Cyber in Spotlight
Well, we have all heard about deepfakes and how easy it is to create fake content using peoples’ voices and faces without their permissions. Trends like these trigger an important question: can we ever be safe? Also, how is cyber security affected in 2020? What can we expect in the future? Has the recent crisis changed things? We tried to answer these questions in one of our Startup Fair online sessions called “Cyber in spotlight” together with Farid Singh, Managing Director of CyberNorth, Kieren Lovell, Head of CERT Estonia and Joseph Carson, Chief Security Scientist & Advisory CISO Thycotic.
Let’s start with the trends. Kieren notes that quarantine became a favourable circumstance for hackers. They started using the COVID 19 crisis to “fish” personal or financial data – sometimes both. People who work at home are not in their comfort zone when talking about cyber security. Also, they are panicking because of the crisis. So, it gets easy to manipulate their fear by sending fake crisis-related e-mails. Kieren says it’s important for us to keep up and stay informed and stop clicking vague links in e-mails, even when panicking. During the quarantine, we have too many apps, so it’s easy to make a mistake. The main problem why this happens is because all our security systems are only helpful when you are at work, in your office. And the real question, surprisingly, Kieren says, is not how we adapt. We have to make sure that we know what service we can contact in case a cyber attack takes place. It’s a great problem for startups that don’t have an IT team because they can’t afford it.
Stealing data has also changed, Joseph Carson notes. There is a new ransom technique: where they make users’ data not only unavailable to people to whom it belongs, but it is also used as a threat and sabotage. Farid says there are two ways companies can deal with it: either stop working (which is usually not possible) and the other way could be that a professional IT specialist would scan every device in our home and evaluate all possible threats. But… where is the adequate line and what can we do? According to Kieren, it is extremely complicated to be fully safe. He remembers that 10 years ago as you started working for a company you would get your own computer and your own phone that had to be used for work purposes only. Now we have a bring-your-own-device culture that complicates it all. We check Facebook on our work computers, we check our work e-mail on our home devices. Another problem that Kieren sees is that some policies are becoming extremely strict, so cyber security becomes a document that nobody ever reads or… follows. Our recommendations should ENABLE people to use security system – we have to provide programs that are easy to access and use and also choose it accordingly to your organizations culture.
So, the main question is, what role can small startups play in this scary scenario? According to Joseph, firstly, the role of cyber security has changed a lot. Now it’s not only about implementing tools for safety. It’s about helping the employees to be successful at work. Cyber security was always built to be preventive. But there has to be a balance between taking a risk and being totally safe. We, startups, have to think about the human side, not only about creating a complicated, yet successful technology. We also need to create more fun and gamification, says Joseph. After all, technology was meant to make our life easier by working in the background and not overshadowing us. Kieren agrees that you have to keep it simple. Because the tools we have now are designed for IT professionals. It is essential to focus on a problem you have to solve and not on the need to create yet another app.
After “Startup Fair 2020” talk it became clear that cyber security is essential when talking about every brand and company. So, startups… maybe it’s your time to shine and bring some fresh ideas to the market of cyber security?