Baltic Business Quarterly: Spring 2021 by German-Baltic Chamber of Commerce

S P R I N G 2021

2.99 €

€ 4,950,000,000,000 * of cybercrime damages expected in 2021 * more than GDP of Germany and Italy together

26 | COV E R S TO RY

Check Your Infection Risk THE CHECKLIST FOR YOUR CO M PA N Y’S CYBERSECURITY

40 | BEST IN BUSINESS Cybersecurity starts with the right mindset Rytis Meškauskas tells the success story of Nord Security 58 | INSIDER Top 10 Baltic cybersecurity start-ups

Seize the opportunities offered by the GERMAN TENDER MARKET – with our help! Did you know? Annually, €350 billion are spent by German federal, state, and local governments for procurements.

The German tender market is full of undiscovered business opportunities for companies from all kinds of industries. We help you avoid mistakes together with our partner in Germany and successfully apply for promising tenders which could be your next profitable deal! Our service consists of three parts:

MONITORING We scan the German tender market for new and suitable orders for you.

SUPPORT We guide you through the application process.

COACHING We teach you how to optimize your steps so you will be able to master the German tender market in the future.

Are you interested in tenders in the Baltic States? We can help you there too.

For further questions on the topic of tenders, please contact: Dominic Otto, the Deputy Managing Director of German-Baltic Chamber of Commerce (AHK) +370 5 212 79 31

Dominic.Otto@ahk-balt.org bit.ly/3ctuB5T

EDITORIAL | 1

“I’m the creeper: catch me if you can.”

This printed message set the beginning of cybersecurity, when Bob Thomas designed his program “Creeper” in 1971 to travel between Tenex terminals on the early ARPANET, the primary precursor of today’s internet. There are competing claims as to who is the inventor of the first antivirus program, but without a doubt Andreas Lüning, the founder and CEO of the German company G Data, counts among the pioneers, having launched the world’s first commercial antivirus program in 1986 – the cornerstone of what later became AntiVirusKit for MS-DOS. Today, cybersecurity is omnipresent because wherever data is exchanged electronically, there is a risk of misuse. Since the Baltic states are technological pioneers of digitization, especially in the field of e-government, it is no wonder that they are among the leading countries in this area. For example, when blockchain was only known to few experts, Estonia started using it successfully for its X-Road immediately after the widespread cyberattack of 2007. The market for IT security continued to grow in Germany in 2020 and reached €5.2 billion. Further revenue growth of 9.3% is forecast for 2021. There are already many successful starting points in this field and thus great potential for strengthening cooperation between

Baltic Business Quarterly is a publication of the German-Baltic Chamber of Commerce (AHK) and is released four times a year. For questions or subscriptions, please contact info@ahk-balt.org

Germany, Estonia, Latvia and Lithuania. Three excellent examples are Nord Security, Zabbix and Veriff. The Lithuanian company Nord Security (page 40) offers millions of customers in Germany and worldwide security and encryption services at the highest security level with its flagship solutions “NordVPN”, “NordLocker” and “NordPass”. Zabbix is trusted by global brands worldwide – Salesforce, Orange, ICANN, Dell and Germany’s T-Sytems among them (page 44). This Latvian company introduced its monitoring software of the same name in 2005. The solution detects vulnerabilities in IT infrastructure and keeps it safe. Veriff from Estonia (page 80) has entered new sectors such as remote access, legal, and education. It is currently one of the fastest growing companies in Estonia and predicted to soon become the sixth Estonian start-up to surpass a billion dollar market value and attain unicorn status. For this reason, cybersecurity was chosen as the topic of the German-Baltic Business Award 2020, in which Nord Security from Lithuania emerged as the clear winner among a whole list of outstanding finalists. Congratulations again to the winners and a big thank you to our top-class jury from Germany: Ralf Benzmüller (G Data SecurityLabs), Hans-Wilhelm Dünn (Cyber-Sicherheitsrat Deutschland e.V.), Andreas Ebert (Volkswagen AG), Georg Kaltenbrunner (Luminor AS), and Nicolas Konnerth (ERGO Group AG). Yours, Florian Schröder – CEO

Deutsch-Baltische Handelskammer in Estland, Lettland, Litauen German-Baltic Chamber of Commerce in Estonia, Latvia, Lithuania

2 | CONTENT

MY OFFICE

Mārtiņš Staķis, Chairman of Riga City Council

Business in Picture

12 Guest Commentary:

Cybersecurity cat and mouse game and even arms race

13 What’s hot?

Upcoming cultural events

15 Business Agenda:

Where you need to be

18 Baltic Business News

AHK SPECIAL

German- Baltic Business Award 2020

22 Personality: Christian Heldt,

German Ambassador to Latvia

26 Cover Story:

Covid-19 has significantly boosted cybersecurity

40 Best in Business:

Baltic companies to watch

50 Insider: The views of experts 62 Law & Tax: EU whistleblower rules are around the corner

64 Trade Fairs:

Differences between online and offline trade fairs

68 Trade Fairs Interview

with Jörn Holtmeier, Managing Director of AUMA

70 Skilled-up: Gain: More competent managers

76 AHK Members: Who’s new in AHK’s Baltic network?

80 Shooting star:

Building trust online

INTERVIEW:

Most companies have high-risk vulnerabilities, Kirils Solovjovs, lead researcher of Possible Security

IMPRINT Magazine “Baltic Business Quarterly” Founder: German-Baltic Chamber of Commerce in Estonia, Latvia, Lithuania (AHK), Breite Straße 29, D-10178 Berlin, Germany Executive Board Member: Florian Schröder Editorial office: Strēlnieku iela 1-4, LV1010, Riga, Latvia, +371-67320718, www.ahk-balt.org

Publisher: SIA “Žurnālu izdevniecība Lilita”, Brīvības iela 85 - 4, Rīga, LV-1001 20004547, lilita@lilita.lv, www.lilita.lv

BUSINESS LOCATION

Pärnu – future gate of Estonia chooses sustainable

EVENT REPORTS

Reprint allowed only with a written agreement with the Founder. ©2018.AHK Printed in printing house “Lietuvos Rytas Print”, Lithuania Cover photo: Publicity photo of Nord Security / photo collage Editor in chief: Līva Melbārzde, +371 6 732 0724 Reporters: Marge Aedna, Anda Asere, Eva Eirich, Wilhelm Felk, Gintarė Jonynienė, Stella Kaprāne,Theis Klauberg, Lāsma Kramiņa, Māris Ķirsons, Louisa Niermann, Mari Peegel, Elo Saari, Vineta Šķērīte, Jānis Šķupelis, Alexander Welscher Photographers: Matīss Markovskis, Ritvars Skuja Art Director: Vitalijs Suseklis Advertising Director: Līva Melbārzde Tech Director: Gints Mucenieks Advertising Editor: Jānis Rožkalns, reklama@lilita.lv Digital editions: App Store and Google Play ISSN 2592-2570

Publisher is a member of Association of Press Publishers of Latvia. lpia.lv

OUR PREMIUM MEMBER S

TRAVEL

Virtual Escapes

BAVARIA - PARTNER S TATE 2021

4 | BUSINESS IN PICTURE

Photo: Gatis Orlickis

LIDL OPENS BALTIC LOGISTICS CENTER IN RĪGA In January, Lidl Latvija virtually opened one of the most modern and energy-efficient logistics centres in the Baltics. Over €55 million have been invested in the construction of a 51,000-square-meter logistics centre with an office area in Riga. The opening of the Lidl logistics centre has created more than 150 new jobs. It will provide future Lidl stores in Latvia and Estonia with goods and products. At the opening of the Lidl logistics centre, Jakob Josefsson Chairman of the Board of Lidl Latvija and Lidl Eesti (right) said: “Opening the logistics centre during this global crisis demonstrates our dedication and will send an optimistic signal to our colleagues, future customers and to society in general that we can successfully operate in these turbulent times and attain our goals”. “The logistics centre has six temperature zones, and we are proud to have one of the largest freezers in the Baltics, EDGE certificate, and a sustainable approach to building management”, shared Maciej Urbanski, a Member of the Board of Lidl Latvija and Lidl Eesti, and Director of Regional Sales and Logistics (left). LM

BUSINESS IN PICTURE | 5

6 | BUSINESS IN PICTURE

Photo: Rasmus Kookora

HACKING THE CRISIS AND BEYOND Thousands of people from Africa and the EU got together for an intercontinental online hackathon entitled “The Post Crisis Journey” on 10-13 December to find innovative solutions to socio-economic challenges in Africa that were further amplified by the COVID-19 pandemic. “This hackathon is about learning from each other and our task is to give the talent on both continents an opportunity to think innovatively of solutions that could help to face the current challenges”, said Estonian President Kersti Kaljulaid in the opening panel. Of the 700 ideas proposed by 2,300 participants, 315 reached the hackathon and 260 demonstrations were presented for the final pitch to an international jury. The first prize of €20,000 went to PadShare, a platform developed by a team in Uganda to grant better access to menstrual hygiene products for women in vulnerable situations. In order to turn the ideas into reality and hopefully breed the first European-African unicorn, the most promising teams will receive a follow-up mentoring and matchmaking program. AW

8 | BUSINESS IN PICTURE

Photo: Ministry of the Economy and Innovation of the Republic of Lithuania

SAFE HAVEN FOR BELARUSIAN FIRMS Belarusian enterprises are being encouraged to relocate to their western neighbour Lithuania to escape the tense political situation as well as potential sanctions and reprisals from the Belarusian authorities. “We must help the people and businesses persecuted by the oppressive regime and make their relocation to Lithuania smooth. Let’s put human rights first”, stated Lithuania’s Economy Minister Aušrinė Armonaitė (left) after a meeting with the Belarusian opposition leader-in-exile Svetlana Tikhanovskaya (right) on 14 January in Vilnius. To facilitate the transfer of businesses and streamline migration procedures, Lithuania has worked out “fasttrack” options for Belarusians to continue their activities in Lithuania and for simplifying visa processes for workers. More than 60 Belarusian companies are currently moving their business to Lithuania or considering doing so, according to Lithuania’s foreign investment promotion agency Invest Lithuania. Most of them operate in the flourishing IT sector that has been growing fast in Minsk in recent years. AW

10 | B U S I N E S S I N P I C T U R E

Photo: EC- Audiovisual Service/ Thomas Kienzle

A DOSE OF HOPE The mass vaccination against Covid-19 began soon after Christmas, sparking hopes of an end to the pandemic that upended the world in 2020 and beyond. “Vaccinations will help us to get our normal lives back, gradually”, said European Commission President Ursula von der Leyen on the eve of the roll-out of vaccinations across Europe. In a coordinated push by the EU and its 27 member states, Estonia, Latvia and Lithuania also started to vaccinate people against coronavirus at the end of December. The first to receive the Covid-19 vaccines were high-risk groups, such as front-line health workers, the elderly and people with preexisting health conditions, while the largest part of the population in the Baltics is supposed to get their jab by the summer. But even as regulators give the go-ahead for one vaccination after another, the logistical feat of administering the drugs remains an uphill battle. Not to mention another big challenge: getting the public on board. AW

12 | W H AT‘S H OT

Cybersecurity cat and mouse game and even arms race

the

Covid-19 pandemic has rapidly moved much of society’s life online. This has led to some individuals, business groups and even entire countries going through some sort of “internet baptism by fire”. Not everyone can suddenly have the necessary experience and skills to perform any activity in this environment safely. Criminals are also following wider trends and are increasingly moving online. In addition, as technology advances, they have the opportunity to come up with smarter and more sophisticated tools to achieve their results, whatever they may be. The boundaries between the digital and physical worlds will continue to blur. Any IT system may be as strong as its weakest link. So its point of infection could be an unprotected device or even employee who now works from home and makes some kind of mistake when taken by surprise by a cyber attack. When everything happens online, for example, it can be difficult to verify true identities, allowing cybercriminals to gain the access they need to corporate systems. What’s more, these home computers may not be equipped with the necessary security technologies. This could mean they can be infected with malware, which then harms the individual, the business, or even the general public if certain important information is

stolen, damaged, or destroyed. Relevant training, assistance and control may also be lacking in this new reality. The opportunities for such cybercriminals are wide-ranging. In mid-January, for example, the Information Technology Security Incident Response Institution of the Republic of Latvia reported risks to a significant number of “intelligent” heating systems, which potentially could be accessed online by unauthorized persons, who could then interfere with and change equipment settings, such as switching off the heating. Quite unpleasant, considering that it was -20°C degrees outside (mid-January). Of course, it is also possible to attack much higher, even strategic, targets, which can even affect entire national economies and the physical security of the public. A vivid reminder of this “cyberwarfare” was the recent discovery of the SolarWinds software hack in the United States. There are even such daunting warnings that the next “9/11 moment” could be brought to reality with a cyber attack. Cybersecurity experts point out that cybercriminals use a variety of techniques to achieve their results. They may differ from their expectations, abilities and also, of course, from the very purpose of the

attack. All this is followed by the eternal “game of cat and mouse” – the other party must constantly think about how to minimize the risks associated with the daily exposure to the internet. The reality, however, may be that such security risks are often underestimated. Cybersecurity Ventures predicts that a wide variety of cybercrimes will cost the world US$10.5 trillion in 2025. This would be an increase of 250% from 2015. This could even lead to one of the greatest transfers of economic wealth in history. Forecasting the future isn’t usually a thankful task, although it seems safe to say that the world will not stop venturing along the path of technological development. As technology and the internet become even more important in the lives of most societies, how they deal with the security challenges posed by this environment will be crucial. Those who are less prepared for living it in such circumstances risk being like fish out of water. This could be the last moment for decisive action in this regard. Otherwise, it could be comparable to a situation like always leaving the door of your house open in a dangerous neighbourhood. You may be lucky for a while, but you should not be surprised if someone enters your home at some point. In the case of a cyberattack, however, the specificity is that the criminal can spy on you for months before deciding what exactly he wants to take, damage or use in some other way. It cannot be ruled out that even some aspects of a victim’s identity may be stolen. The great question is: will individuals, businesses and even entire countries be able to keep up with the new and growing cyberthreats (and how)? Cybersecurity spending is expected to rise, and some even say it will be another form of “arms race”.

Publicity photo

by JĀNIS ŠĶUPELIS

Journalist for Dienas Bizness

W H AT‘S H OT | 13 Photo: Līva Melbārzde, johnalexandr, adobeStock

Events and their dates applied when the Baltic Business Quarterly went to print. However, some dates may change due to the spread of the coronavirus and the protective measures to stop it

What‘s hot 8- 10 April 2021, Splendid Palace, Riga (Latvia)

Riga Jazz Stage

Aspiring Jazz artists from all over the world will come to Riga to turn the city into an arena for Jazz competition. A prominent international jury will evaluate the performances. Over € 7,000 are waiting in the prize pool to be handed out to the winners. Besides, the prizes include invitations to Jazz festivals and clubs around the world. The contest is divided into two categories. The first one being “Jazz Vocalists”, while the second category is dedicated to an instrument that changes annually. This year, it is “Jazz Drums”. One member of the jury will be Jamison Ross, a composer, singer, and drummer, who nominated for a Grammy award

30.4. – 1.5.2021, Festival Square, Sigulda (Latvia)

Latvian Plant Parade

The biggest plant fair in the Baltics is the right place for plant growers and landscape architects, professionals and amateurs, old hands and newbies – and for people, who have never touched a hand shovel but are convinced that they should. All the plants lined up at the fair are cultivated in Latvia. The craftsmen and producers of garden supplies offered at the fair and equipment are also Latvian. Besides the plant market, contests will be held, and attractions will be presented for the visitors. 05-07 March 2021, Vilnius (Lithuania)

St. Casimir’s Fair

Celebrate spring! This 400-year-old tradition promises to wake the city up after the sleepy winter. Get your Easter palm bouquet, eat special gingerbread, admire the wicker crafts adn attend a few traditional shows.

10-13 March 2021, Vilnius (Lithuania) 21.5.-06.06. 2021, Riga (Latvia)

Ice Hockey World Championship in 2021

The International Ice Hockey Federation (IIHF) Council has voted to confirm Riga as the sole host for the 2021 IIHF Ice Hockey World Championship, following the decision to withdraw the tournament from Minsk, Belarus. The Council of the International Ice Hockey Federation (IIHF) earlier decided to to move the 2021 IIHF Ice Hockey World Championship from Minsk, Belarus. The 2021 championship had to be organized by Minsk and Riga, but the Latvian government indicated that it does not want to co-host the tournament with Belarus, as the regime of authoritarian leader Alexander Lukashenko has been conducting a violent crackdown on peaceful protesters in the country.

Amber Trip International Baltic Jewellery Exhibition

Amber Trip, the largest international jewelry and amber exhibition in the Baltic States, is an exclusive event that brings professional jewelers, designers and buyers together from every corner of the world. Each year, global jewelry trends, technology and the latest works of professional jewelers are presented here.

14 | W H AT‘S H OT 18.03. – 01.04. 2021

Kino Pavasaris Vilnius International Film Festival

Visit the biggest and most important annual film event in Lithuania. Attend a few premieres, join discussions with filmmakers and watch some exciting movies. The program is divided into five parts and is easy follow: Discovery of the Years, Festival Challenges, Masters, Critics‘ Choice, and Competition of European Debuts.

30.04.2021 - 02.05.2021, Haapsalu (Estonia)

Haapsalu Horror & Fantasy Film Festival (HÕFF)

17 April 2021 Võru (Estonia)

Võhandu Rowing Marathon

Võhandu River, one of the most beautiful and challenging rivers in Southern Estonia, will be hosting an international rowing marathon starting early in the morning on Lake Tamula in Võru and finishing in Võõpsu in Põlva County. The participants will cover 100 km in one day, experiencing some extreme conditions along the way. The river affords fantastic views of ancient forests, meadows and sandstone bluffs.

01.04.2021, Vilnius (Lithuania)

Užupis Independence Day

Every year on April 1st, a customs office is set up near the Užupis Bridge where you can get your passport stamped with a special stamp. Concerts, art performances and entertainment, and eccentric traditions take place throughout Užupis Republic on what most know as April Fools. 16.04.2021 - 25.04.2021 Tallinn (Estonia)

Jazzkaar

The biggest jazz festival in the Baltics has been held in Tallinn since 1990. Jazzkaar is a festival that presents great international and local jazz talents and fills the whole country with great sounds and activities. Combining a unique and versatile programme with bold solutions, Jazzkaar creates an amazing jazz festival with the smallest budget in the Nordic nations. Jazzkaar has been granted the EFFE quality label for being among the finest festivals in Europe.

Photo: Urupong, adobeStock

HÕFF introduces the largest possible contemporary range of horror, fantasy and cult movies to Estonian and foreign audiences. Although a number of horror and fantasy film festivals are organised in the neighbouring countries of Estonia, HÖFF is unique as it focuses on a highquality programme and shows the best movies from the world’s most prestigious genre festivals. Most of the films have not been featured in Estonia and it is unlikely that they will be shown outside of HÖFF. .

B U S I N E S S A G E N D A | 15

Events and their dates applied when the Baltic Business Quarterly went to print. However, some dates may change due to the spread of the coronavirus and the protective measures to stop it

ESTONIA 13th International Conference on Cyber Conflict 25 – 28 May, 2021 Tallinn (Estonia) CyCon 2021’s central theme is Going Viral. This alludes to the implications of human crises (such as the 2020 pandemic) for cybersecurity and cyberspace. At a more abstract level, the conference, which is organized by the NATO Cooperative Cyber Defence Centre of Excellence, aims at encouraging discussions on the impact of fast proliferation and high unpredictability in cyberspace.

sTARTUp Day 2021 25-27 August 2021, Tartu (Estonia) and Online sTARTUp Day is bringing together startup-minded people to celebrate entrepreneurship in the smart city of Tartu & online. There will be an inspiring and educational stage program, organized matchmaking, handson seminars with professionals and many more activities.

MAAMESS 15-17 April 2021, Tartu (Estonia) Maamess is Estonia’s largest trade fair, with 484 exhibitors from

12 countries and 45,215 visitors in 2019. It has a long history and brings together agriculture, forestry, horticulture and the food industry.

