Often, both in companies and in everyday life, cyber security is only a concern only after cyber incidents. What do cyber-attacks look like? What is the most important thing to know about cyber security? What are the competencies of cyber security professionals?
All the answers to these questions are from Giedrius Markevičius, a representative of “Check Point Software Technologies”, Marijus Briedis, a representative of “Nord Security”, Eduardas Kutka, a lecturer at Vilnius University Faculty of Mathematics and Informatics (VU MIF), and the head of the Cyber Security Laboratory Assoc. Prof. Dr Linas Bukauskas.
Most often cases are where ransoms are demanded
Cyber security is a set of actions and technologies that needed to protect the data and ensure the stability of services. It is all technological tools used by the experts protect not only the data but also the legal aspects of the organization.
“Businesses are increasingly noticing that they are being spied on their plans or strategies. Data leakage is an everyday problem that exists internationally. Without following and controlling where the information goes, there is a high risk that the information will end up where it really should not be,” G. Markevičius says.
The expert says that businesses are most often faced with cyber-attacks - data leakage - and demand of ransom.
“Malicious people using e-mails send electronic files that are not only able to encrypt data on the recipient's computer, but also access other devices on the network. A message is then received stating that the data is encrypted and a ransom is required to recover it. Usually this amount is from 300 to several hundred thousand euros,” G. Markevičius says.
Marijus Briedis, Nord Security's NordVPN technology manager, also confirms that. According to him, the biggest damage to companies is caused by data theft (ransomware) attacks, which often cause not only financial losses - but also the reputation of companies and the relationship based on trust with customers.
“Often, cyber-attacks start when an employee clicks on the wrong link or opens a phishing e-mail. Therefore, employees need to be constantly informed and trained to recognize various threats and how to respond to them,” M. Briedis is convinced.
Cyber security requires constant attention
VU MIF lecturer E. Kutka points out that in order to protect one‘s data, it is necessary to pay attention not only to the electronic, but also to the physical environment.
“Many people are well aware of cases where e-mail systems fail due to physical damage to equipment or the environment. Then people can’t access certain data or perform certain actions. This is usually due to poor maintenance of equipment, but it is important to understand that cybersecurity is not possible without proper physical security,” E. Kutka says, who emphasizes that cybersecurity is quite expensive - for example, it can take up to € 1,000,000 a year investments.
VU MIF Institute of Informatics Head of Cyber Security Laboratory Assoc. Prof. Dr L. Bukauskas notes that although these investments may seem to be expensive, questioning their importance might bring inevitable losses.
“It is important to understand that it is too late to start taking care of security in the event of a cyber-attack. Therefore, the focus on it should be constant. I recommend not to forget about cyber security to talk within the organization, to allocate funds for the prevention of incidents, as well as for the development of specialist competencies,” - Assoc. Prof. Dr L. Bukauskas advises.
Ethical hackers enhance the security of systems
VU MIF researcher emphasizes that not all cyber-attacks are carried out in order to harm the organization or profit from it. For example, thanks to ethical hackers, the defense of Lithuanian cyberspace is constantly being strengthened.
“Ethical hackers are cyber security experts who do not maliciously damage systems. On the contrary, they test publicly available system functions and report their shortcomings to both the system operator and the National Cyber Security Center,” L. Bukauskas says.
According to the researcher, the Ministry of National Defense of the Republic of Lithuania has already prepared amendments to the Law on Cyber Security, which would define what ethical hackers can and cannot do, how an ethical hacker should report found system gaps without possible prosecution.
“I believe that these changes will help strengthen the security of the public sector and business systems. An ethical researcher who finds critical errors left by programmers or administrators will feel safe and will not face any inconveniences when reporting it,” he is positive.
Cyber security professionals need quality studies
Speaking about the competencies of cyber security specialists, Assoc. Prof. Dr L. Bukauskas emphasizes that working in this field requires good knowledge of informatics and understanding of programming languages. It is also necessary to know how different information systems work, to understand their interfaces. According to the interviewee, these competencies can be acquired by choosing an information technology study program, and a master's study program in computer modeling would help to improve it.
“IT students gain the necessary knowledge about cyber security, good network and IT management practices, risk assessment, network security and vulnerabilities. It is this important knowledge that allows to connect one‘s future with cyber security,” said Assoc. Prof. Dr L. Bukauskas.
Master's study program in Computer Modeling deals with the topic of cyber security in a slightly different way - students delve into general security, cloud operation by modeling algorithms and analyzing results, learn how to properly use the possibilities of machine learning and artificial intelligence.
VU MIF Informatics Institute also has a Cyber Security Laboratory, the aim of which is to create and develop a technological, virtual training platform for research on cyber security breaches and attack and defense actions. In a science lab, students can do professional internships, test software, or consult on a variety of cyber security issues.
“The scientific laboratory gives priority to practical results and solutions that can contribute to scientific and technological progress. We recommend that bachelor's students start preparing coursework together from the second year, and during them we examine the latest (state-of-the-art) aspects of cyber security. The laboratory acquires extremely important and valuable practical experience,” says the head of the laboratory, Assoc. Prof. Dr L. Bukauskas.