Panel | Assessing the Cybersecurity Impact of Russia’s Invasion of Ukraine

It's the panel on the first one, we'll be on assessing the cybersecurity risk of the Russian innovation of Ukraine. And we would like to introduce the CEO of copy a call bur Carl. Yeah. Thank you. And welcome to to everyone here in, in the Plano cyber war is typically known as the fifth dimension of, of war as many of, you know, land, sea air space. We are seeing all this, but today we will focus on, on what cyber war. And I have gathered a very exceptional group here to discuss this matter with all of you.

And since we have 40 minutes, by the way, that shows the importance of the topic, we have 40 minutes and that gives us some time. So I would everyone let them introduce themselves to you perhaps starting with you?

Well, my name is SERS. I'm an identity expert and I've worked in all the major banks in the Netherlands and in Luxemburg for the E I B European bank.

And yeah, that's it, Michael. So, Hey everyone. My name is Michael Frank. I'm the CISO at ADIs responsible for their information security and cyber security practices.

Hi, cast Fisher Fisher. I'm the deputy chief security officer for, or bank and also running our office of the CSO, comprising of strategy and architecture and things like that.

Hi, great to be here. My name is Ruta. I'm the farm and CEO of SEMA.

Yeah, thank you for coming. And I just wanna make sure that everyone is, is here on the same page. I I'm sure you know, a lot about what's going on. The news are over it, but just to make sure that we have all the, the, the facts at hand, give me one or two minutes to share some, some details with you, and then I'll hand it over to everyone for further discussions. Yeah. Russia attack Ukraine on the 24th of February. Everyone knows that. And of course, since then, we've seen an enormous amount of battle and fights going on in the areas of, of course, land air.

See if you count Aon Musks involvement, you could even argue space. Yeah.

And, and it's interesting to, to observe that even before this attack started, cyber attacks have started as well. So before the physical, oh, I'm sorry. Before the physical attacks state sponsored group called sand attacked about 300 organizations in with a software called hematic wiper. And as you may know, VIPA, this is a kind of software difference to ransomware. They destroy the data to make the target system unusable.

And, and we've seen that in 300 organizations in, in, and, and we have also seen that, that, that this, this, this bypass software was targeted to, for example, modes used by the S satellite network company via sat and that not only impacted the Ukraine itself, but it also, for example, impacted Germany, the, the, with, with wind craft Turpen. So, so, and, and Europe, Europe wide more than 30,000 terminals were impacted by that attack as well. We've also seen DDoS attack attacks in for Ukraine banks, but also for the energy sector and astonish.

When, when you look around, the majority of thera in infrastructure is actually nevertheless, still working. If they were having, if they have problems, it was not because of cyber taxi was of the real attacks, of course. Right. But not because of the cyber so far, which I personally found surprising, curious what, what you all think about that. We have seen also some side attacks or neighbor countries such as Bulgaria or, or Poland, etcetera, but we have not seen major attacks in the Western countries, for example, which is again, another surprising fact I think, and I would stop that.

Just wanted to make sure that we have all the facts and figures at hand. And I'm now interested. Am I the only one who is surprised? Or what about you, but Do you wanna say surprised about the attacks I'm not? And the 23rd of October, the year before the war, they had already attacked or were in, in, inside the Polish border monitoring system where all these refugees had to register and they tried to attack the train management system in Ukraine, which didn't succeed. So this is month before the war started. And I think there was already war. It's not the, the land attacks. Okay.

That was new. But in fact there was already a state of war before that. And I think preparation had been going on a lot longer than we have seen their obvious attacks. So that's not surprising in a way it is a bit surprising that still everything works in Ukraine, but they too had probably noticed that they need to be very resilient.

So, yeah. Yeah. That's bit in the middle. Michael would show you, I mean, I think in general, as I Seeso, you always need to consider what risk you have for the company. And I think despite this terrible topic, we need to be professionals and really do that kind of risk management and analyze the situation for us. So what does it mean for us as a company? I do think yes, in general, it's, it's good that people try to elevate the, the threat level. People are aware of it. On the other hand side, we also need to be clear what can happen to our companies.

And I mean, just giving an example, you, you mentioned the wipe malware, quite obviously, you need to make sure that you protect yourself against that. That means, for example, if you have premises in the Ukraine at some point, maybe you had to take a decision to take it off your corporate network or limit connections so that if something would hit you, it wouldn't spread.

