Ecosystems and the state, all state IT systems are not unrelated, separate elements. They form a large, unified ecosystem. <…> And this is also a big challenge <…> they have not yet fully realized that they are an ecosystem. In this sense, attack on one element can affect the whole system — Igor Lyapunov, Vice President for Information Security, Rostelecom.

Due to the development of ecosystems, the overall level of security in the country will grow, because the ecosystem is formed by market leaders, and their security level is much higher than the average, so the practices and approaches they use will apply to all chains, and business will be much more sustainable in general — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

We need to understand that any IT development is happening very fast: daily and weekly dozens of new types of attacks appear, and such speed requires adequate protection that in most cases cannot be achieved in state institutions — Igor Lyapunov, Vice President for Information Security, Rostelecom.

Companies and the state are not the only ones to digitalize: it is also cybercrime, which means that technologies are becoming available — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

It is not only about technologies and technological risks, there is also a substantial political component, and we as a company are dealing with this in a comprehensive manner — Wing Kin Leung, Chief Technical Officer, Huawei Enterprise BG.

If we have [sensitive, Ed.] data, of course, we need to protect them. These data are related to people, we get them by observing, and we do not want them to be used for malicious purposes — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.

Cybersecurity is an overregulated area. There are so many documents outlining protection rules and when another incident happens, regulator takes a simple and clear position: ‘Are the rules that bad?’ No, they are excellent, all recommendations are great, but we need to implement them with our own hands — Igor Lyapunov, Vice President for Information Security, Rostelecom.

If the Geneva Conventions prohibit a kinetic attack on, say, a hospital, it would be logical to add there prohibition on a cyberattack that could cause serious damage to that hospital preventing people from receiving medical care — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.

For me, as a security person, the ecosystem is dangerous in two aspects: the first is the accumulation of large amounts of data in one point, and this is often <...> aggravated by all kinds of partner ecosystem programmes. <...> And the second is dependence and all possible hidden dependencies on these ecosystems — Igor Lyapunov, Vice President for Information Security, Rostelecom.

An ecosystem consists not only of companies, but also of clients, citizens, various participants. <…> The problem of the telephone fraud <...> in many ways derives from the fact that we failed to come to an agreement with each other, as well as banks, telecoms, the state failed to come to an agreement and respond quickly — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

Business has absolutely no motivation to ensure the security of critical infrastructure or user data — Igor Lyapunov, Vice President for Information Security, Rostelecom.

What are these threats and social engineering really all about? The fact is that clients and users do not have a clear understanding of what is actually happening — Andrey Styskin, Director of Search, Advertising and Cloud Services Business Group, Yandex Group of Companies.

Soon people will become more informed about that, and they will demand from institutions, organizations, banks, and businesses to expand their data protection toolkits — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.

When we talk about protection, the principle is quite simple: ecosystems must be protected by ecosystems. It is impossible to protect them separately. <...> We are now putting forward an initiative to create a single centre, a unified infrastructure, a kind of a security operation centre that will protect the state ecosystem and state IT infrastructure. In my opinion, this is the only real way to protect an ecosystem of this size — Igor Lyapunov, Vice President for Information Security, Rostelecom.

Now we are facing a huge dilemma of how to ensure the security of state systems, and we believe that it is extremely important to centralize this function at the state level. Centralize it in the hands of special services or do it on a commercial basis; now we are looking at international experience, and there are different ways of doing it. <...> But now it is a big dilemma; we need to make this decision to ensure the security of the state ecosystem — Igor Lyapunov, Vice President for Information Security, Rostelecom.

We have a key basic principle that all personal data of our users are kept strictly within the Yandex system — Andrey Styskin, Director of Search, Advertising and Cloud Services Business Group, Yandex Group of Companies.

We adhere to the principle of least privilege, which means to use data only where they are really needed. <…> In most cases, data are not needed at all [user data, Ed.]. They can be replaced with anonymized or aggregated data — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

Data are the foundation of trust. If a company does not pay enough attention to data protection, it will inevitably inhibit its development in the future — Vyacheslav Tsyganov, Chief Information Officer, Tinkoff Bank .

It is not only about legislative requirements, but the market itself, the contract that is called user confidence in the ecosystem is the best regulator — Andrey Styskin, Director of Search, Advertising and Cloud Services Business Group, Yandex Group of Companies.

As far as ecosystems are concerned, we need to think how to organize cyberspace. <…> Trust is crucial; it means that we need a dialogue, we need to understand technologies, we need to try to find a solution. And the driver for all this is our desire to protect people and help them — Balthasar Staehelin, Director of Digital Transformation & Data, International Committee of the Red Cross.