Vasil Velichkov, IT specialist and former e-governance adviser:
Technologies Give Opportunities to Malicious People
Sometimes huge resources are
invested in information security, and breakthroughs happen because of a person
who has not complied with the mandatory precautions
Mr. Velichkov, what is the
most important thing when it comes to cybersecurity?
Let’s not imagine only secret information centres. Cybersecurity concerns more and more aspects of our lives – from city and state management systems to our personal computer and phone, which often contain very sensitive information.
Cybersecurity concerns even
information that reaches the public...
That’s right. Recently, the German political elite was very embarrassed by personal information, which was published by a young man who had downloaded the data through the phones and the computers of politicians. Through hacking attacks with economic or political purposes, networks and computers of interesting subjects and institutions are compromised in order to take and publish documents that would cause a wide public response.
So, everyone who uses a
smart phone and a computer needs to know how to take care of their information
security. Why is this neglected?
The obligatory curriculum for students does not include training on cyber dangers and how to protect their personal information related to passwords and locations. And we are supposed to be a technically-savvy nation.
Should we leave the door
wide open to online attacks?
It’s a matter of national policy, but we are constantly putting out fires in Bulgaria. Legislative and executive authorities are not developing or implementing effective policies in this area. The case with the vignettes showed that the state cannot make electronic systems work, let alone protect them reliably. But more dangerous than the lack of measures could be provisions such as GDPR, inadequate to the practical realities. GDPR is an example of good intentions, but the road to hell is also paved with good intentions.
What should every user and
every business do for the sake of their security?
Everyone should make an effort to get informed on the subject. There are rules you need to follow to protect your personal data. Thus, the likelihood that a hacker can access something important through you is reduced. Use complex passwords and be always on the alert. I have well explained to my children how to protect themselves, but my little son gave a friend his password for a game. This friend played somewhere with other boys. One of them saw the password and then made purchases for BGN 2,000 because a credit card was attached to the account. There are many things one can do to reduce the risk. There is no perfect protection. Even the best specialists can be hacked, but as with physical security, simple measures can raise the level of protection.
Surprises in online space
are lurking everywhere, cybercriminals are creative. What should we do?
The matter is as complicated as the one with the phone scammers. They are able to make people do things that go against sound logic. Hackers also use psychological techniques. They send an email asking you to change your password in order to improve security. The email resembles the image of the organisation whose name they use, and that way, many voluntarily give out their password to hackers. Often, personal negligence opens the doors to hackers. People need to be better educated, in order not to trust any email that says it has been sent by an institution.
Cybersecurity is becoming an
ever larger business. We have seen Charlie Chaplin’s movie “The Kid”, in which
the child breaks the windows and then his father fixes them...
There are many companies now that develop information security solutions that use similar tactics. They create a problem that they themselves can solve. There are business models built on fear. There is no easy solution, and people have to think well from what and how to protect themselves. You should not invest recklessly. Expensive solutions are often bought, and employees continue to make the same basic mistakes. Sometimes a lot of money is invested in information security, and the breakthrough happens through a key person in the company, tricked to give their password for access.
What is the role of the
There are measures that the state should take to protect citizens’ sensitive information. Somebody decided that you can convert the paper vignette to an electronic one by typing the car number. Leave the door wide open in the middle of the field and wait for someone not to take advantage of it. However, I hope that the government will finally start developing an electronic identification system that will allow banks and institutions to introduce a more secure means of identification. It was delayed for more than two years, and the waiting continued. Cybersecurity affects the whole society; there are systems, which are vital to the lives of the population and which are left without good support of their information security.
Will the emergence of
artificial intelligence make the battle for security even more uneven?
The possibilities of artificial intelligence at the moment are greatly overestimated. After a while, we may face a scenario, such as the one in the movie Terminator. Machine self-learning can help hackers. Technologies give advantage to malicious people.
How would Sofia CyberSec 2019 be useful?