And I think that's just a constant thing we need to be doing as horrible as the situation is, we just need to make sure that we keep our professional judgment, because I also think that we shouldn't unnecessarily cry Wolf all the time. I mean, one of the, one of the things that made me smile on the one hand side a bit, but on the other hand side, also a bit sad once again, was when the BSI issued a warning for us and told us we should raise our security measures.

Guess, guess what we've been trying to do over the last couple of years. So it's not something we can do just because the situation changed from one day to the other.

But, but we, we come to that, let let's focus on on the fact that of course cyber attacks have happened, but we are not seeing the major impact yet. So we will, we'll talk about the other stuff in a second anyways. Yeah. Carson. So I think there are two level of discussions around that one in the press. And I think that level has raised so unsurprisingly, now everybody talks about cyber because it has become that fifth dimension. As you mentioned, that sort of the cyber war. I don't think that was the case before. So that has changed for the other dimension meets us as companies.

I I'd like to quote a colleague of mine from, from another bank who said, he's really struggling, responding back to regulators or the BSI or others who are asking to have you increased, or how are you protected? He said, for him, it's relatively straightforward. If you had a cyber program in place, then what we are seeing now is more of the same. If you didn't have a cyber program in place, Tough shit. It's too late now. Yeah. Yeah. You obviously, you observe, let's say the space anyway, feminine. What's your view here Now?

I, I quite like actually some of the points which has been made here now look at us. We actually started to witness cyber crime being orchestrated against Ukraine last year, September, it was not like happening one month before the war, it actually started. We saw a lot of preparation going on there, starting from infrastructure to the way it needs to be orchestrated to the way it needs to be deployed. We saw a lot of that happening last year itself.

And that was a very clear indication that, well, this is gonna either translate to a, to a full throttle warfare, or this is something in preparation, which gonna have a catastrophic level of impact. Now what has happened as, as soon as the, the actual war started, you had to respond as well.

You, you need to understand like the, the whole world has gone two ways. You have progress here. You have against Roia group. And first time ever, we are seeing very clearly status practice, state groups coming into parts. So when there was a sort of orchestration that cyber crime is gonna be launched against Ukraine and lies of Ukraine, I think you had a counter defense ready as well from pro Ukraine countries.

And I, I don't want to go into details of that, hence why you don't see cyber crime being orchestrated that much, but I promise you what, what we are seeing down there is absolutely a cynical level of cyber crime. Let me give you example, and I don't want to scare people here, but first time in history, we are seeing car cyber attacks being planned. And what that means is you go against life of people using cybercrime. Now this topic has been there for many, many years, but first time in history, you see that being really planned.

You really see they being very focused towards that on both sides, both sides. Let's be honest here. You also see first time in history where, you know, fishing used to be a very sort of important vector for cyber criminals. Now you're very clearly seeing defect being used. I don't know. I'm very sure you guys have witnessed that in this part of the world, there were like almost 187 defect videos, which were released from both sides to tarnish reputation of each other.

And that, that in a way, if, if I'm on the other side, if I'm on the cyber crime side, that gives me a new vertical to kind of, you know, use defect because that's way more impactful than a fishing attack. That's another thing which we, which we observed there is that not happening right now? The answer is yes.

You know, we, we are seeing new flavor of malwares being launched. We are clearly seeing, we spoke about wiper. There are 27 instances of wiper malware now, and it's just coming out from one sort of parent, but there are now 27 variants out there. So quite frankly, it hasn't actually stopped. Things are in not been working On that point. The voices, obviously the who say it has started last year already. You mentioned that that's why you confirmed that, right? Some say even in March last year.

So, so it looks like that the cyber war was in a similar way, prepared like the real war, obviously, right? It at the beginning, it was somehow synchronized. The attacks were synchronized cyber together with the, with the, with the real war. Now the why do, why are we not seeing that massive impact? Is it because the Ukraine people were very well prepared as well? Or is it that the Russians underestimated the capabilities of, of, of the country in this case, Ukraine. And it looks like that cyber attacks need preparation. You can't do that overnight, right? The need.

So it doesn't seem to be the case that Russia prepared for a long-term attack campaign. So they thought they had done in a couple of weeks, which obviously was, was wrong.

So what's, what's your view on, on that point. And we come to what we can do for our companies after that. So no worries.

