“War in Cyberspace – Business Destabilization, Data Leaks, Disinformation” is the first panel we did this year as part of Business Insider TRENDS 2022 – Cybersecurity. Mikołaj Kunica, Editor-in-Chief of Business Insider Polska, spoke with experts about the biggest challenges facing organizations today.
We started with ransomware and ransomware attacks. Let’s imagine that cybercriminals breach the security of our company, seize valuable and confidential employee and customer data. Then they send a ransom message: either we will donate 10 million PLN or confidential data will be made public online. How should we behave in such a situation? Bartosz Kozłowski, co-founder of Sagenso, immediately pointed out that ransomware attacks are a very difficult topic. “There has been a big shift in the motivation behind hacking over the past three years,” he said. – Today it seems like almost 90 percent. all cyberattacks aim to reap financial gain. The remaining attacks are political in nature or with the intent to steal, for example, the company’s intellectual property – he added Bartosz Kozłowski. The Sagenso expert then explained what ransomware attacks are and how we can protect ourselves against them.
Interestingly, during the debate we wondered if it was possible to catch a hacker. It turned out yes, and Marcin Kabaciński, director of PayPo security, even had two such cases in his professional career. – There was a physical capture of the hacker and an arrest – he started Marcin Kabacinski. – The first case dates back to 2011. A hacker broke into the database and stole the data. He was also sufficiently prepared that the hack was carried out from our client’s network – the expert said. This was to drop all suspicion on the company’s client. Shortly after, there was a ransom demand for the stolen data and its non-disclosure. – We started negotiations and reported it to the police. We went to the agreed place, with the ransom, and after a few minutes of conversation, four policemen entered – added Marcin Kabaciński.
In addition to the hacker arrest stories, which can be viewed in the full video, we also focused on disinformation. We wondered what to do in a situation where the purpose of an attack is to disseminate information defaming a certain entrepreneur or organization. It is also a cyberattack. So what are the exit routes? Or are we helpless? These questions were answered by Ireneusz Piecuch, lawyer and senior partner of DGTL. – The scale of manipulation that can be carried out in cyberspace is enormous. We already know that it is possible to influence not only the business, but also the elections – noted the expert. Then he explained how to protect yourself on the legal side. It just needs to be emphasized that we need to be able to identify the source of the attack.
The next topic was the issue of financial protection. In this case, Maciej Pawlak, director of the security and risk department of Tpay, was able to share specific recommendations. – Each of us already pays online, often on mobile. This is a very common process – he said. “And that means criminals want to take advantage of it as well,” he added. We could find out what creates threats and how to protect themselves, first of all, from the payer, i.e. a person who makes a payment for something, for example in an online store. Marek Smolik, CTO of ICsec, enriched the discussion with insights and advice on securing entire infrastructures in enterprises. – We should start with an audit and check what we have, what we protect and the importance of resources. What resources we want to protect and why – mentioned the representative of ICsec. – Later, you must also approach the selection of systems correctly, because otherwise we protect eg bank infrastructure and critical infrastructure.
See the full debate with all the advice and recommendations from security experts:
How to protect employee and company data
In the second debate, “Corporate and employee data has fallen into the wrong hands. Now what?” We talked about it, how to secure remote work, but also what cyber threats most often affect employees.
– The model in which companies operate has changed a lot, and the scope of different types of attacks is huge – noted editor-in-chief Mikołaj Kunica. One such attack is phishing, and Marek Szustak, an eSky cybersecurity expert, explained how to protect against it. ‘Such attacks usually boil down to persuading victims to divulge confidential data which will ultimately be used by criminals to break into a business,’ he said, explaining that this problem is largely solved nowadays. – 2FA technology comes to the rescue, i.e. two-factor authentication, preferably using a physical security key – added the expert from eSky.
Marek Psiuk, chief technology officer at No Fluff Jobs, added that he manages an IT team entirely remotely and identified the biggest problem in the entire security chain. “It’s a human factor, unfortunately,” he said. – Both in phishing and many other related attacks. Global industry reports show that 62 percent. all security incidents are caused by human fault – he added. Participants could learn how to raise awareness
When an attack occurs, businesses need to be prepared to respond appropriately and have a cyberattack plan in place sooner. – The organization’s biggest problem is that we only think about protection when violations occur – noted Michał Kibil, lawyer, senior partner of DGTL, adding that these are mainly companies from the SME sector. – If an attack occurs and we lose personal data, we have 72 hours to analyze what was stolen, to what extent, whether it was confidential data or not – he said. It should be added here that 72 hours. this is a legal matter – at this time we must inform PUODO, i.e. the Personal Data Protection Authority, of a possible event.
Rafał Barański, CEO of Braf.tech and experienced cybersecurity expert, shared best practices for securing the online store with the participants. Does such a company also need appropriate cybersecurity specialists, or is this an excessive cost? The Braf.tech representative replied that even individual companies should use appropriate cybersecurity solutions. – If we store data of our customers or employees, certain rules and safeguards apply to us. Next, Rafał Barański listed several valuable security solutions, the implementation of which does not involve high costs at all.
See the full debate with all the advice and recommendations from security experts:
Every organization, big or small, must assess the risks and try to minimize them. Once we read the debates and all the expert advice, we’ll know what to do – and why – for a high level of security.
The article was written as part of the Business Insider TRENDS 2022 platform, where we discuss and analyze the most important trends at the interface between business and technology. See more cybersecurity posts and register now for free for more events under BI TRENDS. On June 2, we will focus on cloud, artificial intelligence and machine learning. Join, watch live and engage in discussions with other industry experts and representatives.