Pascal Steichen has around 20 years’ experience in cybersecurity. Matic Zorman/Maison Moderne

Pascal Steichen has around 20 years’ experience in cybersecurity.  Matic Zorman/Maison Moderne

The new Luxembourg House of Cybersecurity (formerly Security Made in Lëtzebuerg) was inaugurated on Monday 17 October. CEO Pascal Steichen talks about the reasons behind the change and about current challenges enterprises face when it comes to protecting their data.

The restructuring of the agency involves the consolidation of activities into two centres of expertise: CIRCL (Computer Incident Response Centre Luxembourg) to promote  cyber threat exchanges and incident management. And NC3 (National Cybersecurity Competence Centre) revolving around the coordination and encouragement of capacity and competence building in cybersecurity; the development of a robust cybersecurity industrial base; and the direction of research efforts and tech excellence in the field, given an ever-growing volume of data. 

“A recent study [shows] that every 11 seconds, there is a ransomware attack. Globally, there’s an estimation that it costs the economy $20bn [in one year],” CEO told Delano. “Especially from the European Commission side, also from us or other continents, there are a lot of new regulations, recommendations, etc., being produced the last few years, and many are still in the pipeline because there needs to be a way to manage this better.”

Every 11 seconds, there is a ransomware attack.”
Pascal Steichen

Pascal SteichenCEOLuxembourg House of Cybersecurity

At the start of the year, the grand duchy took over the presidency of the , so this serves as an opportunity to boost the role of the Luxembourg House of Cybersecurity (LHC). 

Challenges for businesses, especially SMEs

According to Steichen, one of the top risks enterprises face are ransomware attacks. “Especially for small companies, they probably have less backing to resist such an attack. If you want to get back the data, you want to be able to decrypt it again,” he adds.

The second main risk he notes is the breadth of phishing emails, where cybercriminals are becoming increasingly skilled at talking about hot topics in the media--for example, crisis-related topics--to gain attention. In this case, SMEs might have a bit better protection, Steichen explains, as employees know each other better. 

The third big risk involves data more generally.  “People use social networks, and all of this data, information, about how companies work, who knows who--all this is being used by criminals to prepare different attacks,” Steichen explains.  “We see that criminals are really using that massively… especially as we are going into this artificial intelligence era, the manipulation of this data is getting even easier and more automatic. It’s not an enormous concern yet today, but this is clearly something we from the cybersecurity sector see as a trend coming.”

Read also

Reporting security breaches

While SMEs may not always have top resources to report security breaches, Steichen says it’s critical, and the LHC which represents “the backbone of cyber resilience in Luxembourg,” per a recent press release, is well-placed to help advise in this area. The CEO says he’s seen a positive evolution in reporting in terms of awareness-raising and documentation, but there’s room to do better. 

It’s worth noting that the Commission Nationale pour la Protection des Données (CNPD) on 17 October revealed there were to the data protection watchdog in 2021, a decrease compared to 379 in 2020. Human error was the cause in the majority of cases (62%).

“I’ve never seen a case which was not international, or which was [only] local, focusing on one individual. The results always have collateral damage… so it’s very important to share information about cyberattacks, what happens, how it happens, how to be better protected, what one can do in such a case,” Steichen adds. 

Read the full interview with Pascal Steichen in the upcoming November issue of , released 21 October.