Don’t miss this crucial update on global cybersecurity!
Our latest episode of “Big Reports in 5 Minutes” breaks down the 71-page 2024 Report on the State of Cybersecurity in the Union from ENISA, the European Network and Information Security Agency. Discover how sweeping legislation, surging DDoS attacks, and Europe’s digital skills gap mirror pressing challenges in the U.S. and shape the future of global cybersecurity.
Link for full report: https://www.enisa.europa.eu/publications/2024-report-on-the-state-of-the-cybersecurity-in-the-union
Time is of the essence—these trends are unfolding now. Watch, weigh in, and let us know: How do you see these issues impacting the cybersecurity landscape where you are? Your feedback could help spark new conversations and solutions!
Transcript:
(0:12) Hey, welcome to another episode of Big Reports in 5 Minutes. (0:16) I hope you’re enjoying these as much as I enjoy doing them. (0:19) Today we’re going to talk about a report from a European agency called ANISA, which is the (0:27) European Network and Information Security Agency.
(0:31) Why are we going to talk about a European report? (0:34) Because there’s some pretty interesting, you know, there’s some good interesting information (0:39) in this report that, you know, it kind of shows how similar these cultures are between (0:46) the European and the American cultures in terms of cybersecurity. (0:50) So I just think there’s some useful information here that we can talk about. (0:54) So this agency has been around since 2004.
(0:56) It’s like the primary cybersecurity agency for the European Union and the 27 member states (1:03) of the European Union. (1:05) So it’s similar to our CISA. (1:07) And they came out with this report on December 3rd.
(1:10) So it’s pretty fresh off the presses here, which is why I was interested in taking a (1:14) look at it. (1:15) And it’s called the 2024 Report on the State of Cybersecurity in the Union. (1:22) Now before you get too excited about that, I read this whole report.
(1:25) It’s 71 pages and it is dense. (1:28) It is full of a lot of legalese and legislative comments.(1:35) So it was clearly written for government bureaucrats as this agency is trying to compare legislation (1:42) among the different member states of the European Union and just how different legislation is (1:47) impacting cybersecurity.
(1:50) But as boring as that sounds, there was actually some pretty good nuggets in here. (1:57) So again, I read this report so that you don’t have to. (2:00) So just take the next four minutes, listen to what I have to say, and then decide if (2:05) you want to invest an hour into reading this 71-page legal report.
(2:11) So the first thing that I thought was interesting, and you see it here in this graphic, is just(2:15) how much legislation the European Union has implemented in the last couple of years.(2:22) So this report covers a two-year period. (2:25) So in that period, all of these different pieces of legislation have been either implemented, (2:31) introduced, or discussed.
(2:34) And it’s an amazing list. (2:37) And I bring this up because we’re constantly talking about how the threat is evolving faster (2:44) than our legal landscape is, and how are we supposed to stay out in front of all these (2:48) adversaries when our legal structure and our criminal justice system isn’t quite keeping (2:55) up with the threat? (2:56) Well, obviously, Europe is taking that challenge seriously. (3:02) I’m not quite sure how anyone is going to be able to assimilate all of these laws, but (3:08) man, they are definitely giving it a good effort.
(3:11) And then beyond the legislative piece of it, it does get into some statistics around cyber(3:19) attacks in Europe. (3:20) And I thought this was pretty fascinating, too. (3:23) We’re always talking about ransomware being the number one cyber attack that’s going on.
(3:28) And this study shows that, at least in Europe, DDoS is definitely on the rise. (3:34) And there’s another chart that goes along with this one that just shows the steep incline (3:40) in the number of DDoS attacks over the last several months that were covered by this report. (3:46) So this is going from July 23 to June of 24.
(3:50) I just found it very interesting that DDoS was making up that percentage of their cyber(3:57) security attacks. (3:58) And a lot of that is being driven, apparently, by hacktivist attacks.(4:02) And who knows if this is related to Middle East strife or what, but, you know, interesting.
(4:12) Then the next thing that I found that was pretty intriguing was the fact that they’re (4:18) talking about the skill set of the members or the citizens of the European Union. (4:24) And as we go towards this digital economy, this report says that only 40 or 46 percent (4:31) of Europeans do not possess the basic digital skills needed to fully participate in society. (4:37) So nearly half of the European citizens don’t have basic computer skills that will allow (4:44) them to do things like online banking, online shopping, digital learning, or access to government(4:53) information.
(4:54) So that’s a pretty frightening statistic, and I’m pretty sure that’s similar to what (4:58) we have here in the U.S. (4:59) And it also found that in the age group of 55 to 74, only 35 percent of people have the (5:06) proper skill sets. (5:09) Then as we wrap up, you know, I just want to talk about, you know, one last piece. (5:13) We’re constantly hearing about the lack of skilled cyber security professionals out (5:21) there.
(5:22) But this study actually points out another thing that’s kind of underneath the surface(5:26) of that that people don’t talk about that much, which is the fact that people are getting(5:34) put into cyber security jobs that aren’t properly trained. (5:39) So this report says that 76 percent of the employees currently in a security role have (5:45) never received formal training or certification. (5:48) Additionally, one third of them entered a security role from a non-security previous (5:54) role.
(5:55) And then half of the people that are doing security-related jobs aren’t trained to do (6:01) security and only absorbed security-related jobs into a non-security-related role that (6:07) they had already had. (6:08) So not only do we have a problem of not having enough skilled people to fill the roles, (6:13) supposedly a million empty roles out there, but we have people in roles that aren’t (6:19) necessarily qualified to do that, which actually might be the more nefarious situation that (6:24) you think you’re getting a level of protection that you’re really not.(6:27) So, you know, I would implore companies that if you don’t have the right skill sets, at(6:32) least partner with an MSP or some other security provider to get you the skill sets you need (6:38) so that you’re properly protecting yourself.
(6:41) So anyways, interesting report, a lot of dead space in there. (6:44) But if you do want to read the report, you know, block out some time. (6:50) If not, trust me, I read the report.
(6:52) I gave you the highlights. (6:55) So it’s a tough world out there. (6:58) Stay safe.
(6:59) Thanks.