Password: Cybersecurity

Computers, smart phones, digital devices, a conglomerate of users, a global network in which physical and digital reality mix together. Violations and crimes have also been transferred into the virtual reality by people with high technological culture. Worldwide and in Bulgaria, hacker attacks against users, businesses and institutions become more frequent. The damages from these raids become more and more gigantic. Is there a reliable defence?

Sofia Cyber Sec 2019

The Digital National Coalition and the economic portal Economic.bg organise a one-day international conference dedicated to cybersecurity. It is under the patronage of the European Commission and ENISA and will be held on 14th February 2019 in Sofia Tech Park. Among the topics are: How does the European Union and how do we ourselves deal with cybersecurity; What is the situation in the public sector? What will be the future of money and their security in the era of fintech; Cybersecurity at the advance of artificial intelligence; Student protection in the digital era and why cybersecurity should be included in the curriculum.

Sofia Cyber Sec 2019 is a place where knowledge and professionalism in cybersecurity will come together with people who need this competence. It will be a challenge for both the specialist and the average user to go deeper and see the growing dangers and learn to avoid them.

Good Protection

If you want any information to remain inaccessible, then there should be no possibility for it to be accessed through the Internet. But now almost everything is connected to the global network. For your convenience! Should we leave it behind? No, we just have to take care of security. Let’s not leave our digital devices in an unfenced yard and think that cyberattacks are something that affects only others. On the pages of Economy Magazine, we start a conversation with three specialists, who are key participants in the Sofia Cyber Sec 2019 conference. During the conference, the dialogue on dangers and protection will continue, you will learn information that can save you a lot of troubles but also a lot of resources. So, do not hesitate, buy tickets for the exciting Sofia Cyber Sec 2019 experience. Good information is part of the good “weapon” that can protect you.

Vasil Velichkov, IT specialist and former e-governance adviser:

Technologies Give Opportunities to Malicious People

Sometimes huge resources are invested in information security, and breakthroughs happen because of a person who has not complied with the mandatory precautions

Mr. Velichkov, what is the most important thing when it comes to cybersecurity?

Let’s not imagine only secret information centres. Cybersecurity concerns more and more aspects of our lives – from city and state management systems to our personal computer and phone, which often contain very sensitive information.

Cybersecurity concerns even information that reaches the public...

That’s right. Recently, the German political elite was very embarrassed by personal information, which was published by a young man who had downloaded the data through the phones and the computers of politicians. Through hacking attacks with economic or political purposes, networks and computers of interesting subjects and institutions are compromised in order to take and publish documents that would cause a wide public response.

So, everyone who uses a smart phone and a computer needs to know how to take care of their information security. Why is this neglected?

The obligatory curriculum for students does not include training on cyber dangers and how to protect their personal information related to passwords and locations. And we are supposed to be a technically-savvy nation.

Should we leave the door wide open to online attacks?

It’s a matter of national policy, but we are constantly putting out fires in Bulgaria. Legislative and executive authorities are not developing or implementing effective policies in this area. The case with the vignettes showed that the state cannot make electronic systems work, let alone protect them reliably. But more dangerous than the lack of measures could be provisions such as GDPR, inadequate to the practical realities. GDPR is an example of good intentions, but the road to hell is also paved with good intentions.

What should every user and every business do for the sake of their security?

Everyone should make an effort to get informed on the subject. There are rules you need to follow to protect your personal data. Thus, the likelihood that a hacker can access something important through you is reduced. Use complex passwords and be always on the alert. I have well explained to my children how to protect themselves, but my little son gave a friend his password for a game. This friend played somewhere with other boys. One of them saw the password and then made purchases for BGN 2,000 because a credit card was attached to the account. There are many things one can do to reduce the risk. There is no perfect protection. Even the best specialists can be hacked, but as with physical security, simple measures can raise the level of protection.

Surprises in online space are lurking everywhere, cybercriminals are creative. What should we do?

The matter is as complicated as the one with the phone scammers. They are able to make people do things that go against sound logic. Hackers also use psychological techniques. They send an email asking you to change your password in order to improve security. The email resembles the image of the organisation whose name they use, and that way, many voluntarily give out their password to hackers. Often, personal negligence opens the doors to hackers. People need to be better educated, in order not to trust any email that says it has been sent by an institution.

Cybersecurity is becoming an ever larger business. We have seen Charlie Chaplin’s movie “The Kid”, in which the child breaks the windows and then his father fixes them...