By saying things that may not sound good to politicians in Bulgaria and in the EU. We need neither sweet talk nor fears of hellish crises. First, however, the job of rescuing the drowning is the responsibility of the drowning themselves. People also have to put pressure on governments to take measures that are adequate to the ever-changing technological realities.
Ivan Dudin, Regional Director
Cybersecurity experts are
There are products that make
it possible, in case of collapse of information systems, as was the case with
the Commercial Register, for the work process to be restored in minutes
Mr. Dudin, who do you think
should be interested in cybersecurity?
Everyone. Everyone who has a phone in their hand,
has some contact with computers or any digital communication device. Because
cybersecurity refers to ensuring reliable and secure data transfer and storage.
And, usually, that data is important to us. Both as individuals, and as
How do we assess the risk
of cyberattacks and break-ins in our information security, of data leakage or
blocking of our systems and devices?
Unfortunately, in cybersecurity, the concept “over-protection” does not exist – it all depends on what we can afford because the value of data for the individual person is no less important than are corporative databases for the corporations.
Your universal formula for
how to ensure cyber security – from the individual to the large corporation?
For starters, we have to at least start doing
something about it. No matter how much we talk about it, surprisingly, most
people and companies do nothing in the hope that “this does not apply to me.”
Until the bad thing happens. And there are many simple things that cost almost
nothing, by which we can provide at least some degree of security.
In fact, can there be a
concept like “cyber security”, given that the virtual “weapon” is getting more
and more powerful, and cybercriminals are becoming more and more creative?
If we use military terminology, the whole history of
mankind is a string of such races – tanks have been invented, followed
immediately by anti-tank shells. I can certainly say that cybersecurity experts
are also no less ingenious and smart. It is a matter of proportion between the
attacking and defensive “weapons” and to what extent we all pay attention to
the importance of cybersecurity and protection. And we do not pay enough attention
– many people give a lot of money for the insurance of their old cars, but in
order to protect their more and more valuable data and information, they do
What would you say to all
large corporations, banks, countries that have allowed break-ins in their
To review their attitude towards cybersecurity, because
this is not a set of some programmes, but a systematic approach and right
And what about those who
have not yet fallen victims to such break-ins?
The same. It is good for everyone to know that if we
do nothing, we should not expect to be protected.
Talking about this, Acronis Bulgaria organizes Cyber protection Developer’s Conference that is held on January 30, 2019. The conference brings together world-class security experts from Google, VMware, Acronis, MariaDB, NGINX to review cyber threats and discuss best practices to protect data, applications, and systems. This is a unique opportunity to discuss the future of cyber protection.
What is the strength of
Acronis when it comes to cybersecurity?
Its strength is in how we treat cybersecurity – this
is a complex approach with unique technologies, applied with professionalism
What are some of the
biggest cybersecurity issues over the last four or five years that Acronis has
responded to with the development of new products?
There are many problems and respectively products,
but I would like to mention some that are getting more and more relevant. For
example, safe access to corporate resources from mobile devices. Everyone wants
to have access to everything and from everywhere. Nobody wants to wait anymore to
go to the office to check their email or look at the latest report, and in
turn, this leads to new risks. Also, reliable data storage and, more
importantly, the possibility for it to be quickly recovered in disastrous
crashes. Bad things happen, but the question is how fast we can restore the
working conditions. For example, what happened to the Commercial Register of
Bulgaria. If Acronis products were used, such as Acronis Disaster Recovery, it
would have been recovered in minutes, and probably no one would have known that
there was a collapse.
What is the key message
that is important for Acronis to be communicated from the platform of Sofia
Cyber Sec 2019?
Information and data are becoming more and more
important in our lives, and their security should be given the same priority.
Let’s be serious with the serious stuff.
Dr. Svetlin Nakov, co-founder of SoftUni:
There is no universal pill for overall digital health
Cybersecurity is the responsibility of all consumers, businesses, organizations, and everyone has to do their part.
