On Thursday, 23 February 2023, we hosted a Carbonsec business breakfast on strategic approaches and best practices for improving cyber-resilience. It was a pleasant gathering of clients and business partners, sharing our experiences managing cybersecurity challenges.
Grega Prešeren, Carbonsec CTO, highlighted the most critical challenges CIOs and CISOs have to face and made suggestions on how to address and manage them effectively. He focused on password security, cloud security, supply chain security, and new regulation in the field of cyber security. He also addressed artificial intelligence as a tool for both cyber-criminals and ethical hackers.
Dr Andrej Rakar and Miro Matijević from Petrol d.d. presented a best practice for cybersecurity management in a large company. As a part of critical infrastructure, Petrol is legally bound to ensure a high level of cyber security. Their approach is based on integrated cyber risk management, including asset identification, asset protection, risk detection, response and remediation. They strongly emphasise continuous user awareness training, as social engineering is one of the most common attack methods.
Radek Kucik from Pentera and Andrej Golob from Slovenia Control Ltd. presented the platform for automated internal security testing and validation. Based on their experience with Pentera, Mr Golob highlighted the tool’s advantages and its contribution to facilitating security risk management. One of the main strengths of the platform is its intuitive design and user-friendly instructions on how to remediate vulnerabilities.
Finally, Nadji Raib from SecurityScorecard presented their solution for assessing supply-chain security risks. He demonstrated how the solution assesses risks along the entire supply chain using real-life examples. We cannot force our suppliers to invest in cyber security. Still, we can monitor their scorecard and use this information to make less risky partnerships and reduce the chance of a supply-chain cyber-attack in our business environment.
The participants were able to share experiences and opinions on cybersecurity management, which can benefit every organisation. We are delighted to have gathered such an excellent company of cybersecurity enthusiasts and are already looking forward to future events.