The current legislative framework on cyber-security at European level is quite ambitious and looks into addressing and responding to the major threats member states face, CyCSO -Cyprus Cybersecurity Organisation- Executive Director Constantinos Tsiourtos has told Cyprus News Agency.
In an interview with CNA, he also said that it is pivotal that all member states must not only have in place the necessary infrastructure but they must also implement the said legislation.
CyCSO was founded only a month ago and aims at turning companies and citizens into well-informed entities who will be able to recognise the risks, to acknowledge the vulnerability of one’s privacy and take protective measures to tackle the problems arising from cyber threats and attacks.
CyCSO is a private initiative led by the Cyprus Chamber of Commerce and Industry (CCCI) and the participation of the Cyprus Institute of Neuroscience and Technology. As Tsiourtos explains the need to set up the Organisation resulted from recent developments at European level and the preparation of a strategy to enhance cyber security as far as the economy and society in the EU are concerned.
He told CNA that the CyCSO was formed after a suggestion of the European Cyber Security Organisation, which wants to see umbrella initiatives on a national level to co-ordinate the efforts for a cyber-security shield between the private sector and the member states.
Tsiourtos said that the Organisation aims to create a cyber-security ecosystem to be linked to the European ecosystem, in coordination with the European Cyber Security Organisation (ECSO). It aims to provide information to the private sector, primarily enterprises and also citizens, and in general, to all organisations operating in the Republic, with regard to their vulnerabilities due to their lack of cyber-resilience and the need to get adequate protection from cyber attacks, which have serious economic repercussions. Moreover he said that the CyCSO aims at helping the development of an innovative and dynamic cyber-security industry in Cyprus.
Asked about the adequacy level of cybersecurity in Cyprus, CyCSO Executive Director admits there is a gap, however he points out that this is the case in the whole of Europe. He stresses that “cybersecurity is crucial for the protection of society and for its prosperity and the sooner citizens comprehend this the better.”
“As our daily lives and our economy are increasingly dependent on digital technologies, our exposure to cyber-crime risks is also growing. Malicious cyber-activities do not only threaten our economies and our progress towards digital single market, but also the very function of our democracy, freedoms and values. Our future security depends on adapting our capacity to protect the EU and the member states from cyber threats, our critical infrastructure is based on digital systems,” he points out.
Tsiourtos tells CNA that studies have shown that the economic impact of cybercrime is on the rise. Between the 2013-2017 cybercrimes have risen fivefold and by 2019 they might even quadruple.
“Recent global attacks reflect the rapid growth in cyber-crime. The legislative framework, which is now being developed at European level, aspires to address these threats. It is of utmost importance that this framework is efficiently implemented in the member states which must have the appropriate infrastructure through which the law will be applied,” he notes.
The Office of the Commissioner of Electronic Communications and Postal Regulation (OCECPR) is making considerable efforts to this end and only recently a Digital Security Authority was also set up, he said describing this as a very positive step in the overall attempts made by the Cyprus authorities. He also praised the work done by the Cyber-crime Office of the Cyprus Police with whom the Organisation will soon meet to exchange ideas.
‘’We want to assist all these efforts and become a valuable partner, granted that all these efforts and actions are in the right direction’’ he said.
He said that close cooperation and coordination with all market players is pivotal, adding that the Organisation will participate in the European Cybersecurity Organisation working Groups, where issues such as the future legislative framework and strategy on cyber-security and digitisation issues are being discussed. CyCSO closely follows the work of the European Commission’s Digital Skills & Jobs Coalition.
“We have to do a great deal in order to assist the country’s authorities to enter into the era of digital economy and of a society where security and safety will be of paramount importance. As an organisation, we have already begun to design an awareness campaign with specialised seminars mainly addressing the human resources department of various organisations. Research studies have found that the absence of basic cyber security awareness is responsible for 95% of the cyberspace attacks targeting businesses,” he notes.
One of the main questions that came up during our interview is whether citizens who use the internet every day have realized how vulnerable they are and whether they take measures for their own security online.