ESTBUILD 2021 12-15 May 2021, Tallinn, Estonia The 25th International Building Fair Estbuild focuses on the presentation of innovative technologies, building construction, materials, machinery and tools. Since 1997, the fair has aimed at creating an efficient business, training and information environment for all building specialists and hobbyists.

16 | W H AT‘S H OT

L AT VIA eCOM360 2 April 2021, Hanzas Perons, Riga (Latvia) The self-proclaimed “buzzword-free” conference on e-commerce will host speakers of Google, Twitter, Lego, Hugo Boss, Heineken, and more than 20 other companies. Lectures, stories, and workshops will be held gathered around the conference’s core theme “Phenomenal Practitioners”. The goal is to present the audience the latest trends in digital marketing and offer tools to create their own appealing virtual appearance.

The biggest real estate investment event in the Baltics annually gathers over 300 experts, industry leaders, and CEOs from all over the world. They discuss current trends, provide best practices, and teach each other how to enlarge the appeal of the Baltic real estate landscape for foreign investors. This year’s focus will be put on three foundations of the property market: urban planning, digitalization, and investment.

TechChill 7 – 21 May 2021, online, Riga (Latvia)

Deep Tech Atelier 15 – 16 April 2021, Hanzas Perons, Riga (Latvia) The Deep Tech Atelier is a platform that merges the share of ideas with practical hands-on workshops together. The event’s focus will be on medical, space and health tech business ideas. Entrepreneurs,

researchers, engineers, representers of the government, and investors will gather to create tangible outcomes: up to ten entrepreneurial startups based on the Commercialization Reactor’s platform shall be established within the time of the Deep Tech Atelier.

Tech-loving and far-sighted minds concentrated in one place – this the TechChill conference series that annually brings together entrepreneurs, investors, media representatives, and tech fans to net the Baltic startup community tighter. Due to the pandemic, TechChill 2021 will take place online and is dedicated to the topics Green New World, Knowledge for Growth and Digital Transformation summed up in the conference’s title: Point of No Return.

Photo: Matīss Markovskis, Maksim Kabakou, adobeStock

Baltic Real Estate Leaders Forum For further information visit brelforum.com, Riga (Latvia)

B U S I N E S S A G E N D A | 17

LITHUANIA ESCCA Annual Conference 21-25 April 2021, Vilnius (Lithuania)

Days of International Education Vilnius 14 March 2021 Radisson Blu Hotel Lietuva, Vilnius (Lithuania) Days of International Education is the biggest public education abroad fair in the Baltics with a well-known brand name in this region and beyond. In this event, international education providers meet face-to-face with visitors, schoolchildren with their parents, young people, students, adults, representatives from companies and organizations, local education providers and the mass media.

Home World Exhibition 19-21 March 2021 Zalgiris arena, Kaunas (Lithuania) Home World exhibition features the most reliable manufacturers and suppliers presenting the latests trends in the construction industry, a display of furniture and interiors, the Winch construction conference, a conference on real estate: trends and developments, the latest real estate projects ad the Dwellings exposition, including credit services and consultations, and more.

ESCCA Annual Conference is a scientific society founded to ensure the continuation of the activities of the European Working Group on Clinical Cell Analysis. It is aimed at the standardization, validation and dissemination of flow cytometric know-how and its implementation in clinical laboratories.

Style & Fashion Exhibition 26-28 March 2021 Arena Lighthouse, Klaipeda (Lithuania) This event is a family celebration where every family will have the opportunity to find suitable products, services, entertainment and information which meet their needs and lifestyle. There will be children’s and youth ensemble performances taking place on stage during the entire event. There will also be various competitions, children’s activities, seminars for adults about parenting, child care and education issues.

Annual Conference FINTECH INN 28-29 April 2021, Vilnius (Lithuania) Annual Conference FINTECH INN is the largest and most significant international Fintech conference in the Baltic region. Fintech Inn is a forum where established companies, startups, investors, associations, policymakers and technology leaders from over 30 countries convene to exchange knowledge and discuss the challenges facing the industry today. Fintech Inn is the space to find the connections, know-how and inspiration key to tackling the issues of tomorrow.

18 | B A LT I C B U S I N E S S

Nearly 300 solar power plants set up in 2020 in Estonia

Enefit Green, the renewable energy subsidiary of the Estonian energy provider Eesti Energia, built a total of 285 solar power plants for clients of Eesti Energia in Estonia, plus 100 in Latvia, during the course of 2020. Private individuals have the option to generate solar power via panels installed on their property and can then sell any surplus to Eesti Energia. Currently, 2,500 clients sell electric energy generated in their

home business to Eesti Energia. The CEO of Enefit Green, Aavo Karmas, said via a press release that „many private clients and smaller companies, who previously took a cautious attitude towards solar energy, have received reassurance and motivation from the national measures to reduce their environmental footprint and become a producer of renewable energy instead of being a consumer of electric energy”.

company AS Eesti Teed for 19.7 million euros in November 2020. Pursuant to the contract, Verston Holding, the entity that consolidates companies of the Verston group, as the

winning bidder in a public auction obtained 100 percent of shares in AS Eesti Teed. The core business of Eesti Teed is road maintenance, construction and repair. The company was established in 2012 as a result of a merger of five regional road maintenance companies -- AS Parnumaa Teed, AS Tartumaa Teed, AS Vorumaa Teed, AS Virumaa Teed ja AS Saaremaa Teed. Verston Ehitus OU is a road construction service company that started operating in Paide, Estonia in 2010.

Estonian Verston Holding cleared to buy Eesti Teed In January the Estonian Competition Authority cleared Verston Holding OÜ to acquire the road construction and road maintenance company AS Eesti Teed. The Estonian Ministry of Economic Affairs and Communications and infrastructure construction group Verston signed a contract of purchase and sale of the state-owned road maintenance

Estonia to start paying digitalization support to businesses Pursuant to a new regulation, companies in Estonia will soon get the possibility to apply for support for the preparation of a digitalization roadmap, with the help of which they will be offered an assessment and recommendations for the introduction of various digital solutions in the future. The maximum size of the grant is 15,000 euros per project. Minister of Foreign Trade and IT Raul Siem said in a press release in January that the aim of the measure that will become available soon is to increase the awareness and preparedness of businesses when it comes to the introduction of novel technological

solutions, be it artificial intelligence, robotics, cloud data processing or big data analysis. The broader goal is to increase businesses› capacity for innovation and speed up digital transition in the Estonian economy. «The grant also has a regional policy dimension, which means that while it is directed to companies of all sectors across Estonia, companies registered outside the cities of Tallinn and Tartu get the support at a higher rate,» the minister said. Companies will get support for the preparation of a digitalization roadmap, which will enable them to chart their processes of manufacture or provision of service, the supply and delivery chain in connection with their business strategy.

B A LT I C B U S I N E S S | 19

Photo: AdobeStock

The Estonian Big Bang 2020: Woola OÜ The Estonian Start Up Woola, founded by Anna Liisa Palatu, was chosen in January as the winner in The Big Bang 2020 category at the Estonian Startup Awards. The company aims at replacing plastic bubble wrap in packaging by using waste wool. The product launched in early 2020, the company opened a factory in Paldiski, raised 450,000 euros in investments, won the title of European Cleantech Startup of the Year, made its first revenue in December 2020, and expanded to Germany. Woola has been successful in finding an alternative use for around 150 tons of Estonian lambswool that doesn’t meet the textile industry’s quality standards and would be discarded as waste every year while reducing the usage of plastic in packaging.

Lithuanian economy to be the first to reach its pre-crisis level Lithuania’s economy will be the first among the Baltic countries to reach the pre-crisis level of 2019 in the third quarter of this years even though it will grow at a slower pace than Latvia’s or Estonia’s economy this year and next, Nerijus Mačiulis, Swedbank’s chief economist, has said. He attributed such dynamics to the base effect as Lithuania’s economies downturn last year was less significant compared to the economies of the other two Baltic countries. „In 2020, Lithuania’s economic contraction was among the smallest across the Baltic and European Union’s (EU) countries. The final statistics are not yet available but we left our 1.7 percent forecast [of Lithuania’s GDP decline in 2020] unchanged and it looks like the actual figure will be very close to that projection... And it is natural that it is very easy to reach to pre-peak level when a decline is smaller than 2 percent,“ Mačiulis said. Swedbank estimates that Latvia and Estonia will reach the pre-crisis level in the final quarter of 2021 whereas certain EU countries, for instance, Italy, will have to wait until 2023 for their economy to recover to the before-crisis level.

Lithuania may face EU sanctions over cap on forest land acquisitions The European Commission could launch infringement proceedings against Lithuania if Parliament does not lift the 1,500-hectare cap on forest land purchases per person, the Environment Ministry has warned, writes delfi.lt The Commission has asked for an explanation from Lithuania because it suspects that the cap, imposed by the previous Seimas, might restrict the free movement of capital. Deputy Environment Minister Danas Augutis said that “the European Commission is likely to initiate a formal infringement procedure against Lithuania if the

restrictions on the acquisition of forest land set by the Law on Forests remain unchanged”. The current law, in effect since early 2020, prohibits a single person or a group of related persons from acquiring more than 1,500 hectares of forest land in Lithuania. Members of the previous parliament said the measure was aimed at preventing a high level of concertation of forest land ownership and reducing the negative impact of industrial forest harvesting on the environment. Critics say the cap could discourage new investments. President Gitanas Nausėda refused to sign the bill into law, but the Seimas overturned his veto.

20 | B A LT I C B U S I N E S S

Lithuania’s Modus Group to invest over EUR 100 mln in Poland

Klaipėda FEZ joins the civic air quality monitoring initiative Klaipėda Free Economic Zone (FEZ) has installed the air monitoring hardware and software, integrated with the city’s community information platform www.klaipedoskvapas.lt. This solution will contribute to a cleaner, more sustainable environment as well as the wellbeing of Klaipėda’s residents, writes Delfi.lt. It will also facilitate more accurate identification of odor sources. The monitoring platform for finding potential odor sources was launched in Klaipėda FEZ at the end of December 2020. Its airflow modelling software was supplied by Envirosuite, an Australian environmental technology company. A station for recording meteorological data such as the wind direction and speed, air temperature, humidity, solar radiation and other information was also installed. While this solution currently does not directly record potential deviations from air quality norms, the technology has been integrated with klaipedoskvapas.lt which collects data from the city’s residents. This allows to identify potential sources of unpleasant odors more accurately. Having this information will enable the Klaipėda FEZ team to find solutions together with the companies involved and share this data with relevant institutions.

High-tech campus in Riga to be built The real estate developer Urban Invetors plans to create a high-tech campus with business, leisure, science, trade, and residential buildings in Riga, writes LETA. Urban Inventors, part of the Lithuanian SBA Group, has purchased 7.3 hectares of land between the city’s centre and airport. Lionginas Sepetys, chairman of the management board at Urban Inventors, refused to reveal information on the price of the real estate or the land’s vendor yet. The campus’ construction will begin in the first half of 2022 and shall be finished in a few years.

Green Genius, a renewable energy company that is part of Lithuania’s Modus Group, is set to invest over 100 million euros in solar power plants in Poland. Green Genius said in a press release that it is completing the construction of solar power plants with a total capacity of 43 megawatts (MW) in the neighboring country. It won the capacity projects in 2019 auctions. Green Genius CEO Ruslan Sklepovic says the company is planning to implement not only the projects won at auctions, but also to develop solar power parks under market conditions and sell electricity to businesses or on the power exchange. Green Genius says it won Poland’s auctions for another 79 MW solar power plant projects last November and December. The company also plans to install 20 MW of biogas power plants in the neighboring country within three years, including 3 MW this year. Green Genius is also developing solar projects in Spain and Italy, and aims to make it to the list of Europe’s top 25 renewable energy developers in Europe over the next four years.

B A LT I C B U S I N E S S | 21

Photo: Skozzeviak, olezzo, boonchuk- stock.adobe.com

Projects worth EUR round 250 million have been implemented in 2020 Last year, the Investment and Development Agency of Latvia, LIAA, helped to implement 51 investment projects worth EUR 252.4 million. This effort has created 2,893 jobs, writes LETA. For instance, service centres by Norwegian Air and Swisscom were established leading several 100 new jobs. German IT developers Prime Force and QSC AG also created more than a hundred jobs. In the manufacturing industry, SMD Baltic from Belarus has finished its first investment cycle in Daugavpils. Seventeen Belarussian decided to move to Latvia last year inducing to generate thousands of jobs in Riga and Daugavpils. For LIAA Director Kaspars Rožkalns 2020 have been a successful year despite the pandemic. LIAA expects a change of real estate investments for the future. The interest in the construction of office buildings will probably decrease while the one in apartments will increase. Between 2021 and 2023, according to LIAA, at least EUR 480 million will be attracted leading to the creation of at least 4,500 new jobs. Besides, the amount of export of goods in the first eleven months of 2020 surpassed the 2019 level by EUR 80 million.

airBaltic to construct new hangar at Riga Airport The Latvian airline airBaltic plans to construct a new aircraft hangar at Riga Airport to maintain its expanding fleet. The construction should start at the beginning of 2022 and finished by the end of 2023. According to CEO Martin Gauss, the airline will possess twice as many Airbus A220-300 planes as today in Riga by the time the new hangar will be finished. At that time, the new hangar will suite the risen demands of the airline since airBalitc intends to continue the maintenance on their aircraft themselves. Currently, airBaltic’s fleet consists of 25 Airbus A220-300 aircraft. The airline’s aeroplane carried a total of 1.34 million passengers in 2020, which was by 73 % less than in 2019.

Tele2 plans to set up new 5G base stations in Latvia Latvian mobile phone operator Tele2 plans to establish 5G base stations in 13 cities or in their vicinities this year, writes LETA. Tele2 will build 5G base stations in Ventspils, Salaspils, Baloži, Liepāja, Cēsis, Kuldīga, Mārupe, Ogre, Jēkabpils, Saldus, Talsi, Carnikava and Olaine. Additional 5G base stations will be set up in Riga, Daugavpils, Jūrmala and Valmiera. The company have already set up 5G base stations in seven Latvian cities within the last one-and-a-half years. In cooperation with Nokia, the company will upgrade its core network for 10 million euros. The 5G network standard will be the key technology for mobile communications. Tele2 intends to incrementally expand the technology across Latvia. Belonging to Sweden’s Tele2 Sverige Aktiebolag, the company increased its turnover by 4 % last year while its profit raised by 2 %.

22 | P E R S O N A L I T Y

by WILHELM FELK

Christian Heldt

German Ambassador to Latvia

Riga

Is there something impressive thing about Latvian society (e.g. in politics, culture, economy) which German society could adopt? The still very incomplete feeling I get is that people here are very friendly, straightforward and pragmatic. The people I have met so far are extremely open and want things to get done. There is still a long way to go from there to the blueprinting phase

Photo: Karīna Miezāja, Latvijas avīze

What do you associate with Latvia? How has this association changed upon your first months here in Riga? The struggle for freedom and the country’s amazing development since the early 1990s. I still have vivid memories of the TV pictures of the Baltic Way, the barricades and the renewal of diplomatic relations 30 years ago. We are celebrating this year together with the formal centenary of our relations, but history reaches out far longer. I also think of the overwhelming cultural landscape, nature and the dynamic economic sector. To just name a few. But to be frank, arriving in COVID-restricted circumstances has not allowed me to do what I like most: meeting people. You can only learn about a country and its realities if you can get together with the people. So, just like everybody, I am waiting for a return to normality to be able to finally reach out on a broader scale.

P E R S O N A L I T Y | 23

under the present circumstances, and my aim is to find out more about Latvian society. So ask me the question again in a year after the COVID crisis, and I will be happy to give you more detailed answers. What are the special goals you want to achieve besides the typical objectives of an ambassador? That already poses the question of how you define those “typical objectives”. An ambassador should always be out there to not only maintain good relations, but also to personally identify the potential for further improving them. For that, you have to get involved, meet people, go out to form an appreciation for what can or should be done. Right now, however, everything is on a kind of technical hold. The essence of our diplomatic profession is mutually trusting personal relationships. I would, of course, like to see what we can do on the ground in so many fields. I have a particular curiosity about young entrepreneurs, young creatives, the generation born and socialized in Latvia as a free country in the EU and NATO. What is their take, where do they see Latvia’s potential to jointly address the challenges of our common European future? PROFESSIONAL EXPERIENCE 1983 – 1985

Military Service in the Alpine Division, Reserve Officer

1985 – 1991

Studied History, Political Science and Public International Law in Bonn and Paris

1989

French MA in History, University Paris-Sorbonne

1991

German MA in History, Political Science and Public International Law, University of Bonn

1991 – 1993

Preparatory Service in the Ministry of Foreign Affairs

1993 – 1996

Economic Division, German Embassy Moscow

1996 – 1999

Spokesman and Head of Public Affairs, German Embassy Tel Aviv

1999 – 2002

Desk Officer North Africa, German Ministry of Foreign Affairs

2002 – 2007

Advisor to Ministers of Foreign Affairs and to Ministers for European Affairs, French Ministry of Foreign Affairs

2008 – 2010

Political Advisor, German Ministry of Defence

2010 – 2013

Head of Division in DG Europe, German Ministry of Foreign Affairs

2013 – 2017

Deputy Head of Mission, German Embassy Holy See/Rome

2017 – 2020

Ambassador, German Embassy Pristina/Kosovo

Since Nov 2020 Ambassador, German Embassy Riga

I have a particular curiosity about young entrepreneurs, young creatives, the generation born and socialized in Latvia as a free country in the EU and NATO. In which economic areas can Latvia and Germany benefit from stronger cooperation? LIDL is sending a strong signal at the beginning of this year with a huge investment and recruiting in difficult times. So, indeed, what more can we do? My impression is that there is joint potential which could be used more – in research, in designing industrial landscapes of the future, in environmental technologies, and in intelligent infrastructure. The business representatives I have talked to agree that there are few real hurdles to greater commitment and that there is a good deal of catching up to do here. There are areas like digitization where Latvian companies are in the top division. As the saying goes, “never waste a crisis”. With the COVID crisis, there is plenty of thinking about supporting more critical infrastructure and production within the EU. So we might, to a certain degree, see a reconfiguration of production and logistics within the EU and from the EU with key economic regions in the world. What are the areas of interest in which our countries could explore ways of making this work within the European Green Deal or the Next Generation EU funding? Business and politics in our countries should engage in close dialogue on this and more. This is where we need the established networks in trade and the economy like the GermanBaltic Chamber of Commerce to provide platforms and food for thought. I will be happy to contribute to that. What is your favourite place to spend your leisure time here in Latvia? Restaurants, cultural places and almost everything else in that respect closed two days after my arrival. Right now, I am basically limited to walking in urban areas and nature. So whenever possible, I undertake exploration tours in Riga and other places, also outside in the stunning January winter world, enjoying the visual beauty of it all. However, I am willing to admit that I cannot wait to return right back to real life and get to know the vibrant non-COVID Latvia. For the time being, strategic patience is the word for all of us, and switching back to normality will be at the grasp of our fingertips in a few months.

24 | MY OFFICE There is plenty of work to do at the Riga City Council, but the mayor will be happy if five planned reorganisations take place in 2021: Establish the Riga City Council Non-Government Organisation Advisory Board, for better awareness of the needs of Riga’s citizens; The only change that has taken place in the office is that the mayor’s giant leather-upholstered chair was replaced with an office chair from the council’s storage.

Establish the Riga Investment Agency, promoting investments into Latvia’s capital; Replace 3 executive directorates with one-stop agencies, to make municipal services more accessible to Riga’s citizens; Reorganise the Riga Construction Board, Riga Architect Bureau and the Development Department of Riga, to speed up the approval of construction designs in the capital; Create a corruption prevention centre at Riga City Council, to combat all corruption risks in the city.

The blue box with the mayoral collar, which M. Staķis is yet to wear.

One of the reasons for why the mayor has to come to the office is the fact that Riga City Council’s IT systems are obsolete, with low digitisation, and he has to sign most documents by hand. Digitisation with the help of RRF funding to modernise Riga City Council‘s IT systems is one of the mayor‘s goals.

