The European Union Agency for Cybersecurity (ENISA) has released its inaugural “State of Cybersecurity in the Union” report, which sheds light on the growing cyber threats facing EU institutions and member states. According to the report, the period between July 2023 and June 2024 saw a substantial threat level to EU entities, with an increase in both the number and complexity of cyber-attacks. The report highlights that these cyber threats are likely to continue escalating, with many EU institutions directly targeted by cybercriminals or vulnerable to breaches through newly discovered weaknesses.
A key takeaway from ENISA’s findings is the prevalence of Denial-of-Service (DoS) and ransomware attacks, which together accounted for more than half of the incidents reported. Public administration was the most affected sector, with the highest number of cyber-attacks observed. Other sectors, such as transport and finance, also experienced significant breaches. The report points out a disturbing trend in ransomware, noting that cybercriminal groups are shifting their tactics, focusing on data exfiltration rather than encryption, and increasingly targeting small and medium-sized enterprises.
ENISA also noted the growing impact of hacktivism, with politically-motivated cyber-attacks becoming more unpredictable. These attacks often involve tactics like website defacement, distributed denial-of-service (DDoS) attacks, and the spreading of misinformation. The report emphasized that there is a blurring of lines between hacktivist activity and state-sponsored cyber warfare, as geopolitical tensions fuel the rise of cyber-espionage campaigns. Nation-state actors from Russia and China have been particularly active, targeting EU institutions for political and economic gain.
Looking forward, ENISA has outlined several policy recommendations for EU member states and institutions to strengthen cybersecurity resilience. These include enhancing cyber crisis management frameworks, improving supply chain security, and developing a robust cybersecurity workforce. The agency stresses the importance of harmonizing cybersecurity practices across EU member states to address emerging threats more effectively. With cyber-attacks becoming a persistent threat to essential services, ENISA urges all sectors to focus on strengthening their defenses and staying vigilant against evolving cyber risks.
Reference:
