle political, diplomatic, financial, economic and regulatory matters. The spectrum of activities underpins the bloc’s status as a geopolitical force, a global setter of industrial rules and the world’s most lucrative single market.

The sensitive information processed by EU bodies makes them attractive targets for hackers, according to the report, which said the risks have grown as a result of remote working prompted by the COVID-19 pandemic.

“This has considerably increased the number of potential access points for attackers,” the ECA said.

It said a “particularly concerning trend is the dramatic increase in significant incidents,” which are described as attacks that involve the use of new methods and technologies and that can take weeks or even months to investigate and resolve.

One example cited is a high-profile cyberattack on the European Medicines Agency in late 2020, when the EU was pushing to authorize the first COVID-19 vaccines.

“Sensitive data was leaked and manipulated in a way designed to undermine trust in vaccines,” the ECA said.

Because the EU’s organizations are strongly interconnected, a vulnerability anywhere could have a cascading effect, it said.

“A weakness in one can expose others to security threats,” said the ECA.

It recommended the EU draw up legislation that would set common binding rules on cybersecurity for all the bloc’s institutions.

The auditors also urged more resources to support the Computer Emergency Response Team of EU bodies, or CERT-EU, saying “its effectiveness is compromised by an increasing workload, unstable funding and staffing, and insufficient cooperation from some” of the bloc’s organizations.

In sum, according to the ECA, the network of EU institutions “has not achieved a level of cyber-preparedness commensurate with the threats.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Funding/M&A

Forty cybersecurity-related M&A deals were announced in January 2023.

Funding/M&A

Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.

Funding/M&A

Thirty-five cybersecurity-related M&A deals were announced in February 2023

Funding/M&A

More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...