Yavor Kolev, Director IT and Cybersecurity at the insurance company, on the most common online threats and how to avoid them
When Lev Ins, Bulgaria's biggest insurance company, attracted Yavor Kolev as the director of its IT and Cybersecurity unit last year, the news was hard to ignore. Lev Ins is the first insurance company in Bulgaria offering cybersecurity insurance to companies and individuals in cooperation with Israeli organisations. Yavor Kolev is a household name for his decade-long service to Bulgaria as the head of the Cybercrime Unit at the General Direction Fight Against Organised Crime at the Interior Ministry.
Yavor Kolev started fighting high-tech crime more than 25 years ago. His main fields of operation were protection of intellectual property, exploitation of children, and national security threats. He and his team have partnered with international police organisations, such as Europol, Interpol and the FBI. When Yavor Kolev started the unit, in 2006, his team numbered 12 people. When he retired in 2021, the team had grown to over 40 employees. The number of the cases they have successfully investigated is truly impressive.
Now, as a part of Lev Ins, he is responsible for its IT structure and cybersecurity, development of new products and promoting the Protect the Child on the Internet initiative.
How do you feel as a part of the private sector?
Working in the police is a never ending job, like being constantly at war. After so many years there, I was feeling that the work was wearing me down. When I had the opportunity to retire, I decided to leave the police and do something less stressful.
But working in the private sector is just as stressful as working in the police. Besides, I am not only in Lev Ins. I also work on business digital transformation projects at the Union for Private Economic Enterprise and teach cybercrime in the National Security programme at the Plovdiv University.
Yet again, I am living fast. It is challenging, but also keeps me full of energy.
What attracted you to Lev Ins?
This is Bulgaria's largest insurance company and the only one offering cyber insurance. It also allows clients to be proactive and protect their data before a breach occurs. We have 2 security operational centres, in Bulgaria and Israel. During an attack or an incident they take action and recover our clients' damaged infrastructure.
I would strongly recommend Bulgarian companies to not neglect their cyber protection. I have seen so many businesses go bust because they have made this mistake. Companies should pay as much attention to protecting their cyber security as they do to protect their physical assets, if they want to stay afloat.
Which are the most common cyber dangers to businesses?
In the past 3 years, Business Email Compromise (BEC) attacks have become the most popular ones. In them, the hacker secretly intercepts the communication chain between companies and at a certain point changes bank accounts to steal money.
Ransomware attacks is another popular crime, particularly during the pandemic and now with the war in Ukraine. As Russia is now under international sanctions, blackmailing governments and big companies to pay for stolen data, for example, is becoming a way to obtain much needed money.
As the recent hacking of the Bulgarian postal services shows, a cyber attack can ruin a whole organisation. Now the Bulgarian government is working towards restoring the operations of the postal services, but if something similar happens to a private company, no-one is going to the rescue. The business cannot allow itself to be vulnerable to such threats.
Another dimension of the problem, which is present in both the state institutions and the private sector, is the lack of trained professionals to fight cybercrime.
What about individual users?
Everyone can become a victim of cybercrime as it is getting more common. An example are the romantic scams where middle-aged women fall in love with "generals" on Facebook, who wear impressive uniforms but eventually start asking for money. Sexual ransom is getting more common, too. Ransomware attacks also affect private users, but in recent years the criminals have moved to extorting money from more prospective paying victims: businesses. Data theft is also a serious threat.
About 99% of these dangers can be avoided with proper online behaviour. Do not share and upload compromising photos and videos. Use different, hard to crack passwords to all websites and applications that you use, and change these regularly.
Why is the Protect the Child on the Internet initiative important?
Children are the most vulnerable Internet users. During my career at the police, we have successfully arrested scores of pedophiles. But I have felt more satisfaction when saving one child.
Protect the Child on the Internet is an awareness initiative that explains to kids how to recognise that they are targeted and what to do in such a case. Grooming usually starts via social media and on gaming platforms, the criminals are really skilful in gaining children's trust and making them share increasingly explicit photos and videos. Then they blackmail them to send money or to meet in person and engage in real-life sexual acts.
Pedophiles are among us. Children and their parents should know this and how to stay safe, how to protect their digital identity. Parents should be aware that their children are not anymore safe when they are at home, in their room, if they have an Internet-connected device.
Protect the Child on the Internet will travel all around Bulgaria and meet children, parents and teachers from the big cities and the smaller communities.
Lev Ins also has a special home property and safe Internet insurance. It allows installing on kids' devices programmes that restrict access to illegal or harmful content.
In general, we, the whole society – from parents through the government, to the businesses, should do everything possible to protect children. They are our future, the most important thing in life, and should be protected.
0 800 10 200