The awareness of cybersecurity is growing, although more work is still needed. In raising awareness, the NIS2 directive (Network and Information Security Directive) and the DORA regulation (Digital Operational Resilience Act) help.
These regulations mandate stricter security protocols and resilience strategies, pushing companies to prioritize cybersecurity. However, despite the regulatory push, many organizations struggle with the practical aspects of implementation, often due to limited resources or a lack of understanding of the cyber threats complexity. As the digital landscape evolves, so too must the approach to cybersecurity, making continuous education and adaptation essential components of any strategy.
ASEE's Strategic Response to Emerging Cybersecurity Threats
Robert Preskar, Security and Compliance LoB Manager at ASEE, emphasized the critical need for heightened cybersecurity awareness in both large and small companies. He particularly highlighted the emerging threats of smishing (SMS phishing) and vishing (voice phishing), and introduced Spoofing Protector, a solution by ASEE designed to mitigate such risks.
Preskar noted that while larger companies are increasingly aware of cyber threats and actively work to prevent them, the SME sector remains less vigilant, often not recognizing the severity of the threat until it becomes an immediate concern. He pointed out that the weakest link in cybersecurity continues to be human behavior, emphasizing the need for better education and awareness among employees. According to Preskar, cybersecurity budgets tend to be minimal until an incident occurs, after which investments surge. However, he cautioned that effective cybersecurity is not just about investing in technology but also about having a robust strategy and risk assessment plan.
Cybersecurity Paradox: Essential Yet Undervalued
Bojan Ždrnja, Chief Technology Officer at Infigo, shared that his team has been constantly engaged with cybersecurity incidents, rarely having a free weekend since November last year. He observed that while regulations are raising awareness, the overall understanding of cybersecurity's importance is still insufficient.
Zlatan Morić, director of the cybersecurity department at Algebra University, agreed by noting that many managers still see cybersecurity as a cost rather than a necessity. He highlighted the challenges posed by the new Cybersecurity Law, which focuses on risk analysis—a task made difficult by the fact that many companies do not even know what assets they possess. This lack of knowledge makes it hard to perform effective risk analysis and leaves systems vulnerable to attacks.
Progress Achieved, But More Needed
Ždrnja acknowledged some positive developments, particularly in the financial industry, which is more regulated and thus more in tune with cybersecurity needs. However, he stressed that progress is slow and more sectors need to catch up. He underscored the importance of strategy, risk assessment, and investment in both technology and human resources to achieve an appropriate level of security.
The Talent Gap in Cybersecurity
Morić pointed out the significant talent gap in cybersecurity, despite efforts to educate more experts in the field. He explained that the demanding nature of cybersecurity work, compared to roles like programming or system engineering, deters many IT professionals from pursuing this path.
Conclusion
The roundtable participants agreed that companies must prioritize raising employee awareness about cybersecurity threats. As hackers increasingly target the easiest victims, enhancing staff vigilance should be a core component of any company's security policy. Preskar's insights, particularly on emerging smishing and wishing threats and ASEE's Spoofing Protector, underscore the need for proactive and comprehensive cybersecurity strategies.
eBook: Spoofing Protection for Combating Vishing and Smishing Fraud in the Banking Sector
If you're struggling to prevent vishing and smishing fraud targeting your customers, this eBook will help you make informed decisions regarding social engineering fraud. Download the ebook to learn how Spoofing Protector detects and prevents mentioned attacks.
Feel free to contact us – zero obligation. Our ASEE team will be happy to hear you out.