CYEN: THE POWER OF BEING PREPARED

CYEN: THE POWER OF BEING PREPARED

Sat, 05/28/2022 - 20:23

Iva Tasheva, co-founder and cybersecurity lead, on how to help SMEs thrive in the digital world

Iva Tasheva Cyen
Iva Tasheva, co-founder of CyEn

When Iva Tasheva co-founded CyEn, a family owned micro-consultancy in Brussels, in 2018, she had a clear vision for the future. As the company's cybersecurity lead, she would help public and private organisations manage cybersecurity governance, risk and compliance (GRC). She was more than prepared for this responsibility. Her previous experience covers work in public, digital, transport, banking, medical devices and non-profit sectors. She is also a certified ISO 27001 Lead Implementer and ISO 27799 Lead Manager.

Besides her work for CyEn, Iva Tasheva is a member of the EU Cybersecurity Agency (ENISA) Ad-Hoc Working Groups on Enterprise Security and on Cloud Services, adviser to Obelis (representation of non-EU based manufacturers in a successful EU market entry), a board member of the DPO Circle (community of GDPR and data security professionals) and an adviser to SANA (the South African Norwegian Association).

What are the most common misunderstandings that SMEs have about cybersecurity?

Many SMEs believe that they are not of interest to cybercriminals. Indeed, the costs of cybersecurity and the loss after a cyber incident vary. But no one is "vaccinated" against a cyber virus. If you are online, you are visible to cybercriminals. And cybercrime is similar to traditional crime: you have "pickpockets" who steal indiscriminately and look for easy targets, and "mafia" going for the big targets with novel types of attacks.

What is the biggest threat that SMEs face?

According to CybSafe, human error caused about 90% of data breaches in 2019. In 2017 and 2018 it was 61% and 87% respectively. In 2020, this trend was aggravated by the fast digitalisation and home working during lockdowns, with little or no cybersecurity awareness or training for employees.

In 2021, according to ENISA, the biggest SME threats remain phishing, web-based attacks and malware. Botnet attacks also remain a significant problem for Bulgaria and will be a growing threat for Europe. By 2025, according to Statista, there will be 4.3 billion IoT devices in Europe. If not secure, they could all be used in a massive botnet attack on any business. There are also other methods of attacks and the landscape constantly evolves.

SMEs need to understand that attackers are interested in their business and data: corporate and trade secrets, infrastructure and user data, financial information.

How taking care of their cybersecurity can benefit SME operations?

Cybersecurity creates competitiveness and is needed for partnerships. SMEs may lose their edge when striking big partnerships without a commitment to cybersecurity, due to security concerns. Studies show that users can abandon a company or a product because of loss of trust. On the other hand, companies committing to security and properly communicating it have an advantage for both business and private clients.

Cybersecurity also contributes to better predictability and reduced costs. Factoring information security risks in business decisions improves predictability and supports better-informed decisions.

Cybersecurity is also becoming a condition to access the EU market. This year, the European Commission adopted a Delegated Act under the Radio Equipment Directive, introducing cybersecurity and privacy rules for connected devices to access the EU market. This autumn, we expect the Cyber Resilience Act that will revolutionise the EU cybersecurity framework and introduce minimum security requirements for all products, services and processes delivered in the EU.

The EU is reviewing its first cybersecurity law (NIS Directive) for increasing the security level of the critical and digital infrastructure. The version to be adopted this year includes more specific rules and broader scope of applicability. The GDPR also includes adequate data security requirements.

Finally, in addition to focus on recognising industry standards, such as ISO27k series, the EU is building its cybersecurity certification frameworks to help companies demonstrate compliance and security commitment. I am supporting ENISA in finalising the soon-to-be adopted EU Cloud Services Certification framework (EUCS). There is also the EUCC – for trust services, and the 5G certification scheme is in the making. These schemes will facilitate compliance across the EU and provide legal certainty for companies placing products or services in the EU market.

What about the costs? Is it too expensive for SMEs to take proper care of their cybersecurity?

Like any improvement, cybersecurity requires a certain financial investment, but above all, it requires a lot of willingness and time.

To know where to invest, SMEs need to identify, assess and manage their cybersecurity risks. This will allow them to focus the investment where it matters most and accept the cybersecurity weaknesses that do not pose a significant risk to their business. Risk mitigating measures vary in impact and cost.

A likely risk is linked to a human error. To mitigate it, you need a good level of employees' awareness. Business owners should invest in training and awareness programmes, regularly informing employees of the threats and empowering them to protect the organisation. Sharing sectorial cybersecurity alerts, launching phishing awareness campaigns, and purchasing cybersecurity awareness/training are low-budget but huge impact activities.

