Wiktoria Konieczniak

CYBERSEC Admin Days 2024 – workshops on IT management & security

CYBERSEC Admin Days 2024, slated for June 19th during the CYBERSEC CEE EXPO & FORUM 2024, presents a dynamic platform for IT management and security workshops organized by Władcy Sieci and Axence. 

The agenda for Admin Days encompasses technical workshops and presentations by expert speakers − Piotr Adamczyk, Technical Account Manager at Axence, Sławomir Szmulik, Head of the IT Department of the SP ZOZ MSWiA Specialist Hospital in Głuchołazy and Rafał Gołębiowski, Cyber Security Manager.  

Participants can expect to know essential tasks for administrators, acquire insights into good practices of the IT department in the NIS2 perspective and engage in practical workshop centered around incident analysis using RAM dumps and recorded network traffic. After the event attendees will receive access to materials.

Renowned as one of the best-rated event series in the IT industry, Admin Days offers IT professionals an unparalleled opportunity to network, share experiences, and stay abreast of the latest expert knowledge and best practices within IT departments. All workshops will be held only in Polish. 

Attendance is open to holders of passes for the CYBERSEC CEE EXPO & FORUM conference.

How AI Has Been Shaping Classrooms

By. Liliana Kotval 

 

In AI’s relatively short developmental span, it has accomplished extremely impressive feats. From predicting trends in the stock market to creating songs with vocals of deceased artists, AI is becoming more and more sophisticated and a part of daily life. We have started to implement AI in virtual assistants in smartphones and in the IoT, in web browsers, in classrooms, in chatbots for customer service, in facial recognition in security systems, and in medical diagnostics and healthcare systems. Particularly, in the field of academia, we are seeing a huge impact in personalized instruction and learning. Learning has never been so catered to students nor has lesson planning been so efficient. Sitting all day in a classroom while an instructor writes notes on a whiteboard is neither engaging nor effective. AI has the power to challenge standardized teaching methods and curate an individual’s learning preferences and needs. 

Before we get further into the details of how AI has shaped learning and research techniques, let’s better understand what AI really is. The first cultural awareness of the term AI can be traced back to the 1968 film “2001: A Space Odyssey”, where a human-like spaceship helped an astronaut in his journey through space (3). Back then, the idea of human-like technology was something of the imagination. Now, just 56 years later, AI is nothing imaginary at all- it is very real. Today’s concept of AI is only slightly different to the film’s portrayal. We still identify AI as human-like in the ways that it can simulate human intelligence processing and can talk back to us, look up information, etc.; however, the way AI performs these tasks is through an unemotional and uncritical processing of information, contrary to as humans would.  AI systems work by ingesting large amounts of labeled training data, then analyzing this data for patterns, and finally using these patterns to make predictions. AI programming uses 4 main cognitive skills (10): 

  1. Learning: Algorithms are created through the acquisition of data and the creation of rules. These algorithms provide devices with step-by-step instructions on how to complete a task. 
  2. Reasoning: The appropriate algorithm is chosen depending on the situation. 
  3. Self-correction: Algorithms are continuously changing to ensure the most accurate results. 
  4. Creativity: Neural networks, rule-based systems, and statistical methods are used to generate new images, text and ideas. 

An example of this process is when a chatbot is fed examples of appropriate text to use as a response to specific learned triggers in customer inquiries. More sophisticated generative AI can create realistic artwork, music or images. On the other hand, it could be argued that in some ways AI is like us, in that it uses learned information and thousands of examples (personal experience, in human terms) to generate a response. But these programmed responses are not genuine and lack personalization and emotions that only a human could give. Nevertheless, we may see AI with the ability of self-awareness and consciousness soon. 

