The number of cyberattacks has significantly increased in European Union countries, with 2,580 incidents recorded by the European Union Agency for Cybersecurity (ENISA) between July 2022 and June 2023, said the organization’s director, Juhan Lepassaar, at a professional forum in Budapest on Wednesday.
During the closing conference of the Cyber Shield educational-communication programme launched last year, ENISA’s director presented the organization’s 11th annual report. Ransomware attacks continue to constitute about a third of incidents, followed by Distributed Denial of Service (DDoS) attacks at 28 per cent, and data-related abuses at 20 per cent.
The rise in reported incident numbers does not necessarily indicate a real increase in the number of attacks, as more cases come to light partly due to regulatory reporting obligations, as revealed in the organization’s annual report.
Nineteen percent of cyberattacks targeted the public sector, with private individuals ranking second at 11 per cent.
The healthcare, digital service providers, and manufacturing sectors each accounted for 8 per cent, while ransomware attacks affected all sectors of the economy: after manufacturing companies (14 per cent), healthcare (13 per cent), followed by administration (11 per cent). DDoS attacks primarily targeted the public sector (34 per cent), followed by the transportation sector (17 per cent), and the banking/financial sector (9 per cent).
Nearly two-thirds of the incidents could have been prevented if available security updates were applied, highlighted Juhan Lepassaar. Under the revised EU cybersecurity directive (NIS 2 directive), which came into effect in January 2023, the financial sector had the highest IT spending and related financial expenses due to cyberattacks, with the banking sector leading at €300,000, according to the director. While this seems negligible compared to the financial capabilities of the sector, cybersecurity investments are needed not only for IT security but also to preserve trust, he emphasized.
He mentioned the Digital Operational Resilience Act (DORA), adopted last year, which sets uniform requirements for businesses and organizations operating in the financial sector, as well as companies providing information and communication technology (ICT) services.
The European Union Agency for Cybersecurity has a crucial role in establishing and maintaining the European cybersecurity certification framework, he said. Within the certification system, companies producing electronic devices and information and communication products receive classifications similar to energy labels based on meeting security requirements.
ENISA was established in 2004, and its tasks include developing the EU’s cybersecurity policy and strategy, creating security certification systems, promoting awareness in the field, and collaborating with cybersecurity institutions in member states. Its headquarters are located in Athens, with a staff of over a hundred.
Sources: Hungarian Conservative/MTI