How has the war in Ukraine affected the current digital security landscape? What are the biggest challenges companies face in terms of cybersecurity? How can you develop your digital resilience and awareness in 2022? These are some of the pressing issues discussed by experts at the annual ESET World conference, held May 31-June 1, 2022, in Malta. Read some of the highlights from the event and learn what the experts have to say.
How has digital security changed in 2022?
The situation in Ukraine was one of the most prominent topics throughout the conference. ESET Chief Information Security Officer Daniel Chromek mentioned the war in Ukraine as a major change to the IT risk landscape in 2022. Similarly, Juraj Malcho, ESET’s chief technology officer, began his interview with Global Cybersecurity Advisor Jake Moore by explaining: “[The war] is really on everyone’s mind. Many times, we talk about the butterfly effect, as their movements ripple through space and influence something on the other side of the planet. You know, that’s a butterfly, but when you talk about the wings of fighter jets, those ripples are obviously much stronger. And it’s apparent that these [ripple] effects are changing and influencing a lot in cyberspace too.”
Many speakers mentioned that the conflict between Russia and Ukraine is not just physical, but also digital. How far the various influences from the war reach, or how the cyberthreats related to the conflict continue to develop, is still far from certain.
Apart from the negative effects of the current political situation, there are also some positive changes taking place across many companies. Tony Anscombe, chief security evangelist at ESET, spoke on the meaning of cyber resilience. He noted that many more organizations are building cyber resilience into their security strategies, as they realize it's a key factor in business continuity during and after a cyberattack.
“I have been in the industry for 25 years, and in the last 2.5 years we have seen a monumental change in the cybersecurity industry, from being [something] backroom, or the guys down the hall, to being at the forefront of the business. We saw this with the pandemic, when we were all aware that cybersecurity actually enables businesses to continue, which was super important.”
Tony Anscombe, ESET Chief Security Evangelist
Robert Heines, information security manager at Royal Swinkels Family Brewers, also suggested that digital security has become a more broadly acknowledged matter. When interviewed by Tony Anscombe, he stated: “I think the main change was that in the past, it was somebody else who was a target, so people in the business heard about it and forgot about it. And now it’s gotten so close that it’s so often someone from your supply chain, [so] you realize the potential impact. All the things I want to do to improve cyber resilience now get much more attention from the top of the company.”
Be prepared for the unexpected
So, what should you do to face both lasting and new challenges successfully? Most of the discussions that took place during the ESET World event emphasized the following: Be prepared for anything, even the unexpected. Even Chris Hadfield, former commander of the International Space Station and a distinguished guest of the conference, mentioned the necessity of being ready for anything: “Things always go wrong. I don’t even know why we call it “go wrong” – that’s just how things go.”
According to Jake Moore, being unprepared – or, rather, feeling like there is no need for any preparation – is a problem among businesses of all sizes: “A lot of companies say, ‘They’re not gonna attack us! Why would anyone go for us? We’re just small fry!’ At the same time, we’ve got big businesses saying, ‘Well, they’re not gonna go for us, we’ve got a huge IT team, they can’t come after us.' ” Moore discourages businesses from believing in their own immunity. If you’re building cyber resilience, the first step is to stop believing that cyberthreats don’t concern you – because they do.
“Prepare for the worst; hope for the best. Expect the unexpected. […] No matter what size company you are, cyberattacks are increasing, they are excelling in persistence and sophistication ... It’s inevitable – they are coming and at least trying to attack you.”
Jake Moore, ESET Global Cybersecurity Advisor
What to do – and what not to do
Once you’ve mentally prepared yourself for the fact that anything can happen in the world of digital security, and accepted that cyberthreats may affect your own business, how should you get started on cyber resilience? Certainly, focus on developing a plan – and make sure that everyone is involved in it, knows what to do and can respond swiftly to any issues. Robert Heines warns people about seeing cybersecurity as a unilateral matter: “You certainly won’t achieve cyber resilience if you are seeing ‘the cyber’ as an ‘IT thing’ – it has to be seen from the business perspective because otherwise, it’s not going to work. You won’t get all the effort out of the people you need. First of all, you need to get the business managers on your side, and then they will prioritize writing and exercising business continuity plans.”
Having a continuity plan is the first thing recommended by Jake Moore when discussing the topic of achieving cyber resilience. He also mentions the following actions one should take when aiming for digital security:
- Prepare a crisis scenario.
- Review third-party supply chain risks. You should protect your data and be aware of which external businesses/apps/programs handle your data as well.
- Monitor any suspicious digital behavior.
- Include awareness training for employees.
- Encourage secure passwords (or rather, passphrases) and employ an MFA solution.
- Update and patch all programs your business uses.
- Test your backup.
Believe in your team, and be prepared. During his speech at ESET World 2022, Chris Hadfield noted: “If you’re doing something complicated, then the things that happen are going to be complicated. And you are going to need all the expertise and trust that you can get in the team.”
Although this statement spoke to his experience of being in space, these words can be easily applied to digital security.