The 1st World Cyber Security Summit in Cyprus, organized by BOUSSIAS Cyprus, aims to present the rapidly evolving landscape of cyber security and the technologies that will enable organizations and enterprises to review their defenses accordingly
Greeting Speech of the Commissioner of Electronic Communications and Postal Regulation, Mr. George Michaelidesat the World Cyber Security Summit:
Esteemed guests, distinguished members of the audience, and honoured participants,
I would like to welcome you to this esteemed gathering as we embark on a journey to redefine cybersecurity in the ever-evolving landscape of artificial intelligence. It is with great pleasure and anticipation that I stand before you today, to address this pivotal event. In today's world, where innovation knows no bounds, the advent of Artificial Intelligence has revolutionized not only how we live and work but also how we perceive and combat cybersecurity threats. The dynamics of the threat landscape have undergone a profound transformation. Gone are the days when cyberattacks were mere isolated incidents, carried out by lone actors. Today, we face a sophisticated ecosystem of threats, orchestrated by highly organized cybercriminal syndicates, leveraging Artificial Inteligence, to amplify their capabilities. The latest report from ENISA on the Threat Landscape of 2023[1], shows this upward trend on cyber-attacks and incidents. Geopolitics continue to have a strong impact on cyber operations, which is expected as we have ongoing wars.
But before you know that an incident occurred, you get notified with an alert and need to analyse it, to determine if it is an actual incident or a false positive. Evidently, over the last half year, our National Security Operations Centre (SOC) has received and analysed approximately 130,000 alerts. With alerts coming at a rate of 1 every 2-3 minutes, it’s nearly impossible for humans to analyse everything and correctly, in a timely manner.
At the moment of speaking, there are hundreds of thousands of jobs open in the cybersecurity space, approximately 350,000 let alone in Europe, according to the ISC2 “Cybersecurity Workforce study”. Given the challenge of the scarcity of cybersecurity resources, we need to apply technological multipliers in order to be more effective and meet the requirements of the job. Two of the things we can do, is to use automation, to allow us to work more efficiently and the use artificial intelligence – that allows us to work more intelligently. At our Security Operations Center, in order to combat with the huge volume of alerts that we get every day, we are currently running pilots embracing the power of automation by implementing several bots or robots that assist us with the triage of true positives and false positives at a much faster rate. We are also looking to exploit machine learning techniques (Artificial Intelligence) that analyse alerts, network traffic, system logs, and user behaviour, and can identify unusual activities to flag them for further investigation. Malicious actors have already begun to harness the power of Artificial Intelligence and transformed the cyber threat landscape.
The European Regulation landscape is also changing. Earlier in March, the European Parliament approved the world’s first major set of regulatory ground rules to govern artificial intelligence, the “AI ACT”. Further, the NIS2 Directive entered into force on 16 of January 2023. The Digital Security Authority (DSA) is responsible for the implementation of the European NIS2 Directive which is more demanding, expanded in scope, resulting, the number of entities under regulation to grow exponentially. For Cyprus for example we estimate that from 70 critical entities that we have now, that number will explode to 700.
Any entity/industry with digital elements is prawn to a cyber-attack and you can hardly find an entity without any technological influence nowadays. Everyone and everything is connected which implies that even the tiniest loophole in a system of a small industry can be exploited and damage the whole sector. That is why we are facing the challenge of understanding the specificities of each sector and applying the appropriate security controls to the various maturity levels identified in each sector. The NIS2 Directive recognizes that human factors are crucial for cybersecurity and that employees are often the weakest link — as well as the first line of defence – in preventing or detecting cyberattacks.
A chain is as strong as the weakest link, therefore the Directive requires organizations to provide adequate training and awareness programs for their employees, users of digital services and other stakeholders, on cybersecurity issues. Adding to this, we have developed in our offices an ICT academy, a 600sqm state of the art training facility which will accommodate events for the operators of critical infrastructures, for general capacity building and awareness purposes as well as for upskilling and reskilling of ICT staff and other disciplines in cybersecurity, with the cooperation of the Deputy Ministry of Research, Innovation and Digital Policy (DMRID). Further, it will accommodate trainings and events for the countries in the region and beyond as our longstanding vision is to establish Cyprus as a regional centre for cybersecurity services.
Attackers are looking to exploit any vulnerability they can find and we need to be ready. It has been observed that small companies are more vulnerable to cyber attacks, and given that in Cyprus the most businesses are SMEs, we have prepared a call for Proposals for the "Cybersecurity Enhancement of Small and Medium Enterprises in Cyprus for 2023". This Program, was run by our National Cybersecurity Coordination Centre (NCC-CY) in collaboration with Research and Innovation Foundation (RIF). It was a funding scheme of 1m which was oversubscribed by 40%. Given the success of the program, our plan is to run similar as well as more focused programs for specific important sectors of the economy.
In addition, the National Cybersecurity Coordination Centre started the process of establishing the Cyprus Cybersecurity Community. The purpose of the Community is to bring together stakeholders from the private sector, public sector, industry, academia and research, and therefore to maximise the benefits of combining knowledge, skills and experience in cybersecurity issues. At the same time it will encourage active participation and contribution to research and education projects with the ultimate aim of facilitating the dissemination of information, skills and competences among its members.
Ladies and Gentlemen, the threat landscape is critical and alarming, and it is there. As it is evolving, we must evolve as well. Only with smart technologies and tools, capacity building and cooperation we can withstand whatever is coming to us, and I can assure you that as a National Security Authority we work on all of these areas.
We have a lot of work to do, to stay the course and drive progress, and it is not easy. However, I’m optimistic that continued focus on partnerships, information-sharing and discourse across industries and governments through events like today, can help us think and act in new ways, as well as to further promote cooperation.
I would like to thank you and wish you a fruitful and productive summit.