The second edition of CyberPanel at Clubco CZ is over and once again confirmed that sharing experiences and perspectives across the cybersecurity industry makes sense.
We interviewed our colleague Radim Ševčík, who spoke on the impact of NIS2 and DORA regulations, and added his own perspective on current and future challenges.
“Radim, in April you participated in an event called CyberPanel organized by the knowledge and industry community CyberSecurityPlatform.CZ. Can you explain what was the aim of the event?”
“First of all, I am glad that I received the invitation from the organizers. I very much appreciate the opportunity to participate in the panel discussion together with other colleagues: experts in penetration testing, software law and a representative of the academic sector. The event was intended for both active members of the CyberSecurityPlatform.CZ security community and the professional public: students of technical disciplines and colleagues from companies and the public sector who deal with the topic of cyber security on a daily basis. Whether as security managers, researchers, forensic specialists or infrastructure administrators.
The theme of the April panel was dedicated to the stories of specialists in various disciplines of Cyber Security and the aim of the event was to provide the audience with a diverse range of perspectives on information and data security in the current – very turbulent – environment. I believe that we were able to motivate and encourage the panel attendees to continue their professional growth while broadening their perspective on other specific areas of cybersecurity: applied research, tools for strengthening the resilience of organizations, security management, and the growing importance of legal and licensing protections.”
“What aspects of cybersecurity did you cover in the panel?“
“I represented the security team of an organisation that is undergoing significant growth and needs to adapt its strategy, tools and long-term vision accordingly. Last year Faster CZ celebrated 30 years in business, simultaneously opening another data centre of its own and successfully growing through the acquisition of hundreds of kilometres of physical infrastructure and more than 10,000 additional customers.
We therefore address security both in relation to customers dependent on the provision of Internet connectivity and to a wide range of datacentre services. Logically, we address data protection and availability of our products both internally and from our position as an MSSP provider of cybersecurity tools and secure ICT services.
We are – and will be – facing increasing regulation not only as an ISP, but also as a digital service provider. With regard to our customer portfolio, we will be affected by DORA, the Digital Act and other regulations from a supplier perspective. We are actively preparing together with our customers and suppliers for the new Cybersecurity Act. I also presented on the panel our perspective on how we are dealing with these legislative challenges from a process and technology perspective. I tried to convey to the panelists our own positive experience in this regard.”
“Can you elaborate on this positive experience?“
“Definitely yes. The topic of NIS2 and the impact of regulation on thousands of entities in the Czech Republic has significantly raised awareness of cybersecurity – both in the private and public sectors, across industries and jurisdictions. Our company responds to the required criteria for ensuring the security of services with the necessary flexibility. The sub-divisional requirements of the standards allow us to build a much more process and technically stable organisation with greater performance, more resilient and more advanced technologies that will ultimately benefit our customers.
We have invested – and will continue to invest – significant resources in developing sophisticated and simultaneously available immutable storage solutions, secure backups and advanced threat detection tools within our SOC. We have been providing 24/7/365 security monitoring to customers for many years. However, demands – both legislative and from customers – have supported our company’s decision to allocate significant resources to expand our security team, deploying sophisticated network traffic protection systems and analytics tools down to the endpoint level. In this regard, we are also working extensively with academia to develop advanced detection and automation analytics solutions for real-time threat assessment and response.”
“What other experiences have you shared with visitors?“
“I can confirm the growing trend of offensive activities and the increasingly sophisticated techniques of threat actors’ tools. We encounter more powerful DDoS attacks, more sophisticated delivery of malicious content through various vectors, or even targeted campaigns aimed at collecting and exfiltrating confidential and sensitive data, almost on a daily basis. In this regard, we not only respond with advanced passive and active security technologies, but also focus on continuous education projects for our customers and the public.
To this end, we use not only practical demonstrations of simulated social engineering attack techniques, but also Red Teaming tactics to demonstrate and detect possible attack vectors through physical media, OSINT tools, or forensic means to detect possible leaks of sensitive data and their further misuse by individuals or organized groups.
At the same time, we are working on other projects to educate the general public. For example, we are actively involved in an educational programme for strengthening the security skills of individuals and the SME sector, which is organised by the Association of Small and Medium-sized Enterprises and Tradesmen of the Czech Republic in cooperation with NÚKIB, the Czech Banking Association, MUNI and other partners. We are organising our own security conference, which we are preparing this year in the form of the second edition in Radešín. We also support the activities of CyberSecurityPlatform.CZ, national and European activities of the FENIX association, etc. Participation in CyberPanel thus conceptually fits in with our activities of communication and knowledge sharing within professional associations and expert communities.”
“What has your participation in CyberPanel brought you in terms of professional development or sharing know-how?“
“An interesting part of the CyberPanel was the discussion on the quality of contracts in public administration, which was excellently commented by my colleague Jiří Císek from AK Císek. Also very practical were the recommendations of my colleague Willi Lazarov on the cooperation between the private sector and universities in applied research aimed at developing tools for effective collection and advanced analysis of open source data and collaboration on cybersecurity training platforms.
From the perspective of professional development, for example, the insights of colleagues and the audience on the use of AI in everyday practice were very valuable. An interesting aspect was the topic of self-learning and the importance of certifications in the context of demonstrating real professional competencies of both individuals and organizations. A separate topic was hybrid threats and other specific threats: from techniques for manipulating public opinion to AI-driven disinformation campaigns.”
“You addressed the topics of NIS2, DORA, Cyber Digital Act and other regulations in the discussion, what was the reaction from the participants?“
“The topic of the impact of regulatory measures in the area of cyber security was also raised, for example in questions devoted to the national transposition of NIS2 in the form of the currently approved new Cyber Security Act. There was a general consensus on the need for similar legislation and implementing standards to ensure a practical impact on the security of the state, companies and citizens.”
“What main ideas or inspirations do you take away from the event for further work in the field of cybersecurity?“
“First of all, I am glad that the organizers from CyberSecurityPlatform.cz evaluated our meeting as motivating and inspiring for both beginners and more professionally advanced colleagues. The cybersecurity industry is facing significant challenges in the coming months and years. I am referring not only to the expected technological impacts on everyday operations related to the massive use of AI. Even previously untouched entities will have to undergo some form of process transformation in information and cybersecurity management systems. And this will also be a new experience for all industry colleagues: specifically, enforcing not only ongoing technical measures at the IT delegate level, but also interacting with senior management, owners, and colleagues from various departments on documentation, reporting, and collaborating on internal and customer audits. I look forward to evaluating these new experiences on an ongoing basis at future upcoming CyberPanel meetings.”
If you’re interested in the cybersecurity topics we’ve covered on CyberPanel or want to learn more about our solutions and approach to data protection, please don’t hesitate to contact us.
