Cyber-security has already been on the minds of Czech political leaders for more than a decade. Efforts can be traced back to 2011, when the Czech government established a national authority responsible for cyber-security. Then, in the summer of 2014, the country ramped up its plans when it signed the Act on Cyber-Security.
To supplement this act, the Czech government established the National Cyber and Information Security Agency (in Czech: NÚKIB) as a competent national authority for the issues of cyber and information security. To this day, NÚKIB continues to prevent, resolve and coordinate resolutions to cyber threats to critical infrastructure elements, information systems, and public administration information systems. It also cooperates with national and international organizations that participate in providing cyber-security services.
Coming out at the top during cyber-security exercises
Like many other business practices, cyber-security is a field of expertise that needs to be simulated in a professional setting. To accomplish this, several organizations carry out cyber-security exercises that put countries across the globe to the test when it comes to demonstrating their skills in handling crises, protecting against digital threats, and gathering the needed experts in order to ensure that their security practices are reliable and effective.
The Czech Republic consistently takes part in an array of cyber-security exercises, all of which evolve and adapt to ongoing and ever-changing threats within the digital landscape.
As is stated in an article from NÚKIB:
One example of these exercises is Locked Shields, an initiative carried out once a year by NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). In 2021, more than 2,000 experts from roughly 30 countries participated in the exercise.
Here are a few high-level facts about how Locked Shields works:
- The exercise focuses on realistic scenarios, making use of cutting-edge technologies and simulating the multi-faceted complexity of a massive cyber incident, including strategic decision-making as well as legal and communication aspects.
- Locked Shields carries out a “red team vs. blue team” exercise in which the latter are formed by member nations of CCDCOE. The teams take on the role of national cyber rapid reaction teams that are deployed to assist a fictional country in handling a large-scale cyber incident.
- The two teams must be effective in reporting incidents, executing strategic decisions, and solving forensic, legal, and media challenges. To keep up with technology developments, Locked Shields focuses on realistic scenarios and cutting-edge technologies, relevant networks, and attack methods.
The Czech response to global cyber warfare
With our digital identities being more frequently used in everyday services, there’s no shortage of opportunities for large-scale cyber attacks between major political players. This is especially true in countries whose citizens have limited digital rights and whose data is readily accessible by government agencies. So how has the country responded to the growing threat of cyber warfare?
First off, NÚKIB regularly publishes both cautionary alerts and recommendations on its website warning of ongoing threats.Here’s an excerpt from a recent warning issued on its website:
This message then links to a full report containing the details of the threat.
Using these warnings and recommendations, Czech businesses can implement their own strategies for confronting and combating ongoing cyber warfare threats and communicating the risk to their audiences.
What’s more, the Czech Republic has actively supported EU legislation efforts designed to allow people and businesses to use their own national electronic identification schemes to access online public services in fellow EU countries.
Furthermore, by providing secure passwordless authentication solutions, certain Czech organizations have ensured the secure access and integrity of sensitive transactions in applications requiring the highest level of trust assurance and regulatory compliance.
Wultra’s story: Building a security-centered company in Prague
Wultra has cyber-security in its DNA. We not only provide security solutions that aim to solve the massive global issue of financial cyber-crime, but we also implement internal measures to ensure that our company is resilient and operates according to best practices on the market. We completed the ISO/IEC 27001 certification early on and are subject to regular annual audits.Here’s what Roman Strobl, Software Developer at Wultra, gives his take on our security-first company culture.
Another one of our developers, Lukas Lukovsky, agrees that Wultra consistently does what it takes to take care of our people.
Wultra’s core values
One of the core values at Wultra is transparency. In addition to prioritizing transparent communication both with our customers and within the company, we also keep our products open to the highest possible extent.
Authentication systems are based on cryptography. Any serious cryptographic system has to be easily auditable and available to third-party security researchers. This is why our PowerAuth suite for strong customer authentication is open-sourced and available on GitHub. For products related to mobile security, such as Malwarelytics, security is mostly based on setting up the appropriate “traps” for cybercriminals in the right places. While publishing the source code would be undesired (we don’t want to reveal the traps), we do keep the product documentation open on the Wultra Developer Portal.
Having product documentation (and in many cases, even source code) freely available is a benefit continuously valued by our customers. Many banks and financial institutions already have subpar experiences with vendor lock-in and other issues related to trusting undocumented proprietary software. It’s important to our team that we operate in a way that resolves these issues by design.
Subscribe to Our Newsletter
To stay in touch with us, simply fill in you e-mail address and never miss a beat.