MY OFFICE | 25

MĀRTIŅŠ STAĶIS

remotely can actually help you to achieve more. He goes to work at the office every day and quips about how huge it is, and how you can even keep people at a distance of 10 metres, never mind 2. Almost nothing has changed in the arrangement and the furnishings of the office itself: ‘I am not particularly interested in appearances. When I took office, I became the first

mayor of Riga not to wear the mayoral collar, because, in my opinion, this honour has to be earned. We must do our homework, effect real improvements in Riga, achieve results, and then perhaps I can afford to change something in my office. It’s not even my second priority: more like the tenth. My wife jokes about how I can sit in a room with bare white walls and just work. I must thank those at the City Council

who have worked to make the office as tastefully furnished as it is now, but I haven’t done anything about it,’ the mayor of Riga said. Riga’s former mayor had two cats, and M. Staķis has allowed his employees to bring a dog to work; for example, the head of the Riga mayor’s office often takes hers. The mayor’s favourite cafes in Riga are also dog-friendly.

The portrait of the President must be in the mayor’s office according to protocol.

M. Staķis likes the small replica of the Freedom Monument he has inherited from his predecessors. The Freedom Monument is an undertaking that the mayor has succeeded in finding funding for. The problem specifically is that the square around the monument is well-lit, but the monument itself, a symbol of Mother Latvia, is not. This year, Riga City Council has allocated 120 thousand euros to replace the lighting, and make Mother Latvia visible at night. ‘The replica inspired me to do it,’ the mayor pointed out.

Foto: Matīss Markovskis

M. Staķis took office in October 2020, and one of the first challenges he had to face was the fact that Riga City Council lacked the equipment that its members needed to work remotely. The technical solution used by the Latvian Parliament was soon implemented, so all the council meetings can be remote now. Because of this, the mayor has only met one person at the Riga City Council in January, concluding that working

CHAIRMAN OF RIGA CITY COUNCIL

26 | C O V E R S TO RY

Cybercrime: COVID-19 impact Cybercrime trends in Europe

2/3 of Interpol member countries from Europe reported a significant increase in the malicious domains registered with the key words ‘COVID’ or ‘Corona’;

Cybercriminals are taking advantage of the pandemic to deploy ransomware against critical infrastructure and healthcare institutions responsible for COVID-19 response;

Cloning of official government websites is increasingly occurring to steal sensitive user data, which can later be used in further cyberattacks;

Widespread phishing campaigns.

Key Covid-19 cyber threats %

Phishing/ Scam/ Fraud

Malware/ Ransomware

Malicious domains

Fake News

BASED ON THE COMPREHENSIVE ANALYSIS OF DATA RECEIVED FROM INTERPOL MEMBER COUNTRIES, PRIVATE PARTNERS AND THE CFC.

C O V E R S TO RY | 27

Save Teleworking For Businesses

■ Establish corporate policies and procedures ■ Secure your teleworking equipment ■ Provide secure remote Access ■ Keep device operating systems and apps updated ■ Regularly check in with staff ■ Secure your corporate communications ■ Raise staff awareness about the risks of teleworking ■ Increase your security monitoring

For Employees

■ Access company data with corporate equipment ■ Think before connecting ■ Report suspicious activity ■ Use secure remote access ■ Protect your teleworking equipment and environment ■ Develop new routines ■ Keep business and leisure apart ■ Stay alert ■ Be careful when using private devices for telework ■ Avoid giving out personal information

Ransomware Tips & Advice

Ransomware prevents users from accessing their system or devices, asking them to pay a ransom through certain online payment methods by an established deadline in order to regain control of their data.

How does it spread?

■ Visiting compromised websites ■ Clicking on malicious links and attachments ■ Downloading fake application updates or compromised software ■ Connecting infected external devices (such as USBs) to your computer system

Fake News

■ Fake products and services ■ False mitigation and cures ■ Mistrust into official guidelines

SIM swapping – a mobile phone scam A fraudster takes control over mobile phone SIM card using stolen personal data

How does it work?

■ A fraudster obtains the victim’s personal data through e.g. data breaches, phishing, social media searches, malicious apps, online shopping, malware etc. ■ With this information, the fraudster dupes the mobile phone operator into porting the victim’s mobile number to a SIM in his possession ■ The fraudster can now receive incoming calls and text messages, including access to the victim’s online banking ■ The victim will notice the mobile phone lost service, and eventually will discover they cannot log in to their bank account

Break the chain

■ Spot the fake. Share information from official sources only ■ Do not engage ■ Report it

What can you do? ■ Keep your software updated ■ Show caution with regard to social media ■ Never open suspicious links or attachments ■ Update your passwords regularly ■ Buy from trusted sources

■ Do not reply to suspicious emails or engage over the phone with callers that request your personal information ■ Download apps only from officials providers and always read permissions

■ Set up your own PIN to restrict access to the SIM card ■ Frequently check your financial statements SOURCE: INTERPOL, EUROPOL

28 | C O V E R S TO RY

by «BDO Latvia» experts STELL A K APR ĀNE and L Ā SMA KR AMIŅA

The Covid-19 pandemic has significantly boosted cybersecurity Distance work and training, a thorough boom in e-commerce, followed by cyber security, are one of the brightest features of 2020, not only in Latvia or Europe, but all over the world.

Simultaneously with the widespread mass introduction of these information and communication technology solutions, the cyber security segment has also grown. The global cybersecurity market is presumed to grow to approximatelly 300 billion USD by 2024, an average of about 50 billion USD annually. The fastest growth in expenditures are forecasted in the municipal (11.9%), telecommunications (11.8%), resource sectors (11.3%), banking (10.4%), and central

Publicity photos of BDO Latvia

essence, the Covid-19 pandemic has been a major driver of the use of information and communication technologies, including in areas where the introduction and use of these products has so far been relatively slow. According to the World Economic Forum›s Covid19 Risk Report, 50% of companies had expressed concern about the increased risks of cyber-attacks and cyber-threats due to the virus, including when employees relocate their day-to-day work to home.

government (9.9%) sectors. The types of cyber-attacks most commonly faced by companies are phishing (37%), intrusion into data networks (30%), accidental disclosure (12%), stolen / lost device or data (10%) and incorrect system configuration (4%). The global cybercrime economy generates approximately 1.5 trillion USD in annual profits, and global spending on security applications is projected to increase to 133.8 billion USD by 2022. The largest investors in cybersecurity are the United States, Israel, the United Kingdom and Canada. The countries with the most attacks are Bangladesh, Algeria, Uzbekistan and Germany, while the countries with the least attacks are Japan, Denmark and Ukraine.

C O V E R S TO RY | 29

With Covid-19, the risks of working from home have become more important. These include vulnerable video conferencing links or hacked video conferencing passwords that can be used to access the corporate network, as well as the risks of insecure networks and the use of vulnerable computers by employees. The more risk, the more investment

Surprisingly, regulation in the field of cybersecurity is very fragmented and the definitions used in this sector are not used consistently in EU legal regulations and policies. At the same time, there is a permanent Computer Emergency Response Team (CERT-EU) in the European Union, covering all EU institutions, bodies and agencies. It consolidates the existing Task Force into a permanent and effective unit responsible for a coordinated EU response to cyber-attacks against its authorities and cooperates with the EU Institutions› internal IT security units and liaises with computer threat response units and IT security companies in Member States and elsewhere to exchange threat information and techniques for their prevention. It also works closely with NATO partners. We consider cyber security throughout the Baltics to be good, at the same time there are subjects who do not appreciate the importance of virtual security and thus even cause problems for other participants. It can be unequivocally concluded that investments and also various types of educational measures on the importance of security in the

electronic environment will have to be made by everyone - the state, local governments, companies and also the population.

Europe does not sleep

Unsurprisingly, on 2 December 2020, the European Council endorsed conclusions recognizing the increasing use of Internetrelated consumer products and industrial devices and the new risks to privacy, information security and cybersecurity. The conclusions emphasize the importance of a long-term assessment of the need for horizontal legislation to address all related aspects of cyber security of devices, such as accessibility, integrity and confidentiality. Also, in 2020, the Council of Europe imposed, for the first time, restrictive measures on six individuals and three organizations responsible for or involved in various cyber attacks. The sanctions imposed include a travel ban and an asset freeze, while EU individuals and organizations are prohibited from making funds available to listed companies and individuals. In addition, the European Council and the European Parliament reached a preliminary agreement on 11 December 2020 on a proposal

to establish a European Center of Competence for Industrial, Technological and Research Cyber Security with headquarters in Romania and a network of National Focal Points to ensure a digital single market, including in areas such as e-commerce, smart mobility and the Internet of Things, and to increase the EU›s autonomy in cybersecurity. The Council of Europe has introduced a framework enabling the EU to impose targeted restrictive measures to deter cyber-attacks and to respond to cyber-attacks that pose an external threat to the EU or its Member States, by allowing sanctions to be imposed on individuals or entities responsible for cyber-attacks or attempted cyber-attacks, provide financial, technical or material support for such attacks, or are otherwise involved in them. This framework also applies to cyber attacks on third countries or international organizations where restrictive measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy. Please check our website https://www.ahk-balt.org/ for tips for working from home from BDO Latvia

30 | C O V E R S TO RY

CHECK HOW SAFE YOUR COMPANY IS Cybersecurity incidents may have GDPR or PR consequences, and might even lead to the company going out of business. Not sure how vulnerable your company is with regard to cybersecurity?

Please check the statements below. If you cannot answer one or more of these with a clear yes, your company is at great risk in the event of a cyberattack.



You really understand that your company needs cybersecurity



Your company has an up-to-date antivirus and firewall



You don’t fully rely on technology and train your employees to be aware of cyber risks



Your company’s work from home policy is clear and includes easy-tofollow action plans



Employees don’t use their private computer for work purposes



Employees don’t leave their computer and other technical devices unattended even for a short time



The videoconferencing links and passwords are kept safe using secure password management tools



Your company has an action plan in the event of a cyberattack and the employees know what tactical action should be taken



Your company uses secure networks – remote access systems are fully patched and securely configured



Your company’s data backups perform regular checks and are adequately protected



Your company observes personal data protection requirements and reporting obligations in the event of a data leak

Do you have any questions in the area of cybersecurity? The German-Baltic Chamber of Commerce (AHK) will be happy to put you in touch with the experts. Please contact us: Joachim Veh

Assistant to the management Joachim.Veh@ahk-balt.org

A H K S P E C I A L | 31

German-Baltic Business Award 2020 highlights cybersecurity

2020, the German-Baltic Business Award was presented for the 19th time, recognizing the achievements of Baltic companies in the field of cybersecurity. For the first time, the prize was awarded simultaneously in all three Baltic countries and the finalists competed at the Baltic level not only in the country of their residence. The Gold winner of the German-Baltic Business Award 2020 was the company Nord Security from Lithuania, the silver winner was Entangle from Latvia and the bronze went to Zabbix, also from Latvia. Please read more about these companies on pages 40, 42 and 44 of this magazine.

The representatives from Nord Security (in the middle) and from AHK in Lithuania

The aim of the German-Baltic Business Award is to determine the best digital solutions that have been created in the Baltic states in order for the Baltic nations to become stronger partners in a German-Baltic economic relationship. This year, due to COVID-19 restrictions, the pitching and judging event to determine three award winners from 8 finalists was held online. LM

Photo: Arnas Usavičius, Līva Melbārzde

Ģirts Kronbergs, Entangle

The Team of Zabbix

32 | C O V E R S TO RY

Photo: NATO CCDCOE / LockedShields / Anders G Warne

Under cyberattack The Covid-19 pandemic has not only had an impact on business and the economy, but also reshaped cyberspace. The increased use of digital technologies has become the “new normal” in many organisations. This has created security blind spots for malicious persons who have also set their sights on the Baltics. by ALE X ANDER WEL SCHER

hat are business leaders currently worried about the most? Given the unprecedented disruption caused by COVID-19, it is no big surprise that business interruption and pandemic outbreaks have taken the top spots in the latest Allianz Risk Barometer 2021. The two main business risks are closely followed by cyber incidents that have been consistently highly ranked in the annual survey and remain a key danger for many companies around the world. Cyberattacks pose a threat to businesses of all sizes and do not look like they will be disappearing anytime soon. Not least because the pandemic has radically changed the working model in many sectors and businesses. Some security leaders are even predicting a COVID-like global “cyber pandemic” on the horizon. “Covid-19 has shown how quickly cybercriminals are able to adapt and the digitization surge

driven by the pandemic has created opportunities for intrusions with new cyber loss scenarios constantly emerging”, says Catharina Richter, Global Head of the Allianz Cyber Center of Competence. Cyber attacks vary hugely by type, scale and severity and are continually evolving as criminals manage to exploit new technologies. Possible breaches span a vast range from minor attacks that are easily handled in-house to major breaches that require a coordinated response involving leadership throughout the organisation and the help of external experts. What they all have in common is that their nature makes it difficult to attribute responsibility for them to a particular group.

Immense costs and damage

Global losses from cybercrime have increased by more than 50% since 2018 and are now estimated to total over $1 trillion – or just more than one percent of the global

GDP, according to a December 2020 report by the IT security company McAfee. The most expensive forms of cybercrime are economic espionage, the theft of intellectual property, financial crime and, increasingly, ransomware. Another estimate by Cybersecurity Ventures expects cybercrime damages to reach as much as $6 trillion in 2021 – the equivalent of the GDP of the world’s third-largest economy. Besides this direct financial damage, there are wider knock-on effects and many hidden costs. “Cybercrime is a colossal barrier to digital trust”, according to the World Economic Forum (WEF). “It drastically undermines the benefits of cyberspace and hinders international cyber stability efforts”. The risk of cybercrime to business operations and profits continues to grow for many organisations around the world. Security researchers have seen a massive rise in ransom-related denial-ofservice incidents over the past year that were not only larger in size and more frequent than ever, but also extended into more areas, targeting finance, government, energy and other sectors. The wave of extortion that began to spread in the summer of 2020 – and in the course of which

C O V E R S TO RY | 33

transactions in the region worth millions of euros, according to a report by the Estonian Information System Authority for the fourth quarter of 2020.

companies received letters in which criminals threatened to launch a denial-of-service attack if the company did not pay the ransom – also reached the Baltics. In most cases, this was accompanied by a test attack and a threat of a more serious attack if the blackmailers were ignored and if the ransom was not paid on time, according to the state cybersecurity authorities in Estonia, Latvia and Lithuania.

Since the onset of the COVID19 pandemic, the number of ransomware attacks targeting Remote Desktop Protocol (RDP) services – a proprietary solution created by Microsoft that allows users to log into the corporate network from remote workstations – has also steadily increased, according to analyses by the IT security firm ESET and anti-virus specialists Kaspersky. In many cases, RDP is accessed through usernames and passwords, which can make them susceptible to brute-force attacks – a trial-anderror method used to guess log-in info and decode sensitive data. By waging such attacks against RDP connections, cybercriminals can access poorly secured networks to run ransomware or exploit

The impacts of the attacks varied depending on their extent and the existence and effectiveness of countermeasures. While in some cases they resulted in disruptions which affected a company website and lasted only a few minutes, the most influential attack seriously hampered the business operations of the targeted company. When the parent bank of a bank operating in Estonia was attacked, the bank’s payment terminals could not be used for several hours during a peak time. This prevented or postponed

them to install cryptomining tools, keyloggers, backdoors and other malware on enterprise systems. Being interested in the prevalence of RDP brute-force attacks across Europe, the digital marketing agency Reboot Online analysed the Kaspersky data and found that the Baltics are at high risk. Lithuania, Estonia and Latvia are among the top 10 countries most likely to experience RDP brute-force attacks. More than 80% of all network attacks in the three countries can be attributed to RDP brute-force attacks. Official data provided by state authorities seem to confirm this assessment: In Estonia, three-quarters of the ransomware incidents reported to RIA in 2020 were definitely or most likely perpetrated using RDP. The situation in Latvia and Lithuania is expected to be similar. Small and mediumsized enterprises in both countries have been frequently reported to be victims of these types of attack.

THE MOST IMPORTANT GLOBAL BUSINESS RISKS FOR 2021 ALLIANZ RISK BAROMETER 2021 Business Interruption 41% Pandemic outbreak 40% Cyber incidents 40% Market developments 19% Changes in legislation and regulation 19% Natural catastrophes 17% Fire, explosion 16% Macroeconomic developments 13% Climate change/increasing volatility of weather 13% Political risks and violence 11%

The 10th annual Allianz Risk Barometer survey was conducted among Allianz customers (global businesses), brokers and industry trade organizations. It also surveyed risk consultants, underwriters, senior managers and claims experts in the corporate insurance segment of Allianz Global Corporate & Specialty and other Allianz entities. Figures represent the number of risks selected as a percentage of all survey responses from 2,769 respondents. All respondents could select up to three risks per industry, which is why the figures do not add up to 100%.

made with 23° | reuse

Source: Allianz Global Corporate & Specialty

34 | C O V E R S TO RY

Targeting the information space

Beyond financial losses and the damage to the economy, cyber incidents can have deeper implications and far-reaching consequences. Government services and websites have become a tempting target in recent years for state-backed players, cybercriminals and hacktivists, whose goals may not be financial but rather to cause maximum disruption and damage to a targeted state or major events around the globe. Politically motivated breaches can disclose sensitive data and information that undermine public safety and even amount to national security threats, involving compromised infrastructure, espionage or terrorism. Other emerging frontiers for cybersecurity are disinformation, fake news and big data that are increasingly being used to manipulate people’s mindset, heighten emotions and create distrust and chaos. “We have seen that the threats to democracy in the past 7-8 years have increasingly been digital. This actually goes before the US 2016 election, even before the Brexit vote”, said former Estonian President Toomas Hendrik Ilves in a session at the Lennart Meri Conference Talks at the end of 2020, referring to two events where online data und digital information may have been misused as part of political campaigns. Known as a passionate promoter of digital development, Ilves painted a rather dark picture of an accelerating asymmetrical cyberconflict. “We have to recognize that our elections, our domestic security is so heavily manipulable now and dependent upon digital threats

ranging from disinformation on social media to actual hacking, serious breaches, be they of electoral systems or government offices. And it is so much cheaper to do that than ever invade someone”, added the techsavvy Estonian elder statesman. Over the last decade, cybersecurity has indeed become a concerning problem for many countries. The primary target of states and nonstate players has been the United States, which experienced by far the highest number of significant cyberattacks between May 2006 and June 2020, according to an analysis by Specops Software. Significant attacks include assaults on a country’s government agencies, defence and high-tech companies, as well as economic crimes with losses equating to more than a million dollars.

Baltic battling

While the Baltics are not listed among the top 20 countries in the ranking, it does not mean that they have not been a target of major attacks. In 2007, during a bitter row with Russia over the relocation of a Soviet-era war memorial, Estonia was hit by a massive series of cyberattacks directed at government servers, banks and essential digital infrastructure – attacks the media dubbed the world’s first cyber-war. A series of investigations into the attacks carried out from servers in Russia suggested there was an element of coordination behind them, although the Kremlin has always denied official involvement. The attack on Estonia and its digital architecture propelled the issue of cyber defence to the forefront of the international community. Estonia’s ability to stand up to the attacks led to the establishment

of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn in 2008. The multinational hub acts as a military think tank on cybersecurity and conducts research, training and exercises within four areas: technology, strategy, operations and law. Flagship projects include the Tallinn Manual, a guidebook for all things cybersecurity, and the annual technical live-fire cyber defence exercise Locked Shields. At the same time, the Estonian government has amplified efforts to buttress its digital defences. Estonia became one of the first countries in the world to implement a National Cyber Security Strategy. The country also launched a new cyber command division within its military and is internationally advocating a strong regulatory framework. Estonia regularly raises the topic of cybersecurity and did so during the first year of its tenure as a nonpermanent member of the United Nations Security Council in 2020. In a similar way, Lithuania has made cybersecurity a top priority too and has bolstered its cyber capabilities after repeatedly falling prey to cyberattacks and online disinformation. Both countries rank highly in the current ITU Global Cybersecurity Index as well as in the Global Index of Cybersecurity NCSI, while Latvia somehow seems to lag behind its Baltic neighbours when it comes to cybersecurity commitments and capacity building. Yet all three Baltic states have been amassing decades of experience from combatting disinformation, fake news and hacking attacks. In Lithuania, the presence of NATO troops has long become a favourite informational attack

C O V E R S TO RY | 35

vector. There have numerous examples of fake news about the allied forces allegedly representing a safety hazard or even security threat to the civilian population. In many cases they involve complex cyber-information attacks. Most recently, more than 20 public sector websites were hacked to post three types of fake news articles in December, according to the National Cyber Security Centre. One of them claimed a Polish diplomat was caught smuggling narcotics, firearms, explosives and extremist materials into Lithuania and had been detained on the Lithuanian border. Other fabricated news that were previously circulated claimed that Vilnius wanted US nuclear weapons stationed on its soil, a German NATO tank desecrated the Jewish cemetery in Kaunas or Lithuania was calling for “a peace-keeping force” to be sent to Belarus. All these disinformation were distributed by fake press release

“On the rise”: WEF WARNS OF CYBERSECURITY & MISINFORMATION What are the key emerging risks to the global economy? Every year, the World Economic Forum (WEF) forecasts what might become a critical threat to the world by analysing economic, environmental, geopolitical, societal and technological risks. In its edition of the Global Risks Report 2021, the WEF has named “cybersecurity failure” as one of the biggest threats to the world in the coming two years and as the top global tech-

or have been placed on websites of Lithuanian media outlets after hacking into their systems or content management system via security loopholes. In a similar fashion, the National Public Health Center and several other public bodies became the targets of an email virus attack at the end of year. The government agencies received emails with infected attachments, which when opened spread the virus Emotet to the internal computer network. From there it was able to automatically send false emails and execute other malicious activities, according to the National Cyber Security Centre. Lithuania`s neighbours were not spared either. In Estonia, the state Information System Authority discovered three separate yet similar cyber attacks against three ministries in November. In the course of attacks against the Ministry of Economic Affairs and Communications, Ministry

related danger. “Misinformation, cyberattacks, targeted strikes and resource grabs are on the rise. The pandemic has shown how governments can wield conspiracy theories as geopolitical weapons by making accusations about other states”, the WEF report states. “The next decade is likely to see a more frequent and impactful dissemination of disinformation on issues of geopolitical importance such as elections, humanitarian crises, public health, security and cultural issues. States and non-state players will likely engage in more dangerous cyberattacks, and these attacks will become more sophisticated.”

of Social Affairs and Ministry of Foreign Affairs the perpetrators also obtained personal data. In each case, the web servers had been targeted. Another incident concerned the online school environment E-Kool that suffered Distributed Denial of Service (DDOS) attacks in spring, leaving the system unavailable for periods of time. The same thing also happened at the beginning of this year in Latvia where some years ago already the E-Health portal was interrupted due to overload of requests, according to media reports in both countries.

Pandemic saw surge in cyberattacks

If the cyberattacks of 2007 were a wake-up call for the field of cybersecurity, then the COVID19 pandemic is ringing another alarm bell for the need to reinforce and fortify cyber defences. The pandemic has accelerated technological adoption, yet exposed a number of shortcomings, vulnerabilities and weaknesses in IT systems and digital environments around the world, including the Baltics. Public authorities in many countries are currently investigating serious cyberattacks against government networks and critical information infrastructure. Cyberattacks have now become more sophisticated and are conducted alongside the spreading of misinformation, even using “deepfakes” – realistic media content modified or falsified by artificial intelligence. These hybrid threats are expected to continue and even increase over the coming years, according to the World Economic Forum’s Global Risks Report 2021. The cyber risk environment for companies is not expected to become any easier in future either.

36 | I N T E RV I E W

Most companies have high-risk vulnerabilities Baltic Business Quarterly interviewed Kirils Solovjovs, a member of the board and lead researcher of the IT security company Possible Security (possiblesecurity.com). Kirils has three higher education degrees, including Master’s degrees in Computer Science and Physics. During the pandemic, Kirils led a team that developed a digital tool for the remote legislative work of the Parliament of Latvia. by LĪVA MELBĀR ZDE

ow do you assess the impact of Covid-19 on cybersecurity risks? Covid-19 has certainly had an impact on cybersecurity risks and cybersecurity as a sector in general. Many people in the economy have been laid off, so they are obviously looking for a way to survive and make a living. And, unfortunately, some of them are willing to turn to cybercrime. It does not even matter if the person has an ICT background – cybercriminals have always been looking for people with different profiles. That is why we are getting attacked more and more, and why we are getting more malware in e-mail, through social media, and other platforms. On the other hand, the Covid-19 crisis has made people embrace technology more. And I am talking about people who do not even like technology or do not enjoy using it, but Covid-19 has still forced them to embrace it. People now have to spend more time with their technologies and online. That also works in favour of cyber criminals and increases cybersecurity risks because we not only have more attackers joining the cybercrime domain, but there

are also more potential victims being online for more cumulative hours. Covid-19 has brought risks to everyone – individuals, companies, international and governmental organizations. Not only low effort cybercrime, such as automated spam or automated malware, but also targeted attacks have become more prominent during these times. If we look at the data for Latvia and one of our neighbouring states, Estonia, the data gathered by the cybersecurity incident response teams of our respective countries does not indicate a total quantitative increase of the cybersecurity incidents. However, there has been a seismic shift, as we are seeing more successful campaigns which are both targeted and non-targeted. Has Covid-19 changed the mindset of businesses towards cyber risks? How? Have companies involved more experts to reduce cyber risks? During this Covid-19 crisis, we are seeing more demand for cybersecurity experts. Traditionally for my company, the busiest time of the year is October, November and December. One possible explanation is that October is European Cyber Security month,

so outside of the Covid-19 time, there are usually more requests coming in during October, and we work to fulfil the needs of our new customers too in November and December. In mid-January it normally plateaus, and we do not really see that many new clients. This is probably the first start of the year when we have new requests coming in all the time and it does not seem like it is going to stop. The same was seen in the summer of 2020, when things usually calm down a bit. More customers are looking at cyber risks because they are opening new e-commerce platforms, migrating to remote work, using different communication tools, and they recognize that they need to work on cybersecurity before something happens. We see that companies are moving more of their resources to the digital domain. For example, if a company was previously doing face-to-face marketing, during the pandemic they are moving to e-mail campaigns or video calls. Isn’t it the case that readiness and understanding for cybersecurity only comes after an incident? Traditionally, cybersecurity has been seen as an expenditure position, not an investment position. If you hire an employee, you expect a return on your employee in 3 to 6 months, or a year. If you buy cybersecurity – and this is how most people see it – you just spend money and nothing comes out of it when, in fact, it is not just an expenditure position as it can be used for marketing and to minimize risks. Unfortunately, around a quarter of our customers found us only after an incident, but many of

I N T E RV I E W | 37

Publicity photo of Possible Security

them have stayed with us even after we resolved it. Most of the companies come to us before any incidents happen because they have seen a news item, or they have finally understood what cybersecurity is and does. These days, if you run a company you do not need a reminder why you should have fire safety because you are reminded of fires fairly regularly. For cybersecurity, we are transitioning to that

cybersecurity. If you are forced to buy a service because “everybody does it” or someone pressures you into it, you will not invest the time in it. We can take your money, but if we do not get your time and attention to implement our recommendations, then it is not really a useful service for you. What are the biggest cybersecurity risks in Latvia and the Baltic states?

Everyone needs some basic protection in three things – user awareness, antivirus, and firewall. User awareness is the most important one and the most expensive to “buy” stage. Cybersecurity incidents are being reported on the news more frequently. And even though the number of cybercrimes has not increased, the speed of reporting the incidents has grown rapidly. I would say that if we were a food company, we would be a gourmet restaurant. We are trying to improve companies’ cybersecurity positions, but if a company wants to go slow and enjoy their journey, we do not push. We do not believe in shoving our service down their throats. If they need us, they will come. Some of our current customers have truly taken their time to sign the contract. More than a year, even! That is fine with me because I believe that it is easier for me and my employees to work with customers who really appreciate us and understand that they need

“I would say that if we were a food company, we would be a gourmet restaurant. We are trying to improve companies’ cybersecurity positions, but if a company wants to go slow and enjoy their journey, we do not push

If we look at 2020, one of the risks that most readers will be aware of is the return of Emotet malware. By itself, this is not a new thing – it has been around for years. In 2020 it returned more dangerous than ever. It is a classic malware that distributes itself via e-mail. People open the e-mail and it infects the computer, and then propagates to other people from your computer. The people behind the Emotet upgraded its algorithm. In previous

38 | I N T E RV I E W

years, when the malware infected your computer, it would send itself to people in your address book. On the receiving end, you would see an e-mail from someone you kind of know, you’d have some random subject and the text in the e-mail would be nonsense, the attachment would infect your computer and steal your data. So, what was happening with the new version was – it would first fetch all your e-mails, take an old e-mail at random, and send it to that same specific person that it was sent to some years ago, leaving the same subject, and the same text inside the e-mail. And it looked like a legitimate e-mail, except the attachment was changed to malware. The recipient would think there is a good chance that this is an e-mail you would send. It was very effective because e-mails in the business world are mostly the same and are supposed to look uniform. For private individuals, it was less effective, but damaging nonetheless. Phishing has not disappeared; it has been happening everywhere in the world in 2020 and 2021. It sends fake e-mails to entice people to disclose their personal information, passwords or even pay money to fake entities. We have seen some targeted phishing, such as fake invoices. Some new things have also arisen in the Baltic region, like fake calls from supposed banks that call you and ask you to verify who you are and ask questions, while trying to log in to your internet bank during the call. How do you assess the investments made so far in the field of cybersecurity in Latvia and the Baltic states? I would say that the government has laid a good foundation for building their cybersecurity. All

If you weigh up the option of doing the test and hearing the bad news, rather than not doing the test and living in blissful ignorance, do the test three Baltic states are moving forwards in terms of cybersecurity investment. For private businesses, it really depends on the industry. Generally, I would say that they are lagging behind. Some sectors invest in cybersecurity more, since they are more likely to be targeted due to the type of business they do or because of the information they have. The sectors that do not have any intrinsic appeal to cybercriminals invest very little or do not invest at all. To what extent are the existing IT systems in companies prepared for new challenges? Are the IT solutions sufficiently optimised? How do you assess the situation with data security? Sufficiently motivated, sophisticated attackers will be able to overcome many of the system’s security measures. And you cannot be completely reliant on technology as there will always be one or more vulnerabilities. The problem with vulnerabilities is that when they are discovered, you usually learn that they have been there for months, for a year, or for ten years maybe.

Has anyone exploited it? You do not know because no one usually keeps security records for ten years. That is why you should invest in other parts of cybersecurity as well. User training and awareness, management support and policy support are very important. You must have proper policies in place, not only to ensure that the incidents do not happen, but also to instruct people what to do when it does happen. You do not want to be running around with your hair on fire, creating a policy, when you must extinguish the fire. Everyone needs some basic protection in three things – user awareness, antivirus, and firewall. User awareness is the most important one and the most expensive to “buy”. You need to train your users to be aware of what they are doing with your systems and whether they are falling for scams and other types of social engineering. Every year, we see new security tools appearing on the market. That is because the traditional duo – antivirus and firewall – are

I N T E RV I E W | 39

Publicity photo of Possible Security

very limited. They do not provide protection from a malicious user who can delete all your documents if you have them on a shared drive. Unaware users falling prey to phishing attacks may have the same effect. Some companies are looking to buy new security solutions. I am not saying that security products are not needed. All medium and large corporations and most small businesses need some cybersecurity products to support their daily operations. But buying a new product just because its marketing sounds fancy is not the way to go. So to try and minimize the risks, a major part of the services we provide is intrusion or penetration tests on computer systems. We have never had a test on a system where there was nothing to improve. There have been a minority of tests where lowrisk vulnerabilities have been discovered, but there is always something. In most cases, it is usually a long list of high-risk vulnerabilities. Recently, we delivered news to a customer that we have completely overtaken their system. Someone getting into your systems as deeply as possible can be distressing. But then they remember that we are not the bad guys. If you weigh up the option of doing the test and hearing the bad news, rather than not doing the test and living in blissful ignorance, do the test. We are still waiting for the company

to whom we will shamefully have to submit an empty report. Are companies willing to invest more money to increase their cybersecurity? It depends on the sector. What we see is that high-tech, military, and finance sectors are always at the forefront of cybersecurity. When we talk about the Baltic states and many EU countries, we see that they have made significant investments, but what is lacking is the cybersecurity awareness and understanding of how important cybersecurity is and what it can bring for the company – and not only by employees, but by the management too. Cybersecurity is money gained, not money lost. The easiest example to think of is all the hassle you must go through if the incident happens. Let’s imagine a medium-high impact incident. One third of your data is deleted and the other two thirds are leaked online. You might have some personally identifiable information there. This means there are GDPR consequences, PR consequences and some business information is leaked. The data might be show some indication that your products are not as good as you positioned them on the market. You might even go out of business. That is what you must weigh up when thinking about investing in security. It is about minimizing the risk of all these

You must have proper policies in place. You do not want to be running around with your hair on fire, creating a policy, when you must extinguish the fire

bad things happening and, at the same time, using your commitment to your advantage, and putting yourself above other companies. What does our future look like in the ICT sector and how will the cybersecurity sector develop? I see that every sector has either suffered or benefited from the increased digitization. This will have affected everyone out there – individuals, businesses, or governments. I believe that after the pandemic we will see a sharp but brief drop in digitization. People will want to have faceto-face meetings and will enjoy colleagues interrupting their work. After the first thrill of normal life, I think the level of digitization will bounce back, balancing between the intensity we had before the pandemic and what we have now. The ICT sector is still going to grow, but not as fast as last year and not as fast as it is happening now due to the pandemic. We will see faster digitization in sectors where it previously lagged – remote formal education, for example. Cybercriminals will try and use that to their favour, but I think that the police will keep up better with different digital tools and knowledge. I also believe that the cybersecurity sector is going to have more regulation and formalization. It will benefit older ICT companies that have been operating for years, as we are going to see requirements for certificates and licensing and many of the things we do today. Governments will want to keep an eye on products and services that other businesses provide in terms of cybersecurity: if you produce a smart watch or if you provide health advice via video call – is this secure?

40 | B E S T I N B U S I N E S S

Cybersecurity starts with the right mindset Nord Security is the winner of the German-Baltic Business Award 2020. Baltic Business Quarterly interviewed Rytis Meškauskas, a Chief Revenue Officer at Nord Security, a family of advanced cybersecurity tools for private and business use. Rytis is also a Certified Google Trainer and a lecturer of mobile marketing at the Vilnius University Business School with over 15 years of experience in performance marketing.

by LĪVA MELBĀR ZDE

hat is your core area of activity and your most well-known products? Nord Security’s core area of activity is cybersecurity. Our products – the fastest VPN on the market NordVPN and NordVPN Teams, the next-generation password manager NordPass, and the powerful file encryption tool with a cloud storage NordLocker – are leaders in the field of online privacy and security, both for individuals and businesses. We have over 15 million users worldwide, who trust us to keep their data safe on the internet. Which product or service did you enter for the GermanBaltic Business Award? We entered the German-Baltic Business Award with Nord Security. Established in 2012, Nord Security is home to advanced security solutions that share the Nord brand and values. We develop robust cybersecurity tools for both private and business use. We are an independent, global, security- and privacy-focused organization. Has Covid-19 increased the risks to cybersecurity? If so, how? The Covid-19 pandemic and the lockdown that followed

did indeed increase the risks to cybersecurity. From a business point of view, many companies were not prepared for such drastic changes. Companies no longer have control over the infrastructure their employees use for work while at home. And cybercriminals are fully aware of this issue. The use of personal devices to access business networks, weak passwords, and unsecured Wi-Fi are only some of the reasons that increase the risk of becoming a target for hackers. We have witnessed many lastminute decisions, and a VPN became the number one solution that companies picked to protect their networks. A VPN effectively grants employees working from home safe access to servers, systems, and databases that otherwise could only be accessed at an office. In March, when this global pandemic started, our business VPN solution NordVPN Teams saw a 165% usage spike and almost a 600% increase in sales overall. This is undoubtedly related to companies conducting their business remotely. From an individual user’s point of view, cybercriminals tend to target people when they are the most vulnerable. The number of coronavirus-related scams and security incidents has been steadily increasing

since the beginning of last year. Hackers are preying on people’s fears, spreading disinformation, and monetizing panic. Are companies in Lithuania (Baltic states) willing to invest in their cybersecurity? Is the situation regarding cybersecurity different in the Baltic states and in Germany or the rest of Europe/the world? I believe that not only people in the Baltic states but throughout Europe are convinced that they do not have anything to hide or their information is not worth hacking, so there might be no need to invest in cybersecurity. The same applies to companies managed by people with the same mindset. Luckily, generations are changing, and more CEOs, especially those who conduct their business internationally, realize the damage a data breach could inflict. Twenty years ago, the situation with cybersecurity in the Baltic states was significantly different from Western Europe. But now, with the market of cybersecurity tools booming and the Baltic states both attracting investments and generating huge profits on their own, the situation has changed drastically. Give it another 20 years, and there will be no need to draw a line between the Baltics and the rest of Europe.

B E S T I N B U S I N E S S | 41

“When this global pandemic started, our business VPN solution NordVPN Teams saw a 165% usage spike and almost a 600% increase in sales overall,” Rytis Meškauskas, a Chief Revenue Officer at Nord Security

What is our future in the ICT sector? I think the future is bright. We can see many new players on the market, which benefits consumers, as they can choose the best product to suit their needs. And that is the key principle of the free market. Growth and transparency in the ICT sector are fundamental. Thus, some great initiatives get launched, and I predict that more of them will appear and flourish in the future. In 2019, for example, the VPN Trust Initiative was born with the aim of improving digital security for consumers by strengthening trust, building understanding, and mitigating risks for VPN users. Last year showed us the importance of ICT in learning and education. I believe this sector will stay a focus area for many service providers in 2021 and 2022.

Nord Security

Photo: Publicity Photo of Nord Security

Sector: Cybersecurity Founding year: 2012 Revenue 2020: Not applicable as Nord Security isn’t a publicly traded company Number of employees: 800 Export: 15 million users worldwide. The main markets include the USA, UK, Canada, Australia, Germany, and France.

What are the weakest points in companies in the area of cybersecurity that should be strengthened? In this rush to adapt, many companies have neglected or ignored both their risk and change management processes. Now that many employees have shifted to remote work – in addition to organizations being distracted trying to handle the virus – security and risk management teams need

to be more vigilant than ever. However, many CISOs have had to sacrifice security for fast migration to keep the business going. I think that employee negligence is a great threat to business security. People fall prey to social engineering, phishing, and targeted attacks by using unauthorized devices, applying weak passwords, giving away their user credentials, clicking on dodgy links, or downloading malicious attachments. Luckily, this particular risk is easy to control. There are many digital tools that can help protect organizations from data breaches, and these tools are neither difficult to use nor require large investments. Cybersecurity starts with employees’ mindset, which can be optimized through mandatory training.

What are the trends in cybersecurity? Will cybersecurity be driven by artificial intelligence? Cybersecurity has a heavy focus on using artificial intelligence to secure systems and devices, and that focus will only grow in the near future. The cybersecurity market is moving forward by employing automated systems that can monitor, identify, and prevent cyber-attacks in real time. So, both completely new products and great additions to the existing ones might be expected. Another cybersecurity trend is the adoption of 5G networks. This new technology brings greater speeds and more density, but with that comes more cybersecurity concerns too. The industry will need to learn how to deal with new risks.

42 | B E S T I N B U S I N E S S

by WILHELM FELK

Mathematically unbreakable The Latvian tech company “Entangle” is pursuing the goal of becoming one of the future companies to safeguard communications and data privacy in the fast-developing virtual environment.