No, it's, it's a great point you made and, and, you know, in any cyber warfare, if you look at it and I'm, I'm speaking from experience here, by the way I used to work for MIS six, we used to have their cyber warfare capability, which is British intelligence. I've seen this firsthand. You always start your warfare by collecting information towards your target, which is called reconnaissance the whole of last year, at least what we have witnessed, right?

We see, we saw very clear campaigns around collecting targets, information, you know, people, important people, important asset, important organizations within Ukraine and supportive nations of Ukraine. We have seen massive actually, you know, reconnaissance exercise.

Now, did that translate it to actual cyber crime? The answer is no, as I was saying, well, when Russia was preparing to launch a assault on, on Ukraine, you had defenders as well, and, and defenders were preparing as well because this visibility was out there. I promise you, most of the intelligence agencies had this visibility that something like this is coming. And hence you see the impact of cybercrime orchestration on Ukraine is not so impactful, but that doesn't mean it has a stop yet.

I think, you know, in any warfare, this is, this is a long haul game. So I don't see that being slowing down. But the reality is, you know, when adversaries were preparing themself, I think defenders were preparing as well. Yeah. So now I know, so to say, say something against what I said as well. So you were mentioning there was a data collection phase ongoing started last year already.

So we can, we assume that this was not limited to Ukraine organizations, that this was probably, Yeah, I was listening all the time and I was sort of struggling a bit with that. How much of that? So where I think we are all struggling is how much of that can we really attribute to, or to Ukraine, Russia crisis or how much of that is part of what we're seeing anyhow, all the time you made a great comment around, like we had seen preparations yet. We all had seen that all the Intel companies have seen it as well. Everybody got it via their Intel feeds wiper.

I'm probably not a hundred percent in agreement that this is something new. It's the same in a different flavor, structured a bit differently, but it's not like we have seen something like this the first time at all. So I think it's, we need to be careful. And that's also with all the attack levels we are seeing now, do we see more DDoS attack than usual, maybe, but not a lot. Can we attribute that or contribute that to the current crisis? I'm not sure most of the Intel vendors are really struggling to say, yeah, that's related to that.

So I think that's why I said earlier, if, if you have a cyber program in place and if you have a big border to one of the biggest nation state on cyber, I'm pretty sure that you do have cyber programs in place. Then this is a bit more of the same or the critical functions in countries have been prepared.

I mean, we have seen attack against us electrically companies or whatsoever. So we had seen all of that. That's why you made that question earlier around, like, are we surprised that we do not see a lot of attacks? Probably not because we have a lot of Intel in place. We do a lot of sharing between communities, between companies and all of that. Does that mean we will never be hit?

No, not at all. We will be hit, but it, it says we are all more aware. We more prepared. That's why I met that comment around the press. I think this is now getting a bit more public, but in a community of cyber folks, there's probably not a lot that we haven't seen before.

Well, I think that there is another group. We, we are talking about state initiated attacks that state against state and companies within the other state. Then there is the cyber criminals who do this for just disrupting stuff or for fun, or for gaining money Or for living. Yeah. And now I think there's a new type of stream in the cyber crime area of people who are before trying to help Ukraine and just leave their common practices and all start attacking either the Russian side or the other side as a new purpose. And I think that's a change that's triggered by the war.

That was not like before. Oh, Absolutely. I think this is the real surprise. Yeah. When everybody's everybody said, okay, now we need to be aware that the Russian, the nation state attacks will come. The first thing that happened was Russia being attacked. Yeah. Not the other way around. That Was. And not by state, by Probably to all of us parties, Hackers like had Whatever. And cousin to that point, since the Russian organizations, government, as well as enterprises were not used to this behavior, they were less prepared than Other countries. And that's what I said.

This was the real surprise for me was how quickly you can activate a community on a purpose like this, and then how unprepared the other side was. They are, we all know that they're probably better than we even can think about in attacking others. Yeah. But it seems like they've forgot that they may be a target as Well. And we don't know them, we can't manage them. We don't know who they are.

It's, it's a vast, hidden community that has decided to take part in the war. And I think that's that's yeah. I think that's the biggest risk because they could also do wrong things or, yeah. Yeah. But I think that also goes back to the initial question about why haven't we seen more happening at the same time. I think we, we shouldn't underestimate that really orchestrating a really big initiative is something very hard.

