[Read more session reports and live updates from the 2nd Western Balkan Digital Summit]
Session moderator Mr Johan Hesse (Managing Director of secunet, International GmbH and Co KG) shared an update that the large global pharmaceutical company Bayer has just revealed it has been a victim of intrusion that, for a year, aimed at stealing intellectual property. With that example he reminded about the importance of cybersecurity as a rule in our cyberworld, in which decisions will increasingly be taken over by automated systems - like smart cars.
Ms Vilma Tomco (General Director of National Authority for Electronic Certification and Cyber Security (NAECCS) of Albania) informed that NAECCS is responsible for the security of trusted services, in particular e-transactions between citizens and public services which are run by two accredited companies. NAECCS has developed a list of critical infrastructures, including the private sector (banks, energy, etc.), has worked on increasing awareness of how young children can stay safe online, has initiated master’s programmes in cybersecurity in co-operation with universities, and has enhanced awareness of critical infrastructure operators to establish their sectoral CERT teams and create technical tools and capacities.
Mr Saša Mrdović (Associate Professor at the Faculty of Electrical Engineering, University of Sarajevo) warned that we may never have enough security professionals if safety measures by users (or rather netizens) are not in place to prevent incidents: the safest countries are not the ones with the most policemen, but those with the most decent citizens, he reminded. Asked to comment if artificial intelligence (AI) is of greater help to defenders or attackers, Mrdovic explained that the challenge is for defenders to defend all points, while attackers need to break just one. In that regard, AI, which mimics what humans do, recognises attacks faster and better than humans and thus helps defend more points. Reflecting on the use of open-source code, he noted that transparency can ensure there are no backdoors, and gave examples of cryptographic algorithms which are all transparent, but are nevertheless secure.
Ms Solza Kovachevska (State Advisor for Information Systems and Technologies at Ministry of Information Society and Administration of North Macedonia) updated the panel that the national cybersecurity capacity assessment has been conducted, and that the first national cybersecurity strategy and action plan have been adopted. Identified challenges include lack of resources, awareness, and security professionals. She underlined the importance of applying a human-centric approach as opposed to a machine-centric approach to cybersecurity. She also stressed that cybersecurity is a multidisciplinary area, inviting everyone to consider cybersecurity as part of their jobs.
Mr Milan Sekuloski (Senior Adviser at DCAF) emphasised the importance of public-private partnerships (PPP). As good practices from the region he presented the Petnica Cybersecurity Group, an informal group established and nurtured to discuss policies in Serbia, as well as a similar informal discussion group which is being established in Bosnia and Herzegovina. According to him, the public sector should look at how companies build capacities: by attracting the right people (particularly the young), retaining them through various stimuli which include opportunities for learning and advancing, and by promoting the right attitudes. While recognising advancement in establishing cybersecurity institutions across the region, he warned that this is a process that requires time to build capacities and establish networks of trust: the UK NCSC or German BSI were not built in years but decades, he reminded.
Ms Ilijana Vavan (Managing Director at Kaspersky Lab, Europe) informed that they discover over 360 000 new malware code every day, and over 80% are discovered and analysed by AI solutions. Since the cybersecurity industry has specific intelligence, knowledge and tools to analyse and address risks, they are a natural partner of public authorities. As a good example of a PPP she mentioned No More Ransom! In which the Netherlands, EuroPol, Kaspersky and others collaborate on intelligence and offer public tools for decrypting data locked by ransomware. Developing trust in technology companies, however, is a challenge, in particular in times of increased scrutiny such as in the case of Huawei, and that product transparency is important. In this regard, Kaspersky’s Global Transparency Centre, which opened in November 2018, offers its software code to third parties (clients, auditing companies, and partner governments) to examine that there are no backdoors. In addition, its main data centre has been moved to Switzerland, to ensure that client data is protected according to the highest standards.
Mr Nikola Mehandžić (Director Business Development at Mastercard) warned that cybercrime will double in the next five years and that the banking industry will remain a common target for criminals. Mastercard, a technology company running financial transactions, invests in solutions that are easy to use yet secure. This is possible thanks to security technologies such as identity check programmes, and tokenisation technology that replaces cards with alternative values that are harder to misuse. Additional efforts are put into preventative measures, including raising awareness, as through the Global Cyber Alliance which publishes free online guidelines and best practices for small and medium-sized enterprises (SMEs) to prevent fraud.
Hesse concluded in a positive manner, that various nations have taken huge steps in improving legal frameworks, trainings, and regional co-operation. He envisaged a brighter future thanks to AI, better awareness and behaviour of children, and increased security of the industry sector.
By Vladimir Radunović