Now that the concept of AI has been introduced, let’s move back to the topic of academia. Many adults would agree that educators used outdated, redundant, and ineffective learning techniques when they were in school.  From a survey taken in 2016, 59% of young people in the EU said their national education is well adapted to the current world of work (5). Across the pond, with an even lower rating, only 43% of US adults were found to be satisfied with the U.S. education system in a 2010 poll (2). These numbers could certainly be improved through the integration of AI tools, albeit not the only option, as Finland has shown the world their highly successful learning methods through more conventional methods. However, Finland has several other contributing factors to its educational success, such as a competitive education sector and low poverty levels, that other countries may never achieve having. In this case and in other examples of countries where completely changing the educational sector seems impossible, AI may be the answer. Where there is technology, there is AI. AI can be easily integrated into the classroom using online platforms or software, such as ChatGPT or OpenAI.  

Although the first uses of AI in education can be traced back to the 1970’s, the use of AI in classrooms particularly skyrocketed in the past year. A 2023 Forbes survey found that 60% of U.S. educators use AI in their classrooms and 55% stated that AI resulted in improved educational outcomes (7). Newly emerging trends in the adaptation of AI in classrooms include improved student retention, an increase in accessibility, highly personalized content, and immersive classrooms (12). Administrators can use AI to identify undergraduates most likely to leave and take proactive measures to improve their quality of education. A bad learning experience may cause a student to never want to enroll again, but the administration that understands everyone’s needs will improve the school’s welcomeness. Furthermore, AI-powered services allow teachers to quickly and efficiently correct student work, plan lessons specific to each student’s needs, and increase support to those with disabilities or learning difficulties. AI systems can analyze a student’s data, such as their strengths, weaknesses, and learning preferences to offer tailored lesson plans. Feedback on student work is made instantly and improvement made easier with virtual assistants that can provide on-the-spot information on any topic. Additionally, immersive classrooms can simulate virtual labs that a school may not have the budget to do physically. For some, education is a privilege, not a right, and AI has the possibility of crossing language barriers and catering to diverse learning needs, no matter the background of the student.   

Referencing recent case studies on the effectiveness of AI in educational institutions, although the use of AI in schools is relatively new, we are already seeing improvements in educational efficiency. First, in a Stanford research study, an AI program was used to monitor Ugandan students’ English learning and offer them a solution when they were stuck on a question (1). It was found that the AI system offered the same solution to the struggling students as a human would, demonstrating that AI can cater to each student’s personal needs, especially when there is a large group of students and not enough teachers. Secondly, in a study by the adaptive-learning website, Knewton, found that students using their AI-powered adaptive learning program improved their test scores by 62% compared to the students who did not use the program (8). Personalized feedback and recommendations by AI can motivate students and aid them while preparing for an exam.  Third, in an example from the Georgia Institute of Technology, an AI-powered chatbot developed by IBM’s Watson was employed as a teaching assistant for a course with 300 students. The chatbot was able to respond to 10,000 student inquiries with a 97% accuracy rate, which would otherwise be overwhelming for a single instructor (9). In the next example, AI was used to predict a student’s final grade and prevent them from failing. The Ivy Tech Community College in Indiana identified 16,000 students at risk of failing in the first two weeks of the semester and worked to improve their learning (6). In the end, 98% of the contacted students received at least a C grade (73-76%). Finally, AI has become an essential tool for grading, as AI has shown to reduce the amount of time teachers spend on grading by 70% (4). The platform Gradescope allows students to upload assignments and are then graded and insights on the student’s performance are sent to both the educator and student. AI systems are bringing numerous benefits to academia, as seen in these studies, including improved learning and grades, responding to student inquiries instantly and accurately, and significantly reducing correction time. The AI educational market is continuously expanding and its benefits widening; AI is surely to become an essential aspect of every classroom soon. 