I mean, despite the fact you can prepare for your, we all know our companies, we all know our networks, even, we can't keep track of the machines that are in there. Our security teams are working as well. So maybe yesterday you had access to the company network and then on day zero, where you wanna start your campaign, you realize, oh, I don't have access anymore. So I think there's also a complexity, obviously for the attackers, despite the fact that it's scaling up. Now it's more groups involved, but doing it in a very targeted way and organized way. I think that's the challenge.

And that would be my take while we haven't seen more on one day. So to see, Yeah, that's one of the nice, nice creative activities that we've heard about was one group who were attacking the Russians. And they would ha I think was some type of printer and that would all the printers in the country would start printing how to go on the tour network and read the real truth about the war in Ukraine. And I think that's a really numb, disruptive, but very creative way because next to this cyber crime and wipers and, and destruction, there's also the information more and how to do that.

And that's even more difficult. And I think when the cyber happens, we're using their skills to take part as information defendants. I think that was, that's one of the really things I, I loved when I read about that.

So, and it's a great point you made there, like, you know, I'm very sure we saw a news out there that the national television of Russia was taken down by anonymous group. Right. And anonymous is this vigilante group, what you're talking about. Right. It was so interesting. They were able to actually take down the network and they were able to put a defect of the most important person in Russia. Yeah. Saying on a national television that we committed a mistake and we are gonna be backing off. Now. Of course it was, it was not true.

But think about like the impact of, of cyber, not only from threat perspective, but the positive side of it. Right. We are first time seeing like both, both coming together. Historically we have not seen that.

You know, cyber is always being looked upon as well. You start with a negative connotation. Whereas in this case, cyber has been very actively used for a very genuine cause. Yeah. And I think what we're now seeing as well, and this is the one that probably should scale all of us a bit more is there's a big community out there. If you are able to activate that community against a certain target, then this community can be really successful. Yeah. Now we're sitting all here and saying, yeah, great. They're all attacking Russia. That's the right target to hit.

But what happens if they're deciding to hit editors tomorrow as a community, then you get worried and we get worried next day and you get worried next day. So I think that's the, the thing that we learn around that cyber has become a bit different in the way of communities, how they are activated to do something.

So I, I loved that point, Carson considering my past with Deutche bank. I mean, we've been there, right?

So if you, if you remember there was block occupy wall street and all those movements, we exactly saw that already in the past as well. Yeah. Physical. Yeah. That was physical. It was physical. And we saw it with DDoS attacks and everything.

So, and even other companies did when the diesel scandal hit for the automotive industry and all that stuff. But what did we learn from it? We learned that we need to beef up our security measures. Correct. We need to push our security program.

So for me, it comes always back to the same point, no matter what is out there, we just need to make sure that we continue our investments. Yes. The situation might be changing. The adversaries might be changing, but definitely for us, it's just the same thing, repeating all over again. And we need to make sure we do the right things. Yeah.

So when, when, when, when we consider the, the three phases of a text, you called the first phase you called already it's data collection or research for vulnerabilities, a second phase would be to gain access, ideally privileged access if possible. And the third phase obviously then is execution how sure. And this is a rhetoric question. I know how sure can you be that the first and second phase has, has not already happened and that someone, the Russians are now just sitting and waiting for the third phase to start.

So maybe, maybe starting with the, with the part that people don't wanna hear. I, I wouldn't necessarily focus that point, despite the terrible situation that I mentioned before right now, just on Russia. It's a question about, do we know who is inside our network friend or O we don't know who is a friend. We don't know who's a fo tomorrow. Yeah. So therefore for me, the question is always, how can I detect if someone is there and how much control do I have? And I mean, my blunt answer would be, I think we all don't know. We don't know the unknown.

There, there will be zero days. We do know that there are both cybercrime groups, state sponsored groups that have a lot of capabilities and that can build things over time. And so in my position, I would never be in a position where I would say, I'm sure there is no one in my network on the, on the contrary, I would always assume we have someone in there and we need to try to find them because otherwise this, this whole thing won't work. And at the same time, like before, there was a big trade in zero days and also by state who have a lot of money to spend, so that that's business as usual.

And I think that risk is yeah, probably the same when you should be prepared in this to the same level. So Yeah, I think my take on this will be, It all boils down to visibility. What sort of visibility do you have and what sort of corrective actions are you really taking, as you rightly said, totally agree with it, but how do you get the right visibility? And it's not always about threat intelligence. There are way more things which you can do to get the right visibility out there.

We always advocate and you would see like ING, like number of research, especially on this Russia, Ukraine, or any state sponsored groups out there. It's all about how do you get the right ability to understand where your do and windows are? Do you have that visibility?

