After the success of the first edition of Sofia CyberSec, the next event is about to take place on 24 March, again in Sofia Tech Park. The conference will attract major cybersecurity solution providers, with a focus mainly on cybersecurity technologies. Sofia CyberSec 2020 gathers experts, but also a broader audience, interested in the latest developments in information security and protection. The ambition of the organizers – Digital National Alliance, Economy Magazine and the economic portal economic.bg – is to make Sofia CyberSec a forum for thinking people concerned about a more secure future in the age of the accelerating digitalization.
Mr. Stamenov, what could be a good start of our conversation about cybersecurity?
The dynamics of the changing technologies. They are developing increasingly faster, more and more devices are being digitalized and controlled remotely, and thus, the threats also increase – for our data, for our personal space, for our physical security.
In order to have a good starting point, let’s clarify what cybersecurity is…
This is the protection of electronic systems, applications and the data they contain. And I recall right away two big security breakthroughs. One of them is the data leakage of hundreds of thousands of citizens from the National Revenue Agency. But let us also remember the discontinuation of the online services of the Commercial Register, which is also a cybersecurity problem.
The topic is getting more and more relevant. Why? And for whom?
If we say cybersecurity exists to protect against cybercrime, we will be very close to the truth. And the problem with cybercrime is huge. Because this type of crime can be extremely lucrative, hard to prove and without physical boundaries. This motivates groups of people to invest more and more resources in new methods for cybersecurity attacks, against which we are still fighting more with personal resources than with public ones.
What does your experience show - who leaves the door open for online attacks?
People. We do. With software design flaws and with our behaviour or trustfulness. We receive an email from a friend about a topic of interest, which has a link to somewhere in the online space, or an attachment – we click, and the break-in is a fact.
Can you tell us about some of the biggest break-ins in information security, which you believe can now be included in textbooks.
The hacking attack on Belgacom in 2013. The Belgian telecom has millions of clients in the country, but also a number of service users in the European Union because of Brussels’ role in the Community. The break-in was made in an extremely complex way and made it possible to track the communications of an unknown number of people. But the most shocking thing in this story is that it was carried out by the British secret services. This is the first ever known case of a country that attacks a company of a friendly, allied country.
What are the latest challenges that businesses and organizations face?
Perhaps the biggest challenge is the increasing need for more and more software and automation of production and processes. Digitalization also leads to risks of cyberthreats. For every innovation we need to ask the question of how it is secured.
What should every consumer and every business do in the name of their security – what are some of the “alphabetical truths” of today?
Perhaps the most important thing is to realize that we are all in danger. The argument of “who is going to attack us, we are so small and insignificant” has long been disproved. The threat is real and applies to all of us. We are now being attacked by machines that automatically scan virtual spaces for vulnerabilities and can take control over any machine that has weaknesses. Every business needs to make cybersecurity a priority.
How does the state react with respect to the security of information arrays that are under the care of one or another state or municipal institution?
There is a cybersecurity minister in Japan, and an e-government minister in Greece. Although the Cyber Security Act was drafted in the mandate of the previous government, the Regulation on Minimum Network and Information Security Requirements entered into force shortly after the break-in in the NRA information systems. In order not to go after the events, it is necessary to clearly delegate the responsibilities for the protection of public data and services.
Cybersecurity is becoming an ever larger business. We have seen Charlie Chaplin’s movie “The Kid”, in which the child breaks the windows and then his father fixes them...
Yes, we also know the tale of the broken roof-tile, changed by the roof-tiler’s son, who learned the craft from his father, but didn’t learn that if he repaired all the tiles, he won’t be called out next year. However, here we have the typical race of the good and the bad. The bad ones come up with new and new ways to make money, while the good ones go after them and find ways to prevent and protect.
Will the emergence of artificial intelligence make the battle for security even more uneven?
Maybe more unequal, but in our favour. There are already solutions that “learn” how resources are used and are able to spot anomalies most likely caused by a break-in in the organization’s systems. It is precisely artificial intelligence that can give a head start of the good over the bad.
What is the strength of CLICO Bulgaria?
We have the knowledge and competencies for all basic methods for protecting organizations. Being part of an international distribution network and working with companies that are leaders in cyber defence and prevention technologies – we are the first to know about the latest threats and methods of protection. Our challenge is to communicate these trends through our partners in organizations that need to improve their security.
Your short message that you would like to reach everyone?
Take time on your calendar each month to talk or think about cybersecurity. Recall the break-ins you know and ask yourself “What have we done to protect ourselves from this?”
In what way would Sofia CyberSec 2020 be useful?
We will show at the conference what the latest dangers and what the methods of prevention and protection are. This may be your time taken from your calendar on the topic of cybersecurity.