Cybersecurity in Poland: Illusion of protection or a real strategy? Strong words from an expert

Cybersecurity in Poland is often illusory, because it is based on imprecise definitions, dispersed investments and human errors, not real systemic solutions - these are the conclusions of Paweł Nogowicz, founder of Evercom. He spoke about them during the European Economic Congress .
He warned that unsecured products are reaching customers because entrepreneurs care about profit, not user safety. In his opinion, the problem also applies to software that is supposed to provide digital security.
Nogowicz noticed that there is a shortage of qualified specialists. In his opinion, an illusion of education is being created today - diplomas in the field of cybersecurity are awarded to people with postgraduate studies that have nothing to do with computer science.

Is Poland safe in cyberspace? - We cannot answer this question in a simple way - Paweł Nogowicz, owner of Evercom and member of the Polish Information Processing Society, said during the EEC Talks at the European Economic Congress . The expert, who has been dealing with this issue for three decades, did not spare words of criticism for the way state institutions and the private market treat the issue of digital protection.

There is no definition, so how do you know what is an attack?

Nogowicz drew attention, among other things, to the problem of the methodology of reporting on cyber threats. He pointed out that without a clear definition of the term "attack," statistical data may be misleading.

- Everyone will count it as they like. Are a thousand identical phishing emails a thousand attacks or just one? - he asked. The lack of precision, in his opinion, also results from the intentional obfuscation of the threat picture - often for marketing or political purposes .

The expert criticized the attribution of cyberattacks solely to external factors. Nogowicz pointed out that many so-called incidents are the result of users' carelessness. - If someone does not lock the lock, they cannot blame themselves for making it easier for a criminal to access some resources. This is not a matter of cybersecurity, but of maintaining the safety of those responsible for them - he said and added:

Let's not call the vulnerability that was created in this way a computer security vulnerability.

According to the expert, cybersecurity starts with basic habits and procedures, which in many cases are simply missing.

Users become software testers

Nogowicz harshly assessed the current market realities, in which – as he stated – the priority of technology companies is not security, but maximizing profits. He noted that the problem also concerns IT security systems.

- The task of companies is to produce as much as possible, as cheaply as possible and to achieve the highest possible increase in revenues and profits. Nothing forces companies to produce safe solutions - he said. He also argued:

It can't be that users are software testers. It can't be that software requires constant patching that eliminates some vulnerabilities but generates new ones.

According to Nogowicz, manufacturers are not currently obliged by regulations to provide secure software or devices.

The conversation also included criticism of state actions in terms of investing in digital protection. According to the expert, programs such as "Safe Municipality" or "Safe Office" do not solve real problems in practice.

- 50 thousand here, 100 thousand there and they declare it a success. Effectiveness? None. Local governments are still as leaky as a sieve - said the expert.

Nogowicz appealed for centralization and rational use of funds, rather than symbolic actions aimed at the public.

The expert also stressed the dramatic lack of real cybersecurity specialists. He criticized the phenomenon of "producing experts" on quick postgraduate courses, who later occupy key positions without proper preparation.