Vulnerabilities are weak points or flaws in information and communication technologies (ICT), including both equipment and services, that can be exploited by cyber threats. Exploiting these vulnerabilities can lead to significant disruption and damage to any organisation. Thus, adopting a preventive approach and promptly identifying and correcting these vulnerabilities are crucial to mitigating these risks.
Consequently, ongoing efforts to educate and empower citizens in cybersecurity, along with the political commitment of stakeholders and civil society, are vital for enhancing our society’s resilience and ability to manage and respond to the vulnerabilities present in the digital world.
This year’s 10th edition of the C-DAYS conference organised by our colleagues from the Portuguese National Cybersecurity Centre (CNCS) took place during 18-20 June 2024 in Coimbra at St. Francisco’s Convent on the theme of “+Prevention” to promote a space for discussion and reflection on major themes that concern, directly or indirectly, cyberspace security, from a strategic, operational and technical perspectives.
The conference brought together speakers from various fields—decision-makers, professionals, academics, students, and the general community—to discuss and promote reflection on topics such as society, economy, public policies, ethics and law, risks and conflicts, as well as innovation and future technologies as they apply to cyberspace.
Cecilia Popa participated as a Keynote Speaker on June 20th to present on the topic of “Level your skills UP”, highlighting the EU CyberNet’s skillset framework which forms the foundation of our Experts Pool deployed worlwide to build cyber capacity.
She also stated that EU CyberNet has just recently updated its skillset framework with 25 new skills to ensure the right expertise is available and ready to be deployed upon request by the Commission and other EU bodies. She also stressed that skills develop expertise, but expertise doesn’t simply emerge on its own: 1. it must be secured, 2. cultivated, and 3. nurtured. This principle applies not only to top-tier expertise, such as that found at the EU CyberNet, but also in everyday life and organisations: 1. you need competent people, 2. you need to provide ongoing training for them, and 3. you need effective retention strategies to keep them. But where do we start?
In the light of increasing cyber skills shortage, as indicated by the latest Eurobarometer, there is need for more cybersecurity specialists (45% of EU-based companies said that they have difficulties in finding qualified candidates in cybersecurity) as well as to promote skills and skillsets to better address cyber threats. This is actually closely related to a recent report by ENISA which highlighted that the cyber skills gap seems to be strongly linked to cyber threats, which poses a significant risk to the operation of network and information systems, as well as to the Single Market overall.
The Commission launched last year the Cybersecurity Skills Academy with the aim of enhancing collaboration between private and public initiatives at both European and national levels to address the needs and resilience of the cybersecurity labor market.
Additionally, the Commission has integrated the Women4Cyber Network into the Academy’s platform to actively combat gender-based stereotypes in cybersecurity. As Cecilia stressed, the gender balance aspect is also addressed by the EU CyberNet team to improve the current 20/80 ratio of females/male experts in the network, as good expertise knows no gender.
Since 2021, the Commission, in collaboration with Member States and private-sector partners, has invested a total of approximately €600 million in projects and initiatives supporting cyber skills, with further funding opportunity to being made available in the Autumn of 2024.
