This is what you need to know about Cybersecurity this year
October is European Cybersecurity Month. It has been projected that cybercrime damages will cost the world $6 trillion annually by 2021 – exponentially more than the damage inflicted from natural disasters in a year, and more profitable than the global trade of all major illegal drugs combined. Considering this, it is no wonder banks, tech companies, hospitals, government agencies and just about every other sector are investing in cybersecurity infrastructure to protect their business practices and the millions of customers that trust them with their data.
We wanted to hear what our experts have to say about the cybersecurity threats and challenges, and what advice do they give to all of us, so we organized an online panel. Our speakers were:
Senad Džananović (CISO @ Central Bank of Bosnia and Herzegovina | President at Association for Digital Transformation in BiH)
Zina Hadžiefendić (Head of IT Audit Department @ Federal Banking Agency - FBA)
Jasmin Azemović (CISO @ Mistral | Associate Professor | Microsoft MVP)
Nikola Kožuljević (Marketing Manager @ ThreatMark)
Loris Gutić (Corporate Security Manager)
Emin Hajdarević (As Panel moderator, he is our Alumni, member of Projects team and 5G enthusiast)
We summarized the most important lessons from the panel for you, but in case you missed it, you can still watch it from the video below. Here is what you need to know:
No system is ever 100% secure. Security is a process, not an end state.
All we can do is strive to have as high a percentage of security as possible, but no system will ever be absolutely secure and without any vulnerabilities. Security can be defined as the process of maintaining an acceptable level of perceived risk and no organization can be considered "secure" for any time beyond the last verification of adherence to its security policy.
Humans have been, remain, and will be the weakest link in the security chain.
We can change and improve all the policies we want, but the one thing we cannot do is change human DNA.
“Companies spend millions of dollars on firewalls, encryption, and secure access devices and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.”
- Kevin Mitnick (Convicted in the US for hacking large corporations, and current globally recognized security adviser)
The reasons are various: lack of communication, lack of resources, lack of time, lack of awareness, fatigue, stress, pressure, overconfidence… But the common denominator is always the impossibility of foreseeing and/or controlling how people react to certain things (email links, attachments, malicious advertising, etc.).
The coronavirus has accelerated the digitalization process by five to ten years.
The COVID-19 crisis has brought a sharp change in the way companies in all sectors and regions do business. During the pandemic, consumers have moved dramatically toward online channels, and companies and industries have responded in turn. Customers' rates of adoption of digital channels are years ahead of where they were when pre-COVID-19 surveys were conducted.
Many users use the same combination of username/password to access many online services.
Numerous data breaches are caused by one seemingly innocent common factor: computer and mobile device users reuse their passwords on multiple websites at an alarmingly high rate. In the event that a username/password combination on one service is compromised, there’s an excellent chance that the same information will give a malicious person access to other websites and services that are on their hit list.
Educating and raising awareness among people are some of the most important steps towards improving cybersecurity among individuals and companies.
Countless people who use the Internet are not aware of threats that cyberspace poses; therefore they may themselves be at risk, together with businesses and governmental assets and infrastructure. In view of this, there is a need for cybersecurity awareness and education initiatives that will promote users who are well versed in the risks associated with the Internet. This was one of the main reasons for conducting our panel discussion on this topic with some of our top cybersecurity experts.