Once you have a visibility of where your do and windows are, and this could be your it infrastructure, your OT infrastructure, your, your people, your asset, you name it from there, you very quickly understand, well, what are some of the weaknesses out there on the do and windows you get to understand, are you a matter of interest for cyber criminals, right? Which, which comes as part of your brand intelligence capability, you quickly try to assemble, like, you know, do I look very PO on my distal platform because let's take it being super honest here on this forum.

67% of cybercrime just in last one year has been, has been actually used via distal footprint of organizations. Now, do you have a visibility of that? Combining that with like situational awareness we spoke about, right. Do you understand what sort of cybercrime is being orchestrated in your industry, in your technological attack, in geolocation, where you are operating from, and then you come to like intelligence, right? Which you kind of apply, but going back to the point, like, do you have a clear attribution?

I promise you, you, you are never gonna get to a stage where you're gonna have a very clear attribution. We all know this, but at least as, as a readiness, as a preparedness, if you could go about looking at your shadow, it, your external, you start to look at your, your vulnerabilities. You start to look at your gaps, try to sort of manage those, minimize your distal footprint. I think that that, that will help a lot as, as a organization. Yeah. And simple housekeeping. Two-factor authentication, patching, just the complete set. Everyone knows, but not everyone does.

I needed to smile a bit about your question because all of us probably get currently a lot of requests from the press to commend on items. And one of the typical questions is that, have you already been attacked or have you seen attempts to be attacked? And then you're sitting there and saying, okay, if we have been attacked, do you think we will tell you the press a, B, you go back with a very generic statement about a cyber program that you're running and further investing into cyber and reviewing the market and watching the market.

And it sounds a bit silly, but it's exactly that to your point, do I know whether somebody is on my network or not? If I knew, then I will try to kill them and get them out. But if I don't know, then how should I commend? So it's still same. So thank you for, for that.

So, so perhaps one addon question. So let let's assume the collection phase is over. They're already sitting, right? Michael was making the point. Yes. We have been preparing for something like that all the time, regardless of war or whatsoever, but have you, or can we do anything on top of what we anyway did in the past now to detect whether this has happened?

Do you, do you do something because of all the requests, obviously the security guys also get nervous, I assume. Yeah.

Of, of course, but our, our chief security officer said that the other day, that's what we, like, you said that, that's what, that's what we always prepared for. We, that's why we're doing cybersecurity.

We were, we were trying to protect against something like this. So coming back to the quote I made earlier on that another financial institution colleague did all of the critical infrastructure companies had to do that over the last couple of years. Do we think that we are fully protected? We hope we are, but we know we are not. So if I wasn't able to detect it yesterday that somebody hit my network, I won't be able to detect it today that the Russian hit my network. So I don't think that we can now reinvent the wheel and saying, you know what, let's buy a new investigation tool.

Let's buy a new detection tool. Let's buy that. I know there are a lot of vendors in the room who would love us to do that, but I don't think that this will necessarily solve the problem. If you have done a cyber program, then you have built a certain level of trust that you are able to find it. There is no completeness track. We don't know that. We don't know. You said that very well. The unknown, you don't know the unknown. Next one. Yeah. So that's why I think the simple answer to your question is no, no further, if you haven't done it, yeah.

Please do start tech detection tools and all of that. But if you have a program in place, then it's really doing the sort of normal process look into what is working well, where your capabilities are already strong and where you need to further invest. And if you see something new, then prepare for that. We talked about that, that me, if you, if you decom complex that if you look at the individual components of that, there is a reason why we can attribute that to Russia. Cuz we have seen those components before. Yeah.

So that's why additional measures, I think, are difficult for those who are already running mature programs Yet. I think the three types of defense, of course the detective defense, is there someone, can we find them when they are there? The preventative defense, can we stop them from ever coming in, but also the re after the fact stage the resilience. And I think that should be the, if we want to strengthen our position, that could be something that can always be done by setting scenarios. The what if scenarios, what if the power would go down? What if I think that could.

So it's like, I also had the discussion with Royal Schneider. You all know him from, from audience. And he said it prepare for the worst and hope for the best. Yeah. And also we always said that in, in cyber security never missed the opportunity of a good incident. This is an incident for the whole industry. So every CSO should put that out there to their board and saying, by the way, I need more money. I need to do this. I need to do this. I need to do that reality though, is that this is part of your program.

