This month marks the European Union’s 10th European Cybersecurity Month (ECSM) promoting online security among EU citizens. This annual awareness campaign is co-ordinated by the European Union Agency for Cybersecurity (ENISA) and the European Commission, and supported by EU Member States and more than 300 partners from across industries.
The goal of the ECSM campaign is to strengthen the resilience of EU systems and services by enabling citizens to act as effective human firewalls, thus taking a step further towards a more cybersecurity-smart society.
For its 10-year anniversary, the ECSM is continuing the roll-out of its Think Before U Click campaign, with an additional focus on phishing and ransomware, with a series of activities taking place all over the EU throughout October. Conferences, workshops, training sessions, webinars and quizzes are some of the many activities organised by ENISA and by Member States.
The goal of the ECSM campaign is to strengthen the resilience of EU systems and services by enabling citizens to act as effective human firewalls, thus taking a step further towards a more cybersecurity-smart society.
In particular, the 2022 edition of the ECSM aims to reach professionals aged 40-60 from all sectors of the economy, focusing especially on small to medium enterprises (SMEs). It’s also intended for the European business community as a whole, and for people whose work depends on digital technologies and tools, including those in need of managed IT services to enhance their business operations.
At the launch of this year’s ECSM campaign, Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age stated: “Some of the biggest risks to our IT systems and networks can occur through human error. Learning to stay cybersecure is a daily task for all of us, and the European Cybersecurity Month will help us step up to it.”
Legal framework
In 2011, ENISA was asked to assess the potential and explore various options on how a ECSM could become an effective instrument to raise awareness about cybersecurity challenges.
ENISA was involved in assessing the establishment and organisation of the ECSM following a feasibility study which concluded that a focus on building resilience to cyber-attacks through raising awareness and education would yield positive cybersecurity outcomes.
ENISA works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the EU’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.
In 2012, for the first time, the ESCM took place as a pilot project across Europe. As pilot countries, the Czech Republic, Luxembourg, Norway, Portugal, Romania, Slovenia, Spain and the UK participated in various activities and events throughout the month of October to raise awareness of cybersecurity.
This project was supported by the ENISA and the European Commission, providing the foundations for the annual ESCM which has continued to grow in scale and scope.
To place the ECSM on a legal footing, the EU Cybersecurity Act (CSA) came into force on 27 June 2019, with an emphasis on making cybersecurity a priority in awareness campaigns.
In accordance with Articles 4 and 10 of the CSA, ENISA must promote a high level of cybersecurity awareness, including cyber hygiene and cyber literacy among citizens, organisations and businesses.
ENISA, the EU agency dedicated to achieving a high common level of cybersecurity across Europe, was established in 2004 and strengthened by the EU Cybersecurity Act.
It contributes to EU cyber policy – enhancing the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, and co-operating with member states and EU bodies – and helps Europe prepare for the cyber challenges of tomorrow.
Through knowledge sharing, capacity building and awareness raising, ENISA works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the EU’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.
Threat to threat
Over the last 10 years the ECSM has made significant progress in raising awareness of cybersecurity concerns and building resilience, and while the Covid-19 pandemic changed the scope of the ECSM it didn’t impact on the level of outreach or success.
At the height of the pandemic, ENISA developed the ambitious ‘Think Before U Click’ online campaign, an initiative that continues this year and is looking to build on the success of 2021, which saw it garner three times more engagement than in 2020.
The European Cybercrime Centre (EC3) identify ransomware as the most devastating type of cybersecurity attack over the last decade, impacting organisations of all sizes around the globe.
A total of 419 activities took place last year, most of which were online, with an increased reach of 9.8 million users, and the number of mentions rising by 265%. But despite the positive impact of ECSM across EU member states in recent years, cyber threats continue to thrive.
This year’s ECSM rightly addresses the persistent threats from phishing and ransomware. Phishing remains a serious security concern for digital communications as targeted victims continue to be lured into providing personal information, financial data or access codes by perpetrators pretending to be trustworthy as part of increasingly sophisticated attacks.
The European Cybercrime Centre (EC3) identify ransomware as the most devastating type of cybersecurity attack over the last decade, impacting organisations of all sizes around the globe.
It is another type of digital attack that allows threat actors to take control of a target’s assets and demand a ransom in exchange for the availability and confidentiality of those assets.
Digital deterrence
Cybersecurity organizations are constantly repeating warnings that eCrime actors are quickly adapting the latest vulnerabilities to exploit trusted relationships and supply chains, while sophisticated adversaries continue to exploit stolen credentials and identify ways in which to amplify ransomware attacks.
Against the backdrop of that ever-present and seemingly growing threat, the 2022 ECSM could not be more timely, especially as individual cybersecurity awareness is increasingly essential to prevent attacks. In today’s digital world, passwords play a critical role in keeping your personal information safe. That’s why it’s essential to use a password strength calculator to create a secure password that can’t be cracked.
As ENISA Executive Director Juhan Lepassaar stated: “The number of successful online attacks could be greatly reduced if more people knew how to detect and react. This is what the activities of the European Cybersecurity Month are all about.
“Building a trusted and cyber secure Europe also means to help all businesses thrive in a secure digital environment.”
Picture © ArtHead / Shutterstock