2020, Entangle won second place at our German-Baltic Business Award dedicated to aspiring cybersecurity companies. A jury of German industry experts and our audience voted for the promising enterprise from Riga. We decided to talk to Entangle’s diligent CEO, Girts Kronbergs, about the company and its plans. What is your company’s purpose and how do you implement it? Entangle is a technology company I co-founded with my brother Māris who is behind both the hardware and software of our system. It all started with his enthusiasm and experiments. Now, we are creating a secure communication system, and our first product is a small device you can put on your smartphone. On this device, you can send and receive encrypted messages via your phone, protected from cyber theft. The Entangle channel is highly secure – you can send messages even through unsecure networks and compromised smartphones. The initial version allows users to exchange encrypted text messages, and now we are scaling up the system to be able to securely exchange documents, photos, videos, and more. Right now, we are continuing the development of

the product and looking forward to releasing it on the market as well as exploring partnership opportunities to achieve that goal. With Entangle, we are solving the major security flaws of smartphones and apps. Our communication system’s data encryption is built to be equal to Quantum Key Distribution (QKD) systems. Encryption, used by QKD is mathematically proven to be unbreakable and quantum-resistant. Nothing can break the encryption, not even a quantum computer 50 years from now. So, Entangle uses the same principles: One-time-pad (OTP) encryption and unpredictable encryption keys generated by the True Random Number Generator (TRNG). The difference between QKD and Entangle is that our system does not need fiber-optic cable networks for the encryption key exchange. Instead, Entangle users exchange keys in a single face-to-face meeting, so they can use their unbreakable message encryption system with existing mobile communication networks anywhere in the world. When you connect your Entangle device to your smartphone, you instantly create an unbreakable channel with other Entangle users. It is secure, cost-saving, and global.

Where will your product be used? The communications security problem exists in every industry and Entangle can be adapted to each of them. For example, we have identified multiple application possibilities in the defence and government sector, banking, and finance, as well as individual use cases. As we have finished our minimum viable product, we are looking for opportunities to put our technology to use where needed. At this stage, our product is a secure system which can primarily be used to exchange encrypted text messages – location data, access control, passwords, and other short-form communication. At the same time, we are working to extend the system to data transfer, allowing users to securely exchange any confidential documents, videos, or other data, such as strategic defence information, sensitive financial or private information, and medical records. Currently, we are open to and actively working on partnering with industry leaders to roll out our technology. Who are you cooperating with for the product development? Entangle is working with leading Latvian research, government, and defence institutions. By collaborating with universities,

B E S T I N B U S I N E S S | 43

Our first product is a small device you can put on your smartphone. On this device, you can send and receive encrypted messages via your phone, protected from cyber theft, Ģirts Kronbergs, Entangle’s diligent CEO

Entangle

Publicity photo of Entangle

Sector: Secure communications Founding year: 2017 Development stage: Research and Development Projected export: Europe and the USA Number of employees: 5 Location of office: Riga, Latvia www.entangle.tech

we obtain the data necessary to describe the technology and its functions, and practical data that allows us to further improve our work. Working with government and defence institutions provides us with the resources, insight, and feedback necessary to build our technology according to standards. This work also allows us to identify use cases in the government and defence sectors where Entangle can make a huge impact. What are your long-term plans for the company? To be among the first to build the foundation for next-generation secure communications. The existing infrastructure is outdated. With our insight, we are creating a solution for businesses,

institutions, and individuals that will be part of everyday life in a matter of 5–10 years. On the one hand, the world’s tech is developing into one connected system where more and more data is input and analysed. It gives unique benefits in many fields. On the other hand, however, technology takes away our privacy. The clock is ticking for us to fix the problem of privacy and data security. It is as inevitable as PCs coming into our homes and smartphones replacing cell phones. What do you think about the rising power and influence of the big tech companies from Silicon Valley? It is a natural process – if you control the information, you control the world. Understandably, global tech companies are interested in people putting out more and more private information. It gives companies more control over people and makes them easier

to influence and even manipulate. This is our reality. And we believe the influence of Big Tech will only become stronger. I think we are past trying to limit or restrict their actions. Over time, they will simply become a symbiotic entity together with society and government. In the future, do you think that the integrity of people’s privacy will be sufficiently protected despite the rising digitization? The existing technology will not be enough to protect people’s data. All the computational security that the world is using will be obsolete in 10–15 years. That is why we are building this new communication system that will be there to ensure secure data transfer when existing security solutions fail. Entangle is simple and robust. With this technology, we give everyone a chance to protect their privacy, whether they are a government, corporation, or private user.

44 | B E S T I N B U S I N E S S “The Baltics are an important player in Europe and even globally in cybersecurity,” Alexei Vladishev, CEO of Zabbix

by WILHELM FELK

Publicity photo from Zabbix

The Latvian IT company Zabbix has created open-source monitoring software providing a combination of transparency, security, and professionalism. In 2020, Zabbix won third place at German-Baltic Business Award.

Secure and open-source f

ounded in 2005, the company now has offices in Japan, Russia, Brazil, and the USA. The customers include businesses and governmental and financial institutions all around the world. The company’s eponymous software “Zabbix” is basically monitoring software that offers users a realtime overview of important data. To do so, it collects raw data from servers, virtual machines and networks, and then converts it into interpretable metrics to enable the operator to track a process and keep it under control. The software easily works with different IT systems. Most remarkably the software is totally free and still offers a wide range of functions. Zabbix has achieved so much success and acclaim with its product in the past years. To strengthen it’s product the company became an authority within the “Common Vulnerabilities and Exposures” program. The CVE is a list of publicly disclosed cybersecurity exposures and vulnerabilities. The CVE’s purpose is to identify and categorize cybersecurity leaks

and share them with researchers and software vendors, so they can prevent them efficiently. The CVE is the de facto international standard for identifying and naming cybersecurity vulnerabilities.

Biological threat and digital security

The corona pandemic has urged the desk force into working from home, leading to higher internet traffic which opened the floodgates to cyber criminality. For example, the number of phishing attacks, spam e-mails and ransomware attacks has greatly increased. This has irreversibly changed public opinion on cybersecurity’s importance. To adapt to the new changes, Zabbix launched their online training program last year, enabling customers to use the company’s monitoring software more effectively. Besides, the company is developing it’s product all the time to make it more secure. For example, in 2020, Zabbix integrated the software HashiCorp Vault, making it possible to store sensitive information securely.

Importance of cybersecurity

Alexei Vladishev, founder and CEO of Zabbix, points out the urgency of investing in digital security: “Against a backdrop of escalating geopolitical and geo-economic tensions, one of the biggest threats nations face today is from cyber warfare.” There have been claims of stolen elections, the suspected theft of COVID-19 research data, and the danger of possible power supply cut-offs. Current world events emphasize Vladishev’s warning. Now, it seems the world cannot be overfilled with working cybersecurity solutions. “We believe the Baltic states as a whole region is an important player in Europe and even globally in cybersecurity”, Vladishev also stated. Considering his last comment, the Baltics have the potential to take a leading role in the development of a digitally sustainable future in which users will not fear the theft of their sensitive data while amicably enjoying the advantages of the ongoing cyber revolution.

B E S T I N B U S I N E S S | 45

“Every individual is becoming increasingly more responsible for their own personal cyber hygiene,” Andrus Kivisaar, Chief Executive Officer at Cybexer Technologies

by LOUISA NIERMANN

Sometimes the answer is quite simple: improve employee cyber hygiene! What are most companies’ weakest points in the field of cybersecurity that should be strengthened? We always say that human behaviour is key, but if we dig deeper into technical aspects, there is no single answer. The type and extent of weaknesses in companies’ systems is highly dependent on aspects like the size of an organisation: smaller companies

Changing the Playground for Cybersecurity Training

ybExer Technologies was founded in 2016 by two leading Estonian cybersecurity companies – ByteLife and BHC Laboratory. The core mission of CybExer Technologies is to “Change the Playground for Cybersecurity Training”. We asked Andrus Kivisaar, Chief Executive Officer at Cybexer Technologies, about the most pressing issues in cybersecurity today and how the company addresses them. Are Estonian and Baltic companies generally aware of the need for cybersecurity and are they willing to invest in it? Regarding larger companies, we are proud to say that in Estonia the importance attached to cybersecurity is higher than elsewhere. We see similar investments in other countries as well but here the internal readiness to use novel solutions is higher than elsewhere. For smaller companies in Estonia, however, the picture is different. There is definitely the issue of finding financing for cybersecurity investments and, even if money were more abundant, there is a lack of awareness. Companies do not yet know how to improve their network security.

are relatively insecure across the board, larger companies, on the other hand, have more company-specific weaknesses. In addition, the sector in which a company operates and the level of digitization play an important role in defining the attack landscape. What is your core business and what are the most popular products you have developed? Our core business is in cyber capability development, cyber range technologies and exercises. While our flagship service is cyber range development, our most popular product based on the number of users is a cyber hygiene e-learning tool that is offered to individuals and organisations globally. Which product did you participate with for the GermanBaltic Business Award? We presented our cyber range services. Our quality in this area is underlined by our software vLab Manager, a stateof-the-art solution that helps to create and manage exercises tailored to the customer’s needs. We also have the Integrated Scoring and Awareness, a NATO-awarded tool that visualises

cyber training. Because cyber exercises are relatively difficult to understand, ISA’s simple but highly functional visualisation makes it possible to capture and easily present all the necessary information in a visually beautiful way. Did Covid-19 increase the risks for cybersecurity and if yes, in which way? Definitely! While there have been various high-profile attacks against health organisations due to the relevance of the health sector, the longer impact of Covid-19 is related to more widespread use of work-fromhome routines. As employees move away from secure corporate networks, the use of personal devices and Wi-Fi networks leads to a greater and more vulnerable attack surface. We believe that every individual is becoming increasingly more responsible for their own personal cyber hygiene. What are the most interesting or demanding projects you are working on? The most interesting work we do is related to special systems: technologies which are specific to one industry, are heavily sophisticated and require a lot of research and development on our part. Some examples include power grid, UAVs and 5G/IoT. What does the future hold for the field of cybersecurity? The field is changing rapidly. The advances in visual manipulation and sophistication in text-based phishing put an enormous responsibility on the individual in identifying true from false. For companies, investments in cybersecurity are becoming part of annual budgets and lead to a further penetration of cyber capabilities across companies. For governments, the issues of cyber war and cyber defence are starting to take up a more coherent understanding in the global forums, leading to better international cooperation.

46 | B E S T I N B U S I N E S S

Making the world’s information universally reliable Guardtime is the world’s largest provider of cybersecurity solutions based on blockchain systems. The company’s technology aims to confirm the correctness of digital data. Silver Kelk, Business Development Manager at Guardtime, explained to Baltic Business Quarterly how this works and in what fields the technology can be used. by LOUISA NIERMANN

hat is your core business? What are the most popular products you have developed? Guardtime’s core mission is to make information universally reliable. Probably, our most well-known product, or actually a core technology, is a unique blockchain that enables the users to verify the accuracy and integrity of any digital information. Unlike any of the alternatives, we can do this with minimal operational overheads and at the scale of billions of transactions per second. In other words, Guardtime has created the ability to sign and verify every step that is performed using data – medical records, software configuration files, vaccines shipment documentation, and so on – in its longer lifecycle, even when the data crosses organizational and geographical boundaries. By combining such signatures into an unbreakable chain of events, we get a trustworthy report of the digital supply chain, or provenance as we like to call it. This way, we help to reduce the need to build trust into such data and its related real-world assets by other expensive and time-consuming means like manual checks, auditing or overly complex contracting. Since the early market traction with the Estonian government, we’ve built industry- and client-specific solutions on top of this powerful core technology, racking up quite an impressive reference list over the years. We have helped governments

and enterprises, like Lockheed Martin, Ericsson, Verizon, Maersk and many others, to bring more trust, security, and accountability into their digital information flows and services. In most of these cases, Guardtime’s technology has been a critical, yet often invisible, building block that is embedded in the backend of bigger systems. However, in the last few years, we have taken a more product-oriented approach and are now focusing on commercializing more value-adding and user-centric solutions that are often built in close collaboration with industry partners. Great examples of this are our marine insurance platform Insurwave (e.g. used by Maersk) and real-world healthcare data solutions (developed with Roche and AstraZeneca). Which product did you participate with for the GermanBaltic Business Award? Guardtime MIDA, our new cybersecurity tool for solving the misconfigurations and trust problems in public cloud services. This is a unique solution in the market that we just introduced in the second half of 2020. MIDA addresses digitization and cybersecurity challenges across industries in Europe. For example, the same topics are now being actively discussed in the Germanled GAIA-X secure cloud initiative. There’s a great momentum building around this topic in Europe and this will grow in the coming years. The key challenge we address is that MIDA enables organizations to regain control over their infrastructure from the cloud service provider

and verify if the agreed contract and configuration details hold on a running basis. We see a strong need for this especially in the public, financial and healthcare sectors, where the hesitation towards public cloud solutions like Amazon AWS and Microsoft Azure are still preventing stakeholders from using these market-leading solutions in further digitization and innovation. VaccineGuard is a digital infrastructure developed by Guardtime that can help “verify the COVID 19 status of individuals and maintain an accurate overview of vaccination program effectiveness” according to your website. Vaccinations against coronavirus have begun all around the world. Can you tell us a bit more about VaccineGuard and whether it is already in use anywhere? Yes, VaccineGuard is our biggest focus at the moment as this is the opportunity to get us all out of the crisis. Now and globally. For the end-user, it just looks like a simple QR-based certificate that can be shown digitally from a phone screen or on paper to prove your vaccination status globally. In the background, it gets much more interesting as you find no central database or storing of personal information. Yet, the technology makes it possible to monitor the rollout of vaccines, verify their authenticity and ensure their accurate distribution and use. Furthermore, VaccineGuard makes it possible to report the side-effects and vaccine efficiency data to public health authorities and vaccine producers in real time and with fully de-identified and aggregated data levels. As you see, our technology covers the whole value chain and puts great emphasis on ensuring that

B E S T I N B U S I N E S S | 47

Silver Kelk, Business Development Manager at Guardtime (from left) and Tarmo Mutso, the Head of the Office of German-Baltic Chamber of Commerce (AHK) hands over the certificate of German-Baltic Business Award 2020.

Photo: Publicity photo of Guardtime

personal data remains protected. In January 2021, we have a growing list of governments and vaccine manufacturers in the piloting phase and active collaboration with the WHO and the European Commission to meet global standards. The first wave of vaccinations is excellent for us to test this solution in various environments and healthcare systems so that we are ready for bigger mass-vaccination campaigns that are expected to follow throughout 2021 and maybe even beyond that. What are the impacts of the Covid19 pandemic on the cybersecurity field? Have risks increased? Yes, the risks have definitely increased. There has been much about the vulnerability of endpoint devices, social engineering, and other user-centric risks that have skyrocketed in the last year. But what we also saw is an increased pace of digitization in many industries. As such developments typically involve wider cloud adoption, many organizations are now facing new risks and new operating models. Organizations that try to move ahead while sticking to their old cybersecurity principles and tools, or even overlook them entirely, will soon struggle. But it is actually easy to make this mistake as cybersecurity is often perceived as a lower priority cost, especially if organizations are running on a tight budget and timeframe, as many probably were in 2020. (Un)fortunately, the exact opposite is proven sooner or later.

Are companies in Estonia or in the Baltic states in general willing to invest in their cybersecurity? Does this willingness of companies in the Baltics differ compared to Germany and other countries in Europe / the world? Yes, they are. Estonia and its southern neighbours are well-known for their high level of cybersecurity and data protection. The secureby-design principles have been the standard of our countries’ digitization processes for decades already. Some might even argue that we have overengineered some things in the past but, as a frontrunner in digital governance, digital banking and digital healthcare, you simply cannot allow any significant slips on this road, especially in cybersecurity. I think we have managed to achieve that pretty well. Today, however, we see more readiness to invest in contemporary and disruptive cybersecurity in Germany and the rest of Europe, as their core technology systems are going through a bigger wave of renewal. This is always the right time to revisit the security strategies and select tools and methods to support the next period. In general, cybersecurity and data protection topics are still very strong in Europe. I am confident that European cybersecurity firms will disrupt the global market in the next decade, supported by the balanced concepts and policies that the EU has developed regarding data protection and cybersecurity over the past few years.

What are the most vulnerable points of companies when it comes to cybersecurity? And how can these be remedied? Situational awareness – oversight and reaction to vulnerabilities and direct threats in real time. Today, most of the cybersecurity technology is still based on passive and reactive methods. We see every year that the number of data breaches, the cost of every breach, and even the average time to detect a breach are all on the rise. Something is not working. I like to compare the situation to a company that is building a strong fence around its assets but often does not have a clue when someone is picking the lock at the front gate or when someone has already climbed over the fence. What the cybersecurity world urgently needs is more alarms and security cameras to complement the strong fence. At Guardtime, we are building solutions that enable us to address cybersecurity proactively. First, understanding and trusting all your assets in complex and shared ownership systems and then staying on top of their running configurations through realtime monitoring and automated alerts and remediation policies. What does the future hold for the field of cybersecurity? We will start to see much more managed services, coupled with artificial intelligence and cloud-based solutions, to support or even replace much of an organization’s in-house cybersecurity capabilities. Otherwise, the pace of innovation, the scarcity of human resources, and the running costs of cybersecurity would just be unmanageable for most organizations. We can see now that cybersecurity has become a core part of any digitized business, and is not just a supporting function in the IT department. It must be a C-level focus area, embedded deeply in various parts of the organization – from infrastructure and services to human resources. We will definitely see this trend growing for many years to come.

48 | B E S T I N B U S I N E S S

by E VA EIRICH

The future will be much more collaborative in defence “The most bizarre and strange feeling is when national government systems are hacked, and national personal data is stolen. One feels so hopeless.” So said Dr. Vilius Benetis, CEO of NRD Cyber Security, to “Baltic Business Quarterly”. His company was also one of eight finalists in the German-Baltic Business Award 2020.

hat is your core business? What are the most popular products you have developed? At its core, NRD Cyber Security helps companies, organisations and governments to establish professional cybersecurity teams to handle cyber incidents. These teams are called Security Operation Centers (SOCs) or Computer Security Incident Response Teams (CSIRTs). We establish relevant processes, train staff, and implement our own technology as well as that required by third parties.

Photo: Publicity photo of NRD Cyber Security

Which product did you participate with at the GermanBaltic Business Award? The CTI Core platform is a turnkey solution for CSIRTs and SOCs for their process automation of incident coordination. It has been developed for CSIRTs and SOCs based on real implementation needs, and is available as a real-life or virtual solution. When looking at Germany, all medium-sized and large companies there will need to own or outsource SOC or CSIRT services in the next few years. Different SIEMs, SOARs and similar technologies are there – so there is plenty of choice. But where will humans

cooperate with other humans on resolving incidents collaboratively and effectively? This is what we are aiming to contribute to. Did Covid-19 increase cybersecurity risks? In what way? There are many areas in which cybersecurity risks have increased. The demand for cybersecurity is amplified especially by the following factors: Cyber-space and the use of digital services are growing, thus there is more space for cyber incidents to happen. Criminals cannot benefit in older way under lockdown; thus they are turning to cybercrime methods online. Are companies in Lithuania or in the Baltic states in general willing to invest in their cybersecurity? Does the situation differ in the Baltics and in Germany or in the rest of Europe / in the world? Baltic countries are comparatively small and are moving very fast towards digital services. Handling digital risks is natural part of this. Sometimes, action is taken after the incidents, and sometimes by experienced managers. Overall, the

situation is similar, especially when most businesses are very small and cannot invest much in cybersecurity. What are companies’ weakest points in the field of cybersecurity which should definitely be strengthened? It should all start with senior managers, who are responsible for all assets of the company (including digital), discussing common threats in the industry with their teams (ransomware, phishing, business email compromise, etc.) as well as their preparation and incident response. These discussions allow people to clearly see the business impact and what action should be taken. For example, maybe to have an external team readily available in case the need arises? What is the most interesting or bizarre security breach you have had to deal with? The most bizarre and strange feeling is when national government systems are hacked, and national personal data is stolen. One feels so hopeless. Such attacks happen all around the world. What does the future hold for the field of cybersecurity? The future will be much more collaborative in defence. More and more organisations understand that they need to join forces in detecting and responding. Like “safe neighbourhood” volunteer programs in the city communities.

B E S T I N B U S I N E S S | 49

50 | I N S I D E R

Hans-Wilhelm Dünn, an expert in cybersecurity, urges the industry to invest more in defence from the underestimated danger of cybercrime.