With everything there comes a risk, and with AI, teachers and students must be aware of the data privacy and security concerns with AI having access to detailed personalized data. This goes beyond the conventional student records, gradebooks, and rosters that we have been used to (3). Now a student’s profile will not only contain his personal information, but it will also be online and contain surveillance details about his specific learning abilities. Furthermore, the use of AI could hinder students’ abilities to create original work, as since late 2022, the public has been able to use AI chatbots to write essays, artwork, and download text summaries rather than reading them. I am sure we have all had the conversation with an older family member about how we are so lucky to have technology now while studying, as all they had back in the day were books and their own imagination to reference. However, we must be careful to not let AI get in the way of abilities to generate unique ideas by creating systematic students. Both educators and students will have to work together to ensure the learning methods are still effective and encourage independent thinking that does not come from AI. AI could be used to create a summary of a book chapter, for instance, yet the critical thinking and synthesis of the chapter should be done by the student himself. A further potential problem with AI could be that if AI takes the personalization of learning too far, and the pace is much slower for those students with lower grades, there could be wide achievement gaps. This would fall under the classification of algorithmic discrimination, where AI algorithms could use historical data, such as cheating incidents, to cause bias in future learning (3). It is very important that the introduction of AI to schooling is understood and controlled now, before its impact becomes too great to reverse. There are several obvious benefits to the use of AI in classrooms, however these benefits may be meaningless if students feel unsafe and incapable of generating original work. 

AI in the education market is expected to cross $20 billion by 2027 (11). We have already seen several examples of AI being implemented in classrooms, such as through test correction and individualized lesson plans, and not only this, but we are also seeing genuine improvements to students’ learning. Its implementation will create an open and diverse learning environment, however, potentially at the risk of students’ ability to think originally. Educators and students will have to work together to ensure that the learning experience is rewarding, effective, and encourages unique mindsets. 

More information on this topic will be discussed during CYBERSEC CEE EXPO & FORUM 2024. 

 

References: 

  1. Andrews, Edmund L. “Using Artificial Intelligence to Understand Why Students are Struggling”. Stanford University. July 2021. https://hai.stanford.edu/news/using-artificial-intelligence-understand-why-students-are-struggling  
  2. Brenan, Megan. “K-12 Education Satisfaction in U.S. Ties Record Low”. Gallup. August 2023. https://news.gallup.com/poll/510401/education-satisfaction-ties-record-low.aspx#:~:text=8%25%20of%20U.S.%20adults%20and,%25%20of%20K%2D12%20parents 
  3. Cardona, Miguel A. et al. “Artificial Intelligence and the Future of Teaching and Learning”. Office of Educational Technology. May 2023. https://tech.ed.gov/files/2023/05/ai-future-of-teaching-and-learning-report.pdf  
  4. Crockett, Emma. “How AI is Being Used in Education”. Datamation. March 2023. https://www.datamation.com/artificial-intelligence/how-ai-is-being-used-in-education/  
  5. Eurobarometer. “European Youth in 2016”. https://europa.eu/eurobarometer/surveys/detail/2372  
  6. Google. “Ivy Tech Develops Machine Learning Algorithm to Identify At-Risk Students and Provide Early Intervention”. https://edu.google.com/why-google/customer-stories/ivytech-gcp/  
  7. Hamilton, Ilana. “Artificial Intelligence in Education: Teachers’ Opinions on AI in the Classroom”. Forbes. December 2023. https://www.forbes.com/advisor/education/it-and-tech/artificial-intelligence-in-school/#:~:text=60%25%20of%20Educators%20Use%20AI,reporting%20the%20highest%20usage%20rates 
  8. Harvard University. “Knewton Personalizes Learning with the Power of AI”. April 2021. https://d3.harvard.edu/platform-digit/submission/knewton-personalizes-learning-with-the-power-of-ai/  
  9. Korn, Melissa. “Imagine Discovering That Your Teaching Assistant Really is a Robot”. The Wall Street Journal. May 2016. https://www.wsj.com/articles/if-your-teacher-sounds-like-a-robot-you-might-be-on-to-something-1462546621  
  10. Laskowski, Nicole, et al. “Artificial Intelligence (AI)”. TechTarget. https://www.techtarget.com/searchenterpriseai/definition/AI-Artificial-Intelligence  
  11. PR Newswire. “AI in Education Market Revenue to Cross $20B by 2027; Global Market Insights, Inc.”. June 2021. https://www.prnewswire.com/news-releases/ai-in-education-market-revenue-to-cross-20b-by-2027-global-market-insights-inc-301318889.html  
  12. Schiller. “The Impact of Artificial Intelligence on Higher Education: How it is Transforming Learning”. August 2023. https://schiller.edu/blog/the-impact-of-artificial-intelligence-on-higher-education-how-it-is-transforming-learning#:~:text=AI%20systems%20can%20analyze%20student,it%2C%20enhancing%20their%20learning%20experience 

