The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices.

Guard project partners from Law and Internet Foundation have contributed to the ECSM with the following publication “GUARDing the cybersecurity of your enterprise”. Enjoy it!

In view of the 2030 digital compass strategy for digitalization of Europe and the COVID-19 pandemic the need to enhance the EU’s digital sovereignty becomes one of the main EU policies. The cyber threats rapidly developed as the social, economic, and political relations in the European community changed and this addressed the need for citizens and businesses to take additional cybersecurity measures to ensure their assets and personal information.

Due to the physical restrictions, the implemented COVID-19 measures, and the continuous and strict lockdowns, the behavior of both people and business entities has changed. The fight with the COVID-19 pandemic situation forced many businesses to shift their work online using digital platforms to communicate remotely. People, on the other hand, moved to their home offices and thus changed their shopping and spending habits. They started to purchase from online grocery shops, order their food through apps and look for sources of entertainment in applications that require the submission of sensitive personal and payment details. All these changes led to new opportunities for cyber attackers whose target group increased, and potential benefits grew.

The pandemic affected negatively the lifeblood of the European community – the small and medium European businesses. Those who survived managed to quickly and successfully adapt and rapidly transformed their business environment and services to the shifted online demand. However, most of their employees were moved to work from home and thus had to access the company’s sensitive business data remotely which led to vulnerability and increased threats to the cyber security of the inexperienced business entities.

In this article, we are going to discuss the most common forms of cyber threats, and recommendations of how small and medium businesses can implement good practices for preventing cyberattacks and protecting their sensitive business data. At the same time, if you are an employee, you can learn some useful tips for keeping good cyber hygiene.

In recent years ransomware is named in the EUROPOL’s Internet Organized Crime Threat Assessment reports number one cyber threat to legal entities both in Europe and in the world in general. Ransomware is software designed by criminals to prevent computer users from getting access to their own computer system or files unless they pay money. It is a type of malware that locks or encrypts data and the victim should pay a certain amount of money to regain access to the encrypted information. It could have a severe and long-lasting impact on a single person and even shut down a whole business if appropriate measures are not taken and suspicious websites are entered without caution.

Ransomware infection can occur in numerous ways such as email attachments, malicious URLs, Remote desktop protocol, Malvertising (an attack in which perpetrators inject malicious code into legitimate online advertising networks) or through pirated software, USB drives and portable computers. Companies should spread awareness over the issue among their employees and ensure that adequate prevention measures such as ensuring that their electronic devices are secured with the latest up-to-date version of a credible antivirus and anti-malware software who is updated regularly. You need to make sure that your server scans and filters suspicious emails and attachments. Always look at the subject of the mail and before helping to your newly acquainted Nigerian prince friend and give your payment details think about the maxim “If something is too good to be true in appearance, it probably is too good to be true in reality.” Your system must be backed up periodically and those backups stored in various places both online and offline. Strong password is an essential when it comes down to cybersecurity. For this purpose, you can use cloud storage and external hard drive storage. Another useful tip is to use a trustworthy Virtual Private Network (VPN) when accessing those tempting free Wi-Fi hotspots. Lastly do not pay the offenders in any case as this will only encourage them to continue, you would rather contact the authorities and try the free decrypting tools available online thanks to Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police, Kaspersky and McAfee who have project called “No more Ransom” which aims to help victims of ransomware to get their information back without having to pay to the criminals.

As a legal precaution, if you rely on other firms to provide your services to your customers, you may include a clause in the contract stating who is liable in case of a data theft resulting from a cyberattack. In this light is the Travelex cyber ransomware case where after infecting the company’s database with ransomware malicious software the hackers sought $6 million in exchange for restoring the stolen personal data.

The difference between ransomware and malware is that ransomware is a type of malware but the opposite is not always true. Malware is usually a malicious act such as virus, worm, trojan horse, spyware, rootkits, spambots or cryptojacking that seeks to damage data, steal data, or disrupt digital life in general. Unlike ransomware, malware can be removed relatively easy by antivirus software. It will not destroy your business, but it can reduce the performance of your software, take control over your data and resources which will cause you a lot of trouble and you can lose a lot of money.

Marcher android banking malware is one of the most dangerous types. It is a phishing malware that targets Google play users and steals credit card credentials by tricking people to enter them on a fake window screen. Marcher evolved over the years, and it can also be found on the PayPal platform, and other samples were reported to target a broad range of banks across various countries. The malware lures users into logging into their accounts by spoofing notifications from the apps. Once they log into the app their credentials are stolen.

