Today we thought to present you a business idea that will keep up with the needs of the population for a long time from now on. It is not a new concept, it has been existing for decades, but it is only now that we are beginning to realize its real use in everyday life. The concept of “cybersecurity” has been born since the years 1980 with the emergence of software programs implemented in computers.
We will start by explaining what cyber security is and why it is needed. This area has appeared in the context of online use. As the latter requires exposing us as individuals, as well as our personal, medical, banking data, to a multitude of cyber attacks, solutions against them are becoming increasingly in demand. This data is processed and stored in electronic information networks that can be threatened by viruses to which we can give access without realizing it.
The data stored on these networks can be divided into two categories: Traditional data and Big data. Traditional data implies the multitude of data on personal and financial information, on company staff and on intellectual property. Protecting this information is vital to the well-being and functioning of companies, and through a cyber attack this information can be stolen and used to the detriment of both employees and the company.
For example, when hackers find the employees and company’s credit card information, a deficit in the budget can occur. Furthermore, access to certain patents and special techniques used by companies can also lead to its destruction by selling them to competition.
Big data is an enormous amount of data with the aim to help businesses, organizations. This data is stored and then analyzed to detect specific patterns and then solutions that help make business, strategies more efficient.
A classic example is where a person searches for something specific on Google and then there are various advertisements on the same topic on the social media on which the person is active. By accessing Google, the person provides information about his preferences and needs, as well as personal data such as name, email address for logging in to Google’s account. This data is stored and analyzed so that then companies (in our case Facebook, Instagram, etc.) can make decisions based on them and offer their customers ads, individualized product placements and so on.
If this information is accessed without authorization and for unethical purposes, massive information leaks will harm individuals as information about them can be used to falsify online accounts, bank accounts and companies.
Having taken all the above into account, we can easily conclude that the need for cybersecurity specialists has increased and will increase in the context of online use frequency.
In the context of the current pandemic, cyber attacks have become alarming because more people work from home. We often do not realize that we can be exposed much more often in our own house. Let’s also see why: when we’re in the company’s premises where internet connections are secured, the possibility of a cyber attack is diminishing, but when we’re at home and connected to our own WiFi network, the risk is growing. For example, if we access other websites, we can, through them, allow involuntary access to viruses that then use our company’s confidential data.
Specialized cyber security firms offer services to secure home connections, such as VPN, as well as antivirus software. Unfortunately, as CISCO, the leader in this field, warns, these solutions have become less and less effective in fighting hackers.
However, specialists in this field can prevent and counter cyber attacks much better. They are responsible for the security of companies and organizations, but also of governments worldwide. Their role is to protect data and information from hacker and viruses, as well as to advise companies on the best safeguards and safety measures.
Their expertise includes analysis and implementation of security systems, rapid resolution of virus invasion, analyzing activity online.
Starting a business in this area is not something entrepreneurs need to fear, as the basic steps are similar to any other business.
The entrepreneur first needs to document the field in which he wants to activate and understand how it works. The next step is to analyze the market and to carry out feasibility studies. It is also important to choose which services to offer, as the area of cyber security is a vast one offering a multitude of services such as software security, antivirus and firewall programs, network security, security of information stored in the cloud, etc.
The establishment of a business plan is essential in this area as well as in all the others. This includes the following steps: executive summary representing the main ideas of the business plan, description of the business, establishment of marketing strategies, carrying out feasibility studies and financial risk analysis, planning of finances and implementing the business plan.
Starting up a business in this area requires, in addition to the specific skills of cyber security professionals, their moral sense when handling the data of the companies they have access to. For this reason, there are strict regulations. At the end of 2019, Law no. 362/2018 regulating cybersecurity entered into force. This is intended to transpose Directive 1148/2016 into Romanian law.
According to Article 1 of Law No 362/2018, „this law establishes the legal and institutional framework, measures and mechanisms necessary to ensure a high common level of security of network and information systems and to foster cooperation in this field”. The purpose of this is set out in Article 2 (a), (b) and (c).
Regarding the institutional framework, the competent authority at national level is CERT-RO (National Cybersecurity Incident Response Center), of which Article 15 of Law No 362/2018 states: „(1) CERT-RO is the national competent authority for the security of network and information systems that ensures the provision of essential services or provides the digital services identified under this Act.”
The duties of companies providing cyber security services should also be mentioned. This law introduces provisions on how to prevent cyber attacks, how to detect those that could not be foreseen and what steps to take in this case. Article 25(3) of law no. 362/2018 provides a number of mandatory activities to ensure the security of network and information systems:
„a)management of access rights;
b) awareness and training of users;
c)journaling and ensuring traceability of activities in networks and information systems;
d) testing and assessing the security of network and information systems;
e)management of network and information system configurations;
f) ensuring the availability of essential service and the operation of networks and information systems;
g) management of the continuity ot the essential service;
h)management of user identification and authentication;
i) incident response;
j) maintenance of network and information systems;
k)external memory media management;
l) ensuring the physical protection of network and information systems;
m)the realization of security plans;
n)ensuring the safety of personnel;
o)risk analysis and assessment;
p) ensuring protection of products and services relating to network and information systems;
q)management of vulnerabilities and security alerts.”
As for the applicability of these provisions, one of the most recent incidents occurred at the beginning of 2020 and concerned the Romanian health system. The hacker group was destructured by DIICOT(the romanian division of combating and investigating organized crime and terrorism) in collaboration with the SRI(romanian information services).
According to a DIICOT’s press release „on 15.05.2020, the prosecutors of D.I.I.C.O.T. – The Central structure together with the judicial police officers within the division to fight organized crime carried out a number of 3 home searches, in a case aiming at the destruction of an organized criminal group specialized in commiting illegal operations with computer devices and software, illegal access to an information system, alteration of the integrity of information and false information.”
„At issue there is reasonable suspicion that a four-person organized criminal group was set up in early 2020, which was active in the virtual environment under the designation „Pentaguard”, aimed at committing cyber crime offenses.” It was noted that „this type of attack means that there is a possibility of serious blocking and disrupting the functioning of the infrastructure of the hospitals concerned, part of the health system, which is now crucial and decisive to fight the pandemic with the new coronavirus.”
This was one of the largest cyber attacks in Romania, but there are numerous companies and institutions affected by hackers, which is why the establishment of as many as possible companies in the field of cybersecurity is becomes a necessity.
As our law firm understands your needs and your desire to act according to legal provisions in this field, we offer you both our support and the best solutions.