The topic of this AmCham Business Breakfast that took place on February 22, 2017 was cybersecurity or cyber threats and threats coming from the world wide web.
The Minister of Public Administration of the Republic of Slovenia Boris Koprivnikar stressed that security is essential for business and for everyday life. He said that Slovenia is not facing cybersecurity threats at the moment but must not turn a blind eye to it because threats will come and that is why we need appropriate security mechanisms. The Minister said that »in cyber world, we must act in the same way as we do in real life. Therefore, the government’s goal is to inform and protect its citizens because an individual is the weakest link in the chain. We must put in place offices that will ensure the individual’s safety«. He also added that just as Switzerland is a synonym for banking, Slovenia could become a synonym for data security. »We should be a country that offers easily accessible but at the same time highly secured and protected data. We should aim towards being able to protect data and information, and to safeguard the content of this data at the same time«, explained the Minister about his plans and stressed that trust is of key importance. »Slovenia bears love in its name and with the right approach, we can also ignite love in cyberspace«, he added.
The first step in this direction was the establishing of the Office for the Protection of Classified Information led by Dobran Božič, who said that Slovenia’s goals are the proactive defense and protection of information and communication.
Branko Lobnikar, Chair of Policing and Security Studies and Vice Dean for Academic Affairs of the Faculty of Criminal Justice and Security Studies, warned that people only recognize real-world threats and forget about those in the cyberspace. It is worrying that one third of all world companies have become a target of the cyber criminal. That is why companies’ managers must be aware of such threats, says Lobnikar. He said that »cyber threats must not be underestimated and a top-down informing approach is necessary.« He also added that cybercrime and organized crime walk hand in hand because criminals feel safe on-line. »Cybersecurity is a new phenomenon; decades ago, we spoke about 17-year-old hackers. Today, these are older, well-educated people that see an opportunity to make money and join organized crime«.
Lobnikar also spoke about the ransomware programs installed on the victim’s device (computer, smartphone, tablet) that take data hostage and demand money from the victim. How to avoid this? »Encrypt your data, make backups and take care of your web hygiene«, cautioned Lobnikar.
Matjaž Kosem, IT Security Consultant, S&T, also spoke about web hygiene and emphasized that data containing personal information are those most vulnerable. »Today, the attackers focus on the end user and that is why we must constantly warn and educate users«, said Kosem and emphasized once more that cyber threats are the biggest danger for companies. »We have a model in place that is driving information security in companies and is called CIA – confidentiality, integrity, availability. If only one of these pillars weakens, we have a problem«, he added.
Gabriel Mihai Tanase, Director, IT & Cyber Security Services, KPMG, presented the so-called pen test, an authorized simulated attack on a computer system that exploits security weaknesses to access system characteristics and gain data. Kosem explained that the purpose of such penetration tests is to find holes in the security network before hackers do. He believes that a real pen test must be methodical, otherwise, it is not effective, and its executors extremely experienced. Each new device and application bring new problems and that is a window of opportunity for hackers.
How to set-up cybersecurity in companies? Uroš Majcen, Software Solutions Consultant, S&T, warned that cybersecurity must first have financial stability, and afterwards, three pillars must be put in place: the right people, the right processes and the right technology. Not every system is appropriate for every company; much too often we forget about checks and safety tests. »Regardless the size, every company needs a good security system«, warned Majcen.
Matej Kovačič, Jožef Stefan Institute, presented the security of mobile phones and said that it is relatively easy to breach a phone’s security since the current systems are old and thus easily breached.
During the Breakfast, we could see the demonstration of different system breaches – such as a computer camera breach, a CD-ROM security breach, as well as a Facebook account breach. This was demonstrated by an ethical hacker Grega Prešeren, S&T.