Cooperation between IK and ECSO – Road to Polish Presidency: fostering European cybersecurity

The Kosciuszko Institute (IK), a renowned organization specializing in cybersecurity projects and activities, and the European Cyber Security Organisation (ECSO) share a common mission: building and strengthening European cybersecurity and fostering strong cybersecurity communities.  

For many years, the CYBERSEC conference, organized by IK, has been a platform for the most important discussions on cybersecurity in Europe. It brings together leading experts, government representatives, businesses, and academia to debate the most pressing challenges in this field.  

Given the fact that Poland assumes the Presidency of the Council of the EU in 2025 the Kosciuszko Institute intends to actively foster debate on the most pressing and important cybersecurity issues. This presents a perfect opportunity to strengthen Poland’s position as a leader in cybersecurity and to promote its experience and solutions on the international stage.  

Building on our shared mission and IK’s existing membership in ECSO, IK proposes cooperation between the two organizations to jointly shape the cybersecurity discussion in the lead-up to and during the Polish Presidency. Specifically, we propose organizing a series of high-level discussions focused on key cybersecurity challenges. The planned events will take place both in Brussels and in Krakow with the final debates taking place during the main CYBERSEC event in 2025. The cooperation assumes close cooperation with the European cybersecurity ecosystem, including mainly ECSO members, European decision-makers and business leaders.  

The Letter Of Intent between IK and ECSO is planned to be signed at the opening of the CYBERSEC 2024 conference. We are confident that mutual cooperation will be a valuable contribution to building a stronger and more secure digital world. 

The Kosciuszko Institute became the Institutional Partner of Conference „Together Against Disinformation. 10 years of Fact-Checking in Poland”

In today’s world the landscape of cybersecurity clearly indicates that the problem of disinformation is deepening. Initiatives reaching the widest possible audience are needed to stop it. Therefore, the Kosciuszko Institute is pleased to announce its collaboration as an Institutional Partner with the Demagog Association − the first fact-checking organization in Poland. The 10th anniversary of its activity and the 2nd anniversary of the Coalition Together Against Disinformation is an occasion to organize the conference “Together Against Disinformation. 10 Years of Fact-Checking in Poland” on 12th of April, 2024. During this event the second edition of the report “Disinformation Through the Eyes of Poles 2024” will be presented.  

  

The origins of Demagog date back to April 2014, when a grassroots-organized group of students began verifying the statements and promises of politicians. Before, there was any other organization in Poland dedicated to fact-checking, thus the formation of Demagog marked the inception of professional fact-checking in the nation.  Today, the association’s website displays close to 6,000 statements verified and nearly 2,500 false pieces of information debunked.  

“For 10 years, we have been guided solely by facts. False information has existed for a long time and will continue to appear, but without the efforts of fact-checking organizations like ours, they could cause much more damage. That is why we continue our mission, relying solely on reliable information” − says Małgorzata Kilian-Grzegorczyk, President of the Demagog Association. 