Mr. Nakov, cybersecurity is becoming more and more important, but are we aware of what this term really means?
It’s doubtful that everyone understands it, although much has been said about it, from the personal cybersecurity of data to the cybersecurity of the state and the military. Perhaps one day the war will be on how the hackers on the one side will take over the other side’s equipment. It is a matter of balance to make things comfortable or secure - one of them should be sacrificed. If you want it to be easy, you take off your password. If you want it to be secure, you take precautions. But there are technological flaws that allow break-ins in companies. Cybersecurity issues also occur for the average consumer and small companies that have no resources to implement the good practices introduced in large corporations that have entire security departments.
Many believe that cybersecurity is something which concerns mostly big companies and public figures...
If you are just an ordinary person, you are not very interesting for the hackers. And the damages from a potential hacker attack would not be that big. The targets are usually the important people with position, power and money. They have to make more effort to protect themselves. But usually, until you are affected, you think that it only applies to others. There are simple steps - changing passwords, locking your phone, and not giving others access to your computer and your digital devices. There are encryption applications, there are other tools, but you have to decide that this is important for you and become interested. Most people are not particularly responsible, because they do not think there is a big risk for them. The bigger a business, the more security measures need to be taken.
We might be afraid of natural disasters and economic crises, and in the same way we might be afraid of cyber-attacks. Fear is diminishing when one becomes well-informed. In an organization, the technical representatives, responsible for cybersecurity, must be best informed. Their task is to assess the risks, the magnitude of potential destruction and to propose the measures. If the risk is low and the possible damages are minor, people usually take the risk. If the risk is high and the damages are significant, you need a proportionate protection. This is called risk modelling. Many companies are trying to sell products through fear - buy our new antivirus program because it's very scary out there without it. Yes, there are products that can help, but we can best help ourselves. There is no universal pill for overall digital health and cyber-health. If you do not treat your data and your digital assets responsibly, the risk of problems is very high.
In that case, how useful is it to attend a conference, such as Sofia Cyber Sec 2019?
At such events, one checks where they stand - they learn about certain types of threats, break-ins and novelties, people open their eyes to some problems, to which they will pay attention afterwards. In addition, networking is particularly valuable. It has happened to me to go to conferences and not get to the hall, unless I was a lecturer.
What is your key message as a lecturer on Cyber Sec 2019?
Everyone must realize that we live in the digital
age and one must make a smaller or a bigger effort to protect the security of their
data and digital assets. It is not right to expect only the bank to take care
of your security. They have to take care of their part, and you have to take
care of yours. Cybersecurity is the responsibility of all users, companies,
organizations, and everyone has to do their part.
What challenges does SoftUni face as a university that offers cybersecurity training?
Our job is to keep track of developments and to respond with appropriate training. In recent years, there hasn’t been much conceptually new things. There were viruses before, and there are now. And now, same as before, the safest way to break-in somewhere is through a person. The trainings follow the trend of changes. We do not train politicians and top managers, but we help people get qualified and get a job.
What potential do you see in cybersecurity as a business, offering solutions?
There are possibilities in this job, but it's not easy. The amount of knowledge that a security expert must possess exceeds the level that a system administrator or a programmer needs to have. The profession of information security expert is hard and, therefore, there is a shortage of such specialists. As in any profession which gets hype, there will be cheats and charlatans, fake trainings and certificates, there will be deception. Demand for skilled workforce will continue.
How do we recognize a good specialist?
The same way we recognize a good mechanic – it is a matter of the reputation of the person and the company, as well as customer references. Cybersecurity is a relatively new phenomenon that has recently gained momentum. Some people wait for the problem to happen, others just take the risk and live with it, but it is good to educate yourself in this area. The role of conferences like Cyber Sec 2019 is to draw the attention of the public to the fact that there is a potential problem and everyone can be affected.