The restructuring of the agency involves the consolidation of activities into two centres of expertise: CIRCL (Computer Incident Response Centre Luxembourg) to promote cyber threat exchanges and incident management. And NC3 (National Cybersecurity Competence Centre) revolving around the coordination and encouragement of capacity and competence building in cybersecurity; the development of a robust cybersecurity industrial base; and the direction of research efforts and tech excellence in the field, given an ever-growing volume of data.
“A recent study [shows] that every 11 seconds, there is a ransomware attack. Globally, there’s an estimation that it costs the economy $20bn [in one year],” CEO Pascal Steichen told Delano. “Especially from the European Commission side, also from us or other continents, there are a lot of new regulations, recommendations, etc., being produced the last few years, and many are still in the pipeline because there needs to be a way to manage this better.”
Every 11 seconds, there is a ransomware attack.”
At the start of the year, the grand duchy took over the presidency of the European Cyber Security Competence Centre, so this serves as an opportunity to boost the role of the Luxembourg House of Cybersecurity (LHC).
Challenges for businesses, especially SMEs
According to Steichen, one of the top risks enterprises face are ransomware attacks. “Especially for small companies, they probably have less backing to resist such an attack. If you want to get back the data, you want to be able to decrypt it again,” he adds.
The second main risk he notes is the breadth of phishing emails, where cybercriminals are becoming increasingly skilled at talking about hot topics in the media--for example, crisis-related topics--to gain attention. In this case, SMEs might have a bit better protection, Steichen explains, as employees know each other better.
The third big risk involves data more generally. “People use social networks, and all of this data, information, about how companies work, who knows who--all this is being used by criminals to prepare different attacks,” Steichen explains. “We see that criminals are really using that massively… especially as we are going into this artificial intelligence era, the manipulation of this data is getting even easier and more automatic. It’s not an enormous concern yet today, but this is clearly something we from the cybersecurity sector see as a trend coming.”
Reporting security breaches
While SMEs may not always have top resources to report security breaches, Steichen says it’s critical, and the LHC which represents “the backbone of cyber resilience in Luxembourg,” per a recent press release, is well-placed to help advise in this area. The CEO says he’s seen a positive evolution in reporting in terms of awareness-raising and documentation, but there’s room to do better.
It’s worth noting that the Commission Nationale pour la Protection des Données (CNPD) on 17 October revealed there were 333 data breaches notified to the data protection watchdog in 2021, a decrease compared to 379 in 2020. Human error was the cause in the majority of cases (62%).
“I’ve never seen a case which was not international, or which was [only] local, focusing on one individual. The results always have collateral damage… so it’s very important to share information about cyberattacks, what happens, how it happens, how to be better protected, what one can do in such a case,” Steichen adds.
Read the full interview with Pascal Steichen in the upcoming November issue of Delano magazine, released 21 October.