CYBERSPACE’s Latest Workshop: Empowering Cyber Resilience 

On the 4th of April 2024, a workshop organised by Privanova on “CYBERSPACE Enhancing Cyber Resilience: Addressing Key Gaps in Cybersecurity Knowledge” took place. Over 50 participants from various sectors attended and participated in the workshop. Indeed, present were several representatives from SMEs, law enforcement agencies (LEAs), computer emergency response teams (CERTs) and cybersecurity professionals. Overall, this event was highly successful and highlighted the collective eagerness to bolster cybersecurity defences. 

Agenda of the meeting

The main objective of CYBERSPACE’s latest workshop was to bring awareness to some of the most pressing cybersecurity challenges faced by organisations in this day and age. 

On the agenda were the following topics:

  • Results of the Before-Study (study conducted by Privanova to identify the current state of cybercrime awareness)
  • Knowledge Hub focus topics:
    • Insider Threats
    • BEC Attacks
    • Ransomware Attacks
  • Where to Report Cybercrime: case study France
  • AI solutions for countering cybercrime

These topics were presented by seven speakers, some of which being consortium partners of the CYBERSPACE project. The insights gained from these presentations underscored the importance of continuous learning and adaptation in the field of cybersecurity. 

Below, you may find additional information on the topics presented during this workshop. We hope that sharing this information further helps organisations to navigate and mitigate the complexities of today’s cyber threats. 

Results of the Before-Study

As part of the CYBERSPACE project’s objectives, a study was conducted by Privanova to identify the current state of cybercrime awareness. The aim of the study was to (i) evaluate cybercrime reporting understanding, (ii) spotlight misconceptions and knowledge gaps, and (iii) highlight training improvement area. 

The study drew on a diverse group of participants, cutting across various sectors, organizational roles and geographies. In total, 55 participants were involved in the study. Nevertheless, the vast majority (66%) of entries were from private organizations, with the IT sector being prominently represented. 15 questions were asked to gauge awareness. Findings revealed a cybersecurity community that is engaged but seeks deeper, more actionable knowledge. Indeed, the demand for clear, concise information on cybercrime reporting and threat mitigation is evident across all sectors and roles.

Knowledge Hub – Focus topics

In February 2024, we launched a brand-new Cybercrime Knowledge Hub on our project website: https://cyberspaceproject.eu/cybercrime-knowledge-hub/. Our Knowledge Hub offers a wealth of resources and insights 📖 , designed to empower professionals and businesses in navigating the complex realm of cyber threats 🌐 . 

The following focus topics were presented during the workshop:

  • Insider Threats, by Michael O’Callaghan (UCD)
  • BEC Attacks, by Carlos Urquizo (ERTZAINTZA)
  • Ransomware Attacks, by Police Captain Katerina Triantafyllopoulou and Police Captain Theodoris Anatolitis (Hellenic Police)

To read about these focus topics, explore our Hub!

Where to Report Cybercrime: case study France

Upon conducting research into cybercrime reporting in the EU, partners of the CYBERSPACE project uncovered that no comprehensive platform providing useful links to report cybercrimes per EU country exists. And, while Europol does indeed have a reporting page with includes the reporting websites of each EU country, when clicking on a specific country it merely redirects to the police authority webpage.

To address this gap, we conducted intensive research on where to report specific cybercrimes in each EU country. With the data gathered, we created a subpage on our project website. Our aim is to provide guidance on where to report online crimes such as scams, fraud, phishing, hacking or data breaches in an efficient manner and to the right authorities. Indeed, depending on the type of cybercrime you fall a victim of, you should contact the most relevant authority. For example, if an individual has lost money from its bank account due to a phishing attack, the first step would be to contact the bank directly, rather than report it to the police. 

So far, we have issued guidance for 6 EU countries: France, Germany, Greece, Ireland, Spain and Sweden.

Cybercrime reporting in France was used as a case study during the workshop. We notably explored the institutions which deal with cyberattacks in France. These include:

  • ANSSI: National authority on cybersecurity and cyber defence. It provides guidance on information system security and responds to cybersecurity threats.
  • TRACFIN: Service of the French Ministry of Finance tasked with fighting financial fraud, money laundering and terrorist financing.
  • NCB: Acts as a liaison between the French Police and other countries’ law enforcement agencies through Interpol.
  • The French National Police

For further information on cybercrime reporting in the EU, please check our subpage: https://cyberspaceproject.eu/cybercrime-reporting-in-the-eu/.

AI solutions for countering cybercrime

The last topic explored during our workshop was “AI solutions for countering cybercrime” and was presented by Professor Roger Sanz González from UI1 University R&D. Focus was particularly given to the evolution of AI-powered cybercrime activities. An impressive presentation of the AI-based tools for countering cybercrime was also conducted, followed by the various concerns regarding such AI solutions.

The following concerns were listed by the presenter:

  • Problem of the debate focused on use of AI (risks in use is only one small piece of AI technological risks)
  • Ethics, integrity of algorithms, observability, integrity of output-input information, auditability, accountability do not really mean acceptable security of the ecosystem where it is developed.
  • AI Solutions should be very “human centered”. No regulation prevents an attack.
  • Data Science teams are focused on the objective and not the process.
  • AI SDLC practices are still in their infancy.
  • Vulnerabilities are being discovered through “pentest hits” and CTFs. Anonymization is not enough.

AI solutions security gaps and needs were also explored in the later part of the presentation.

Stay Informed!!

Our CYBERSPACE “Enhancing Cyber Resilience” workshop was a great success and we would like to extend once more our heartfelt thanks to all the participants, speakers, and organizers. Insights gathered during the workshop are invaluable and will be used to further shape our efforts in the project. 

For those interested in knowing more about our recent events, news and updates, follow the CYBERSPACE project on LinkedIn!

Authors: Trilateral Research & Privanova