Innovation Leaders Club X Pipedrive: Cross-sector innovation using the example of digital security
The start of the new season is a good time to look back at the highlights of the previous season. The closing event of last season for the Innovation Leaders Club was held in mid-June under the title Cross-sector innovation using the example of digital security, and Pipedrive gave a presentation of their innovative office at the event.
See event gallery here.
The event was opened by Kadri Tammai, Tehnopol Startup Incubator Manager. “The ambition of the startup is in our blood”, she said, and explained how this can lead to many dangers in matters of digital security for both large and small businesses. The topic can be a bit taboo, because nobody wants to feel stupid or vulnerable, but the point of the event was to discuss how things could be done better.
Mart Noorma, who was still the head of R&D at Milrem Robotics at the time and now heads the NATO Cooperative Cyber Defence Centre of Excellence, spoke about robots, which is the area of expertise at Milrem. Cyber security for robots means essentially that as long as they are under our control, everything is fine, but if they start to think for themselves or someone somehow takes them over, then things could become dangerous. Cyber security is a vital requirement if autonomous weapons and robotics are to be used on a mass scale.
“And so we come to the NATO Cyber Defence Centre, where everything can be done if we work together”, he said briskly. The desire to work together like that may seem perfectly logical to most people, but political and other considerations are very important in international cooperation, as the desire to work together can be overshadowed by fears and worries about exploitation or espionage for example. He explained that the key lies in cooperation between industrial companies.
Kadri Tammai: “People often think that innovation is something that is created organically by itself, but it is not. There are people behind innovation. Innovation often occurs when those people meet with others from different sectors, and that is why we have created the Innovation Leaders Club.”
Head Of Innovation at Tehnopol Merilin Varsamaa thanked everyone for the successful season and invited businesses that are interested in innovation to join up for the new season starting in September 2022. The Innovation Leaders Club aims to be a part of new trends in development, to share experiences in order to expand areas of innovation, to provide added value in the Estonian economic space as a promoter of innovation and a network, and to help increase the prominence of knowledge-intensive and sustainable business.
The Innovation Leaders Club has been led since February 2022 by a powerful board:
- Ainar Leppänen, Head of Retail Banking at SEB
- Helen Sulg, Head of Development & Partnerships at Keskkonnainvesteeringute Keskus (Environmental Investment Centre)
- Inge Laas, Innovation Sectoral Manager at Enterprise Estonia
- Kadi Steinberg, Head of Enefit Idea Hub and Partner Relations
- Kristiin Bauer, Head of Production Planning at Standard
- Mart Maasik, Investment Director at UniTartu Ventures
- Siim Lepisk, Head of Innovation at NetGroup
Liisa Past, Chief Information Security Officer at SMIT, the Information Technology and Development Centre of the Ministry of the Interior, gave a fascinating presentation on cyber security and risk management during a crisis. She began by responding to a question from Kadri Tammai that anybody in the profession who thinks that they have never been compromised is stupid, criminal, or criminally stupid.
Risk is a vital topic in information security. Risk is inevitable. The formula for it is the cost of a danger being realised multiplied by the probability of that happening, and risk management means using this calculation when taking decisions. “I very much want those who are responsible for businesses or services in the digital world to base their management decisions on an understanding of risk. If the particular service you offer makes use of sensitive personal data, then keeping those data confidential is more important than it is with a product or service that only uses publicly available data”, she explained.
“Security and risk management is something that customers cannot order, but that they expect”, she pointed out, and recommended to managers that it is wise to devote 10% of their technology budget to information security and cyber security.
“In January this year, Ukrainian government agencies were attacked with wipers, which is malware that cleans a system of all files and everything else. We had already applied various additional defences by then”, she said. Major outages in the websites of important institutions were avoided, and some sites were down for four minutes rather than half a day for example. This was an excellent result.
Agur Jõgi, Chief Technology Officer at Pipedrive, spoke about cyber security as a natural part of a corporate growth strategy and he concluded by affirming that if he had to do it all again, he wouldn’t change anything much. This presentation could be taken as an example for all startups.
Agur talked about the sustainable development of cyber security at Pipedrive. “If you are a business that is just starting up, then your focus is on whether you can solve real problems like what your product is and who your clients are. At this stage you are probably not thinking about more complex topics, and nobody is directly pushing you to do so. In some sense you are not really worth attacking at this point anyway. But once you are earning more income and are already developing, then you start to become interesting to those who want to steal from you”.
Pipedrive was at first quite reactive in handling such issues. “If something happened, then we dealt with it”, he explained. Agur recommended that one of the first people that startups today should hire is somebody who knows about digital and information security.
Markko Merzin, a security engineer in the Social Security Department of Cybernetica AS, spoke about cybernetics, and as usual promised to start with the scary stories before moving on to discuss the latest hot technology. “Some years ago, specialists in the field thought that this technology had no practical applications, but it has. We are able to analyse data without even seeing them”.
Cybernetica AS was founded in 1997 and now has 170 employees, of whom 12% have a PhD. The architects of the e-Eesti ecosystem work there, and they have clients in more than 35 countries. Technologies to protect privacy are among the many things that they work on there. Cybernetica is home to the cyber security institute, which is a true research institution that has institutional funding, meaning the state pays for the basic research it does and and it takes part in various basic research tenders, and often wins them. The research covers cryptography, artificial intelligence, secure shared computing, information security, and sustainability surveys for the crypto foundations of the Estonian e-state.
And now the scary part and the dangers. Markko said that the average vulnerability in program code is four years old. Most of the successful attacks use vulnerabilities that have been fixable for years. Under this umbrella topic, he spoke at length about trust, means, methods and dreams.
Jürgen Erm, CEO at Cybers computer and network security company, gave an exciting inside view of the work of an MSSP or Managed Security Service Provider. The work of Cybers is resolving cyber incidents, and assessing their impact.
He cited an example to illustrate what might happen. “If the bad guys take your business hostage and your backup copies are taken away from you, then you have absolutely no way of continuing with business as usual. You are left with two bad choices, and I would never recommend negotiating with criminals, but sometimes you have to.”
“Criminals today do not walk around waving guns at you, they just stroll through your network and take your company hostage”, Jürgen explained. Comprehensive protection is in the end what protects you, but taking it in stages you start with a security assessment. Then you have a security advisory, security solutions, a security operations centre, good hackers or offensive security, and emergency incident response.