Roman Flepp, the Marketing Director and Member of the Board at Threema, says the concept of Zero Trust Security is on the rise

Tell us about the cybersecurity trends for 2024.
Awareness of cyber threats has been growing fast over the past year. Governments and regulators worldwide enforce stricter regulations and compliance requirements, prompting companies to prioritise cybersecurity measures and data protection. In this context, the European Union is leading directives such as DORA, NIS2 and CER, designed to reduce the vulnerabilities of institutions and organizations against cyberattacks while strengthening the physical resilience of critical entities in the European Union.

Launched in December 2022, they respond to the need to be able to rely on defence mechanisms and protocols that guarantee the proper functioning of the economy and essential sectors. The scope is wide-ranging and imposes profound changes in both public and private organizations: cybersecurity has become a strategic issue for companies while the trend towards tighter legal frameworks continues.

Another trend we see is KI-driven cybersecurity threats: In principle, the integration of AI and ML into security systems is positive, though bad actors are developing sophisticated techniques to manipulate or circumvent these systems. Adversarial machine learning involves crafting inputs or data samples designed to deceive ML algorithms, bypassing of security controls, or compromising the integrity of AI-powered security barriers.

The concept of Zero Trust Security is on the rise. It requires authentication and authorization from all users through continuous validation. As a dynamic strategy, Zero Trust Security assumes that threats are always present; it is one of the keys to effective data protection. Over the past decade or so, mobile devices have conquered both the private sphere and work environments.

Smartphones play a key role for businesses and messaging is partly replacing email. Unfortunately, mobile phones are also a popular gateway for cybercriminals – with more than 60 per cent of all digital fraud carried out via mobile devices. In this context, mobile devices are also increasingly becoming the focus of cybersecurity strategies.

What is the theme of your participation at GISEC 2024?
This is our second consecutive year at GISEC. We believe there is a strong need for secure communication in the UAE and in the GCC region, where we already have several clients. We are looking forward to supporting companies, government institutions and other organizations on their mission to shield communication from bad actors and make instant messaging secure.

GISEC is a perfect venue for organizations around the globe concerned with cybersecurity, and we would like to learn more about the needs of corporations and businesses in this prosperous region. We see GISEC as an excellent opportunity to network with (potential) partners, prospects, and customers. In light of the rising number of cyberattacks worldwide, we would like to increase awareness of secure business messaging.

Which products and solutions will you be showcasing at GISEC 2024?
For one thing, we will be showcasing our business messenger Threema Work, our SaaS solution specifically tailored to the needs of companies as an alternative to WhatsApp, a consumer app that does not meet the security standards needed for corporate use. At the same time, we’ll also focus on Threema OnPrem, our on-premises solution. Both (Threema Work and Threema OnPrem) are corporate-grade messaging solutions that ensure the data privacy of users while offering a unique set of features that allows IT administrators to control, secure and enforce policies on employee devices with a wide set of configurable parameters (e.g., BYOD readiness, broadcast, polls).

Our business solutions support closed user groups, E2EE for all user data, files, images, videos, group calls/videos. More importantly, both Threema Work and Threema OnPrem help to comply with European regulations (NIS2, DORA and CER) and UAE data protection laws. Threema OnPrem, the self-hosted enterprise solution is designed for organizations with particularly high-security standards; On-premises servers can be up and running in no time: Threema OnPrem provides pre-built Docker images, configuration examples and customer support by local partners.

Our self-hosting solution offers full control over data, servers, and software. Full data ownership means sensitive information and personal data are protected in the best conceivable way from third parties, as a self-contained communication environment ensures the strongest protection against industrial espionage, malware, CEO Fraud, phishing, ransomware, etc.

Is there a skills gap in the cybersecurity industry? What needs to be done to bridge that gap?
At the business level, there is often a lack of understanding of IT security and data protection. The understanding of logical criteria that can appear self-evident to IT departments is not necessarily a given for “average” employees. People are the biggest source of risk and point of entry for cybersecurity attacks. This is where we need to start. Employees need to be educated and sensitized.

However, training and raising awareness alone are not enough. Employees should be equipped with the right tools so that they do not expose themselves to unnecessary cybersecurity risks – in today’s world, with chat apps becoming more popular than ever, this is where organizations should start, providing a secure and dedicated messenger for business communication of employees and external partners/providers, and so on.