Big threat and low budget The president of the German Cybersecurity Council, Hans-Wilhelm Dünn, was a jury member at our last year’s German-Baltic Business Award dedicated to aspiring Baltic cybersecurity companies. In the 2000s, he was already interested in virtual crime and in protection from it when only very few took the risks seriously. Now, his expertise is in demand more than ever. We have interviewed him about the current security state of our virtual world. by WILHELM FELK

How much danger is the virtual world in now due to cybercrime? During the corona pandemic, cybercriminals have exploited people’s fears and insecurities. With so many people working from home, private IT systems have caused security vulnerabilities because private devices are not so well protected. The greatly increased use of video and telecommunication software also makes the corresponding providers a potential target for hackers (e.g. so-called “zoom bombing”). It is important to enable employees to obtain company devices to reduce the risk of becoming a victim

of a cyberattack with the help of certain pre-installed software and standardised IT security standards (same virus protection programme). Employees should be made aware of the need for a cautious use of the internet and spam e-mails. Basically, there is an asymmetrical setting between attackers and defenders/ users in cybersecurity. Attackers only need a few resources to launch a successful attack. Therefore, 100% protection against cyberattacks is usually not possible. Has the issue of cybercrime been taken seriously enough in society? The increasing number of cybercrime cases during the pandemic shows that there is an urgent need to raise awareness at all levels in politics, business, and society to provide more resources to combat such offences. Accordingly, many companies and employers need to take the issue of cybersecurity more seriously than ever before.

Publicity photo

ow do you relate to the topic of “cybersecurity”? From 2007 to 2009, I was a personal advisor to the Minister of Economics and Deputy Minister-President of the State of Brandenburg. I supported him in his work as chairman of the advisory board of the German Federal Network Agency where I soon became familiar with the issues of cybersecurity. From 2010 to 2012, I was executive director of “Security and Safety made in BerlinBrandenburg”, and from 2016 to 2019 I was executive chairman of “BuCET Shared Services AG”. Since 2012, I have been running my own consultancy. As one of the founders and the president of the German Cybersecurity Council, I advise the operators of critical infrastructures on cybersecurity-related topics. I

share my expertise at high-level events as a speaker or panellist and I am a frequent contact for TV shows or other media formats as well as a guest author. I am also the editor of the book “Cybersicherheit im Krankenhaus” (Cybersecurity in Hospitals).

I N S I D E R | 51

Has enough been invested in the fight against cybercrime? There is a risk for German SMEs because German world market leaders have a very specific expertise which allows them to maintain their market position. Management levels in business and administration talk a lot about cybersecurity, but only superficially. There is a lack of willingness to invest in the implementation of IT security concepts. Cybersecurity must be communicated and understood less as a technical responsibility and more as a responsibility under company law at the decision-making levels. We need more budget and investment to strengthen the market for cybersecurity and more budget for authorities to effectively enforce prosecutions. What are the biggest cybersecurity risks that exist and should be urgently addressed? Cyber risks were named as the biggest corporate risk last year. IT managers must therefore do everything they can to provide strategically aligned, technically correct IT solutions. Complex and rigorous network and computer systems that are not centralised offer a great opportunity for cybercriminals. To tackle this, clear guidelines for IT solutions and software providers are necessary. Cybercriminals are increasingly focusing on employees as a vulnerability. Between 80-90% of cyber incidents fall back on them. Therefore, employees need to be taught practical cybersecurity skills to raise awareness and confidence.

Are there cybersecurity specialists? No. There is a big “fight for talents”, i.e. a strong demand for highly qualified workers, but a lack of talent to fill the vacancies. Pragmatic training modules and the certification of capable people on the labour market, even without educational qualifications, are needed. What counts is solely their skills to ensure a good

How do you assess cybersecurity in the Baltic states in comparison to Germany? Is there anything to learn from the Baltic states? Cybersecurity is a complex challenge for all states. The Baltic states have established themselves as “Leading States” due to the early digital transformation. Thus, they had to make early decisions and measures as well as face and

Compared to other European countries, the Baltic states are far ahead in the field of cybersecurity cyber defence. The potential for innovation “made in Europe” is still slumbering. To kindle this potential, it is very important to support young, talented startups and help them with their development, as well as to draw attention to them, such as through the recently held German-Baltic Business Award by the GermanBaltic Chamber of Commerce. How has cybercrime developed in recent years? With increasing digitisation, cybercrime is rising immensely. The number of unreported cases is high. Since the beginning of the year, according to Europol, an increased number of fake websites, phishing attacks, and spam emails as well as ransomware have been detected, which users can unwittingly fall for. The cost to the average cybercrime/defence firm rose from $1.3 million to $3.0 million in 2018-2019, an increase of 928%.

deal with the requirements of cybersecurity very early. Compared to other European countries, the Baltic states are far ahead in the field of cybersecurity. How will the cybersecurity industry or the topic develop in the future? What should be done by policymakers? Uniform cybersecurity standards should be established internationally. For example, “security by design” must be implemented as a central process enabler. Because of the “Industry of Things”, a comprehensive implementation for an internationally high level of protection is indispensable, such as in the form of security audits, a secure configuration of networks, open markets for cybersecurity products, international standards against industrial espionage and international legal assistance in case of cyber-attacks.

52 | I N S I D E R

by LĪVA MELBĀR ZDE

The strongest protection is well-trained employees “It’s not a question of if you will be a target of a cyberattack, but when? So, it is smart to be prepared”, says Baiba Kaškina, the General Manager of CERT.LV – the Information Technology Security Incident Response Institution of the Republic of Latvia, to Baltic Business Quarterly.

Has Covid-19 changed the cybersecurity risk? If so, how and why? A Covid-19 pandemic has substantially impacted the cyber environment by forcing businesses and governmental institutions into remote work, thus causing the following ramifications: a remote work infrastructure being set up in a hurry without proper security considerations, poorly configured computers connected to the internet directly, a loose protection of corporate perimeter defences, and privately owned computers without appropriate security measures which have been repurposed for work and are being connected to the corporate infrastructure. The deployment of insecure connections (e.g. no VPN) could cause information leaks, while the use of weak passwords (e.g. for RDP) as well as lack of a firewall or antivirus could lead to the comptonization of devices and systems. Outside the corporate network, it is much harder to control employees’ actions on devices as well as much harder to ensure protection. More generally speaking, since much of our activities happen in cyber

space, the attack surface has increased and there is more room for different kinds of phishing, malware, and extortion campaigns. What are the biggest cybersecurity risks in Latvia and the Baltic states? Cyberspace is global and similar risks apply no matter where you are located. Specific attacks can be observed targeting certain industries, but those attacks are not country- or even region-specific. DDoS (Distributed Denial of Service) attacks can be used as an example. Since last September, they have been aimed at the banks and large companies throughout Europe with the attempt to extort money. During the past year, cybercriminals demonstrated several predispositions. They tried to exploit people’s confusion regarding two-factor authentication. Users got tricked into forwarding security codes, entering PINs and disclosing sensitive information, as they lacked a proper understanding of how those security measures work, when something is being asked and why. A move towards social networks has been observed. Cybercriminals targeted users

(WhatsApp, Facebook etc.) and sought to take over their accounts in order to access social media pages and business accounts they were managing for the purpose of spreading ads. A new trend emerged regarding extortion. Ransom was demanded not only to prevent DDoS attacks and regain access to encrypted data, but data was also stolen before encryption and a ransom demanded to prevent a leak of customer data and other sensitive information online. The Baltic states are less appealing as a target of cybercriminals because of the small market size, comparatively low level of income, and a large amount of the population who communicate solely in their local language. Many global campaigns reach Baltic citizens with a delay, as they have to be translated and adapted. Another advantage of the Baltic states is a lack of legacy payment methods and technologies that could be used for scamming people, such as payment checks and SMS banking. There are also geopolitical aspects of the activities in cyberspace. State sponsored attacks have been observed but are mostly targeting governmental institutions and large enterprises.

I N S I D E R | 53

Cyberspace is global and similar risks apply no matter where you are located. Many global campaigns reach Baltic citizens with a delay, as they have to be translated and adapted, says Baiba Kaškina, the General Manager of CERT.LV

How many cybersecurity incidents did we (in Latvia and the Baltic states) have in 2020, compared to 2019? The general trend in 2020 was that the number of different campaigns was on the rise everywhere, including Latvia. Compared with 2019, for example, denial of service (DDoS) incidents were on the rise, though this was not specific to Latvia or the Baltics. Financial institutions, internet service providers and large enterprises were targeted by cyber criminals in demand for a ransom, or the company would suffer a massive attack that would paralyze the operation of their website or other important online resources.

Publicity photo

Were previous investments (in money, time, understanding) in cybersecurity technologies in Latvia and the Baltic states sufficient? It is vital to understand that cyber security is not a state but a process. Though Latvia has not experienced national level cyber-attacks or crises caused by them, the annual national budget allocated to cybersecurity is steadily growing (the Covid-19 pandemic will have an impact on expenditure in all the sectors). The globalization of the

workforce market has an impact on Latvia too, while a shortage of cybersecurity experts has also been felt in the public sector especially. Isn’t it the case that readiness for and understanding of cybersecurity only comes after an incident? There is a saying in the current cybersecurity environment: it’s not a question of if you will be a target of a cyberattack, but when? So, it is smart to be prepared. Three groups of organizations are distinguishable: those who learn from others, those who learn from their own experience, and those who never learn. There have been organizations who have fallen for the same attack at least twice, though usually the second time is enough for the lessons to be learned and appropriate actions taken. What are the most important things a company should do to minimise cybersecurity risks? There are several things a company must do to ensure adequate level of cybersecurity. When implementing new technology or evolving existing systems, a component of cybersecurity should not be forgotten. In many cases it has been

observed that during the planning and development phase of a new product, only functionalityrelated matters have been of concern, and security has been regarded as something that can be added later if there is enough time and resources left. But you cannot make a decision about building a house underground and decide to add a window later. Employees have to undergo regular cybersecurity training to be able to recognize and prevent cyberattacks. Security solutions are becoming increasingly complex and harder to break through using only technical means, thus attackers try using social engineering methods to make employees disregard the internal security processes and procedures, and provide access to the system or give away valuable information. Unsuspecting employees might be the weakest link, but well-trained employees could become your strongest protection. Security measures must be adapted for business processes – otherwise employees will circumvent the security solutions, thus jeopardizing the whole system and ending up with an even lower level of security than before. It is important to have cyber security professionals in the team. For SMEs, outsourcing and/ or cloud-based solutions should be considered as a cheaper or more viable solution, as in-house expertise is expensive and its focus is usually too narrow.

54 | I N S I D E R

Cyberattacks rise 15–30% during the pandemic 2020 saw digitisation advancing at a surprising pace, beyond what forecasts suggested; however, according to Artūrs Filatovs, head of SIA PricewaterhouseCoopers Information Technology Services, COVID– 19 has led to many companies changing their cybersecurity policy.

by MĀRIS ĶIR SONS

“ we

used to focus more on protecting our own infrastructure and building defensive walls within our organisation. The arrival of the COVID-19 pandemic changed the way we work, and where we work from. Telecommuting and the rapid digitisation of businesses have produced new threats,” A. Filatovs said, noting the effect that COVID-19 has had on cybersecurity risks. A consequence of the forced digitisation caused by the pandemic in Latvia is that the number of cyberattacks on private devices at home (desktop computers, routers, smart TV’s etc.) had a particularly sharp increase in 2020. “Compared to the pre-pandemic levels, cyberattacks have risen 15 to 30 percent. We periodically also see attacks against telecommuting tools, like VPN (Virtual Private Network) and RDP (Remote Desktop Protocol), with an increase of some 20%,” A. Filatovs explained. He also pointed at the European trend of attacks focusing more on

the users, especially those involving social engineering (from 1% in 2019 to 5% in 2020). The most common incidents have been network and application anomalies (35%), user account anomalies (23%), and malware (20%). Data show that on average, 101 incidents were registered per small and medium enterprise (compared to 63 in 2019). Obviously, these incidents are different, and come through different vectors (theft of user access credentials, data leaks, extortion viruses, suspicious network access attacks etc.). “2019 and 2020 was also the time when local Latvian telecoms companies saw the biggest waves of cyberattacks, becoming targets for DDoS attacks of up to 70 Gbps, which effectively flooded the entire bandwidth of our international network communication channel,” A. Filatovs said. He also noted that the differences between various countries largely manifest in the number of attacks and instances of fraud. There is certainly a correlation: industries and businesses that see bigger attacks also experience a higher

complexity of such attacks and more investment of resources by the criminals, due to the potential financial gain they expect to come out of the attacks. “If we take a look at Latvia, then here, too, we see an increase in banking data-related fraud, Smart-ID authentication fraud, and, of course, the use of extortion viruses against business and private individuals,” A. Filatovs pointed out.

Role of data security Updates in the critical software and IT systems of businesses are another hot issue. Surveys still show a large proportion of companies reporting that it takes more than 90 days for them to install software updates and eliminate vulnerabilities in their systems (27.4% — 31–90 days; 29.2% — 91–180 days; 14.3% — >180 days). This makes it easier for cybercriminals to exploit these vulnerabilities, and cause a significant risk of financial losses for these businesses. “We can divide Latvian companies

I N S I D E R | 55

into two groups: those that rely on cybersecurity products, and those that understand the necessity of moving towards a multifaceted system of cybersecurity solutions and services,” A. Filatovs noted. He pointed out that in 2021, an estimated 319 billion e-mail messages will be sent globally every day, which is an annual increase of 4 to 5 percent. “A huge amount of these are malicious: phishing, spam, malware-containing messages. The European Union Agency for Cybersecurity (ENISA) has placed these incidents among its top 5 future challenges. And this is in addition to all the new threats we see used for fraud in Europe, like deep-fake videos or deceptive audio and phone calls. Criminals can use artificial intelligence to, for example, fake a call from your financial director to the company account, asking her to transfer money to the bank account of another business,” A. Filatovs explained.

Not all are the same

Photo: Ritvars Skuja

“This pandemic is like a very clear mirror. Switching employees to remote work has been a piece of cake for some companies, because they properly prepared their infrastructure, and minimised their risks; they developed the right processes, and took preventive security measures. Meanwhile, it has been a rude awakening for others, who let their employees take their office desktop computers home, who opened their firewall ports and reduced the level of security, just to make it possible

“In 2021, an estimated 319 billion e-mail messages will be sent globally every day. A huge amount of these are malicious,” Artūrs Filatovs, head of SIA PricewaterhouseCoopers Information Technology Services

for their users to connect to their systems, to access data, and be able to actually work. And they did not concern themselves at all with the risks caused by the transfer of data outside controlled IT systems, resulting in more potential threats,” A. Filatovs said. Cybersecurity technologies and processes must be updated at regular intervals, and improvements in the platforms/products/service providers used must take place at least once every 3 to 5 years.

Not hardware, but solutions Asked if buying an expensive cybersecurity product and installing it for the first time can boost our security in the future, A. Filatovs replied: “We have seen many

examples of companies spending hundreds of thousands of euros on security systems without taking into account how much long-term development such systems undergo over a period of 3 to 5 years, how their business and its processes may change in the meantime, and how helpful this cybersecurity investment may be in the long run.” In his opinion, we rely too much on loud marketing slogans coming from those who make cybersecurity systems, saying that their product is intelligent, selflearning, has artificial intelligence features etc. “They say: buy our equipment, plug it in, set it up, and that’s it. But it’s not actually true. All cybersecurity technology goes hand in hand with the specialist who knows how to work with it and use it,” A. Filatovs highlighted.

56 | I N S I D E R

by ANDA A SERE / L A BS OF L AT VIA, E XCLUSIV ELY FOR BA LTIC BUSINESS QUA RTERLY

Cybersecurity is the new civil defence Nobody is proud of being a target of cyberattacks, which as a result are still discussed very little, with no reliable data about the global harm that cybercriminals cause. Not knowing the extent of this industry, people do not pay enough attention to it, and get a false sense of security.

“the

fact that businesses avoid talking about this is a big boon for criminals,” Sanita Meijere, global business development manager at SK ID Solutions, said. The most common two fraud schemes involve attractive offers to buy things, and fake calls from your bank. Sometimes people believe that everything published on social media is true, not knowing or even thinking about the fact that the governments of many countries advise against using Facebook and Google as authentication tools. “It is surprising how carelessly people can click on Facebook links offering them shoes at half price, and enter their bank details. They lose the money, of course,” S. Meijere said. Today’s criminals are well-informed about human psychology, which supports them in carrying these attacks out. There is also the natural desire of people to be nice and helpful, as they disclose all sorts of information and participate in various surveys online. “Criminals are happy to take advantage of this,” S. Meijere noted.

Fraudulent calls

A common fraud scheme involves fake calls in which criminals claim to be bank employees. They call

you and say that a transaction has not been completed and offer help in finishing it. They ask for various information about the client, naturally. Some of their stories are so creative that once this resulted in a new Smart-ID account being created on the fraudsters’ phone. “Technically, the process cannot be finalised, of course, but attempts to do this have taken place,” S. Meijere said, emphasising once again that a bank employee would never seek such information. With modern technologies many things can be made very credible. So if you receive a call, allegedly from the bank, and you are suspicious about what you are being told, the best course of action is to call the bank directly and ask them about the whole affair. “The first thing that has led to suspicions so far is the fact that all fraudulent calls involving fake bank employees have been in Russian. The actual callers are in Ukraine and Moldova. A major calling campaign took place last March. Praise should go to our Economic Police who found the perpetrators and started the investigation,” S. Meijere said. The expert recommends never opening an e-mail message from banks and similar organisations, and instead calling the bank to

find out what it is about. Banks tend to use their online banking platform for messaging the client, leaving e-mail for birthday greetings, prepared contract notifications and survey forms only. And even in surveys, banks never ask for personal data.

Only if you are certain

Sometimes criminals manage to guess the number of a bank client by entering different combinations of digits and waiting until they get a hit. “If they enter the correct number of a bank client, that person gets a Smart-ID transaction request. Sometimes, it takes the form of a request to enter PIN1 on your phone. It is important not to approve any transactions you have nothing to do with, and not to try to log in to your online or mobile bank at that point,” S. Meijere said. Sometimes app updates lead to users complaining about the increasing number of steps you need to take to confirm a transaction. According to S. Meijere, the company does not do this to make using Smart-ID more difficult: the point is to better protect users and make them take a moment to think if they are really trying to do something on that particular website.

I N S I D E R | 57

“There is an immense gap in understanding security in finance between those who work in or are at least remotely associated with the IT industry, and those who have nothing to do with it,” said Sanita Meijere, global business development manager at SK ID Solutions.

level of interest in this topic among her students. Research carried out by her students shows that the bigger the cybersecurity budget of an organisation, the more attacks the organisation experiences. This is why they proactively invest more funds into protecting themselves. “Sadly, healthcare is very vulnerable all over the world. Hospitals have different priorities: they must save people’s lives. As a result, IT infrastructure and security is not the first thing they focus on. Hospitals frequently have to deal with cyberattacks, and some of the more exposed medical facilities get one every eight seconds,” S. Meijere said.

Smart-ID currently operates in Latvia, Latvia, Lithuania and Estonia. S. Meijere said that the highest number of successful attacks so far has been in Lithuania. On average, the company gets a police request once every two weeks in Latvia, and a little more often, in Lithuania. “This is not a lot, actually,” she assessed.

Unremitting competition

Publicity photo

S. Meijere emphasised that it is not only banks that must protect their systems. Every business has to know that whenever someone steals their client database, it is sure to show up on the black market. “There are websites where you can buy the identity of another person and use it to do shopping as well as commit crimes and cyberattacks,” she noted. The situation could improve if the public as a whole become

more intelligent about this, and are provided with better protection. At the same time though, it is worth keeping in mind that the bad guys never stop learning how to bypass new defences. She also believes that cybersecurity and social engineering (in what pertains to protecting internet users) should become a mandatory course in all universities. “All university students had to take civil defence courses in the past: now, teaching cybersecurity should become just as ubiquitous” S. Meijere said. She thinks that in a simplified form, the subject should be taught to pupils as young as year 9, as they already feel at home in the online world.