There are many companies now that develop information security solutions that use similar tactics. They create a problem that they themselves can solve. There are business models built on fear. There is no easy solution, and people have to think well from what and how to protect themselves. You should not invest recklessly. Expensive solutions are often bought, and employees continue to make the same basic mistakes. Sometimes a lot of money is invested in information security, and the breakthrough happens through a key person in the company, tricked to give their password for access.

What is the role of the state?

There are measures that the state should take to protect citizens’ sensitive information. Somebody decided that you can convert the paper vignette to an electronic one by typing the car number. Leave the door wide open in the middle of the field and wait for someone not to take advantage of it. However, I hope that the government will finally start developing an electronic identification system that will allow banks and institutions to introduce a more secure means of identification. It was delayed for more than two years, and the waiting continued. Cybersecurity affects the whole society; there are systems, which are vital to the lives of the population and which are left without good support of their information security.

Will the emergence of artificial intelligence make the battle for security even more uneven?

The possibilities of artificial intelligence at the moment are greatly overestimated. After a while, we may face a scenario, such as the one in the movie Terminator. Machine self-learning can help hackers. Technologies give advantage to malicious people.

How would Sofia Cyber​Sec 2019 be useful?

By saying things that may not sound good to politicians in Bulgaria and in the EU. We need neither sweet talk nor fears of hellish crises. First, however, the job of rescuing the drowning is the responsibility of the drowning themselves. People also have to put pressure on governments to take measures that are adequate to the ever-changing technological realities.

Ivan Dudin, Regional Director of Acronis:

Cybersecurity experts are creative

There are products that make it possible, in case of collapse of information systems, as was the case with the Commercial Register, for the work process to be restored in minutes

Mr. Dudin, who do you think should be interested in cybersecurity?

Everyone. Everyone who has a phone in their hand, has some contact with computers or any digital communication device. Because cybersecurity refers to ensuring reliable and secure data transfer and storage. And, usually, that data is important to us. Both as individuals, and as businesses.

How do we assess the risk of cyberattacks and break-ins in our information security, of data leakage or blocking of our systems and devices?

Unfortunately, in cybersecurity, the concept “over-protection” does not exist – it all depends on what we can afford because the value of data for the individual person is no less important than are corporative databases for the corporations.  

Your universal formula for how to ensure cyber security – from the individual to the large corporation?

For starters, we have to at least start doing something about it. No matter how much we talk about it, surprisingly, most people and companies do nothing in the hope that “this does not apply to me.” Until the bad thing happens. And there are many simple things that cost almost nothing, by which we can provide at least some degree of security.

In fact, can there be a concept like “cyber security”, given that the virtual “weapon” is getting more and more powerful, and cybercriminals are becoming more and more creative?

If we use military terminology, the whole history of mankind is a string of such races – tanks have been invented, followed immediately by anti-tank shells. I can certainly say that cybersecurity experts are also no less ingenious and smart. It is a matter of proportion between the attacking and defensive “weapons” and to what extent we all pay attention to the importance of cybersecurity and protection. And we do not pay enough attention – many people give a lot of money for the insurance of their old cars, but in order to protect their more and more valuable data and information, they do absolutely nothing!   

What would you say to all large corporations, banks, countries that have allowed break-ins in their information security?

To review their attitude towards cybersecurity, because this is not a set of some programmes, but a systematic approach and right processes.

And what about those who have not yet fallen victims to such  break-ins?

The same. It is good for everyone to know that if we do nothing, we should not expect to be protected.

Talking about this, Acronis Bulgaria organizes Cyber protection Developer’s Conference that is held on January 30, 2019. The conference brings together world-class security experts from Google, VMware, Acronis, MariaDB, NGINX to review cyber threats and discuss best practices to protect data, applications, and systems. This is a unique opportunity to discuss the future of cyber protection. 

What is the strength of Acronis when it comes to cybersecurity?

Its strength is in how we treat cybersecurity – this is a complex approach with unique technologies, applied with professionalism bordering perfectionism.

What are some of the biggest cybersecurity issues over the last four or five years that Acronis has responded to with the development of new products?

There are many problems and respectively products, but I would like to mention some that are getting more and more relevant. For example, safe access to corporate resources from mobile devices. Everyone wants to have access to everything and from everywhere. Nobody wants to wait anymore to go to the office to check their email or look at the latest report, and in turn, this leads to new risks. Also, reliable data storage and, more importantly, the possibility for it to be quickly recovered in disastrous crashes. Bad things happen, but the question is how fast we can restore the working conditions. For example, what happened to the Commercial Register of Bulgaria. If Acronis products were used, such as Acronis Disaster Recovery, it would have been recovered in minutes, and probably no one would have known that there was a collapse.

