European Cyber Security Month (ECSM) is a European Union awareness campaign that takes place every October to promote the importance of information and cyber security among citizens and organisations. It highlights the simple steps that can be taken to protect data - whether personal, financial or professional.
The main goals of European Cyber Security Month are to raise awareness, change behaviour and provide resources to help people protect themselves online. EIT Digital - with its mission to drive Europe's digital transformation and commitment to provide secure, robust, responsive and intelligent communications and computing facilities for the European business and society at large - stands in the frontline to deliver these goals.
Here are some examples of what EIT Digital is doing year around to help Europe respond to the current key cyber security challenges.
Enhancing cyber security competencies
As with most things, cyber security starts with the user. EIT Digital offers a number of online courses to develop cyber security competencies. These inlcude:
- Cybersecurity 360 for Professionals - an international joint programme from EIT Digital and the University of California Berkeley Executive Education in which experts share industry best practice through lectures, business cases and company visits.
- Security & Privacy for Big Data - an online course that teaches security and data protection, as well as a basic understanding of the application of security solutions in big data environments.
- Cloud Security - an online course giving realistic demonstrations of different security issues followed by solutions and defences that everyone should apply at work and in everyday life.
Phishing attacks
The confidence of European citizens that their private or business data is safe while using digital services is repeatedly challenged by so-called "phishing" attacks. Such attacks try to lure users into giving up confidential information to enable identity theft and fraud. An example of an EIT Digital Innovation Activity to counter phishing attacks is:
- The Web Application Firewall for Large-Scale Phishing Attacks (WAFFLE) - this focuses on detecting abused internet domains which are often indicators of a phishing campaign and which are registered before a phishing campaign starts.
EIT Digital Accelerator scaleup programme examples include:
- eIdentification - a world leader in fully compliant video identification processes providing a patented identity-verification tool, VideoID. It combines video streaming with Artificial Intelligence (AI) to identify customers in seconds, from any country with any ID document.
- CopSonic - a provider of a technology that enables communication between intelligent electronic devices and all mobile phones through sound waves to interact and transmit data. This allows contactless, password-free authentication for smooth, highly-secure transactions from any device.
Distributed Denial of Services (DDoS)
A Denial-of-Service (DoS) attack is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. In a DDoS attack, the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.
EIT Digital scaleup examples include:
- redborder - an open source solution for traffic visibility, big data analytics and dynamic cyber security. It enables the creation of customisable dashboards and reports for networks and managed service providers.
- Sentryo - helping industrial corporations transform their businesses through digitisation to ensure the availability, resilience and safety of their industrial systems while fending off cyber attacks. Sentryo's solution passively analyses industrial network communications and gives meaningful information about network assets. It provides advanced anomaly detection and alerts in real-time for any threat to operational continuity and system integrity.
The rapid growth of Internet-of-Thing (IoT) devices is providing a new power base for DDoS attacks. It has been estimated that by 2020 there could be 20 billion IoT devices in circulation. Many of these will lack effective protection due to still operating with default factory security settings, leaving them open to being hijacked as DDoS attack vehicles.
EIT Digital Innovation Activity examples include:
- A subtask of the ACTIV8 High Impact Initiative which has designed an advanced IoT security service to enable secure initialisation of IoT units, thus allowing agile roll-out and maintenance of secure IoT systems.
- The Trusted Cloud and IoT - a platform and solution that empowers IoT users to share information between their devices and the cloud seamlessly and flexibly. It gives users control over their device-generated data, all the way from data collection and acquisition to in-cloud analysis and back.
Advanced Persistent Threats (APTs)
An APT is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period of time. In addition to monitoring network activity, they may also steal data or cause damage to the network or organisation. An emerging form of attack is to make the data useless by corrupting its integrity.
An example of our Innovation Activity is Security Operations Centre for Critical Infrastructure - a customised APT detection and response service for infrastructure utilities like electricity, water and transportation providers as well as financial service providers.
Examples of our scaleups include:
- CyberTrap - instead of blocking attackers, CyberTrap leads them into a contained, monitored environment within the network to track their activity and gather intelligence. The attacker will not only show the customer the holes in its defences but will also reveal who is behind it and what it is looking for. CyberTrap operates from behind the firewall and acts as an additional layer of protection and an extension of existing security systems.
- ORISECURE - an integrated cybersecurity platform from Origone that protects an organisation's entire IT assets and infrastructure (eg mail gateways, web servers) from threats with a single, military-grade solution. Augmented with AI and cognitive algorithms, it disassembles and sanitises every incoming message and attachment before it is opened. It stops every malware - even versions that elude signature-based detection.
Increasing trust in the secure use of digital services
Critical for Europe's success in the global digital competition is its citizens' trust in the safe use of digital services. Only in this way can European digital industry grow and prosper. This is particularly true in digital health and finance, with the introduction of new legal provisions such as the European Union's General Data Protection Regulation (GDPR).
Examples of our Innovation Activity include:
- Security Tools for App Development- a plug-in that helps application programming interface (API) developers make their APIs secure. While tools already exist to secure APIs, none has so far been available for ensuring their secure usage in application creation.
- IdentityChain - verifying and trusting identity attributes is a crucial digital function. IdentityChain enables efficient and secure trust-based verification of attributes from self-sovereign digital identities.
- Distributed Ledger for Invoice Management - aims to create Distributed Ledgers for Invoice discounting to guarantee a trusted environment for banks and companies in which the invoice is unique and authentic and its status is synchronised.
Maintaining trust on Social Media
Social media has become one of the most dominant and influential channels for public discourse and information dissemination. Facebook alone accounts for more than two billion monthly active users and Twitter has over 330 million users, generating an average of 500 million tweets per day.
The Sensemaking Innovation Activity brings order to social media and predicts the spreading patterns of new topics, allowing early engagement and enabling social media strategies to be designed to effectively meet users' goals. That could be anything from maximising awareness and dissemination of a topic or adopting containment strategies to help limit the spread of fake news.
*Background
The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and partners stage European Cyber Security Month (ECSM) every October. Read more.