They even attack hospitals

S. Meijere is an instructor at Riga Business School. She notes a high

Number of transactions growing rapidly

547 thousand people in Estonia, 985 thousand people in Latvia, and 1.36 million people in Lithuania use Smart-ID. In December alone, the total number of transactions was 16 million in Estonia, 25 million in Latvia, and 28 million in Lithuania. According to S. Meijere, the number of users and transactions is growing every month, as the company expands its portfolio of business partners. For example, housing management companies integrate Smart-ID for billing their clients and receiving payments. The latest new group of partners are online retailers of alcohol because they have to confirm the age of their clients. SmartID is also integrated with online lending companies, which conduct all their business online, and use Smart-ID for signing contracts.

58 | I N S I D E R

by ANDA A SERE / L A BS OF L AT VIA, E XCLUSIV ELY FOR BA LTIC BUSINESS QUA RTERLY

Cyber is the next fin-tech So far, the Startup Wise Guys startup accelerator has completed two CyberNorth cybersecurity programmes. The plan is to continue offering this specialised programme in the future.

hen Startup Wise Guys was contacted by a number of stakeholders in Estonia’s cybersecurity industry, including the Cyber Defence Association, the Ministry of Defence, and Startup Estonia, it created a specialised cybersecurity acceleration programme, CyberNorth. “There was no such programme in Estonia at that point,” Zane Bojāre, the Startup Wise Guys marketing manager, said. As far as she knows, Startup Wise Guys is the only private European startup accelerator to offer a specialised programme like this.

Every day-to-day problem

“We are very interested in this field ourselves. We are convinced that cyber is the next fin-tech. 2020 demonstrated this with many people working from home, and facing various security challenges. Five years ago, cybersecurity still only concerned specialists; today, it is an everyday problem for everyone,” Z. Bojāre said. People do not keep their documents on physical devices anymore. Now it is all connected via the cloud, both private and professional affairs. And it is the pandemic suddenly forcing a large number of people to work from home that caused the private and the professional to fuse together. For example, business calls via Zoom take place through a private internet connection that is very likely to have different security

settings. “People worrying about COVID-19 tracking apps, such as Apturi Covid, HOIA or Korona Stop LT, makes me chuckle. We live in a world where Facebook already knows so much more about us. We may be somewhat better protected in Europe, thanks to GDPR, but this regulation also demonstrates how long too little thought was put into the matter,” Z. Bojāre added. She also noted that the value of various digital assets is growing, which results in even greater security challenges. For example, how can you work remotely if you cannot get to the data you store on a cloud, because someone maliciously blocks your access? And the blocking involves not just a few thousand private photos, but also your work files. “One such incident, and your business is paralysed. This affects us all, meaning that we all have to think about and take care of cybersecurity. Moreover, the sophistication of the methods used by criminals is increasing constantly,” Z. Bojāre emphasised.

Substantial interest

Both the programmes carried out so far took place in Estonia. In 2019, the programme took place entirely in person, and in 2020, it began in spring, coinciding with the arrival of the COVID-19 pandemic in the Baltics. Because of this, the venue was changed for the initial part of the programme, and the rest of it happened online, as part of the Latitude59 conference in August.

As part of the two programmes, Startup Wise Guys received some 200 applications, and accepted 16 startups. “Some of the strongest teams in this field come from Ukraine and Turkey. One Hungarian team was admitted to each of the two programmes. Estonia is also represented in both, and Lithuania, in one,” Z. Bojāre said. Startup Wise Guys CyberNorth programme focuses on cybersecurity and defence. Some of the startups in the programme have directed their efforts towards education: for example, Cyex and CyberStruggle offer a solution for training employees and other individuals in cybersecurity. There are also startups helping businesses in data protection, and working in cybersecurity. For example, Webtotem from Kazakhstan helps determine how well a website is protected against cyberattacks. In contrast, Fakes Killer from Ukraine works on fake news. Defence startups, such as Sensus Septima from Estonia, also took part in the CyberNorth programme.

The future belongs to specialisation

Zane Bojāre firmly believes that specialisation and vertical specialisation are the future of accelerators. “We can clearly see this in the selection of applicants. If an ed-tech company applies to our main programme, which focuses on B2B SAAS businesses, and then is accepted both by

I N S I D E R | 59

Cybersecurity startups to watch

Photo: Christoph Steinbauer, Fifteen seconds Festival 2019

our programme and another, specialised programme, that ed-tech company will go for the specialised option. As a result we lose out to specialised accelerators. Our eighth programme had an extraordinarily strong cybersecurity team that chose a different accelerator exactly for this reason. At the same time, as part of specialised programmes you are better equipped to help the teams, by involving experienced partners and mentors from the industry in question,” she said. Angel investors and businesses also have a lot of interest in this topic, and a cybersecurity programme may find it relatively easier to obtain investment than a general B2B SAAS programme. Startup Wise Guys has also conducted a specialised fin-tech and sustainability programme.

Startup Wise Guys is the only private European startup accelerator to offer a specialised cybersecurity programme, Zane Bojāre, the Startup Wise Guys marketing manager

Since 2012

Startup Wise Guys was founded with a mission to help founders become entrepreneurs and build great international tech companies. Since the accelerator’s birth in 2012, in tech-savvy Estonia, it has invested in more than 220 earlystage startups with founders from more than 40 countries. It is the most experienced accelerator in the region with 19 programmes (and an additional 3 currently running) to date and the strongest footprint in the CEE and CIS countries. Startup Wise Guys has offices in all 3 Baltic countries, and in 2020 they expanded to Italy.

Salv (Estonia) - An anti-money laundering, crime-fighting platform Sentinel (Estonia) - AI-driven platform for detecting disinformation campaigns, synthetic media and information Ondato (Lithuania) - Photo and real-time video remote customer identification and KYC services Idenfy (Lithuania) - Identity verification through a smartphone or any computer device Notakey (Latvia) - Modern identity and access management InLable (Latvia) - A secure and unclonable - physically or digitally authentication verification system at the nano-structure level Autom8 (Estonia/Turkey) - Nextgeneration adaptive security tools powered by deep learning Keystroke DNA (Estonia) - Crossplatform behavioural biometric authentication service Trapmine (Estonia/Turkey) - Next generation endpoint protection platform Sensus Septima (Estonia) - Intelligent decision support software that fuses real-time multi-source information SOURCE: BALTIC STARTUP SCENE REPORT

In 2016, the accelerator experienced the first major exit – VitalFields was acquired by the Climate Corporation. In 2019, StepShot was acquired by UiPath. More than 77% of Startup Wise Guys accelerated companies are still actively running business and growing. 7 out of 10 accelerated startups raise a seed round above 100 thousand euros within 6 months of graduation. Accelerator’s startups have raised more than 33 million euros in total. The best-known startups from the Startup Wise Guys family are EstateGuru, Ondato, Ziticity, Fractory, CastPrint, Exonicus, CallPage, PromoRepublic.

60 | B U S I N E S S LO C AT I O N

Pärnu - future gate of Estonia chooses sustainable For the average Estonian, Pärnu is not associated with work and investment, but with sun and – exceptionally for Estonia! – warm se – water. However, the traditions of Pärnu as an industrial city are very long, dating back to 1832. This is not surprising, because the location of the region is very favourable to international business – Pärnu is located near the western part of Finland, Sweden, Latvia – and Russia. by MARI PEEGEL

ith good transport connections to Central Europe, the city has attracted several international textile, wood and electronics companies. Investments in Vi – Baltica, the Port of Pärnu and the high-speed railway line Rail Baltic planned for 2026 have also increased the attractiveness of the region. Rail Baltic’s Pärnu passenger terminal is even designed as – symbolic gateway to Estonia. Among the employees, Pärnu County is valued for its high quality of life, which is ensured by – naturally clean and enjoyable living environment, quick access to unique Estonian islands, as well as the Old Town with its mix of funk-style buildings and older wooden architecture. Not to forget Pärnu’s contemporary art scene and urban culture.

In terms of turnover and profit, the most successful companies in Pärnu County in recent years are forest industry companies such as Karo Mets OÜ and Tori Timber AS. Gradually, as there has been – shift from sawmills to wood enhancement, Pärnu now imports more wood – from Scandinavi – and Poland – than it exports. One of the most successful wood enhancement companies in the region, Ecobirch OÜ, produces birch and pine glulam boards and fingerjointed components. The company is the largest in the Baltics in terms of the production volume of birch shields. The production volume of Ecobirch AS, which belongs to the rapidly developing wood industry group Combi Grupp, is about 25,000 cubic meters of glulam board per year. Ecobirch’s annual turnover in 2019 was approximately €21 million and its profit reached €2.6 million.

Historical connection with forestry

The natural environment affects not only the quality of life in Pärnu County, but also the nature of business. One third of Estonia’s forest resources are located in the Pärnu region, so Pärnu County has – long historical connection with forestry.

One of the most successful wood enhancement companies in the region, Ecobirch OÜ, produces birch and pine glulam boards and finger-jointed components.

Population of Pärnu City: 50,914 Islands and islets of Pärnu County: 444 Coastline of Pärnu County: 635 km Average gross salary (euro) in Pärnu City: 1,162 (2020) Estonian average 1,433 (2020). Number of companies in Pärnu: 12,823 Number of working people in Pärnu/receiving – gross salary: 19,488 Employment in manufacturing sector: 26%

Crisis as chance

Traditionally, the textile sector is also of great importance in Pärnu County, which, in addition to sewing clothes, also manufactures home furnishing products such as blankets, pillows and soft furniture parts. While the Covid-19 crisis has severely affected many companies and industries around the world, there were those

B U S I N E S S LO C AT I O N | 61 Pärnu County is valued for its high quality of life, which is ensured by a naturally clean and enjoyable living environment.

Ruukki, which offers – wide range of sustainable products and services, such as frame structures, plywood panels and facade coverings. Vecta’s design focuses on the production of stretch ceilings. Kodu Kuubis produces straw panels consisting of pressed wheat straw lined with recycled paper. Straw panels ensure – healthy microclimate in the building and they insulate sound. The stone processing company Edelstein also ensures – good microclimate in buildings. Created in 2004 by Merle Laidro, the company processes and polishes stone surfaces to give them – unique and long-lasting character.

Kihnu women phenomenon

Photo: Pärnumaa Arenduskeskus, Priidu Saart/ Visit Pärnu

who were able to respond quickly to the changing economic climate, and even grow. In Pärnu County, it is – representative of the textile industry, OÜ GabrielScientific, that made – significant leap during the coron – crisis. Grown out of – conventional textile company, GabrielScientific had been developing the world-patented SleepAngel PneumaPure bedding products for some time. They provide protection not only against viruses, but also against all kinds of allergens, fluids and pathogens. The international demand for infection-free pillows and blankets in 2020 increased the volume of orders eight times – the products are now exported to almost 50 countries. In addition to Pärnu, another production unit has been established in the US – and in 2021 it is planned to expand to Saudi Arabia. The company’s profit increased 15 times last year and, in order to meet high demand, the factory sometimes works in three shifts.

The driving force

The Port of Pärnu, located at the mouth of the Pärnu River, also boasts good profitability. The shares of

Port Pärnu belong equally to two familiar figures of Estonian business, Rein Kilk and Mati Einmann. In 2018, the turnover of the Port of Pärnu amounted to over €12 million and the operating profit was €4.2 million. In the same year, the Port of Pärnu paid – dividend of €2.5 million. Although tens of millions of euros have been invested in the port in the last decade, the coron – crisis also clipped the wings of the Port of Pärnu. Although the crisis did not affect much of the port’s business, amid the confusion caused by the crisis, the development of the quay in the city centre of Pärnu was postponed. Hopefully the €20 million development of the planned pastime environment similar to Western European ports, with entertainment establishments and restaurants and residential buildings, will be resumed shortly. The driving force of Pärnu industry is also the building materials industry and the stone industry, both of which keep up with the times and offer environmentally-friendly, sustainable production. The largest building material solutions companies are

Pärnu has been – destination for sp – tourism with – wide array of hotels and guest houses with – total of 4,000 beds. However, it is rather the small island of Kihnu, which belongs to Pärnu County, that has been making waves in the world as – tourist destination. The British, German and US press, including the New York Times, have written about Kihnu’s unique matriarchal culture. The Kihnu Cultural Space Foundation, run by Kihnu women who wear folk costumes on – daily basis – red woven skirts and blouses speckled with small flowers – organizes traditional camps for all ages. Under the leadership of the Kihnu Cultural Space Foundation, the Kihnu Lighthouse has been opened as one of the main tourist attractions of the island. Kihnu is – well-kept secret of Pärnu County, and although it is not exorbitantly expensive to have – vacation there, it can be considered – destination for luxury tourism. In addition to tourism and handicraft, Kihnu also pursues another traditional industry in Pärnu County: fishing. AS Kihnu Kal – was founded in 1994 on the island of Kihnu. In 2005, – new cold store was completed in Pärnu. The company specializes in the export of frozen fish as well as spicy and salted fish. The main fish species processed are sprat and herring.

62 | LA W & TA X

Taking compliance seriously: EU whistleblower rules are around the corner

THEIS KLAUBERG ATTORNEY-AT-LAW

KATHARINA PITZEN

Too diverse protection To protect whistleblowers better, the EU adopted Directive 2019/1937 in 2019 on the protection of persons who report breaches of Union law that is now implemented into national rules. It stipulates uniform standards for the member states as well as companies working in the EU that have 50 or more employees. By 17 December, such companies had to create internal processes which provide secure channels for sharing information both within companies and with authorities. Whistleblowers must be effectively protected from dismissal, harassment, or other forms of retaliation. Member states are also required to improve their law enforcement structures, as well as the effective

Whistleblower is a term describing a referee blowing a whistle in the event of foul play. The EU is encouraging citizens to help protect the rules of the game by disclosing misconduct in politics, public authorities, and commercial enterprises. Such whistleblowers, however, act at great risk to their careers and livelihoods. Companies need secure and simple whistleblowing systems to create a work and production environment that is efficient and protects employees.

sanctioning of misconduct and breaches of legal rules. Until now, the legal framework for the protection of whistleblowers in the EU has been too diverse across the EU 27. Some countries – such as France and Italy - have already adopted whistleblower protection laws reflecting the EU goals or embedded the same protections in anti-corruption laws. Other member states provide only partial protection in certain sectors of the economy or for certain categories of employees.

Latvia and Lithuania ahead Lithuania and Latvia enacted the whistleblower laws that came into effect in 2019, although in

LA W & TA X | 63

Lithuania the current framework most likely is not sufficient and requires additional measures. On the other hand, Lithuania has chosen to go a step further and create a rewards program for whistleblowers, though none have been granted so far. In Latvia, the government currently receives comments from the public on how to amend the law. The EU Directive leaves some room for each country to take local requirements and objectives into account. Neither Germany nor Estonia have laws which ensure the protection of whistleblowers in a comprehensive package, but basic protections arise from general employment law, regulations and labour agreements. Estonia just closed its public comments period for the new whistleblowing law that will be enacted. In Germany, whistleblower advocates have harshly criticized the broad proposals put forward by the government so far.

Two main approaches As a minimum, the EU requires all member states to create a level playing field by including the protections listed in the Directive, but going further is not prohibited. Whether to offer financial rewards is up to each country, as is the decision on how to handle anonymous reporting. Consequently, the specific requirements of each country’s whistleblower protection rules can vary quite a bit, and companies based in more than

one member state will have to take local rules into account. A survey among AHK members and beyond carried out for this article has revealed that larger companies in particular have already implemented at least some kind of whistleblower system. The two main approaches can be classified as either following the system of ombudsmen and ombudswomen, or a technology partner providing whistleblower and case management services. An ombudsman (a term taken from the Swedish word for mediator or legal representative) fulfils the task of a neutral arbitrator. For this role, the German companies Deutsche Lufthansa AG and Volkswagen AG have hired freelance attorneys who are not employees of the respective company. As an impartial, independent contact, the ombudsman receives complaints by telephone or in writing and forwards them to a Corporate Compliance Office. It is up to the whistleblower to choose whether the information will be passed on in an anonymized form. Another approach, implemented by the ERGO Group for example, uses an electronic whistleblowing platform for reporting compliance violations. These portals are accessible for clients, business partners, other parties as well as for their staff. Their software allows the anonymous reporting of compliance violations as well as bilateral communication between the whistleblower and the compliance department.

Web-based platforms The European market leaders include companies such as WhistleB from Sweden and the BKMS® Incident Reporting developed by the German company Business Keeper and implemented in companies such as Lidl, Axel Springer and Nestlé. These popular solutions are web-based platforms which are operated and deployed in a closed system - not a cloud solution - and certified according to European data protection law. As the demand rises and will continue to do so due to the Directive’s deadline this year, many new providers of whistleblowing platforms are emerging: EQS Integrity Line, Plan Brothers, and Gan Integrity are just a few other examples. It remains to be seen how companies with an international structure will choose to specifically implement the systems uniformly throughout different countries, cultures and languages. Contrary to the ombudsman, who might not always be available in time or be fluent in the required language, web-based platforms have no restrictions in time and are able to integrate translation software. Some whistleblowers might, however, feel more comfortable contacting an impartial person and being able to talk, rather than using a platform. In the end, a culture change inside the organization will also have to be part of the way to encourage employees and other members to come forward.

64 | T RA D E F A I R S

Gintarė Jonynienė

Representative of Messe Düsseldorf GmbH and Messe München GmbH in Lithuania

Photo: Messe München

FAIR TO SHARE

The trade fair market is quickly trying to adapt to a changing market situation. Virtual and hybrid trade fairs are going online. More and more entrepreneurs are starting to take advantage of the new online solutions to showcase their brands. By doing this, they ask themselves: How do I make my own booth outstanding at an online trade fair to generate new leads and make new contacts?

Differences between online and offline trade fairs

here are several significant features of online communications to avoid simply copying the usual practice of trade fairs online.

example, reduce the format to segments short enough to keep the viewer’s attention.

Attention

The online format is less valuable to the viewer. Watching a video recording of a show is not the same as seeing it live, since we value the real-life experience more. How do we increase the value for the viewer? We need to use the strengths of the internet: engagement by interaction. This is the area where the potential success of new solutions lies.

If the main work of a regular trade fair regarding the expense is dedicated to logistics, then the main objective for an online trade fair is the viewer’s attention. At a physical event, we go to a separate space, away from other distractions, and have a clear focus on getting new impressions and contacts. In the case of online events, the onus of concentration is on the viewer who usually does not focus and succumbs to distractions and temptations. The problem is focusing your concentration on the type of content.

The illusion of multitasking

If we listen to a presentation at a physical conference, we might turn on our phones sometimes. While listening to an online conference, our phones are used more often. Attention scatters and the content passes by because of a lack of involvement. The question is how to raise the viewer’s readiness to focus. For

The viewer’s value is perceived less

The speaker’s value is also perceived less

Unfortunately, participation in an online event is also less valuable for the speaker. If we are going to prepare for a physical conference, we pick out our best suit. Whereas for an online event, a speaker would be just as likely to open a laptop without any preparation or rehearsal. How can we raise the value of the speaker? One way might be making an individualized video with a presentation and conference branding. If you share something, it should be good.

