During the Economic Forum in Krynica a panel titled “Cyber security for Business – How to Protect Your Data?” took place. Experts stressed the significance of coordination between the private and public sectors, trust and constant enhancement of knowledge.
Currently storing and sending data in an electronic form is the order of the day. On the other hand, together with the increasing popularity and accessibility of the internet the number of cyber crimes is also growing. Therefore, cyber-security has become an issue, which requires innovative solutions and swift action. The participants of the panel tried to decide whether in a time of digitalization and computerization secure databases existed and how companies could improve security and protection of information.
New threats, new action
The discussion was moderated by Piret Pernik, research fellow at the International Centre for Defense and Security (ICDS). In her opinion the significance of the topic has been displayed by the recent theft of data of Instagram’s 6 million users. She reminded that the EU was aware of the threats and has already taken action.
Axel Petri, Senior Vice President Group Security Governance at Deutsche Telekom AG reminded that his company was present in 50 countries, including Poland. He enumerated the proposed countermeasures included in EU’s directives from 2013. However, he also added that the world has changed since then, so new regulations should be adopted. Software and equipment are still a problem. He said that courts and the police need to be engaged and have monitoring power. In his opinion the supervision over the network has to be limited to situations where it is truly necessary. “We should not open the back door for this type of actions too widely,” he stated.
He also said that actions and products should be certified and their providers should be obliged to update their products. He called for a dialogue with the society on cyber security and civil liberties. He reminded that recently German courts have repealed an act on cyber security. He stressed it was necessary that the society trusts newly introduced regulations in this respect. The German also added that all of the public and private entities should cooperate. “The cooperation between Poland and Germany on tracking cyber criminals is difficult,” he said.
Data and security
Günther Tschabuschnig, Chief Information Officer at the Austrian Central Institution for Meteorology and Geodynamics, pointed to the fact that it was necessary to ensure a proper protection of meteorological data. “The Institute checks whether a nuclear bomb trials have been conducted somewhere in the world. Weather forecasts for Fukushima are also prepared. They take into consideration radioactive fallout after the disaster,” he said. He added that in Austria there was a special cooperation platform for various sectors with respect to cyber security, norms and strategy and infrastructure development. “There is also a platform that encompasses all government systems, including the banking sector. Trust is very important. A year and a half ago cybercriminals hacked the company, we managed to limit the impact of the attack and quickly recover data thanks to cooperation, it also taught us new lessons for the future. Trust, transparency, cooperation are the three pillars of cyber security,” the Austrian concluded.
Ukraine: a testing ground for cyber security
Oleksiy Yankovskiy, President of ISACA Kyiv Chapter commented on the cyber attacks on Ukraine’s power grid in the past two years. In his opinion Ukraine is a testing ground for cyber criminals and cyber terrorism. He stressed that during the latest attacks there have been attempts at stealing millions of dollars from banks, while consumers were deprived of heat and energy during the winter. Returning to normal took two weeks, which increased costs. He also said that foreign governments were behind many of the attacks. His recommendations included the construction of a ‘fortresses’ in cyberspace, where the most important data will be kept and where theft risk will be maximally limited.
Stock market plummets after one entry
Krzysztof Gawkowski, Vice-President of the Democratic Left Alliance commented on the risks of attacks on political institutions and the voting system. He stressed that the significance of cyber attacks and information should not be underappreciated. To illustrate his point he talked about the hacking of AP’s twitter account during Barack Obama’s presidency. News broke out on the portal that Obama was assassinated. It was instantly denied, but the New York Stock Exchange dropped lower than during the 9/11 terror attacks. He stressed that a PwC report said that almost 90% of companies had to deal with various forms of cyber attacks. While a report by Ernst&Young said that 74% of the attacks occurs because the company’s systems have been infected by its employees, e.g. through their own memory sticks. The politician called for drafting suitable legislation to tackle the issues. “We should also start to coordinate at the EU level, which is currently not happening,” he said.
Jakub Syta, , Director of the Cyber security Department at Exatel said organization at companies was important. In his opinion, telecommunications is currently one of the most important areas in the economy, which needs to have a high standard of security of services for clients. “Attacks may be harmful for all users. We should think on what needs to be done on the inside and outside of an organization in cooperation with other companies,” he said. Syta believes 90% of cyber threats can be avoided. “This depends on the transparency of the organization, its action plan and on defining risk areas, which have to be monitored. The SOK service is an example here as it enables stable, constant monitoring and data analysis,” he said.
Cooperation in the EU
Ratislav Janota Chairman of the Cybersecurity Committee at the National Security Authority in Slovakia said there were three important groups: regulators, operators and users who should be responsible for their own data. He added that the EU forces member states to coordinate joint activities and adapt their domestic law to the EU’s fourth directive. It pertains to telecommunications, security of personal data, security of bank operations, which are mostly conducted online and constitute three quarters of all operations.
Grzegarz Bojar, Head of the IT Department at PSE said that the company believed control systems were the foundation.
“We are monitoring cooperation, we are reacting to actions and learning. Every person needs to continue to learn and be careful,” Bojar said. He added that regulations and recommendations were needed. The IT specialist believes there is much to be done in this regard. For instance, the USA continues to make these norms more strict. He stressed the importance of adhering to the norms at the EU level. Bojar reminded that Poland was working on a bill on cyber security. In his opinion, it should introduce a hierarchical system with a transparent responsibility and scope of activities. At the same time the document has to be in accordance with EU directives. Connections between equipment are risky. “Various complications occur, which needs to be fixed through certification requirements,” he said.