Yasen Tanev is a cybersecurity expert. He is currently the Country manager for Bulgaria of the Italian company for ICT products and services Zuccetti. Founder of Safer.bg - a digital community center platform for cybersecurity. He is the chairman of the Bulgarian Association for Business Software Development, a member of BIA.
Cybersecurity is a constant competition between technology and its users, on the one hand, and those organizations and individuals aiming to exploit weaknesses in it and people to access data, block services, or cause reputational damage on the other.
Digitalization is connected to the funds and time invested by business organizations in software, management systems, network equipment and customer relationship management. These investments are directly related to production optimization processes and lead to increased efficiency, revenue and competitiveness in organizations using modern digital technologies.
Digitalization is also associated with technological euphoria, the appeal of grant schemes and the sprint to markets and innovation. This galloping reality has the effect of losing the sense of reality and being unable to identify the changes happening beyond the horizon of their business.
Out there in the dark side of the digital world, the landscape has already changed and reorganized, highly motivated to attack valuable digital assets and profit from it. Cybercriminals are no longer limited to individual hackers known by mythical names (Scorpio, MafiaBoy, Gigabyte, etc.), fighting for their own causes and working for their own benefit. The new entities are well-ordered, with central funding. These are organizations using common information platforms for attack purposes, tools for distributed work and supported by artificial intelligence systems and self-learning behavioral models. Some of them are financed and supported by countries and their governments.
Reading these first lines, I hope you lift your head, try to look to the horizon and think about what comes next, realizing that our immune response to current and upcoming actions based on cyber attacks is weak and they will not spare anyone.
Small and medium-sized businesses, large enterprises, government departments, municipalities and public organizations, as well as the largest international business entities, will be the focus of the goals.
As technology advances, we will all be faster, more efficient, but also changed. Which means quite clearly that the current methods and controls applied to prevent breaches in information and cyber security will already be bypassed and obsolete in the coming months.
Because of this, we must learn to see beyond the event horizon.
And this task is one that government leaders, municipal administrations, business organizations, and every single technology-using team must recognize and put on their daily agendas.
The question I would like to ask you before you make your next investment in information and digital technology is:
"What is your willingness and need to accelerate digitalization in the next 3 to 5 years?"
and as soon as you answer the first question, you must answer the following:
"Do you have a clear enough idea of how investing in technology now could create cyber risks and complications in the future?"
To help you look beyond, to the not-so-distant year 2025, we can cite data on what companies operating in the Cyber Security and Data Protection sector expect. Because their research shows what will happen to their potential customers, i.e. you.
- Investments in data protection and cybercrime prevention and cybersecurity projects (consultants, equipment, commissioning and maintenance, as well as outsourcing services) – EUR 100 000 000 000.
- As of 2020, maintaining a trend of 15% annual growth in cybercrime-related losses, with global losses expected to reach EUR 10 500 000 000 000 000 000 in 2025.
- 85% of small and medium-sized organizations will have experienced an incident by the end of 2023 and will begin to invest in prevention and protection.
- By the end of the second quarter of 2022, globally, the open positions in the field of cybersecurity are for 3,500,000 employees, which is a stable trend and this is one of the areas where the shortage of specialists and their proven expertise through certification will be great.
Considering this picture of the business reality - the expected high risks and the lack of personnel, businesses and industries are turning to several approaches - transferring the risk through insurance or starting to create common resources on a cluster basis for the prevention of cybercrimes and cyber incidents through information sharing, a common strategy to train staff and achieve collective immunity with a clear understanding that supply chains should not be neglected.
This is also the place where BIA can support its members and together we can create a common strategy and strengthen our individual cyber security, through common actions in the direction of sustainable application of technologies. We can do this by looking ahead and beyond the event horizon together, anticipating threats, sharing risks and managing them together, building a zone of trust.
It's time to create our own risk identification and analysis program, role-specific staff training with an emphasis on cyber incident prevention leadership, and put in place a micro- and macro-level risk management process. And never stop accelerating, making the process of learning, analyzing and managing risks a natural protective reflex.
The analysis of technology and environment drew my attention to these three factors, which I would define as irrevocable and of global importance. Everyone will face them:
- Data platforms – information systems, websites, Internet of Things (IoT sensors), search engines and social networks, even your personal phone and vacation photos or your location. Systems are hungry for data and aggregate more and more information, reaching 1.7 megabytes (MB) per second on average per person of the planet's population. Much of this data is cloud-stored and accessed remotely or mobile. Data platforms and cloud services will be targeted. Rely on providers, but always consider how to keep that data encrypted and under your control, with off-the-grid backup. That's a good start.
- Hackers are no longer alone – organizations organized and supported by machine behavior models and artificial intelligence. Hacking is a multi-billion dollar business and it's being optimized. A new attack will be able to be planned and executed in hours and distributed among hundreds of performers supported by thousands of machines. Unsecured systems with missed updates, pirated software, phishing, phone scams or video simulation will attack people. Prepare and plan trainings and simulations. That's the only way you can protect yourself. And don't forget to backup your important data.
- State and EU over-regulation – new regulations such as GDPR, NIS, the Cyber Security Act, the Ordinance on Minimum Requirements for Network and Information Security, PCI DSS, etc. are a fact. But it is one thing to make a regulation, it is another to expect it to be implemented in the absence of knowledge, specialists, experience and a plan to identify and manage risk. And fines for breaching or failing to comply or failing to enforce the law can devastate sectors and individual companies. For this purpose, collective response and knowledge sharing are a salvation and an alternative. Communities need to start investing in guidance, training and implementation support, with sharing of good practice, but also serious and expert institutional pushback..
For each of these challenges it is appropriate to develop a separate topic to go into detail, but today it is important to notice them and think about them.
It is necessary to realize that your business is digitizing, but it must digitize smartly, with a clear understanding of what awaits it beyond the events of today and to lift your sight and look or predict what awaits you beyond the horizon.
Don't forget to answer the questions that are already yours:
"What is your willingness and need to accelerate digitalization in the next 3 to 5 years?"
"Do you have a clear enough idea of how investing in technology now could create cyber risks and complications in the future?"
See you before the horizon. But we are already looking beyond together.
