CYEN: THE POWER OF BEING PREPARED

CYEN: THE POWER OF BEING PREPARED

Sat, 05/28/2022 - 20:23

Iva Tasheva, co-founder and cybersecurity lead, on how to help SMEs thrive in the digital world

Iva Tasheva Cyen
Iva Tasheva, co-founder of CyEn

When Iva Tasheva co-founded CyEn, a family owned micro-consultancy in Brussels, in 2018, she had a clear vision for the future. As the company's cybersecurity lead, she would help public and private organisations manage cybersecurity governance, risk and compliance (GRC). She was more than prepared for this responsibility. Her previous experience covers work in public, digital, transport, banking, medical devices and non-profit sectors. She is also a certified ISO 27001 Lead Implementer and ISO 27799 Lead Manager.

Besides her work for CyEn, Iva Tasheva is a member of the EU Cybersecurity Agency (ENISA) Ad-Hoc Working Groups on Enterprise Security and on Cloud Services, adviser to Obelis (representation of non-EU based manufacturers in a successful EU market entry), a board member of the DPO Circle (community of GDPR and data security professionals) and an adviser to SANA (the South African Norwegian Association).

What are the most common misunderstandings that SMEs have about cybersecurity?

Many SMEs believe that they are not of interest to cybercriminals. Indeed, the costs of cybersecurity and the loss after a cyber incident vary. But no one is "vaccinated" against a cyber virus. If you are online, you are visible to cybercriminals. And cybercrime is similar to traditional crime: you have "pickpockets" who steal indiscriminately and look for easy targets, and "mafia" going for the big targets with novel types of attacks.

What is the biggest threat that SMEs face?

According to CybSafe, human error caused about 90% of data breaches in 2019. In 2017 and 2018 it was 61% and 87% respectively. In 2020, this trend was aggravated by the fast digitalisation and home working during lockdowns, with little or no cybersecurity awareness or training for employees.

In 2021, according to ENISA, the biggest SME threats remain phishing, web-based attacks and malware. Botnet attacks also remain a significant problem for Bulgaria and will be a growing threat for Europe. By 2025, according to Statista, there will be 4.3 billion IoT devices in Europe. If not secure, they could all be used in a massive botnet attack on any business. There are also other methods of attacks and the landscape constantly evolves.

SMEs need to understand that attackers are interested in their business and data: corporate and trade secrets, infrastructure and user data, financial information.

How taking care of their cybersecurity can benefit SME operations?

Cybersecurity creates competitiveness and is needed for partnerships. SMEs may lose their edge when striking big partnerships without a commitment to cybersecurity, due to security concerns. Studies show that users can abandon a company or a product because of loss of trust. On the other hand, companies committing to security and properly communicating it have an advantage for both business and private clients.

Cybersecurity also contributes to better predictability and reduced costs. Factoring information security risks in business decisions improves predictability and supports better-informed decisions.

Cybersecurity is also becoming a condition to access the EU market. This year, the European Commission adopted a Delegated Act under the Radio Equipment Directive, introducing cybersecurity and privacy rules for connected devices to access the EU market. This autumn, we expect the Cyber Resilience Act that will revolutionise the EU cybersecurity framework and introduce minimum security requirements for all products, services and processes delivered in the EU.

The EU is reviewing its first cybersecurity law (NIS Directive) for increasing the security level of the critical and digital infrastructure. The version to be adopted this year includes more specific rules and broader scope of applicability. The GDPR also includes adequate data security requirements.

Finally, in addition to focus on recognising industry standards, such as ISO27k series, the EU is building its cybersecurity certification frameworks to help companies demonstrate compliance and security commitment. I am supporting ENISA in finalising the soon-to-be adopted EU Cloud Services Certification framework (EUCS). There is also the EUCC – for trust services, and the 5G certification scheme is in the making. These schemes will facilitate compliance across the EU and provide legal certainty for companies placing products or services in the EU market.

What about the costs? Is it too expensive for SMEs to take proper care of their cybersecurity?

Like any improvement, cybersecurity requires a certain financial investment, but above all, it requires a lot of willingness and time.

To know where to invest, SMEs need to identify, assess and manage their cybersecurity risks. This will allow them to focus the investment where it matters most and accept the cybersecurity weaknesses that do not pose a significant risk to their business. Risk mitigating measures vary in impact and cost.

A likely risk is linked to a human error. To mitigate it, you need a good level of employees' awareness. Business owners should invest in training and awareness programmes, regularly informing employees of the threats and empowering them to protect the organisation. Sharing sectorial cybersecurity alerts, launching phishing awareness campaigns, and purchasing cybersecurity awareness/training are low-budget but huge impact activities.

Finally, 80% of data breaches could be prevented with an MFA (multi-factor authentication). This is often a free security option in the products/services. Just use it; it's free! And if you are a developer/producer, make sure you assign the budget to implement MFA to enable a minimum level of security for your users.

What inspired you to create a special manual on the topic? What do you aim to achieve with it?