  

Conference “Together Against Disinformation. 10 Years of Fact-Checking in Poland” 

On 12th of April Demagog is organizing the largest conference in Poland on combating disinformation. On that day, representatives from the fields of journalism, science, business, and politics will come together to collectively consider key topics related to disinformation. The discussions will focus on assessing the impact of disinformation on society and the scale of this phenomenon both in Poland and worldwide. The conference will also delve into the challenges confronting the fact-checking community and underscore the significance of artificial intelligence in combating disinformation. Additionally, the conversation will also encompass the media education strategies as a tool to strengthen societal resilience to disinformation.  

The events of recent years have underscored the crucial need for fact-checking, especially during health, war, and social crises. Jewhen Fedczenko, the editor-in-chief of the Ukrainian portal StopFake.org, who will inaugurate the conference with his speech, is acutely aware of this fact. 

  

Disinformation Through the Eyes of Poles

During the conference “10 Years of Fact-Checking in Poland,” will be presented the second edition of the report on the state of disinformation in Poland, based on social opinion research. The report was prepared within the coalition of the Demagog Association, Digital Poland Foundation, and Association of Public Relations Firms “Together Against Disinformation,” which is also celebrating its second anniversary. The first edition of the report “Disinformation Through the Eyes of Poles” showed that over 80% of people encountered false information. According to 84% of respondents, the excessive amount of such content on the Internet divides society and affects democratic elections. What has changed since then? How have false pieces of information influenced Poles? Are they aware of new threats? Answers to these questions will be showcased on 12th of April in Warsaw. 

  

The conference “10 Years of Fact-Checking in Poland” is supported by institutional and business partners as well as media patrons. Among them, alongside the Kosciuszko Institute, are CyberDefence24.pl, Energetyka24.pl, Śląska Opinia, Digital Poland Foundation, Citizens’ Watchdog Network Poland, CYBERSEC EXPO&FORUM, Google News Initiative, and Meta. 

The future of quantum computers – an interview with Professor Konrad Banaszek

In the latest episode of the #GeneralTalks podcast, we delve into the fascinating and incredibly broad topic of quantum computers. Joining Liliana Kotval from the Kosciuszko Institute is Professor Konrad Banaszek – a renowned physicist and director of the Center of Quantum Optical Technologies at the University of Warsaw. 

The expert introduces us to the world of quantum computers, explaining the differences between them and conventional ones, presenting the development prospects of this technology, and highlighting the fields in which quantum computers can prove to be revolutionary solutions (such as medicine, climate change, or waste reduction). 

Additionally, Professor Banaszek emphasizes the importance of data security in the context of the introduction of quantum computers to the market. He shares practical tips for institutions and individuals on protecting data from potential threats associated with the increasing decryption capabilities that these new tools may provide. 

Listen to learn more about quantum computing HERE.

The Future of Cybersecurity and the Key Role of CISO

The ongoing digitization of international service and financial flows, besides creating new opportunities for companies worldwide, also generates new threats. In the era of today’s digital challenges (ransomware attacks, phishing, data breaches), both medium-sized businesses and large corporations must implement and update cybersecurity strategies. However, this cannot be done without the commitment of the CISO – the guardian of the virtual infrastructure. 

 

CISO (Chief Information Security Officer), the head of information security, is the highest-ranking specialist in cybersecurity in an organization. His task is to oversee and actively manage all areas of information security, including data protection, threat identification, and incident response (data breach, cyber-attacks). 

Among the main tasks of CISO is the development and implementation of strategic information security plans. This process involves risk analysis, identification of vulnerabilities, and the determination of security goals. The Chief Information Security Officer is also responsible for overseeing incident responses, ensuring quick identification, analysis, and elimination of unwanted events. 

An essential duty is also the implementation of modern security technologies, such as intrusion detection systems, firewalls, and antivirus solutions. CISOs often represent the core of innovation in a company. According to a survey conducted among CISOs by the American software company Splunk, 86% of respondents stated that their role has changed so much since they started that it is practically a different job. 

