BrandsIT: What are the biggest cyber threats currently facing Polish companies and how have they changed in recent years?
Marcin Krzemieniewski, IT Solution Factor: At present, we can mention a few major threats on many different levels. The first is the shortage of specialists, resulting from the low rate of training of new talent, but also the outflow of qualified employees to work in foreign companies or outside Poland in general. The second threat is the lack of a defined long-term cyber security strategy, which needs to be implemented consistently, but also constantly reviewed as the threat landscape changes. Implementing point products without looking at the bigger picture is also quite a challenge. Organisations invest in securing one area while remaining vulnerable in others, or this protection is inconsistent, lacking consistency and integration. Another threat is integrated attacks by well-trained and paid Nation State criminals, which are becoming more frequent and more sophisticated in their methods and more effective than they were a few years ago.
BrandsIT: How do you assess the cybersecurity of Poland’s critical infrastructure in the face of war across our eastern border?
Marcin Krzemieniewski, IT Solution Factor: Regulations such as GDPR (General Data Protection Regulation), NIS (Network and Information Systems Directive) and now NIS2 are definitely helping to build effective cyber security . In this way, the issue of security has extended to the area related to, for example, industrial infrastructure such as water, energy or railways. For several years now, the market has seen a great deal of customer interest in security challenges in critical infrastructure. Industry CERTs (Computer Emergency Response Teams) have been set up, bringing together information on threats to specific market sectors and exchanging key information between the various stakeholders. We have specialised conferences, building awareness of threats and inspiring a structured approach to the subject. We can definitely say that there is awareness of the threat, not only among IT departments, but also in industrial automation teams and at C-level. Awareness at different levels of the organisation is a key step to building protection. There is still a lot of work to be done, but we have nothing to be ashamed of in terms of the level of critical infrastructure security, compared to the rest of the world. It is worth using the lessons learnt from more and more global attacks on specific industries, and to decisively fight the ‘it doesn’t affect me’ attitude, because unfortunately it affects everyone.
BrandsIT: What are the main challenges in integrating Poland’ s cyber security systems with those of allies, such as NATO?
MMarcin Krzemieniewski, IT Solution Factor: International structures such as NATO, Interpol or the European Commission play a key role here . The framework and the specifics in the area of interoperability should be outlined at this level. With the participation of the individual countries involved, representatives of cyber security solution manufacturers and the private sector. Good cooperation depends on developed standards, implemented procedures, delicate legislative coercion and, finally, the goodwill and professionalism of individual experts. This goodwill is currently not lacking, but guidelines are still missing. In addition, in cybersecurity we are most often looking for methods of detecting and protecting against new threats that arise all the time, so we are inevitably often one step behind the criminals. The involvement of so-called ‘law enforcement agencies’, both international ones such as Interpol, but also local ones at the level of individual states, is not without significance. What is important for successful cooperation are the results, and there will be no results without the inevitability of punishment for criminals. This will simply lead to discouragement even for the most enthusiastic participants.
BrandsIT: How do you assess the approach to educating future generations of cyber security experts? What measures should be taken to avoid a shortage of specialists in the future?
Marcin Krzemieniewski, IT Solution Factor: Cyber security is a very broad concept. Today, young people, influenced by films, TV series or stories read in the media, identify it mainly with fighting hackers during an attack or brilliant hacktivists who, sitting in their basement, perform miracles and rub shoulders with evil corporations or governments. The reality is quite different. In order to perform miracles or fight against the most dangerous attacks, a lot of time and work needs to be spent learning and this process needs to be ongoing. We have to keep up to date because technologies, attack methods and threat types evolve or completely new ones emerge. And even then, such a challenge does not come along every day. You need interdisciplinary knowledge of operating systems, computer networks, telecommunications, knowledge of the relevant tools and protocols. It is worth promoting persistence and hard work and making people aware that the road to success will be long and demanding. There is a need for promotion and incentives to take up studies in the field of computer science, where not only programming will be taught. Dedicated courses on cyber security are being created at Polish universities, which is very good news for the industry. It is worth stressing, however, that one does not become an ‘expert’ in cyber security at school. The right course of study, a technical college, but also dedicated courses will help young people get a start in the industry. Later, however, only by implementing the good old principle of ‘learning by doing’ can one reach the position of a true expert. The challenge is and will be to retain talent in Poland. We are currently competing for employees not only with Western European countries, Scandinavia or the USA, but also rich Arab countries are investing heavily in digitalisation and have a strong negotiating position. And cybersecurity is an area where the demand for specialists is growing all the time and this will not change in the coming years.
BrandsIT: How do you assess the Polish cybersecurity market in terms of the solutions and technologies used compared to the global powers?
Marcin Krzemieniewski, IT Solution Factor:Quite well, although Poland has a certain technological “debt” to the so-called West. Often, the most interesting novelties from the world are quickly adapted in the Polish private sector, but what is particularly pleasing, also in the public sector. Zero Trust architecture, AI supporting the detection of advanced incidents, automation in the area of operations and a number of other technological and architectural innovations we see today in our clients. This also allows us to avoid ‘pitfalls’, misguided ideas and abandoned technologies. In the so-called enterprise sector, we already have world-leading solutions and technologies in place today. Implementation and integration with the processes and procedures of these companies is a bit more difficult. To change this state of affairs, a change in thinking at a higher level is required. Today, one “IT specialist” is no longer sufficient for everything. The complexity of the infrastructure is increasing, so the area of responsibility of a single engineer or expert is shrinking. The situation is somewhat worse in SMEs, where there is often a selective approach to security and a policy of “barring one window” and ignoring other attack vectors. This is often due to a lack of knowledge, but also time or budget on the part of smaller companies for comprehensive security. There are too few specialists on the market and we will not reach a point in our lifetime where every entity in need will have sufficient cyber security personnel. A quick solution to the problem may be out sourcing or managed services, where we put some of the responsibility for security in the hands of professionals and can focus on business ourselves.
Find out more about the IT Solution Factor – click