Well, it worked when the swift network itself was attacked. And I think the Bangladesh case in 2016 or 17, and I remember that we had to swift was dictating 25 security measures to be implemented within 14 days, which is impossible. If you know that a bank has three and a half thousand applications and there's a whole cha, if you change something here, it will also impact all the rest and you can't test it just like anytime you want. That was really, the whole bank was shivering and it was very difficult, but all the banks had to do that.

And that was due to that incident and it cost one bank, a lot of money. But I think that was exactly what, what you mean. And I think along those lines, what, what I do like about that example, you got clear regulations, you got a clear mandate to do something and that's why you got it done. And I think this is still something where we can improve also in terms of how do we run our security programs. We are all talking about risk management and maturity today, especially also in Germany. There is a very small amount of requirements you have as a company, what you need to fulfill.

Now, what I would wish for actually as a CISO would be more regulation around that so that we set a certain minimum level for our economies to be able to sustain certain type of attack no matter where they come from. So thank you for that.

And, and I, I, I think that, that brings me to another point, which is very a recent information just from yesterday, you know, that the G seven met, right. And first of all, they, they, they promised to create some, some additional stuff to protect them. Right. But the other thing, and that was your point. I think you have now made the point that especially the mature organizations, they've done their homework to a large extent. Yeah. If you haven't done that, it's anyway too late. If you have not, pumps are usually in place.

If you have not manufacture in place, it's no point now cause of that implement where there are many reasons to do it anyways, but not because of the Ukraine increases. Now. Now we have to some extent the national information gathering in place in Germany, in the us and the UK and in other countries. But what we do not have is a, what is it called? International cross national multinational yeah. Information gathering exchange. And this is now demanded. What's your point? Will this help us? Yeah.

I, I'm not sure we don't have that to be honest. And that's also, I mean, you talked about regulations, will regulations increase, you talked about regulations. What I would love to see is not those who are regulated already to put more pressure on those, but really use that as an opportunity to socialize that, to really say, you know what, everybody should be on a certain standard because if one piece of the train is impacted, then we may all be impacted. So it doesn't really help us that we are on a certain level.

Financial institutions probably are a bit different in that regard because we have been pressured by regulators years ago to do something. That's why we've built a very global community of sharing and exchanging information. But I know that telcos have telcos have that as well. So there are a lot of sharing communities.

I mean, we are sort of sitting here in a sharing community and sharing knowledge. I strongly believe that sharing is the best way to run your cyber program.

Well, this is, and I take that away. There is a European law that's they are now doing to pre-research to start making legislation on a European wide sharing of vulnerability. The vulnerability database is not on national level, but, and correct. I have read the Tinder. They're finding people to do the pre-research for, I think, seven months or something. And then they will set, set up something. So at least across the European union, this will be synchronized and, and, and shared because a bigger net can catch a lot more than a number of small nets, as we all know. Absolutely.

I think that that would be an improvement on top of what we are doing today. Yeah. And to add to that, I think all valid points were made here. And I think the important factor here is information sharing, threat sharing, very, very important vertical. I think all of us has been advocating this for years and years. And finally things are starting to come together. Okay. Quality of sharing, quality of threat sharing is something where I think our focus has to be, because right now, take example in my previous life, I used to be a size of one of the largest resourcing company PHP.

And we went about setting up ISAC, which was for the sourcing. Yeah. The ISAC also. Yeah. And I promise you that the quality of information sharing was one area where I was not at all happy and I don't see any emphasis being given there. I'm very sure financial ISAC, you look at it, there's a lot of actually focused there. You have manufacturing ISAC, lot of focus there, but there are indu where, you know, the quality of sharing is, is something which we will have to look at and validation of what is being shared is another problem, which we see.

Sorry, go ahead. You wanted to say, Yeah. So just to, to add to that, I think what, what we shouldn't forget and that's, that's why I'm in such favor for regulation as well. We are talking now coming from large enterprises.

So for us, it's easy. We can build teams.

We, we can have threat Intel teams. We have our SOC teams, et cetera. If we think about the smaller, so mid-cap companies, they can't afford to have that. So even if they had the best threat Intel feed who should consume it, the CEO of the company, and then he should take decisions.

So that's, that's for show not gonna work. So we also need to make sure that we build measures for them. So we have like, you like the vendors we have in the room, you support them in the right way because they can't do it on their own. Plus we also need to, from my perspective, mandate them to do certain things because we are all heavily relying on them. So even if we are terribly secure, if all of our suppliers go out.