The Chief Information Security Officer should actively build cybersecurity awareness among the staff. As part of these activities, CISO diagnoses employees’ competencies, conducts theoretical and practical educational activities in the field of digital security, and carries out phishing campaigns or other actions to verify the knowledge of colleagues. Finally, the CISO is responsible for monitoring and ensuring digital compliance of the organization’s policy with currently applicable legal regulations, such as GDPR or the Cyber Resilience Act. 

The CISO position, existing in corporate structures since the mid-90s, relatively recently gained well-deserved recognition and authority. This change was caused by dynamic technological development and the digitization of service and financial sectors. An important event that further strengthened the CISO’s position in recent years was the COVID-19 pandemic. Disrupted supply chains, changes in market relations, and the shift of employees and consumers to remote work forced a change in the technological profile and strategies of many companies. 

Artificial intelligence (AI) and generative artificial intelligence (GenAI) provide further opportunities to expand the influence and competencies of CISO. GenAI solutions offer advanced threat detection, automation, and adaptive defense against cyber threats. AI can also assist in maintaining intelligent, automated legal compliance with continuously enacted regulations. 

To learn more about the role of CISO directly from professionals, join the CYBERSEC CEE Expo & Forum 2024 today. As part of this year’s edition, we invite you to the meeting of representatives from the CISO #Poland foundation, bringing together over 200 cybersecurity leaders from both the private and public sectors. In addition to addressing the topic of information and data protection, participants can expect panels dedicated to cybersecurity in transportation, breakthrough achievements in quantum computing, and artificial intelligence in the European Union. Join us to collaboratively build a resilient cyberspace with experts from Europe and around the world. 

 

 

References: 

https://www.financierworldwide.com/ahead-of-the-cyber-curve-the-evolving-role-of-the-ciso 

https://www.westmonroe.com/perspectives/in-brief/the-importance-of-a-ciso 

„Together against Cyber Threats: Enhancing Security Resilience through CTI Sharing” – meeting for Polish-British cyber cooperation

On March 8th in Krakow, a meeting dedicated to Polish-British cooperation in the field of cybersecurity took place. The event was organized by the Kosciuszko Institute in cooperation with the British Embassy in Warsaw. 

 

The main agenda item was a panel discussion entitled “Together against Cyber Threats: Enhancing Security Resilience through Cyber Threat Intelligence Sharing”. Cyber Threat Intelligence (CTI) is understood as the process of acquiring and processing information regarding threats in the cyber domain for a specific entity, organization, or state. This information can come from both internal and external sources. In the panel, led by Maciej Góra, Project Manager at the Kosciuszko Institute, representatives from the British and Polish government administrations, businesses, the scientific sector, and the military participated. 

The discussion began with a presentation by Crispian Wilson, Political Counselor at the British Embassy in Warsaw, who outlined the UK’s cybersecurity policy priorities for the coming years and the directions for Polish-British cooperation in cybersecurity policy and technology development. The UK representative emphasized Poland’s particular role in the Central and Eastern European region and the fruitful cooperation between the two countries within NATO, exemplified by the activation of the Tallinn Mechanism. He noted that the next step in institutional cooperation should be the exchange of intelligence data on cyber threats. 

Michał Pukaluk, Deputy Director in the Department of Cybersecurity at the Ministry of Digitization of the Republic of Poland, responded to questions about the involvement of the Polish government in acquiring, processing, and disseminating CTI data. He explained that the actions of the Polish government are focused on securing all levels of communication, including maintaining secure information and communication channels between members of the most important civilian and military institutions. In the context of international CTI data exchange, it is crucial to adopt a new, decentralized perspective, assuming institutionalized cooperation at the level of regional security systems, which is then extended to other systems in European regions. 

