Elvin Balajanov: “We closely collaborate with both secondary and higher education institutions in this area.”

Our interviewee is Elvin Balajanov, the Chairman of the Board of the Association of Cybersecurity Organisations of Azerbaijan and a Doctor of Philosophy in Law.

- As known, cybersecurity has been declared one of the main challenges in the upcoming years at the Davos World Economic Forum (WEF). What is this related to?

- In the broad report presented at the World Economic Forum in January of this year ("Global Cybersecurity Outlook 2024"), the economic uncertainty at the global level in 2023, polarized geopolitical systems, numerous armed conflicts, along with increasing skepticism towards rapid technological development and potential misuse of future technologies are highlighted. Within this complex context, the faster growth of the cybersecurity economy compared to the global economy and the growth in the technology sector are noted. 

Furthermore, significant differences in the importance placed on cybersecurity and the resources allocated by various countries, organisations, and entities are observed. These differences may intensify against the backdrop of global threats, macroeconomic challenges, conflicting regulatory mechanisms, and early adoption of new technologies by some organisations.

Unfortunately, new technologies are not always used for lawful purposes. Instead, we observe rapid cyberattacks and increasing cybercrimes amid the development of new technologies. In some cases, the uncontrolled application of new technologies complicates the cybersecurity situation. The increasing number of users in the cyber domain and regulatory conflicts create several challenges for cybersecurity. In response, United Nations organisations and their main structures have established working groups with a global scope for managing cyberspace and regulating public relations in this space. Additionally, the increasing frequency of hybrid wars, the widespread digitalization of the financial market, and the integration of the global economy into digital space are crucial factors that we must understand in response to the Davos Forum's call. Moreover, the expansion of electronic currency use and the provision of trade turnover with electronic financial resources inherently entail serious cybersecurity risks. Therefore, the Davos Forum's calls regarding cybersecurity resonate quite accurately considering all these points.

I would also like to mention that the " “The Strategy of The Republic of Azerbaijan on Information Security and Cybersecurity for 2023-2027"," approved by the President of the Republic of Azerbaijan on August 28, 2023, extensively covers modern and emerging challenges in information security and cybersecurity.

- How do cyberattacks manifest themselves, and what are their forms?

- The widespread and intensive use of Information and Communication Technologies (ICT) in daily life and at various levels has resulted in rapid societal development. However, it has also led to the emergence of a series of new-generation threats and risks that need to be accurately identified, thoroughly analysed, and minimized. Especially in the last decade, we have observed a significant increase in the use of ICT by criminals to create new forms of crime. Moreover, the "quality differences" between cyberattacks, cybercrimes, and illegal acts in physical space, such as the expanded scale, transnational scope, and the possibility of remote control, increase the vulnerability of ICT infrastructure and enhance opportunities for exploitation by criminals.

It should be noted that, along with other issues based on ICT, appropriate information infrastructure is being established for resolving state-important issues. The integration of this infrastructure into global information networks, including the Internet, makes these infrastructure objects targets for cyberattacks. Therefore, the protection of critical information infrastructure, which plays an essential role in the interests of the state, society, and citizens, requires priority attention to cybersecurity.

Fortunately, significant steps have been taken in Azerbaijan to ensure the cybersecurity of critical information infrastructure, which includes state administration, defence, healthcare, financial markets, energy, transportation, information technologies, telecommunications, water supply, and ecology. 

Furthermore, it is important to note that in most cases, micro, small, and medium-sized enterprises, as well as citizens with low levels of information literacy, are often the main targets of cyberattacks and cybercrimes, emphasizing the need to give special importance to their cybersecurity.

- How can cyberattacks manifest themselves in the education sector?

- There is no field where the implementation of digitalization/digitization does not fall into the target/range of cyberattacks or cybercrimes. The education sector is no exception. Especially, the digitalization of education, educational services, and management in Azerbaijan is being carried out systematically and commendably in collaboration with other relevant institutions. Moreover, when we look at the experience of foreign countries, we can see that the simplification of processes related to education and training due to the implementation of digitalization/digitization measures can also lead to the emergence of several cyber threats and risks.

Especially, the illegal seizure of accounts, personal information, and some research results, unauthorized access to information infrastructures, and intervention cases should be closely monitored. For instance, it should be noted that using various "social engineering" methods, attackers can seize corporate email or educational email accounts of learners or educators, which can then be used in various other cybercrimes. Additionally, deliberate damage, deletion, corruption, alteration, or blocking of information can cause serious disruptions to the information infrastructure of educational institutions. In some cases, "insiders," meaning individuals working in the education sector who misuse their privileges in information systems, can create threats, which can be challenging to detect or prevent.

- What policies should be implemented against cyberattacks, specifically in the education sector? What measures should be taken to protect our education and learners from these attacks?

- In my opinion, cybersecurity should first be considered the responsibility of the owner of the information infrastructure. Requirements for the security of this infrastructure should be defined, compliance should be continuously evaluated, identified shortcomings should be promptly addressed, and overall effective control over security should be ensured.

Additionally, continuous awareness-raising measures should be organized among learners and educators, as well as all users of the information infrastructure, promoting cyber hygiene rules and fostering a cybersecurity culture.

Considering the difficulty and complexity of ensuring cybersecurity, close collaboration should be established with competent state institutions to effectively protect the information infrastructure, learners, and educators from cyberattacks and cybercrime activities. In case of such incidents, these institutions should be immediately informed.

- Does your organisation have any specific educational initiatives or awareness measures related to combating the most dangerous cyberattacks, particularly in the field of artificial intelligence and across its applications? Do we have sufficiently specialised experts to combat cyber threats? What is your opinion on the training of specialists in this field?

- The Association of Cybersecurity Organisations of Azerbaijan (ACOA) carries out active and intensive activities to support education and the enhancement of human resources in the field of cybersecurity. For example, in just 2023 alone, ACOA organised more than 30 events (conferences, forums, seminars/webinars, competitions, trainings, workshops, etc.), and more than 250 shares were made in the media (press releases and social media accounts). Additionally, we closely collaborate with secondary and higher educational institutions in this direction. For instance, last year, we supported the establishment of informative cyber corners in four secondary educational institutions and cyber clubs in 15 higher educational institutions. Currently, we are taking steps to increase the number of members in these expanding cyber clubs and to actively involve them in the ecosystem.

Regarding the training of specialists and whether we have specialists or not, it must be noted that the issue of talent shortage and training in cybersecurity is currently relevant and complex for all countries. Especially considering the rapid development in the ICT and cybersecurity fields worldwide, we can claim that this difficulty is natural.

It should also be noted that in the "Strategy of the Republic of Azerbaijan for Information Security and Cybersecurity for 2023-2027," increasing the effectiveness of educational institutions providing education in information security and cybersecurity, forming new educational centres, ensuring the inexhaustibility and preservation of the national reserve of personnel in the mentioned areas, preventing brain drain abroad, and establishing modern educational institutions and laboratories for personnel training have been identified as main objectives. We hope to achieve success in these directions soon. Furthermore, I would like to express that ACOA is ready to support the implementation of the relevant measures outlined in the Action Plan of the Strategy.

- Lastly, thank you and your team for the interview.

- Thank you very much!

Source: https://www.muallim.edu.az/news.php?id=28190