As the threat posed by Russian and Chinese hackers grows more serious, Europe is looking to expand its security capabilities through the use of new technology and stricter security requirements. Malicious, cross-border cyber attacks have increased in frequency as hackers exploit weaknesses faster than security solutions are being developed.
Background
European cyber security is woefully inadequate. The European Union’s cyber-security organization, the European Network and Information Security Agency (ENISA), was created in 2004 to combat the development of increasingly sophisticated cyber threats. However, ENISA discovered in 2010 that Europe-wide procedures to stop cyber threats were nonexistent and called for major improvements. In January 2011, hackers revealed how vulnerable EU states were to cyber attacks after they gained access to the carbon emission trading registers in EU member states and stole almost $40 million before the EU was forced to close down the entire system.
European businesses place a lower priority on cyber defense than American companies, according to the Lloyd's Risk Index 2011 survey. This was a significant finding since American companies also have been faulted for not devoting enough resources to cyber security. For example, a recent National Counterintelligence Center report found that only 5 percent of US corporate chief executives are involved in network security and only 13 percent have cyber risk teams.
The failure of European companies to engage in adequate cyber security practices places them at greater risk of being infected by malicious software (malware), such as Remote Access Trojan’s (RAT), which includes Zeus Trojans and the recently discovered Duqu Trojan, which is derived from the same code as Stuxnet, an internet worm that allegedly disrupted operations at Iran's Natanz nuclear facility last year. Malware can operate on many platforms, such as computers and mobile devices.
The expanding market in Europe for smart phones is a major target for hackers, who recently debuted Zitmo, a ZeuS Trojan that targets the Google Android. Smartphone usage in Europe has reached nearly 51 percent, an expanding market that becomes even more vulnerable to hacking due to weaknesses posed by authentication procedures commonly used to protect personal information. According to Patrick Carroll, CEO of ValidSoft Limited:
“Fraud always migrates to take advantage of the weakest target, and the growing smart phone market in Europe provides cyber criminals with more lucrative opportunities to steal personal information for their own gain. At a time when many in the industry are betting on exponential growth through mobile payments, this is bad news indeed. The key for companies looking to protect against the growing threat posed by cyber attacks will be to focus their efforts on multiple real-time detection, prevention, and immediate resolution tools that will act as additional protection for customer transactions without compromising privacy or the customer experience.”
ValidSoft Limited is playing a leading role in promoting cyber defense in Europe. It is a wholly owned subsidiary of Netherlands-based Elephant Talk Communications, which was recently accepted into the American Stock Exchange. ValidSoft Limited is also the only cyber security firm to have won the European Privacy Seal Award, which it earned two years in a row. In addition, ValidSoft Limited currently offers the only commercially available products with highly secure “four-factor authorization.”
Analysis
ENISA’s effort to fix the major weaknesses in the information and computer infrastructure of the EU is a small improvement to national and regional defenses against cyber attacks. The money that the UK plans to spend on cyber security and the proposals submitted by ENISA will likely prove insufficient to combat these electronic threats, especially because European countries are cutting their defense budgets.
However, the major target of cyber attacks in Europe will remain private individuals and businesses. Until European corporations prioritize addressing cyber attacks and protecting themselves and their customers, they are exposed to significant cyber risks. This vulnerability may weaken consumer confidence and further hurt the European Union’s troubled economies.
Hacking from China and Russia is expected to increase in 2012 with attacks focused on acquiring personal data through mobile phones, social networks, and cloud computing. Chinese hackers tend to focus on acquiring intellectual property and other sensitive or classified data, whereas Russian hackers tend to focus on stealing financial information. The digital fingerprints left by hackers could make it easier to track and stop attacks in progress, but attacks in 2012 are likely to become more common as hackers use major world events like the Olympics and the US presidential election.
Conclusion
In order to reduce the risk of damage from malware, European businesses need to recognize the danger of cyber attacks and implement additional protections and security. Using the full spectrum of advanced security protections will be critical as cyber attacks become more prevalent.