“There are basic guidelines people have to follow. Often the problem has to do with them not understanding how exposed they are, how vulnerable their privacy and personal data are in the digital world. Our goal is not to alienate people from cyberspace. Quite the opposite in fact. We want to have informed digital citizens who are aware of the dangers and know exactly how to address them, ” Tsiourtos says.
He points out that there are simple steps one can take to this end, i.e frequent change of security codes and passwords, avoid to use same passwords for various online activities and transactions, avoid to expose sensitive data online, install anti-malware programs etc.
“We could build a protection wall for the state and the private sector and for the citizens. However, we need to introduce good practices because installing protection systems is not really the answer,’’ he points out.
However, is this safety net really enough or are we constantly going to be vulnerable, we asked.
“The truth of the matter is that we cannot possible be absolutely protected from cybercrime. What we do in practice is mitigating risks and the impact. To put it in simple terms, we would not leave our house and leave the door open, by the same token we need to take basic self-protection measures in cyberspace. Failure to follow basic rules, dramatically increases the risk and statistical probability of becoming a victim, ” Tsiourtos stresses.
We could not but bring up in our discussion the issue of the new General Data Protection Regulation (GDPR). He says that in fact there is a certain degree of confusion among citizens about their rights deriving from the regulation.
‘’That is why there should be a coordinated campaign to brief the citizens and raise awareness. I am hopeful that the competent public authorities will do so and I have noticed that the Commissioner for Personal Data Protection has issued press releases to help the public. The regulation mostly has to do with the private sector and especially those who keep and process personal data, whether they are businesses or organizations (eg NGOs)’’ he explains.
According to Tsiourtos, dealing with a certain degree of confusion is expected since this is something new. He says however that this confusion is reinforced by the fact that there is a lack of clarity in the regulation as to the precise procedures to be followed and especially the precise compliance framework. ‘’The guidelines do not refer to specific standards, so what we are dealing with is everyone interpreting the regulation in the best possible way,” he notes.
The situation, he believes, will be clarified and all implementation problems will be resolved with the assistance of the Court of Justice of the European Union which will produce enough case laws to deal with the issue in the years to come.
“A new European regulation will be adopted soon – by the end of 2018 at the latest – on Privacy known as ePrivacy. And this will require regulatory compliance specifically for Electronic Communications Service Providers as they are primarily concerned. The legislation has to do with the protection of privacy in the electronic communications sector, safeguards the protection of fundamental rights and freedoms, in particular respect of privacy, the confidentiality of communications and the protection of personal data in the electronic communications sector,’’,he says.
He explains that electronic communications service providers should inform their users about the security measures they can take to protect their communications i.e. by using specific types of software or encryption technologies.
CyCSO has participated in a European Commission initiative, a working group of experts meeting addressing the Digital skills issue, in Brussels. Tsiourtos says, the panel of experts had an interesting discussion and came up with some preliminary findings. ‘’In moving to the single European Digital Economy we need to have employees with high-level digital skills. This so called digital potential does not currently exist. It will require an intensive effort at European level and a serious investment plan by the European Commission to this end. As it was mentioned during the discussion, a budget of 700 million euro has been proposed by the Commission, to implement actions for digital skills and jobs, and Member States should additionally pursue their own strategies and investments,” he said.
He said that it is quite evident that the wage gap between employees with digital skills and those without will grow much more in the coming years, and it should be well understood that workers in the future must acquire these digital skills, to a greater or lesser degree depending on the nature of their jobs, in order to be able to integrate in the labor market.
“This same principle applies to businesses, in particular small and medium-sized enterprises. Their digitisation is not simply a matter of survival but also of maintaining their competitiveness. There are many examples of companies in the last 30 years that just closed down because they did not invest in technology. We call on all Cypriot businesses to respond to the challenges and to invest both in their digitisation and digital security in order to maintain their competitive advantage,” he concludes.
(CYPRUS NEWS AGENCY)