Back to blog

Here’s How the Czech Republic is Making Cyber-Security Part of its Business Culture

Grace Macej
21/04/2022
Market Insights

Cyber-security has already been on the minds of Czech political leaders for more than a decade. Efforts can be traced back to 2011, when the Czech government established a national authority responsible for cyber-security. Then, in the summer of 2014, the country ramped up its plans when it signed the Act on Cyber-Security.

To supplement this act, the Czech government established the National Cyber and Information Security Agency (in Czech: NÚKIB) as a competent national authority for the issues of cyber and information security. To this day, NÚKIB continues to prevent, resolve and coordinate resolutions to cyber threats to critical infrastructure elements, information systems, and public administration information systems. It also cooperates with national and international organizations that participate in providing cyber-security services.

Coming out at the top during cyber-security exercises

Like many other business practices, cyber-security is a field of expertise that needs to be simulated in a professional setting. To accomplish this, several organizations carry out cyber-security exercises that put countries across the globe to the test when it comes to demonstrating their skills in handling crises, protecting against digital threats, and gathering the needed experts in order to ensure that their security practices are reliable and effective.

The Czech Republic consistently takes part in an array of cyber-security exercises, all of which evolve and adapt to ongoing and ever-changing threats within the digital landscape.

As is stated in an article from NÚKIB:

Exercises play an irreplaceable role in ensuring cyber-security in the Czech Republic. They authentically simulate different types of crisis situations while engaging both technical experts as well as decision makers as training an audience.

One example of these exercises is Locked Shields, an initiative carried out once a year by NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). In 2021, more than 2,000 experts from roughly 30 countries participated in the exercise.

Here are a few high-level facts about how Locked Shields works:

  • The exercise focuses on realistic scenarios, making use of cutting-edge technologies and simulating the multi-faceted complexity of a massive cyber incident, including strategic decision-making as well as legal and communication aspects.
  • Locked Shields carries out a “red team vs. blue team” exercise in which the latter are formed by member nations of CCDCOE. The teams take on the role of national cyber rapid reaction teams that are deployed to assist a fictional country in handling a large-scale cyber incident.
  • The two teams must be effective in reporting incidents, executing strategic decisions, and solving forensic, legal, and media challenges. To keep up with technology developments, Locked Shields focuses on realistic scenarios and cutting-edge technologies, relevant networks, and attack methods.

The Czech response to global cyber warfare

With our digital identities being more frequently used in everyday services, there’s no shortage of opportunities for large-scale cyber attacks between major political players. This is especially true in countries whose citizens have limited digital rights and whose data is readily accessible by government agencies. So how has the country responded to the growing threat of cyber warfare?

First off, NÚKIB regularly publishes both cautionary alerts and recommendations on its website warning of ongoing threats.Here’s an excerpt from a recent warning issued on its website:

The National Cyber and Information Security Agency issues the following warning against a cyber-security threat, consisting in the implementation of cyber attacks on information and communication systems in the Czech Republic, in particular on the public administration systems, but also other strategic organizations. These attacks can have an impact on the availability, confidentiality or integrity of information in important information and communication systems.

This message then links to a full report containing the details of the threat.

Using these warnings and recommendations, Czech businesses can implement their own strategies for confronting and combating ongoing cyber warfare threats and communicating the risk to their audiences.

What’s more, the Czech Republic has actively supported EU legislation efforts designed to allow people and businesses to use their own national electronic identification schemes to access online public services in fellow EU countries.

Furthermore, by providing secure passwordless authentication solutions, certain Czech organizations have ensured the secure access and integrity of sensitive transactions in applications requiring the highest level of trust assurance and regulatory compliance.

Further reading: What to Know About Passwordless Authentication in 2022

Wultra’s story: Building a security-centered company in Prague 

Wultra has cyber-security in its DNA. We not only provide security solutions that aim to solve the massive global issue of financial cyber-crime, but we also implement internal measures to ensure that our company is resilient and operates according to best practices on the market. We completed the ISO/IEC 27001 certification early on and are subject to regular annual audits.Here’s what Roman Strobl, Software Developer at Wultra, gives his take on our security-first company culture.

At Wultra, we’re committed to building quality software. All code changes go through a rigorous review process and we use various code quality analysis tools to make sure our software is rock solid. Having all of our cryptography code open source means that independent security experts can easily audit our software.
Roman Štrobl, Senior Java Developer

Another one of our developers, Lukas Lukovsky, agrees that Wultra consistently does what it takes to take care of our people.

It's an environment in which I’ve met quite a few highly skilled colleagues (including our CEO, with whom I can meet and discuss things as often as I wish to). Our team seamlessly makes use of a diverse, modern software stack to provide top quality solutions. I’m able to see significant results of my work on a daily basis. We never stop improving code, adding functionalities, and thinking outside the box.
Lukáš Lukovský, Senior Java Developer

Wultra’s core values

One of the core values at Wultra is transparency. In addition to prioritizing transparent communication both with our customers and within the company, we also keep our products open to the highest possible extent.

Authentication systems are based on cryptography. Any serious cryptographic system has to be easily auditable and available to third-party security researchers. This is why our PowerAuth suite for strong customer authentication is open-sourced and available on GitHub. For products related to mobile security, such as Malwarelytics, security is mostly based on setting up the appropriate “traps” for cybercriminals in the right places. While publishing the source code would be undesired (we don’t want to reveal the traps), we do keep the product documentation open on the Wultra Developer Portal.

Having product documentation (and in many cases, even source code) freely available is a benefit continuously valued by our customers. Many banks and financial institutions already have subpar experiences with vendor lock-in and other issues related to trusting undocumented proprietary software. It’s important to our team that we operate in a way that resolves these issues by design.

Subscribe to Our Newsletter

To stay in touch with us, simply fill in you e-mail address and never miss a beat.