Diamandis Zafeiriades: Organisations will pay dearly for their incorrect assessment of cybersecurity dangers

Businesses that do not care about their security become vulnerable to attacks, which are also strengthened by geopolitical developments, Diamandis Zafeiriades, Chief of Digital Security Authority (DSA), Cyprus, Commissioner of Communications has warned.

He expressed concern that 40% of businesses that have not been attacked mistakenly believe they are not a target, while DDos and Ransomware threats continue to dominate the cyber threat landscape this year.

Speaking at the 4th Cyber Security Conference in Nicosia on 26 September, he emphasised the importance of protecting critical infrastructure in a constantly changing digital environment, as well as the new challenges brought by the NIS2 Directive. The Digital Security Authority plays a key role in supporting and overseeing the measures businesses take to protect themselves from growing cyber threats.

One of the key points of Zafeiriades’ presentation, entitled, ‘Securing Critical Infrastructure: Navigating the Impact and Implementation of the NIS2 Directive,’ was the criticality analysis methodology applied to identify vulnerabilities at the national level. This includes risk assessments and the creation of a security framework that provides guidelines for businesses to minimise their vulnerabilities.

Zafeiriades emphasised the importance of national strategies and the possibility of businesses to strengthen their cyber security through tools offered by the Authority, such as the free documentation package and the Security Maturity Framework that is adapted according to the level of each business.

Through a system of inspections and controls, the Digital Security Authority contributes to the continuous improvement of security. Particularly important are on-site and post-incident compliance assessments, which provide additional security in the event of cyber-attacks. In addition, the National Security Operations Center (SOC) operates on a 24-hour basis, offering early warning of cyber threats.

Zafeiriades also presented important facts that businesses should take into account. Among other things, the fact that almost 7 out of 10 businesses have carried out a risk assessment in the last 12 months. Also, half of businesses use security monitoring tools such as intrusion detection systems.

Furthermore, 40% of businesses that have not been attacked incorrectly believe that they are not a target. The belief is worrisome, especially given the fact that DDos and Ransomware threats continue to top the cyber threat landscape for 2024. Businesses that do not care about their security become vulnerable to attacks, which are also amplified by geopolitical developments, he warned.

Another important point that Zafeiriades raised is the use of artificial intelligence tools by cybercriminals. Examples are FraudGPT and large language models are used to create malicious emails or scripts. At the same time, the emerging threat of Malware-as-a-Service (MaaS) allows the development of sophisticated attacks by unskilled users.

The NIS2 Directive makes it clear that security is not just the responsibility of government, but of every business that manages critical infrastructure. Zafeiriades pointed out that businesses should invest in both technologies such as antivirus and awareness training, as human weakness is often "the first point of attack".

(Source: InBusinessNews)