Failure to comply with cyber-security is usually costly

Gert Jervan, Dean of TalTech’s IT Faculty and member of the AIRE steering committee, told industrial companies that they need to pay more attention to cyber security as attacks are becoming more sophisticated and the need for cyber security is growing over time.

According to Gert Jervan, the issue of cybersecurity should not be underestimated as the impact of attacks can be many times greater, for both the victim and the attacker, who stand to gain greatly from their actions. “Take for example the recent data leaks or corporate malfunctions that have occurred through cyber attacks. Much more attention needs to be paid to this issue. Obviously, a lot of cybersecurity professionals need to be involved here, especially when it comes to protecting business-critical processes or equipment,” stressed Jervan at the Industry 5.0 conference.

Jervan said that the main problem in Estonia is that we lack cyber security experts and therefore cannot always look at the problems in the field as the work that companies are not doing. “Often there is no one to bounce these issues off,” he said. “The security issue goes to different sectors. Those areas that used to feel protected are no longer so. For those who are still sleeping well, their apparent security is at a premium as the rise of artificial intelligence brings with it an explosion of cyber-attacks. Intended precisely to affect markets, in the so-called New York perspective: the night is coming,” he warned.

According to Jervan, it is important to engage with cybersecurity companies in your field, to do audits and different exercises. In addition, look at how security is ensured in development processes, etc.”. “That’s where a systematic view is important and trusting and listening to professionals in your field,” he said.

As the Dean of the IT Faculty of TalTech, he sees the university’s role in ensuring cyber security primarily through training people. “Our goal is to get people out of the university, whether they are security experts or developers, who are very knowledgeable about aspects of cyber security. They have the competences and they can address them,” said Jervan. Not insignificantly, he added, the university is one of the co-authors of the ITL (Estonian Information Technology and Telecommunications Association) good practice initiative on secure software development. “We have agreed to focus on training in secure software development – we are one of the leaders of this initiative,” he said.

Comment: Learning from your mistakes is not the best strategy

Rain Ottis, Head of the Centre for Cybercriminology and Cyber Security and TalTech Professor in Residence.

The story of how companies that invest heavily in cybersecurity evolve often involves a security incident that made decision-makers “light the lamp”. Whether it’s falling victim to a ransomware or fraud scheme, a leak of sensitive data or something else unpleasant – lessons have been learned. Of course, a wise and responsible entrepreneur could also learn from the mistakes of others and start to systematically develop his company’s cyber security before major problems arise. The most important step is to decide that cybersecurity is important for your business. From there, it’s good to move on to more concrete actions – setting up an information security policy, mapping assets and risks, training staff, etc.

Photo by Rene Lutterus