Any state institution, including the Parliament, must have a multidisciplinary approach, which must include prevention, detection, response to a cyber attack and recovery after it, Victor Gânsac, CEO of Safetech Innovations, told BURSA newspaper .
Victor Gânsac told us: "The complete prevention of cyber attacks is difficult, because the threats are constantly evolving. However, by taking proactive measures and investing in cybersecurity, institutions can significantly reduce risks and respond more effectively to security incidents. In 2023, Safetech Innovations performed advanced analytics interventions for cyber security incidents for clients in financial services, manufacturing, hospitality and media. In most situations, the investigations carried out took place post-attack, the objective of the collaboration being the identification of the attack vector, the tactics, techniques and procedures (TTP) used and the affected systems, as well as the transmission of recommendations for the rapid remediation of the beneficiary's security posture . In the cases we investigated in 2023, the common causes leading to a cyber attack were multiple, but they shared three key elements: people, processes and technologies. Therefore, a number of proactive measures that both public and private institutions must consider are conducting regular cyber risk assessments to identify vulnerabilities and plan defenses. These assessments should be dynamic and take into account evolving threats. It is also necessary to implement a 24/7 cyber security monitoring process that addresses the three main pillars: people, processes and technologies. Carrying out this process requires a specialized team for continuous monitoring of vulnerabilities and security threats, able to identify threats and respond quickly to any security incident".
Other elements that the Safetech Innovations CEO recommends for minimal exposure and risk reduction in the event of a cyber attack are:
- Implementation of a periodic backup program for critical data in the organization. Because the current trend is for hackers to target the backup as well, it is essential that the backup data is offline and encrypted.
- Carrying out periodic employee awareness programs on potential cyber threats, as well as security posture testing actions.
- Up-to-date updates with the latest security patches for all systems used within the organization.
- Advanced password management and strict adherence to basic password security rules. Systematically secure network, data and application access.
- Adoption of Multi Factor Authentication (MFA) for all services, especially webmail, VPN and for accounts that access critical systems.
- Applying the principle of least privilege to all systems and services so that users only have access to the resources they need to perform their tasks.
- Network segmentation to limit lateral movements in the event of a security incident and implicitly the impact of any intrusion.
- Collecting and securely storing logs for network devices and implementing a log management system.
Victor Gânsac also claims that it is important that the legislation in the field is constantly updated in order to keep up with new threats.
Mr. Gânsac also told us: "As for Cyberint from Bucharest and DNSC, they already have a crucial role in strengthening cyber security at the national level, because they develop and implement national standards and cyber security protocols. However, considering that it is a continuously developing field, it is necessary that the budget allocations for these authorities be at a higher level than at present".