Yeah, well, our business is gone as well. Okay. Thank you.

I, I have to admit that when this session was set up for 40 minutes, I was a little bit concerned whether we can really talk for 40 minutes, but this concern was completely wrong. Last statement from everyone. What is your personal expectation? What will we see next? What will come next volunteers to start? Or I would, I would start, but giving a different answer to that question. Didn't expect anything else. Yeah. Yeah. No.

So, and, and that's just because of that situation. Yeah. So therefore I wouldn't start with, or answer with an expectation, but rather with hope and that hope would be that this thing is over as soon as possible, because we are talking about this in a very professional manner, from a cybersecurity perspective, which is our job to do that. We shouldn't forget there is people's lives on the lines, on both sides. And so therefore for me, the hope is that it stops natural.

The expectation is it could still go on, but as we discussed, we need just to make sure that we have our security programs in place. Yeah.

Well, my expectation is that if the, the traditional war on land and sea and air and so on, it's going worse, maybe it could be that Russia still has some very strong attacks up their sleeve, which they have probably maybe saved to, to use. And they're keeping them here because they're not ready yet. Or they want to do it as a last resort, but I'm yeah. I don't have any clear prediction on that. British. I think my view, I totally agree with you. I think the first thing, which we need to look at it in this situation is the people cyber comes later.

Quite frankly, if you are not gonna have any people, there's not gonna be any systems. There's not gonna be any complication. There's no point. So people side a hundred percent, the war has to stop. But on the other side, I think just looking at the way things are trending right now, visibility plays a very important role. I'll repeat myself. Do you have the right set of visibility? Are you applying those visibility into your cybersecurity programs? We spoke multiple times and are you retuning those cybersecurity programs based on the visibility, how situations are evolving out?

So that's, that's my take. We have opened Pandora's box, cuz cyber's not public. It was sort of a bit, but this is not public. Everybody talks about cyber. I think there's good in that because we will all hope that our kids are now going to study it security and work in cyber. So there is probably an impact to the talent market, hopefully a positive one, but there will also be an impact to the attacker market.

So to say, I think it will get more sophisticated. More people will get interest of that. More people will now understand that's a really impressive and impactful weapon to be used. So that's why I do think that we will see an acceleration of cyber over the next five years, as we have seen it over the last five years, I think that will not stop. We'll not stay on that level. I think that's a, for me, one of the takeaways out of the current climate is that that will further accelerate.

And we, as you said, we need to get prepared with our programs. That's all. Thank you.

I, I it's a, it was a serious topic obviously, but I do hope that all of you enjoyed the discussion as much as I did. And I'd like to thank the panelists for being with us here and sharing their views on, on that topic. Can you Say something you Don't mind?

Yes, please. Okay Guys, I'm so sorry to break it up. I'm the only representative of you Craig at whole conference and I'm so glad that you are here and I'm so glad for the KuppingerCole to actual organizing this half an hour ago, actually an hour ago, I was talking to a friend of mine who is on the frontline fighting being a part of the cyber war, having a gun in their hands to, okay. I just wanna say thank you for all of people in our community who are helping Ukraine quietly. One thing was really not yet quiet company called Yubico representative.

Here is here with friend of mine, from company Heidi created 35,000 HIEs to Ukrainian army and Ukrainian security. Yeah. I know. To help them out to protect the communications. What we need to do as a community, right. Is to understand the first of all, the worst happening for eight years. Second of all, Ukrainians are prepared because of us because just, you know, me also, but lots of people came to Ukraine started from 2014 from the MI to help starting building security in Ukraine. It's not the case just happening.

Another thing, 1.2 million Russian it specialist left the country starting from the end of February. Why? Because they're afraid of being persecuted by Russian government. This is also a part of the story.

Why, in my opinion, Russia today in terms of the cybersecurity capability should not the same as it was two months ago. Right? So that is another, thank you to the international community. Immediately jump on and tell people what's going on. Right?

So, and the last thing I wanna say is our panelists are wearing those, you know, values, seen the flags, all the place. If you have a chance to support people, the people human factor is the most important opinion is very resilient. They're gonna fight to the end, but we definitely want peace. And we definitely want to tell everybody that there's a huge thing. This conference participants for, you know, being here and spreading the news, we are fighting.

Alright, thank you very much.