The best way to avoid getting infected with malware is a good mix of prevention and reliable antivirus software. No matter which browser do you use, the first thing you should do is to set a plugin that removes unwanted ads, messages, pop-ups and restricts malware. The next thing you should do is to be careful when you install free software because even if the software itself is okay sometimes it is accompanied with a redirecting software or hacking tools which will put your device and system in danger. Always read carefully to what do you agree while installing a new software. Additionally, you should not take your mobile phone security for granted. While mobile phones are generally safer devices, especially the IOS system-based devices, nowadays we shop and pay our bills using our mobile phones and our digital wallets. You should install an antivirus application and run it regularly as well as not storing your credit/debit card credentials because the time saved can cost you a lot. And finally, if a person who you barely know sends a suspicious link on a chat application followed by a short message such as “it is you” try to resist your natural born curiosity and ignore the message or follow up with the person before clicking on the link.

The list will be incomplete without mentioning the phishing emails which usually contain links to a website infected with malware or state that your bank needs your personal information, security or pin codes or directly ask you for money transfers. Companies should raise staff awareness about the risks of teleworking and the serious damages that cyber threats could cause. If they want to limit the risk of negligent behavior, they should provide secure remote access by establishing specific rules and guidelines for safe usage of the corporate database, secure the teleworking equipment, secure the corporate communications in the firm, increase the security monitoring, and keep device operating systems and apps updated. Employees should sign explicit declarations stating that they will comply with the requirements for safty and security as well as that they will refrain from using the company’s devices for personal use.

After we reviewed the most common cyber threats and their negative impact on the business and individuals, we would like to review the impact of cyber threats on one of the most sensitive and vulnerable public sector – the healthcare.
Healthcare facilities hold some of the most sensitive and vulnerable information about us. The patient’s record contains not only valuable financial information but more importantly, it contains information about our physical and mental health conditions which are considered as special category of personal data according to art. 9 of the GDPR. With the development of the modern and globalized world, arises the need for electronic health records and information which needs to be stored and transferred easily between local health institutions or even worldwide. While this need increases every year, patients are concerned about the vulnerability of their personal data and the risks all their medical history being stored online.

During the year 2020 the cyber-attacks hit the frontline COVID – 19 fighters dealing with the situation including hospitals, pharmaceutical companies, and biotechnology labs.

Cybercriminals are targeting the healthcare sector for three main reasons. First of all, it is the financial gain. As mentioned above, the health records contain very sensitive and valuable information. The healthcare providers typically pay off the ransomware attacks even if they can recover those sensitive patient records even if they can recover them from their backup system because they must put life and death urgency in the highest priority. The healthcare industry lags as it comes down to cybersecurity digital literacy among its personnel combined with insufficient enforcement of the regulations and outdated software, making it easy malicious cyber target. According to the 2020 Unit 42 IoT Threat report of Palo Alto Networks, Inc 83% of the medical imaging devices run on unsupported operating system. Hacking the system of a hospital can be also an entry point for a national security threat as it can shut down the medical facilities of a whole city.

Compliance with the current European and national legislation is critical when managing patients’ records. Zero trust security approach should be implied meaning enterprise businesses should not automatically trust any information either from inside or outside its perimeters. All business sectors should verify the credential of everything that is trying to connect to their systems before granting access.

The second architectural approach which should be implemented is the network ring. This method limits the damage hackers can do even if they can get into the network as they will be trapped within that ring. Healthcare facilities must start prioritizing efforts to secure their data. They should stay aware of the cyber threats targeting the industry. Keeping an IT staff up to date with the threat indicators and discovering the vulnerabilities in the network structure. Older versions of Windows are not kept up to date with the current threats. Penetration tests must be conducted at least twice a year as part of the prevention policy. Improving the security hygiene can prevent catastrophic ransomware attacks and data breaches.

Similar are the challenges in front of the GUARD project who is funded by the European commission. The purpose of the project is to increase the information base for analysis and detection, while preserving privacy, to improve the detection capability by data correlation between domains and sources, The distinctive approach of GUARD will be the architectural separation between analysis and data sources, mediated by proper abstraction. This paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. This holistic solution will blend security-by-design with enhanced inspection and detection techniques, raising situational awareness at different levels of the companies’ structure by tailored informative contents, so to enable quick and effective reaction to cyber-threats.

This article has been produced by Law and Internet Foundation.


The contents of this publication elaborated under the GUARD project are the sole responsibility of the authors and can in no way be taken to reflect the views of the European Commission. GUARD has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 833456.