Robert Kośla, EMEA Chief Architect CYBER at Microsoft, diagnosed the main challenges and threats to CTI exchange and presented Microsoft’s strategy in cybersecurity and threat data sharing. Currently, one of the biggest challenges for cybersecurity is cyberattacks carried out by state actors (Russia, China, North Korea, Iran) and non-state actors (such as Hezbollah). In 2023 alone, Microsoft tracked 160 such attacks. Robert Kośla also referred to the war in Ukraine and Microsoft’s digital support for the Ukrainian armed and digital forces, which involves providing signals about Russian cyber activity. Microsoft is also responsible for building a cybersecurity ecosystem for states through project cooperation with the public sector. 

The military perspective on CTI was presented by Colonel Jarosław Wacko serving in the Cyber Defense Forces of the Republic of Poland. Currently, conventional military means still have a greater impact during open armed conflicts. However, it is important to recognize the growing threat in cyberspace, which can affect the destabilization of the entire security system of Poland and Europe. Therefore, increasing the ability to share CTI information requires taking security measures in this sphere. The Russian war in Ukraine has shown that information has become a new weapon, the control of which must be one of the elements of military strategy. At the same time, to fully utilize defensive potential, the private sector must increase its involvement in cooperation with the military to prevent gaps in data security structures. 

The academic perspective was presented by Ewelina Kasprzyk, representing the AGH University of Science and Technology in Krakow. Ewelina emphasized that Polish scientists have enormous potential and competencies recognized worldwide. The problem she highlighted is the disproportionately low interest in cooperation on the part of government institutions, which could benefit from and introduce innovative solutions into existing mechanisms and state structures of cybersecurity. This phenomenon is particularly visible in the West, where authorities trust academic centers and their recommendations are considered in the decision-making process. Universities are also pioneers in applying new methods of cyber defense. 

Thanks to the courtesy of the authorities of the City of Krakow, the event could take place at the Wielopolski Palace. 

After the panel discussion, a networking session was held, during which participants could establish direct contacts and deepen relations between the public, private, and academic sectors. The meeting, co-organized by the Kosciuszko Institute, enabled the exchange of knowledge in an atmosphere conducive to building lasting partnerships in the field of cybersecurity. Already today, we invite you to register for the next event dedicated to cybersecurity – CYBERSEC CEE FORUM & EXPO 2024 – the largest conference of this kind in the region. 

Data Breach – one of the biggest cybersecurity threats

In today’s world Data Breach is the number one cyber risk facing businesses globally. According to many studies it is predicted to remain in this position by 2026. 

 

Data breach is a part of cyberthreats environment. It results from a successful cyber-attack that exposes confidential or sensitive information to an unauthorized person. Files and other information involved in a data breach may be accessed, viewed and shared without permission. 

In the past four years Cyber threats and ransomware attacks have become more frequent, sophisticated and severe, with impacts ranging from reputational and financial damage to critical operations being compromised. 

After peaking in 2021, the number of ransomware attacks declined in 2022 amid a period of decreased funding for and activity among threat actors, together with improved risk mitigation. Unfortunately, ransomware attacks jumped more than 170% in the first half of 2023, signaling a need to remain vigilant in managing this threat through strategies such as focused risk assessments, investment in appropriate controls and insurance. However, worth noting is also the significant development of national and supranational cyber security bodies and the increase in the effectiveness of their efforts. The most recent success of such institutions was the acquisition of the service of the hacker group Lockbit, which offers RaaS – Ransome as Service, consisting of the ability to “buy” a ransmoware attack on any target of the customer’s choice. Since 2020, when ransomware from Lockbit was first targeted, experts have counted more than 1,700 attacks on organizations (including Boeing) in the US alone. The successful operation involved a number of cooperating entities, including the British National Cyber Force (NCA), the US Federal Bureau of Investigation (FBI) and Europol. 

In addition to the rise in emerging threats, the link between individual employees and organizational cyber-security risks cannot be overstated. It is estimated that half of the digital forensics and incident response matters in 2022 were related to social engineering and phishing. According to Aon’s 2023 Cyber Resilience Report, more than half of cyber events will be caused by human factors by 2025. Moreover, previous reports noted a human element in 74% of all breaches — from simple human error and social engineering to misuse of privileges and stolen credentials. These actions expose employers to a range of other potential risks, including loss of intellectual property, punitive regulatory action and reputational harm. 