What is the key message that is important for Acronis to be communicated from the platform of Sofia Cyber Sec 2019?

Information and data are becoming more and more important in our lives, and their security should be given the same priority. Let’s be serious with the serious stuff.

Dr. Svetlin Nakov, co-founder of SoftUni:

There is no universal pill for overall digital health

Cybersecurity is the responsibility of all consumers, businesses, organizations, and everyone has to do their part.

Mr. Nakov, cybersecurity is becoming more and more important, but are we aware of what this term really means?

It’s doubtful that everyone understands it, although much has been said about it, from the personal cybersecurity of data to the cybersecurity of the state and the military. Perhaps one day the war will be on how the hackers on the one side will take over the other side’s equipment. It is a matter of balance to make things comfortable or secure - one of them should be sacrificed. If you want it to be easy, you take off your password. If you want it to be secure, you take precautions. But there are technological flaws that allow break-ins in companies. Cybersecurity issues also occur for the average consumer and small companies that have no resources to implement the good practices introduced in large corporations that have entire security departments.

Many believe that cybersecurity is something which concerns mostly big companies and public figures...

If you are just an ordinary person, you are not very interesting for the hackers. And the damages from a potential hacker attack would not be that big. The targets are usually the important people with position, power and money. They have to make more effort to protect themselves. But usually, until you are affected, you think that it only applies to others. There are simple steps - changing passwords, locking your phone, and not giving others access to your computer and your digital devices. There are encryption applications, there are other tools, but you have to decide that this is important for you and become interested. Most people are not particularly responsible, because they do not think there is a big risk for them. The bigger a business, the more security measures need to be taken.

Some sell fear, others think they are immune to a break-in. What is the right approach in the digital era, in which cybersecurity is also a business?

We might be afraid of natural disasters and economic crises, and in the same way we might be afraid of cyber-attacks. Fear is diminishing when one becomes well-informed. In an organization, the technical representatives, responsible for cybersecurity, must be best informed. Their task is to assess the risks, the magnitude of potential destruction and to propose the measures. If the risk is low and the possible damages are minor, people usually take the risk. If the risk is high and the damages are significant, you need a proportionate protection. This is called risk modelling. Many companies are trying to sell products through fear - buy our new antivirus program because it's very scary out there without it. Yes, there are products that can help, but we can best help ourselves. There is no universal pill for overall digital health and cyber-health. If you do not treat your data and your digital assets responsibly, the risk of problems is very high.

In that case, how useful is it to attend a conference, such as Sofia Cyber Sec 2019?

At such events, one checks where they stand - they learn about certain types of threats, break-ins and novelties, people open their eyes to some problems, to which they will pay attention afterwards. In addition, networking is particularly valuable. It has happened to me to go to conferences and not get to the hall, unless I was a lecturer.

What is your key message as a lecturer on Cyber Sec 2019?

Everyone must realize that we live in the digital age and one must make a smaller or a bigger effort to protect the security of their data and digital assets. It is not right to expect only the bank to take care of your security. They have to take care of their part, and you have to take care of yours. Cybersecurity is the responsibility of all users, companies, organizations, and everyone has to do their part.

What challenges does SoftUni face as a university that offers cybersecurity training?

Our job is to keep track of developments and to respond with appropriate training. In recent years, there hasn’t been much conceptually new things. There were viruses before, and there are now. And now, same as before, the safest way to break-in somewhere is through a person. The trainings follow the trend of changes. We do not train politicians and top managers, but we help people get qualified and get a job.

What potential do you see in cybersecurity as a business, offering solutions?

There are possibilities in this job, but it's not easy. The amount of knowledge that a security expert must possess exceeds the level that a system administrator or a programmer needs to have. The profession of information security expert is hard and, therefore, there is a shortage of such specialists. As in any profession which gets hype, there will be cheats and charlatans, fake trainings and certificates, there will be deception. Demand for skilled workforce will continue.

How do we recognize a good specialist?

The same way we recognize a good mechanic – it is a matter of the reputation of the person and the company, as well as customer references. Cybersecurity is a relatively new phenomenon that has recently gained momentum. Some people wait for the problem to happen, others just take the risk and live with it, but it is good to educate yourself in this area. The role of conferences like Cyber Sec 2019 is to draw the attention of the public to the fact that there is a potential problem and everyone can be affected.