CYEN: THE POWER OF BEING PREPARED

CYEN: THE POWER OF BEING PREPARED

Sat, 05/28/2022 - 20:23

Iva Tasheva, co-founder and cybersecurity lead, on how to help SMEs thrive in the digital world

Iva Tasheva Cyen
Iva Tasheva, co-founder of CyEn

When Iva Tasheva co-founded CyEn, a family owned micro-consultancy in Brussels, in 2018, she had a clear vision for the future. As the company's cybersecurity lead, she would help public and private organisations manage cybersecurity governance, risk and compliance (GRC). She was more than prepared for this responsibility. Her previous experience covers work in public, digital, transport, banking, medical devices and non-profit sectors. She is also a certified ISO 27001 Lead Implementer and ISO 27799 Lead Manager.

Besides her work for CyEn, Iva Tasheva is a member of the EU Cybersecurity Agency (ENISA) Ad-Hoc Working Groups on Enterprise Security and on Cloud Services, adviser to Obelis (representation of non-EU based manufacturers in a successful EU market entry), a board member of the DPO Circle (community of GDPR and data security professionals) and an adviser to SANA (the South African Norwegian Association).

What are the most common misunderstandings that SMEs have about cybersecurity?

Many SMEs believe that they are not of interest to cybercriminals. Indeed, the costs of cybersecurity and the loss after a cyber incident vary. But no one is "vaccinated" against a cyber virus. If you are online, you are visible to cybercriminals. And cybercrime is similar to traditional crime: you have "pickpockets" who steal indiscriminately and look for easy targets, and "mafia" going for the big targets with novel types of attacks.

What is the biggest threat that SMEs face?

According to CybSafe, human error caused about 90% of data breaches in 2019. In 2017 and 2018 it was 61% and 87% respectively. In 2020, this trend was aggravated by the fast digitalisation and home working during lockdowns, with little or no cybersecurity awareness or training for employees.

In 2021, according to ENISA, the biggest SME threats remain phishing, web-based attacks and malware. Botnet attacks also remain a significant problem for Bulgaria and will be a growing threat for Europe. By 2025, according to Statista, there will be 4.3 billion IoT devices in Europe. If not secure, they could all be used in a massive botnet attack on any business. There are also other methods of attacks and the landscape constantly evolves.

SMEs need to understand that attackers are interested in their business and data: corporate and trade secrets, infrastructure and user data, financial information.

How taking care of their cybersecurity can benefit SME operations?

Cybersecurity creates competitiveness and is needed for partnerships. SMEs may lose their edge when striking big partnerships without a commitment to cybersecurity, due to security concerns. Studies show that users can abandon a company or a product because of loss of trust. On the other hand, companies committing to security and properly communicating it have an advantage for both business and private clients.

Cybersecurity also contributes to better predictability and reduced costs. Factoring information security risks in business decisions improves predictability and supports better-informed decisions.

Cybersecurity is also becoming a condition to access the EU market. This year, the European Commission adopted a Delegated Act under the Radio Equipment Directive, introducing cybersecurity and privacy rules for connected devices to access the EU market. This autumn, we expect the Cyber Resilience Act that will revolutionise the EU cybersecurity framework and introduce minimum security requirements for all products, services and processes delivered in the EU.

The EU is reviewing its first cybersecurity law (NIS Directive) for increasing the security level of the critical and digital infrastructure. The version to be adopted this year includes more specific rules and broader scope of applicability. The GDPR also includes adequate data security requirements.

Finally, in addition to focus on recognising industry standards, such as ISO27k series, the EU is building its cybersecurity certification frameworks to help companies demonstrate compliance and security commitment. I am supporting ENISA in finalising the soon-to-be adopted EU Cloud Services Certification framework (EUCS). There is also the EUCC – for trust services, and the 5G certification scheme is in the making. These schemes will facilitate compliance across the EU and provide legal certainty for companies placing products or services in the EU market.

What about the costs? Is it too expensive for SMEs to take proper care of their cybersecurity?

Like any improvement, cybersecurity requires a certain financial investment, but above all, it requires a lot of willingness and time.

To know where to invest, SMEs need to identify, assess and manage their cybersecurity risks. This will allow them to focus the investment where it matters most and accept the cybersecurity weaknesses that do not pose a significant risk to their business. Risk mitigating measures vary in impact and cost.

A likely risk is linked to a human error. To mitigate it, you need a good level of employees' awareness. Business owners should invest in training and awareness programmes, regularly informing employees of the threats and empowering them to protect the organisation. Sharing sectorial cybersecurity alerts, launching phishing awareness campaigns, and purchasing cybersecurity awareness/training are low-budget but huge impact activities.

Finally, 80% of data breaches could be prevented with an MFA (multi-factor authentication). This is often a free security option in the products/services. Just use it; it's free! And if you are a developer/producer, make sure you assign the budget to implement MFA to enable a minimum level of security for your users.

What inspired you to create a special manual on the topic? What do you aim to achieve with it?

