The crown jewels of any organisation are the data and resources that reside on information systems in digital form. So a modern business cannot run successfully without digital security. That is why Unicom is here, the first registered commercial centre for the prevention of security risks in ICT systems in Serbia
Unicom has a wide range of training on its cyber exercise platform aimed at both beginners and experienced seniors in the field of IT and information security, but this is only part of what this company offers. There is a whole set of services that target the most prevalent security risks.
The development of digitalisation has brought us many benefits, but also new risks that demand a higher level of digital security. Is this one of the imperatives of modern business?
– Digitalisation has improved all areas of society so much that most of the time we are not even aware of the speed of change. We easily accept all the positive sides, but unfortunately we are not sufficiently aware of the risks that these changes bring.
From small entrepreneurial firms to multinational companies, almost all aspects of business rely on technology – we no longer issue paper invoices, we sign with digital signatures and we swing a digital stamp. As these processes are improved, as the level of digitalisation increases, so does the “attack surface” and the risk of abuse grows. This can have a very negative impact on a business, from financial losses and reputational damage to the inability to continue business.
Unicom is the first registered commercial centre for the prevention of security risks in ICT systems in Serbia. What services does your UniCERT team provide?
– Information security is a complex field, and effective protection requires the application of various technologies, suitable practices and something that is often overlooked – the availability of professional staff. Technology is very accessible today, but this is precisely the most common trap. Companies acquire a certain technology, some software, some solution that should provide protection. In practice it has been shown that this is not enough, that these solutions are often not installed and used in an appropriate way, most often due to insufficient personnel capacity.
As information security is a dynamic area, the regulations need continuous improvement
That’s why we started from the basic premise that companies need protection, not just a piece of technology. We have created a set of services (the emphasis is on the complete service), which target the most common security risks. Of course, our services include the appropriate technology for protection, but also the appropriate processes and procedures, relying on our expert team and Security Operations Centre (SOC) that is available 24/7. The SOC team provides the service of operational monitoring and reacts if it has to take appropriate measures that are beyond the reach of the technology. Moreover, our services were created with an emphasis on easy and rapid implementation, with a transparent and intuitive user interface that was internally developed according to the perceived needs.
The most important services are endpoint protection, through which computers and servers are protected. This is the most dominant entry point for attackers. Then comes e-mail protection, which protects against all attacks through the e-mail channel – from malicious programs (malware/ viruses) to e-mail scams of which there are plenty. The web application protection service enables complete protection of web portals, which combines several different technologies and protects against almost all risks web portals are exposed to.
In addition to these ‘packaged’ services, we also perform various forms of security audit, penetration testing, i.e. ethical hacking and software security testing.
Unicom, and you personally, have taken part in organising numerous cyber exercises. For whom are they intended?
– According to the ISC2 Cybersecurity Workforce Study, the average cybersecurity professional has an average of 13 years of experience in IT and seven years in cybersecurity itself. Also according to the same research, the current assessment indicates that the world lacks about 3.4 million experts in this field, and for the European continent, this shortfall is estimated at about 317,000. Classic education and training, although necessary, can hardly replace years of working experience.
There is also an initiative to form a national cybersecurity agency, which would greatly improve our capacities
Cyber exercises and training conducted on platforms for cyber exercises put participants in realistic situations – realistic attacks in a realistic environment that they overcome on their own with the possible support of instructors. In this way, accelerated experience is gained, which is immediately applicable in practice. Participants and trainees are prepared to protect their systems and to react in the right way if incidents occur in their environments.
Unicom also participates in the formal development of strategy and regulations governing the ICT sector, especially cybersecurity, while you have personally worked on projects to improve regulations. What are our legal solutions like?
– Serbia adopted the Law on Information Security in 2016 and amendments in 2019. As information security is a dynamic area, the regulations need continuous improvement. Just a few days ago, the first meeting of a working group was held to draft a law on amendments to the Law on Information Security. The new amendments should first of all ensure compliance with European regulations: the NIS 2 directive, which governs common measures for the management of cybersecurity risks for all members of the European Union, and the EU Cybersecurity Act, the framework for cybersecurity certification of products and services. There is also an initiative, to form a national cybersecurity agency, which would greatly improve our capacities.
As an integrator, you build your market position not only on cybersecurity projects, but also on digitalisation of services and network solutions. Why are your services different?
– I hope it won’t sound like a platitude or like some generic mission and vision, but we approach each project and each user uniquely. We propose and create solutions that will fit into the organisation in the best way. There is no one-size-fits-all solution, but in conversation and often through long-term cooperation with users, we recognise specific needs and propose appropriate solutions. We have never gone to first meeting with a client and presented some ‘best’ solution, but our proposals and later our projects are the result of knowing the needs and the organisation.
A good basis for this approach is provided by a broad partner portfolio. Even for the same technological solutions, we often work with several vendors, and in this way, in addition to always being able to offer users the most suitable solution, our team acquires a much broader expertise and a critical view of the technologies.