Addressing and recovering from cyber events has become increasingly complex and will continue to be so. Cyber events can have an impact on all areas of an organization, and regulatory bodies are tightening cyber-security requirements. Consequently, cyber resilience is a key topic of discussion in boardrooms worldwide. Organizations must continuously block and respond to threats, patch vulnerable systems, and evaluate connection points across highly integrated technology stacks — all while maintaining updated insights into potential impacts from emerging threats and changing regulatory legal requirements (EU and USA). Additionally, the use of artificial intelligence (AI) for cyber-attacks and malware creation is the next area of particularly weighty and growing concern for business, military and civil organisations worldwide. 

Active defense against the phenomena described above is the main goal and mission of CYBERSEC CEE Expo and Forum 2024. This year’s edition is a perfect space for learning about the latest cyber threats and creating new cybersecurity strategies based on the experience of experts. Join us and create resilient cyberspace for Europe and the whole world. 

  

References: 

https://www.aon.com/en/insights/reports/global-risk-management-survey/top-global-risk-1-cyber-attack-and-data-breach 

Evolution of cybersecurity: Shift from Predictability to Adaptability

The journey of Cyber Security Evolution charts a transformative path, ushering organizations from states of vulnerability to unparalleled resilience and, ultimately, to a “cyberfantastic” posture. In his newest whitepaper “A proactive paradigm for the future of cybersecurity”, Matthias Muhlert, CISO at Oetker-Group and a member of the #CS24_CEE Programme Committee, introduces new perspectives on development of cyberstrategies aiming to a state of permanent security.  

According to Matthias, in the dynamic domain of cybersecurity, the conventional pursuit has been to achieve unassailable protection, leading us to construct near-inviolable digital barriers and predict every possible threat. However, emerging insights suggest a transformative perspective that diverges from this established belief. 

There are a few important assumptions to support this thesis. The first one is the need of Channeling Disruption to Craft Strength. This methodology extends beyond standard system resilience. It perceives disruptions not as mere threats, but as opportunities for advancement. Instead of purely countering adversarial forces, the system leverages them, propelling its own evolution and fortification. 

The traditional cybersecurity framework prioritizes prediction, emphasizing preemptive measures against perceived threats. However, in an increasingly complex digital landscape, this reactive mindset may not be sufficient. If an institution emphasizes adaptability, by consciously evolving and refining its mechanisms, it not only withstands disruptions but leverages them for augmentation. Extend this philosophy to a globally operating healthcare institution, which, despite its robust cybersecurity measures, introduces controlled vulnerabilities to its electronic health record (EHR) system. The new perspective of employing Vulnerabilities as Catalysts means that the introduction of controlled vulnerabilities would serve not as a risk but as a tool for continuous improvement. 

In cybersecurity, while predictability has its merits, adaptability offers a proactive approach. In other words, adaptability should become a Core Strategy. Such an approach can already be seen in a few sectors. Healthcare institutions prioritize dynamic, responsive strategies over static, predictive ones, resulting in an EHR system that’s not just secure but constantly evolving. This innovative paradigm is not restricted to a single sector but has implications across industries. Whether it’s an energy firm introducing vulnerabilities to its smart grid or an educational institution optimizing its student information systems, the principle remains consistent. As we traverse the intricate pathways of the digital era, it’s pivotal to acknowledge that groundbreaking solutions often originate from unconventional ideas. In this new frontier, controlled vulnerabilities could be pivotal in reshaping cybersecurity. The journey into this novel territory has commenced, and the ensuing revelations promise to be transformative. 

We encourage you to read HERE the entire document prepared by Matthias. If you want to learn more about the new paradigm of cybersecurity directly from Matthias, join CYBERSEC CEE EXPO & FORUM 2024 today.