Finally, 80% of data breaches could be prevented with an MFA (multi-factor authentication). This is often a free security option in the products/services. Just use it; it's free! And if you are a developer/producer, make sure you assign the budget to implement MFA to enable a minimum level of security for your users.

What inspired you to create a special manual on the topic? What do you aim to achieve with it?

The initiative was launched and supported by the Bulgarian Member of the European Parliament, Ms Eva Maydell. I worked with her office for years as a stakeholder and then expert, helping design adequate security requirements in the EU legislation mentioned above. We both worked to ensure Europeans have the skills and knowledge to take advantage of digitalisation. I am also providing training to startups in the medical devices industry to help them improve product security and gain access to the EU market. So it was a natural continuation of this commitment to prepare and publish a free guide for the startups/SMEs in Bulgaria. Our objective was first to raise awareness of the threats and then provide a list of pragmatic organisational and technical measures to address the key challenges. We also review the regulatory framework and provide useful contacts and resources for further reading.

+32 493 405 612

iva.tasheva@CyEn.eu

www.CyEn.eu

Web Exclusive

Commenting on www.vagabond.bg

Vagabond Media Ltd requires you to submit a valid email to comment on www.vagabond.bg to secure that you are not a bot or a spammer. Learn more on how the company manages your personal information on our Privacy Policy. By filling the comment form you declare that you will not use www.vagabond.bg for the purpose of violating the laws of the Republic of Bulgaria. When commenting on www.vagabond.bg please observe some simple rules. You must avoid sexually explicit language and racist, vulgar, religiously intolerant or obscene comments aiming to insult Vagabond Media Ltd, other companies, countries, nationalities, confessions or authors of postings and/or other comments. Do not post spam. Write in English. Unsolicited commercial messages, obscene postings and personal attacks will be removed without notice. The comments will be moderated and may take some time to appear on www.vagabond.bg.

0 comments

Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.

Discover More

villa flavia hotel plovdiv
VILLA FLAVIA BOUTIQUE HOTEL: EXPERIENCE THE PAST. CELEBRATE THE FUTURE
Just a few steps away from the Main Pedestrian Street and right near Kapana Creative District, Old Plovdiv and the Ancient Theatre of Philippopolis.

Vi Group BG Ivelin Hristov
VI GROUP BG: FUTURE IS THE RIGHT DIRECTION
Hello, I am Ivelin Hristov, the founder and owner of Vi Group Bg property development and investment company, and I believe that the future is the right direction.

mutafchiyska dent
MUTAFCHIYSKA DENT: WHERE ONE IS WILLING TO VISIT THE DENTIST
Dr Bonka Mutafchiyska is the founder and owner of Mutafchiyska Dent dental clinic in Plovdiv. She is known not only for her impeccable professional reputation and years of practice, but also as being one of the city's most beloved and respected dentists.

belle estates nikolay kanev pavel petkov
BELLE ESTATES/ERA PREMIUM: AN EXCEPTIONAL HIGH-END PROPERTY COMPANY
When you want to invest in a high-end property in Bulgaria, or seek to buy one, Belle Estates/ERA Premium is the company that will help you to make the best choice.

valkrea.house mitko tsonev
VALKREA.HOUSE: INTELLIGENT HOMES FOR COMFORTABLE LIVING
The advantages of smart homes, offices and other buildings are not a novelty anymore. The integrated systems allow us to control the electricity, air conditining and ofther amenities, and to enjoy unprecedented comfort, secutiry and low utility bills.

Preventica
PREVENTICA CENTER: YOUR HEALTH IS IN YOUR HANDS
Imagine a future where you never get ill or sick, and live in perfect health year after year.

the top dental clinic
THE TOP DENTAL CENTER: PROFESSIONAL DENTAL CARE IN THE HEART OF EUROPE!
You are not alone. The dental professionals from Bulgaria, Israel and Turkey who created The Top Dental Center had the same dream, and turned it into a reality.

via dental dr viktoria aleksieva
VIA DENTAL STUDIO: CARE AND QUALITY FOR THE WHOLE FAMILY
Systematic prophylaxis is the key to good dental health. For more than 20 years Dr Viktoria Aleksieva has successfully applied this principle in her work with patients of all ages.

vaya estates tsvetomir partalozov
VAYA ESTATES: A DIFFERENT TYPE OF BROKERAGE
Established in 2018, Vaya Estates is a brokerage that since day one has strived to offer client-oriented type of service.

flip.bg
FLIP - THE NEW SMART WAY TO BUY AND SELL MOBILE DEVICES ONLINE
The company allows customers to easily, securely, quickly and safely sell and buy used smart mobile devices. Ivaylo Netsov, General Manager of Flip for Bulgaria, tells more.

Calinachi
CALINACHI: HIGH PRECISION BEAUTY CARE
Calinachi is a Bulgarian brand that skilfully manages to give them that, and much more.