The initiative was launched and supported by the Bulgarian Member of the European Parliament, Ms Eva Maydell. I worked with her office for years as a stakeholder and then expert, helping design adequate security requirements in the EU legislation mentioned above. We both worked to ensure Europeans have the skills and knowledge to take advantage of digitalisation. I am also providing training to startups in the medical devices industry to help them improve product security and gain access to the EU market. So it was a natural continuation of this commitment to prepare and publish a free guide for the startups/SMEs in Bulgaria. Our objective was first to raise awareness of the threats and then provide a list of pragmatic organisational and technical measures to address the key challenges. We also review the regulatory framework and provide useful contacts and resources for further reading.

+32 493 405 612

iva.tasheva@CyEn.eu

www.CyEn.eu

Web Exclusive

Commenting on www.vagabond.bg

Vagabond Media Ltd requires you to submit a valid email to comment on www.vagabond.bg to secure that you are not a bot or a spammer. Learn more on how the company manages your personal information on our Privacy Policy. By filling the comment form you declare that you will not use www.vagabond.bg for the purpose of violating the laws of the Republic of Bulgaria. When commenting on www.vagabond.bg please observe some simple rules. You must avoid sexually explicit language and racist, vulgar, religiously intolerant or obscene comments aiming to insult Vagabond Media Ltd, other companies, countries, nationalities, confessions or authors of postings and/or other comments. Do not post spam. Write in English. Unsolicited commercial messages, obscene postings and personal attacks will be removed without notice. The comments will be moderated and may take some time to appear on www.vagabond.bg.

0 comments

Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.

Discover More

internatioal beauty conference bulgaria
THE FIRST INTERNATIONAL BEAUTY CONFERENCE IN BULGARIA BRINGS TOGETHER FAMED PROFESSIONALS AND LOCAL PRACTITIONERS
For the first time, Bulgaria will host a significant international event dedicated to the latest achievements in the beauty industry.

aestheline clinic dr ivan peev
AESTHELINE: MEDICINE HELPING BEAUTY
Few aesthetic clinics in Bulgaria can compare in their approach, professionalism and results with AestheLine. The medical professionals at the clinic for dermatology and laser treatment always put the patient first and apply a holistic approach.

Rumi Ilieva
RUMI COSMETICS: INTELLIGENT SOLUTIONS MADE IN BULGARIA
Rumi Cosmetics is a Bulgarian brand that impresses with both its goals and its ability to turn them into a reality: clean, effective cosmetics for ladies with high standards.

marko simeonov
AMATAS: A BULGARIAN PLAYER WITH GLOBAL AMBITION
AMATAS is one of the best examples that exciting things in cybersecurity can happen by Bulgarian initiative and on Bulgarian soil. Established in 2016, AMATAS is a part of Ocean Investments Group.

Albeba Amelia Hotel
ALBENA OPENS AMELIA, ITS FIRST THEMATIC 5-STARS HOTEL
Albena Resort has enriched its palette of 5-stars hotels with a new thematic hotel, Amelia, a part of the Deluxe & Lifestyle group.

kibersigurnost Kaloyan Vasilev
KIBERSIGURNOST: LACK OF RISK IS FREEDOM
Kaloyan Vasilev is more than a well-informed and interesting company on topics such as reliable protection on the Internet for individuals and corporate users alike.

evgeni sharkov and irina sharkova vderm
VDERM CLINIC: INNOVATION + PROFESSIONALISM = HARMONY
The clinic for aesthetics and plastic surgery VDerm is a preferred place to patients seeking better looks with the help of the latest effective technology, invasive and noninvasive procedures, applied by experienced professionals.

boyan antonov coherent solutions
COHERENT SOLUTIONS: PASSION FOR EXCELLENCE
As a leading global company in software development and consultancy, Coherent Solutions logically arrived on the Bulgarian market four years ago to make the most of the potential of local talents.

ninany cosmetics
NINANY COSMETICS: INSPIRED BY NATURE, CREATED BY SCIENCE, MADE WITH LOVE
Nina Antcheva, a chemical engineer, PhD, with many years of scientific experience in pharmaceutical chemistry and applied biochemistry, has created the boutique brand Ninany Cosmetics.

Lovech Zoo
60 YEARS LOVECH ZOO
It was established in the 1960s and is Bulgaria's largest in terms of area and number of animals, second only to Sofia's Zoo. Located at Stratesh Park, it covers an area of over 11 ha among a natural forest and well maintained meadows and alleys.

Atlantis aria
ATLANTIS / ARIA: AN APARTMENT WITH ITS OWN PRIVATE YARD
Apartments with a yard in Burgas with 2 bedrooms in a private gated complex

plamen toshev acronis
ACRONIS: THE FUTURE OF CYBERSECURITY
In the quickly moving field of cyberthreats and security, organizations and individuals need a partner who is not only fluent in dealing with the dangers of the current environment, but also able to sense how it will evolve and offer effective solutions.