Transforming Cybersecurity

The healthcare industry is an increasingly popular target of data hackers. According to Mandiant Consulting, an IT security subsidiary of Google, the number of data leaks has doubled in the past three years. Hacking attacks have real-world consequences. In 2020, hackers infected the IT systems of a hospital in Düsseldorf, Germany, with ransomware, shutting down patient care. In 2023, a different ransomware attack forced one of Barcelona’s main hospitals to cancel 150 non-urgent operations and up to 3,000 patient checkups. And during that same year, hackers stole more than 900,000 files, including medical reports and administrative documents, from a hospital in Verona, Italy. Geopolitical tensions are partly to blame for the surge in cyberattacks against critical infrastructure. But while the war in Ukraine led to an increase in phishing against Ukraine and NATO member states, it’s important to note that cybercrime still makes up the majority of malicious activity online. In 2024, Mandiant responded to almost four times more intrusions conducted by financially motivated actors than those backed by a state.

In Europe, the multiplication of threats has led to a host of regulatory measures in recent years, including the EU Cybersecurity Act, the Cyber Resilience Act and the Network and Information Security Directive 2. The European Union Agency for Cybersecurity, formed in 2004, »has grown into the bloc’s frontline coordinator for cyberthreat intelligence, joint exercises, and crisis response,« according to Max Smeets, co-director of the UK-based not-for-profit focused on digital and emerging tech, Virtual Routes. Nina Olesen, Chief Growth Officer at the European Cyber Security Organisation and COO at the Women4Cyber Foundation in Brussels, adds: »There’s definitely a heightened awareness of the critical importance of cybersecurity among EU member states, institutions and businesses.« But there’s still much to be desired when it comes to cyberdefence, according to Smeets: »Think of Europe’s cyberposture as an unfinished house: The walls (regulations) are up, but the wiring (implementation) isn’t complete. Multiple pieces of legislation pull us towards risk-based resilience. But many organisations still struggle with the fundamentals of cybersecurity.«

One of the reasons is a »significant shortage of cybersecurity professionals across the EU,« Olesen explains. In addition, alert fatigue is a real problem. According to a Mandiant report from 2023, 69 percent of respondents said they believe their IT employees »feel overwhelmed« by incoming alerts and data. Another challenge is the fact that European cybersecurity efforts lack funding. »We need to find better funding mechanisms for these entities in Europe,« says Olesen. When, in early 2022, cyberattacks hit oil terminals in Germany, the Netherlands and Belgium, they caused huge disruption and impacted the flow of oil products such as diesel, gasoline and heating oil in the region. The incident shows how hacking attacks targeting sensitive supply chains can cause harm across the economy. »Europe is betting on a fully digital economy where predictive maintenance, real-time logistics and AI-driven services create more efficiencies in every sector, from vineyards to steel mills. That convergence multiplies productivity, but it also fuses once-separate risk pools into a single fault line: a flaw in an IoT gateway or shared API can ripple across industries in minutes,« Smeets says. Olesen adds that protecting businesses’ intellectual property or critical infrastructure is essential for maintaining Europe’s competitiveness.

AI can help enhance cybersecurity defences

Artificial intelligence is a driver of change in this ever-evolving cat-and-mouse game between attackers and defenders. On the one hand, deep-fakes and voice mimicry have increased the effectiveness of personalised social-engineering attacks, and AI tools help attackers to find vulnerabilities or understand stolen files. On the other hand, artificial intelligence can help enhance cybersecurity defences by automating repetitive tasks and identifying vulnerabilities, leading to faster detection and reaction. For example, Google Cloud’s VirusTotal uses AI to determine whether unknown files are malicious. Google Cloud’s Anti-Money Laundering product uses machine learning to identify suspicious financial activities. And AI-powered Enhanced Safe Browsing sends millions of warnings to users who want to access malicious websites. AI has so much potential that in future it could even reverse what’s known as the »Defender‘s Dilemma«: while attackers just need one new technology to break through defences, defenders need to deploy a variety of defences at all times, without any margin for error.

In 2023, Google published the Secure AI Framework (SAIF) in order to start a development that leads to AI models being secure-by-default when implemented. A year later, Google and other industry leaders formed the Coalition for Secure AI, creating an open ecosystem of AI and security experts dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development. These types of collaborations are essential to spread best practices across public and private sectors and help to unlock AI’s potential for giving the defender a decisive advantage over attackers.