When discussing digital transformation, we cannot overlook the issue of cybersecurity. How aware is the Croatian real sector of the dangers lurking behind screens was the topic of the last roundtable at yesterday’s Lider G.R.I.D. forum, and the conclusion was that awareness of cybersecurity is growing, although there is still work to be done, with the NIS2 directive (i.e., the new Cybersecurity Act) and the DORA regulation (Digital Resilience Act) helping in raising awareness.
Bojan Ždrnja, Chief Technology Officer at Infigo, pointed out that his team dealing with cybersecurity incidents has practically not had a free weekend since November last year.
– Regulations raise awareness, but I would still say that awareness of the importance of cybersecurity is not at the levels it should be – said Ždrnja.
—
—
A similar impression is shared by Zlatan Morić, Director of the Cybersecurity Department at Algebra University, who emphasized that he does not know a manager who views cybersecurity as a necessity; rather, everyone sees it as a cost.
– The focus of the new Cybersecurity Act is risk analysis. In Croatia, I see a significant challenge because to analyze risks, one needs to know how to manage assets, and 99 percent of companies do not know what assets they have. How can one conduct a risk analysis on something they do not even know they have in the company? Incidents most often occur on systems that the company does not even need but remain powered on, are not properly maintained, and that is enough for hackers to breach the system and access data – explained Morić.
—
—
It is getting better, but too slowly
There are positive changes, Ždrnja added.
– Ninety percent of our clients come from the financial industry, which is regulated and must take care of cybersecurity. In the last five to six years, I can say that this structure is changing; there is more understanding from other sectors, probably due to incidents that have occurred and regulations. It is getting better, but too slowly – believes Ždrnja.
