In this interview, Liliana discusses best practices to prevent human error in cyber security, what makes it difficult for organizations to fight ransomware, the most underrated cyber security skill, whether AI-driven cyber security will replace human security staff and her security predictions for the upcoming 5 years.
Liliana Musetan is leading the Cybersecurity unit at the General Secretariat of the European Council. Adding over 22 years of experience in the European Institutions and constantly admired for her leadership role in keeping up with the ever-changing threat landscape, Liliana was delivering a keynote on the topic of “Cyber security in the European Union: from an international perspective“, touching upon the EU’s activities to enhance cyber resilience, fight cybercrime, boost cyber awareness, and protect critical infrastructureat the Global Cyber Conference 2022.
Could you please share with us your top 3 reasons to attending the Global Cyber Conference in Zurich? And what are your initial thoughts on the Conference’s key themes?
The opportunity to share best practices (from the EU institutions’ perspective) and listen to the public and private sector enriching experiences are among the reasons for attending GCC.
The themes included in the program are of utmost interest from data protection and risks to threat landscape and lessons learned. The surge of ransomware and CISO challenges regarding cybersecurity investments are crucial in the coming years.
Almost all successful cyber breaches share one variable in common which is human error. What are the best practices for preventing human errors and security mistakes?
Best practices for preventing human errors in cybersecurity start with awareness. It can include training and testing humans, organizing phishing campaigns, and advocating for basic cyber hygiene: changing passwords, using only approved applications, multifactor authentication, and adequate handling of sensitive information.
What do you consider to be the biggest hurdle for organizations in the fight against ransomware?
With the use of low-cost ransomware-as-a-service (RaaS) campaigns, cybercrime has surged beyond predictions so that boards of directors, regulators, law enforcement, industry associations, insurance providers, and the cybersecurity vendor community all need to be a part of the solution.
Legacy infrastructure and systems development without security by default as a mindset in front of a continuous need for remote access and work from anywhere, as well as lack of cybersecurity awareness (i.e., phishing) are still major vectors of attack.
How can small and medium-sized businesses implement technical infrastructure that will ensure optimal governance of their client data?
Nowadays, challenges are different and small and medium enterprises (SMEs) need different support measures according to the level of digitalization and size. Many SMEs lag behind due to the upfront cost required by leveraging technical infrastructure. Governmental findings and European funds are foreseen to allow SMEs to catch up while optimizing their data.
Digital technology and infrastructure have a critical role in our private lives and business environments. The Digital Europe Programme provides strategic funding to answer these challenges, and supporting projects, with a planned overall budget of €7.5 billion. It aims to accelerate the economic recovery and shape the digital transformation of Europe’s society and economy, bringing benefits to everyone, but in particular to small and medium-sized enterprises.
What would you say is the most underrated skill in the cyber security industry or the skill you wish more people spent time developing?
Both digital forensics – which involves sifting through data left on devices to investigate potential data breaches and other suspicious activity – and cybersecurity compliance and risk management – which implies knowing very well the controls and measures required to be put in place to protect assets – are underrated.
Both are crucial and there is a huge gap in skills partially driven by a digital-first way of working, fast-tracked by the pandemic crises.
Remote working has created concerns for cybersecurity specialists, exposing companies to many cyber threats. What major preventive measures would you recommend a company takes to close those gaps?
- Have an updated backup of your data; keep your data on work devices; play disaster and recovery scenarios regularly.
- When handling sensitive data, ask staff to use encrypted email and work devices; never leave their devices unattended.
- Have a policy for the thumb drives; scan them in advance.
- Increase the level of cybersecurity awareness; run regular phishing campaigns.
Artificial intelligence (AI) and machine learning (ML) are playing an increasing role in cyber security. But can AI-based cyber security be a complete replacement for human security staff?
While AI applications can deliver real benefits, it is important to understand that they augment the human analyst in the security operations center (SOC) rather than replace them.
Augmentation is about how AI makes humans faster and more efficient in what they are doing and closing skills gaps that they have. The challenges all suggest that trained human analysts, with expertise in machine learning and AI, are needed to make the best use of AI-augmented cybersecurity products.
What significant changes do you see occurring within the information security market over the next 3 to 5 years?
Digital disruption is inevitable and will lead to rapid technology-driven change. Cybersecurity risk management has not kept pace with the proliferation of digital transformation. Sadly, many companies or public institutions are not sure how to identify and manage digital and data risks.
To counter more sophisticated attacks driven by AI and other advanced capabilities, organizations should take a risk-based approach to automation and automatic responses to attacks. Increased regulatory scrutiny and gaps in knowledge, talent, and expertise reinforce the need to build and embed security in technology capabilities as they are designed, built, and implemented.