The initiative was launched and supported by the Bulgarian Member of the European Parliament, Ms Eva Maydell. I worked with her office for years as a stakeholder and then expert, helping design adequate security requirements in the EU legislation mentioned above. We both worked to ensure Europeans have the skills and knowledge to take advantage of digitalisation. I am also providing training to startups in the medical devices industry to help them improve product security and gain access to the EU market. So it was a natural continuation of this commitment to prepare and publish a free guide for the startups/SMEs in Bulgaria. Our objective was first to raise awareness of the threats and then provide a list of pragmatic organisational and technical measures to address the key challenges. We also review the regulatory framework and provide useful contacts and resources for further reading.

+32 493 405 612

iva.tasheva@CyEn.eu

www.CyEn.eu

Web Exclusive

Commenting on www.vagabond.bg

Vagabond Media Ltd requires you to submit a valid email to comment on www.vagabond.bg to secure that you are not a bot or a spammer. Learn more on how the company manages your personal information on our Privacy Policy. By filling the comment form you declare that you will not use www.vagabond.bg for the purpose of violating the laws of the Republic of Bulgaria. When commenting on www.vagabond.bg please observe some simple rules. You must avoid sexually explicit language and racist, vulgar, religiously intolerant or obscene comments aiming to insult Vagabond Media Ltd, other companies, countries, nationalities, confessions or authors of postings and/or other comments. Do not post spam. Write in English. Unsolicited commercial messages, obscene postings and personal attacks will be removed without notice. The comments will be moderated and may take some time to appear on www.vagabond.bg.

0 comments

Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.

Discover More

Physiotherapy Rusev
RUSEV PHYSIOTHERAPY: EFFECTIVE TREATMENT WITH A WIDE SPECTRUM OF MODERN THERAPIES
Its team is dedicated to the mission to help patients achieve their best physical condition with the help of the highest level of personalised care and technologies by the renowned manufacturer ZIMMER-GERMANY.

avis medica
AVIS MEDICA REHABILITATION HOSPITAL: BACK TO MOTION WITH ROBOTIC HELP
Located among a pleasant park, the beautifully restored building of the old school of Tuchenitsa village, near Pleven, looks like some charming hotel for connoisseurs of quiet relaxation. But inside it something more important takes place.

vozzi-trial-package-bg
VOZZi: SMART ROADSIDE ASSISTANCE
Digital transformation in our lives has found another, effective application - a smarter way to have roadside assistance in Bulgaria and abroad. To make the most of it, we only have to download the VOZZi app on our phone.

bey house air
BEY HOUSE: ULTIMATE LUXURY IN BULGARIA'S ROYAL CAPITAL
Visiting Veliko Tarnovo is a must for everyone in Bulgaria.

dr yovko chervenkov
DR YOVKO CHERVENKOV: THE LIGHTNESS THAT YOU DESERVE
When you have foot problems, Dr Yovko CherveNkov will help. He is a specialist who has been a part of the team of the national consultant in orthopedics and traumatology Professor Andrey Yotov, DSc, and Assistant Professor Dr Rumen Zlatev.

katarino spa experience
KATARINO SPA COMPLEX & ORBITA SPA HOTEL: WHERE YOU GO FOR A PERFECT VACATION
Inspired by nature, Katarino SPA Complex is one of the first modern SPA hotels in Bulgaria with excellent facilities for all-year-round tourism in the

Gama Organica
GAMA ORGANICA: CLEAN HOME, CLEAN NATURE
Gama Organica is a Bulgarian company dedicated to the mission to provide safe, holistic and nature-friendly cleaning products for our homes. Elitsa Boycheva, manager, elaborates.

liubomir and antonia chonos
KANAAL BAR: WHERE CRAFT BEER IS QUEEN
When the couple Antonia and Liubomir Chonos opened Sofia's first craft-beer place, in 2012, the very concept for artisanal brews was new to the local public. Not anymore.

Projectunderconstrcution_Bulgaria
NOMAD CABINS: TO PREFAB A DREAM
Many dream about a house close to nature. Nomad Cabins, an ambitious Bulgarian company, turns the dream into a reality with beautiful, comfortable and "green" pre-designed houses. Architect Nina Manchorova shares more.

Atlantis aria
ATLANTIS / ARIA: AN APARTMENT WITH ITS OWN PRIVATE YARD
Apartments with a yard in Burgas with 2 bedrooms in a private gated complex

ivana radomirova bulgarian brewers union
A FAVOURITE BEVERAGE FOR SOCIALISING
The Union of Brewers in Bulgaria was established in 1991. The organisation’s mission is to bring awareness about the good practices in the field, to promote beer as a drink and encourage its responsible consumption.

Vasil Petrov Kamenitza
VASIL PETROV, KAMENITZA: WE WORK FOR THE GOOD OF THE PEOPLE AND THE PLANET
The company is one of the biggest innovators in the beer industry and is always carefully tracking its positive impact on the business, communities and the environment.