How has the war in Ukraine affected the current digital security landscape? What are the biggest challenges companies face in terms of cybersecurity? How can you develop your digital resilience and awareness in 2022? These are some of the pressing issues discussed by experts at the annual ESET World conference in Malta. Read some of the highlights from the event and learn what the experts have to say.
How has digital security changed in 2022?
The situation in Ukraine has been one of the most prominent topics throughout the conference. ESET Chief Information Security Officer Daniel Chromek mentioned the war in Ukraine as a significant change to the IT risk landscape in 2022. Similarly, Juraj Malcho, ESET’s chief technology officer, began his interview with Global Cybersecurity Advisor Jake Moore by explaining: “[The war] ] is really on everyone’s mind. We often talk about the butterfly effect, as their movements ripple through space and influence something on the other side of the planet. You know, that’s a butterfly, but when you talk about the wings of fighter jets, those ripples are much stronger. And it’s apparent that these [ripple] effects are changing and influencing a lot in cyberspace too.” Many speakers mentioned that the conflict between Russia and Ukraine is not just physical, but also digital. How far the various influences from the war reach, or how the cyber threats related to the conflict develop, is still far from certain.
Apart from the adverse effects of the current political situation, there are also some positive changes taking place across many companies. Tony Anscombe, the chief security evangelist at ESET, spoke on the meaning of cyber-resilience. Is it just an undue advantage, an additional skill? Undoubtedly not. Being cyber-resilient means being able to continue doing business. Cyber-resilience is essential. And luckily, more and more companies are becoming aware of that.
“I have been in the industry for 25 years, and in the last 2.5 years, we have seen a monumental change in the cybersecurity industry, from being [something] backroom, or the guys down the hall, to being at the forefront of the business. We saw this with the pandemic, when we were all aware that cybersecurity actually enables businesses to continue, which was super important.”
Tony Anscombe, ESET Chief Security Evangelist |
Robert Heines, information security manager at Royal Swinkels Family Brewers, also suggested that digital security has become a more broadly acknowledged matter. When interviewed by Tony Anscombe, he stated: “I think the main change was that in the past, it was somebody else who was a target, who got hit, so people in the business heard about it and forgot about it. And now it’s gotten so close that it’s so often someone from your supply chain, [so] you realize the potential impact. All the things I want to do to improve cyber-resilience now get much more attention from the top of the company.”
Be prepared for the unexpected
So, what should you do to successfully face both lasting and new challenges? Most of the discussions that took place during the ESET World event emphasized the following: Be prepared for anything, even the unexpected. Even Chris Hadfield, former commander of the International Space Station and a distinguished guest of the conference, mentioned the necessity of being ready for anything: “Things always go wrong. I don’t even know why we call it “go wrong” – that’s just how things go.”
According to Jake Moore, being unprepared – or, rather, feeling like there is no need for any preparation – is a lasting problem among businesses of all sizes: “The amount of companies I speak to who say, ‘They’re not gonna attack us! Why would anyone go for us? We’re just small fry!’ At the same time, we’ve got big businesses saying, ‘Well, they’re not gonna go for us, we’ve got a huge IT team, they can’t come after us.’” Moore discourages businesses from believing in their own immunity – as we’ve seen in the past, these beliefs can easily prove to be false. So, if you’re seeking cyber-resilience, the first step is to stop believing that cyber threats don’t concern you – they do.
“Prepare for the worst; hope for the best. Expect the unexpected. […] No matter what size company you are, cyberattacks are increasing, they are excelling in persistence and sophistication (although some aren’t, obviously). It’s inevitable – they are coming and at least trying to attack you.”
Jake Moore, ESET Global Cybersecurity Advisor |
What to do – and what not to do
Once you’ve mentally prepared yourself for the fact that anything can happen in the world of digital security, and you have accepted that cyber threats may affect your own business, what are the first actions you can take to get closer to being cyber-resilient? Certainly, focus on developing a plan – and make sure that everyone is involved in it, knows what to do and can respond swiftly to any issues. Robert Heines warns people about seeing cybersecurity as a unilateral matter: “You certainly won’t achieve cyber-resilience if you are seeing ‘the cyber’ as an ‘IT thing’ – it has to be seen from the business perspective because otherwise it’s not gonna work. You won’t get all the effort out of the people you need. First of all, you need to get the business managers on your side, and then they will prioritize writing and exercising business continuity plans.”
Having a continuity plan is also the first thing recommended by Jake Moore when discussing the topic of achieving cyber-resilience. He also mentions the following actions one should take when aiming for digital security:
- Prepare a crisis scenario.
- Review third-party supply chain risks. You should protect your data and be aware of which external businesses/apps/programs handle your data as well.
- Monitor any suspicious digital behaviour.
- Include awareness training.
- Encourage secure passwords (or rather, passphrases) and employ an MFA solution.
- Update and patch all programs your business uses.
- Test your backup.
Believe in your team, and get prepared. During his speech at ESET World 2022, Chris Hadfield noted: “If you’re doing something complicated, then the things that happen are going to be complicated. And you are going to need all the expertise and trust that you can get in the team.” Even though this statement spoke to his experience of being in space, these words can be easily applied to digital security.