Shift it. Shield it. Share it. That the moto of the 2017 CyberCentral. Treat yourself with 2 or 3 days out of the office routine and join an international community of like-minded cyber security enthusiasts. One of our exceptional and enthusiastic speakers is Branko Dzakula, Information Security Officer, Corporate Security at Air Serbia. I had the opportunity to talk with Branko and learn more about himself and his passion for cyber security.
Tell me a little about yourself and your professional background
I have more than 5 years of work experience in Information Security but my obsession with this topic began way back. I had the pleasure and the opportunity to work in diverse environments and industries, tackling information security challenges.
I started my career in Telenor, an international telco operator, where I gained deep insight into data transport and how to secure it. From 2g to 5g networks, I watched the evolution of data transfer and the way security evolved with this area. Years later, my career took flight to a Serbian national airline, Air Serbia. Here, I had an opportunity to build Information Security Management System (ISMS) from ground up. Securing a large airline company does not come as an easy task, but team effort and group synergies served as the best and modern approach that I had a pleasure to be a part of.
What made you want to focus on cyber and information security?
My obsession with information security started after I accidentally hacked my own router by guessing the user name and password -of course it was “admin”. After realizing that anyone could do that, I started digging into the information security world and very quickly, fell in love with it.
Sometimes, the biggest threat to security is not a sophisticated cyber-criminal but us. Is that true? How could this situation change?
That is very true, unfortunately, and an issue we need to put a priority on solving. The most common security incidents, such as misuse of USB sticks, data transfer services, e-mail and general social engineering consequences, are caused by unintentional human error and the main reason for that is a lack of security awareness. We don’t need to be tech savvy or IT experts to understand basic ways to protect our data and most importantly to understand the value of our data. Being able to teach people of all backgrounds and interests about how to protect themselves from everyday cyber threats is indeed a challenge but something we must do if we want things to change in the future.
Due to the rise of cyber-attacks, we’ve been asked to become increasingly savvy about computer security. But many people are simply not interested or not to the task. What can companies do to educate their employees in order to avoid cyber-attacks that can harm the entire organization?
Answering this question with a quote is a bit tacky but it does justice in this case. Albert Einstein said: “If you can’t explain it simply, you don’t understand it well enough”. We CAN educate everyone but not alone. Each company’s top management needs to provide bigger support. That is the main pre-requisite for a successful information security awareness campaign. Good metrics need to be implemented to prove that the campaign is working. Regular tests, such as fake phishing attacks, are always a great way to check your strength and awareness level.
Companies should address this first and build a team to constantly work on educating employees on the importance of information security and what they can do to help. Separating employees into small groups with similar backgrounds and interests, tailoring a good awareness presentation to reflect their daily tasks and going through security incidents relating to their job are only a few points to start with.
What made you interested in our event? How do you think potential attendees would benefit from 2017 CyberCentral?
It’s hard not to be interested in an event that talks about everything you love and is part of your daily routine. CyberCentral did caught my eye before and it would be a great honor to be part of it. Attendees have a job to do as well. To use this great opportunity to collect all the knowledge this event can share and implement it in their respective environments to make the global data at least a little bit safer for everyone who use it.
What do you think would be the main key-takeaway from your presentation at our event?
I strongly hope everyone will re-think and reset their information security strategy and roadmap. FIRST we need to raise information security awareness and then keep it as an on-going activity. This is not a one-time thing. It needs to grow and improve constantly. This is a fairly simple solution for the most dangerous cyber security “what if’s” of the future.