TRADE FAIR NEWS

New perspectives in the city The German Association of the Automotive Industry (VDA) and Messe München are cooperating on the mobility platform of the future. The IAA Mobility will be developed into a leading platform, reflecting the entire new ecosystem of mobility. From vehicle manufacturers and suppliers to technology companies, mobility service providers and local public transport, all the way through to start-ups, the IAA Mobility in Munich will become the meeting place for innovators from Silicon Valley, Europe and as far away as Asia. The fascination of the most advanced cars will continue to be an important part of the new IAA Mobility, and the world’s leading trade show for the automotive sector will also evolve into one of the driving forces for the further development of a major metropolis into a “smart city” with intelligent traffic concepts and innovative connectivity between the modes of transport – sustainable and geared to people’s needs. For the new IAA Mobility, the VDA and Messe München are planning a public event area in addition to the displays in the exhibition halls. In the city centre, smart mobility and smart city concepts will be presented and discussed, and this will involve intelligent and sustainable mobility solutions. The planned locations include Königsplatz, Odeonsplatz, Ludwigstrasse and Marienplatz. The presentation of technology with innovation forums for trade visitors, B2B exchanges and forward-looking keynote speeches will take place on the trade show grounds. A transfer route is planned, linking these sites by means of priority lanes for environmentally-friendly vehicles. Here, too, as many visitors as possible should be able to try out the new mobility concepts and get to know them at first hand. IAA MOBILITY 7-12 SEPTEMBER 2021, MUNICH iaa.de/en/mobility

T R A D E F A I R S | 65

APRIL – JUNE 2021

TR ADE FAIR

INDUSTRY

NEXT DATE 2022-2023

APRIL 12 - 16 HANOVER, DIGITAL

HANNOVER MESSE World’s Leading Trade Fair for Industrial Technology

DIGITAL FAC TORY, INDUS TRIAL SUPPLY, INTEGR ATED AUTOMATION, ENERGY, RESE ARCH, TECHNOLOGY

APRIL 25 - 29, 2022

TR ANSPORT AND TR AFFIC

APRIL 27 - 28, 2022

GIF TS, WATCHES, JE WELRY, CR AF TS, SPECIAL OCC A SION PART Y ITEMS

FEBRUARY, 2022

PAPAER AND PRINTING INDUS TRY, MEDIA PRODUC TION, ADVERTISING, MARKETING

APRIL, 2024

TOURISM, LEISURE, C AR AVANS

FEBRUARY, 2022

TR ANSPORT AND TR AFFIC, LOGIS TICS, GE ARS AND DRIVES, CONVE YANCE AND S TOR AGE TECHNOLOGY, IT, SOF T WARE

MAI, 2023

FOOD PROCESSING AND PACK AGING MACHINERY, TR ANSPORT, LOGIS TICS, CONVE YANCE AND S TOR AGE

FEBRUARY 09 - 11, 2022

FLOORINGS

JANUARY 13 - 16, 2022

COSMETICS, PERSONAL HYGIENE, WELLNESS

MARCH, 2022

MEDIC AL ENGINEERING, HE ALTH, PHARMACEUTIC AL S, C ARE, IT, SOF T WARE

APRIL 26 - 28, 2022

E VENT AND S TAGE TECHNOLOGY

JUNE 06 - 08, 2023

IT, SOF T WARE

MARCH, 2022

CONS TRUC TION TECHNOLOGY, MATERIAL S AND EQUIPMENT

OC TOBER, 2022

TECHNIC AL OPTICS, L A SER TECHNOLOGY

JUNE, 2023

COMPUTER-AIDED - ENGINEERING, FAC TORY AUTOMATION ELEC TRIC AL ENGINEERING, ELEC TRONICS

JUNE 22 - 24, 2022

HANNOV ERMESSE.COM

APRIL 15 BERLIN, DIGITAL

BUS2BUS SPECIAL EDITION Trade Fair and Congress BUS2BUS.BERLIN

APRIL 15 - 19 MUNICH

INHORGENTA MUNICH Europe’s Leading Trade Fair for Jewellery, Watches, Design, Gemstones and Technology INHORGENTA.COM

APRIL 20 - 23 DÜSSELDORF, DIGITAL

VIRTUAL.DRUPA World’s Leading Trade Fair for Printing Technology

APRIL 21 - 25 MUNICH

F.RE.E Fair for Leisure and Travel

DRUPA.COM

FREE-MUENCHEN.DE

MAY 4 - 6 MUNICH, DIGITAL

TR ANSPORT LOGISTIC International Trade Fair for Logistics, Mobility, IT and Supply Chain Management TR ANSPORTLOGIS TIC.DE

MAY 18 - 20 BERLIN

FRUIT LOGISTICA SPECIAL EDITION International Trade Fair for Fruit and Vegetable Marketing FRUITLOGIS TIC A.COM

MAY 20 HANOVER, DIGITAL

DOMOTEX DIGITAL DAY The World of Flooring DOMOTEX.DE

MAY 28 - 30 DÜSSELDORF

BEAUT Y DÜSSELDORF Leading International Trade Fair Cosmetics, Nail, Foot, Wellness, Spa BE AUT Y.DE

JUNE 08 - 10 BERLIN

DMEA Connecting Digital Health DME A.DE

JUNE 15 - 17 BERLIN

STAGE I SET I SCENERY World of Entertainment Technology S TAGE-SE T-SCENERY.COM

JUNE 15 - 17 HANOVER, HYBRID

T WENT Y2X New Tech. New Business. Digitization T WENT Y2X.DE

JUNE 15 - 18 DÜSSELDORF

GL ASSTEC International Trade Fair for Glass Production, Processing and Products GL A SS TEC.DE

JUNE 21 - 24 MUNICH

L ASER WORLD OF PHOTONICS World’s Leading Trade Fair for Components, Systems and Applications of Photonics WORLD-OF-PHOTONIC S.COM

JUNE 21 - 24 MUNICH, DIGITAL

AUTOMATICA SPRINT Leading Trade Fair for Smart Automation and Robotics AUTOMATIC A-MUNICH.COM

66 | T R A D E F A I R R E V I E W S

2.240

from 47 countries

BAU - a permanent fixture in Estonian companies’ trade fair calendar

Elo Saari Representative of Messe Düsseldorf GmbH and Messe München GmbH in Estonia

with the majority of fairs, the international BAU trade fair for architecture, materials and systems was held online in January 2021. The Estonians are well known for their skills with virtual solutions and online communication. So the online version of BAU did not make them feel insecure about participating. This was the fourth time in a row that they were present as joint participators. In total, 7 Estonian companies participated in BAU ONLINE: Bauroc (aerated concrete products), Centene Pro (facade, plinth,

building tiles), Matek (prefabricated timber frame houses), Naps Solar Estonia (integrated photovoltaic systems), Neular (building materials from recycled plastic household waste), Roofit Solar Energy (solar metal roofs), and VECTA Design (stretch ceiling). The experience of VECTA Design is something to share. “The online fair is very positive: everyone who visits your company’s live session or comes to B2B meeting has already visited your website, has learned about the product, and is really interested. The online version of BAU helped us even better to reach the interested representatives of our target group. All together, we had 18 meetings in several formats in which we hosted 40 participants. 9 direct B2B meetings were held and work continues with 10 potential partners”. The innovative solar metal roofs from Roofit Solar

VISITORS

INTERVAL

249.228

every two years

from 150 countries

Energy enjoyed great interest, and not only from German companies. StoneREX (Centene Group) ended the BAU ONLINE with 3 new contacts with very high potential. The most important BAU ONLINE figures are: 247 exhibitors from 29 countries participated, 1,495 live presentations were offered, 4,316 oneon-one talks took place, 38,325 participants from 138 countries joined in

The third time with united forces

For

the third time in a row, the Estonian companies were jointly presented at the MEDICA fair in November 2020. And for the first time in the history of MEDICA, the world-leading medical trade fair and the industry’s number one platform for the suppliers to the medical technology industry, COMPAMED, the fair took place online due to the pandemic. A total of 12 Estonian companies participated in virtual.MEDICA (incl. Enterprise Estonia). Nine companies participated jointly: A & G (assembly,

during the three days, the platform was accessed 218,756 times, and the conference program comprised 31 forums with around 150 experts. The live stream was broadcast for three time zones (Europe/Berlin, USA/New York, Asia/Shanghai). The participation in the exposition of 6 Estonian exhibitors was supported by Enterprise Estonia and co-funded by the European Regional Development Fund.

extrusion in cleanroom), Aquator (hydrotherapy equipment), Chemi-Pharm (disinfection, hygiene), Eumar Santehnika (sanitary washbasins, shower trays), HansaBioMed Life Sciences (research and development of extracellular vesicles), Icosagen Cell Factory (antibody discovery, production, monoclonal antibodies), InterVacTechnology (design, manufacture of medical devices), Myoton (electromedical equipment), Solis BioDyne (reagent supplier, DNA polymerases). Ylima (treatment tables), Nortal (National Health Record, Hospital Information System) were also present separately. The Estonian companies and products got very good

Photo: Messe München

EXHIBITORS

T R A D E T R A D E F A I R R E V I E W S | 67

feedback and publicity. For instance, Myoton was able to present its products in an online interview on the virtual.MEDICA website. The Myoton PRO Digital Palpation Device is a unique, reliable instrument for the objective assessment of muscle tone, stiffness and elasticity in research as well as in clinical settings. For the Estonian companies, MEDICA is the most important fair for finding new clients and learn about the innovations from the medical sector. As

the final report of Messe Düsseldorf about virtual. MEDICA announces, the virtual.MEDICA enjoyed a wide international audience. Despite a very short registration period, a total of over 1,500 exhibitors from 63 nations took part. Over 18,300 items were presented in live programmes in over 100 web sessions, which hosted 300 participants at their peak. Over 45,000 professional visitors (unique users) from 169 nations used the virtual offers and generated

EXHIBITORS

6.398

from 73 countries

VISITORS

INTERVAL

111.154

every year

from 155 countries

405,000 page impressions. International online visitors to the event made up 78% of the attendees. Interesting facts about Estonia: • 95% of health data digitized; • 99% of prescriptions are digital; • 500,000 queries by

SMM DIGITAL and MariMatch@SMM brought the maritime community together

Marge Aedna Representative of Deutsche Messe AG and Hamburg Messe & Congress GmbH in Estonia

SMM

the leading international maritime wtrade fair, normally takes place at the Hamburg Messe und Congress (HMC) exhibition complex every two years. Due to the COVID-19 pandemic, however, the 29th edition of the event took place as a purely digital conference from 2 to 5 February 2021. When it comes to global shipping, artificial intelligence has emerged as one of the prime

technologies to shape the future and is said to be one of the disruptive game changers far beyond big data and autonomous shipping. At gmec – the global maritime environmental congress – industry experts from the maritime, ferry and cruise shipping sectors exchanged ideas about the role shipping is playing in tackling the growing climate change crisis. Offshore Dialogue was an expert discussion on the monitoring and sustainable use of the oceans. The TradeWinds Shipowners Forum at SMM provided a comprehensive view of the German shipping market with debates and discussions on the future of container shipping and shipbuilding. At MS&D, the International Conference

on Maritime Security and Defence, renowned experts discussed military defence challenges, technology developments and cybersecurity. The free Open Stream at SMM DIGITAL offered people a unique opportunity to update their knowledge in the course of the Speakers’ Corner Slots with exciting innovations, product highlights and projects from leading players in the maritime industry. The entire content of SMM DIGITAL is available on demand on the website free of charge. EXHIBITORS

2.249

from 67 countries

doctors every year; 100% electronic billing in healthcare. The project management of joint participation online was done by Enterprise Estonia. Participation in the exposition was co-funded by the European Regional Development Fund. •

Furthermore, the makers of SMM DIGITAL created an additional communication platform that extended beyond the scope of the conferences. This platform provided over 400 companies with an opportunity to meet future business and research partners and expand their own maritime networks. The next SMM will take place from 6 to 9 September 2022, but first we welcome you from 8 to 10 September 2021 to MARINE INTERIORS 2021 Cruise & Ferry Global Expo powered by SMM – Europe’s first stand-alone trade fair for interior design, equipment and technology for passenger ships. VISITORS

INTERVAL

45.604

every two years

from 75 countries

68 | T R A D E F A I R I N T E RV I E W

by LĪVA MELBĀRZDE

Task 2021: to make exhibitions possible again “We have learned that personal contact, a deeply human behaviour, can become a permanent threat, and this is something most of us probably never imagined”, says Jörn Holtmeier, Managing Director of AUMA – Association of the German Trade Fair Industry. The Baltic Business Quarterly talked to him about the learning effects of the pandemic and the future prospects of the German Trade Fair Industry.

Could you please tell us a little about AUMA, what are your core tasks during this time?

industry. That is why political communication is currently the focus of our work.

To a certain extent, AUMA reflects the long-standing importance of trade fairs to the German economy and cooperation within the sector. It was founded as early as 1907. Our members are trade fair organisers, but also associations representing exhibitors, visitors and service companies. Our most important tasks include representing the interests of the entire industry vis-à-vis politicians in Berlin and Brussels, supporting the German industry’s participation in trade fairs abroad, and providing information and advice to exhibitors and visitors from all over the world. For the latter, we work closely with the German Chambers of Commerce Abroad, as well as with the Chamber for the Baltic States. At the moment, we are particularly preoccupied with the corona pandemic and its consequences for the trade fair

What do you see as the three most important strategic tasks that you want to accomplish now? Our three most important tasks this year are: to make exhibitions possible again; to reduce the financial losses of our members due to the corona pandemic by lobbying for government support programmes; and to steer AUMA itself safely through these difficult times. What role do trade fairs play in the economy as a whole? Normally, the organisation of trade fairs contributes around €28 billion to Germany’s economic output. Exhibitors and visitors alone spend around €14 billion a year on their participation at fairs. Some 250,000 jobs are secured in Germany through the organisation of exhibitions.

However, the corona pandemic caused considerable damage to the German trade fair industry in 2020. The revenue of exhibition organisers dropped by almost 70%. The effects are also felt by many other sectors, especially stand construction, but also hotels and restaurants in the trade fair cities, forwarders, taxi drivers and local retailers. Of the €28 billion mentioned, only about €6 billion remained last year. As a result, more than 100,000 jobs are at risk in various sectors of the German economy. How quickly do you think the trade fair business will recover and in what direction is it actually developing? The further development is currently difficult to calculate. More than 100 of the 380 trade fairs originally planned for 2021 have already been cancelled, especially in the first quarter. We hope that exhibitions can take place again in the second

T R A D E F A I R I N T E RV I E W | 69 Photo: AUMA

quarter, especially those with national and regional significance. The trade fair business will probably only start on a larger scale after the summer break. The progress in vaccination will also be decisive. The sooner large numbers of people throughout Europe are vaccinated, the sooner and more successfully trade fair business will be able to restart everywhere. This is especially true for trade fairs with international significance. What learning effect has the pandemic brought to the trade fair business? We have learned that personal contact, a deeply human behaviour, can become a permanent threat, and this is something most of us probably never imagined. At the same time, we have learned to deal with it to a certain extent and to be considerate of each other. We also had to realise that business models that worked well for decades can come to an abrupt halt. But this also opens up

the opportunity to concentrate on the core of the exhibition and to further develop successful dialogue and innovation platforms from it, perhaps in a somewhat reduced form. What do you think about virtual fairs? Do they have a future? Last year, around 50 cancelled trade fairs were replaced by digital events. Especially in these times, they have an important function: many exhibitors could and can show their presence to their customers and convey information. But in my estimation, purely digital formats will not be a model for the future. Many companies say that it is extremely difficult to acquire new customers digitally and to convince customers of the quality of new products. Presence, whether of people or products, simply creates trust more easily. And like no other instrument, trade fairs offer the opportunity to experience products with all the senses. Exhibitions are also highly relevant as media events.

We had to realise that business models that have worked well for decades can come to an abrupt halt. But it also opens up the opportunity to concentrate on the core of the exhibition, Jörn Holtmeier, the Managing Director of AUMA

That’s why we still need strong real fairs, but digital supplements will become much more important too, especially because of the restrictions on travel, which will continue to exist for a longer time, especially at the international level. Do you think that trade fairs will become more local in the near future, such as European instead of international? For the time being, we will certainly see more trade fairs that are more oriented towards Europe, but also towards regional and national markets. However, international trade fairs, where people from all continents meet, have such a fascination that they will experience a strong comeback – perhaps not yet this year, but in the foreseeable future.

70 | S K I L L E D - U P

Gain: More competent managers by MĀRIS ĶIR SONS

Skilled-Up vocational education and training brings plenty of benefits for students and woodprocessing companies. This EU project was launched in Estonia, Latvia and Lithuania in October 2019 and “Baltic Business Quarterly” asked the participants for their feedback.

Employees are trained to become better managers GUNITA MEIERE HEAD OF THE PERSONNEL DEVELOPMENT DEPARTMENT AT JSC LATVIJAS FINIERIS The Skilled-Up programme is based on the experience in Germany and has been adapted to the needs of the Baltic wood industry. In Latvia, it is usually the case that young people find the school and then the school, in turn, looks for the companies where young people can be trained. In Germany it is different. There, employers offer their employees the chance to get additional professional training, which is needed for management positions, for example. Of course, a person’s motivation is much greater if they have already found a job and want to grow professionally compared to someone who has never worked

in a real company before. Four of our employees are currently taking part in the Skilled-Up programme. As they learn twice a week, our job is to plan who will replace them during this time. It was also planned to have experience exchanges with colleagues in Estonia and Lithuania. Due to Covid-19, however, it will probably not be possible to do so in the time allotted. I am convinced that the Skilled-Up programme benefits both employees and the company. Another aim of this programme is to develop a training plan which could then be accredited by a university. This would make the possibilities of this programme accessible to a much wider group. At the moment, it is a pilot project for the wood industry, but this valuable experience could later be transferred to other industries.

INGUSS FREIBERGS SHIFT MANAGER AT THE FUNIERIS PLANT An important benefit of SkilledUp training is that a great deal of information is provided about how to deal with people, how to evaluate one’s own actions and how to communicate with others. Thanks to the training, I can better assess the employees and find the best way of communication to achieve the desired result. I also appreciate the fact that we can visit other

companies during the training. There are currently 50 people working under my leadership and I view the Skilled-Up programme as a kind of springboard for my career. I started as a simple worker, now I am the oldest shift manager and I would like to achieve even more. But this is only possible if I continue my training and acquire more knowledge and experience, which is what Skilled-Up offers.

Knowledge is the prerequisite for increasing competitiveness ANDIS ARAKS MANAGING DIRECTOR OF SIA KRAUZERS Two employees from our company are taking part in the Skilled-Up project. The benefit for the company is that the employees with more knowledge and better qualifications then use their new skills for more qualitative work and are able to complete various processes in the company. Nowadays, knowledge plays a crucial role and increases efficiency in all areas. The Skilled-Up training programme is a great way to deepen knowledge in different areas. It was very good that there were also practical lessons where the students visited corresponding companies and immediately saw the new knowledge in practice.

Publicity Photos

An Investment in the future competitiveness GATIS EGLĪTIS EXECUTIVE DIRECTOR OF SIA IKTK Thanks to the Skilled-up programme, we will have more competent managers who will have a much better understanding of the processes

ANDREJS DOMKINS THE PRODUCTION MANAGER OF SIA IKTK In almost in every part of the programme, we have worked practically and have been able to prove ourselves. In this way, we have experienced and learned new things. I found the visits to other companies particularly useful because they gave me new ideas. The communication with the other first level managers gave me the opportunity to look at the same problem from several angles and to find different solutions.

Divisional manager expands his knowledge ANDRIS KORIS MEMBER OF THE BOARD OF SIA KONTO in the company and will be able to manage production. During this programme, we trained two first level managers who both have a great deal of practical work experience but no background in wood processing. The Skilled-up programme is not a classical education but it is aimed at acquiring practical skills and sharing experiences, which is also a great advantage of the programme. Training the employees in Skilled-up is also an investment in the future and competitiveness of the company. Although there is always a risk that a well-trained employee will leave the company, I believe that the risk is even greater if you do not train the employees and they stay in the company. I can only say that both managers who participate in the Skilled-up training programme have already proposed several novelties which they have seen in an exchange of experiences in other companies. This is also proof of what this training and education programme brings.

We have trained one of our employees Gatis Kļaviņš with the Skilled-up programme. He has been working in our company for 18 years and was promoted to the position of production manager two years ago. The main benefit of participating in this programme is that, after the training, Gatis always talks with interest about what he has heard, seen and learned. This already proves that the training is interesting and useful. I don’t think you can measure everything in numbers only. I very much hope that after this training the new managers will have fewer unfamiliar terms, more contacts, more insight into the processes and more courage to face all production challenges. I also very much hope that the theoretical knowledge gained will give them more conviction and strengthen them as leaders in their teams. When the decision was made on the Skilled-up programme, the decisive factor was the content of the

training – the modules. I found that the 10 modules included practically everything a young production manager needs to know. Of equal importance was the opportunity to visit other companies in Latvia, Estonia and Lithuania, which is not easy to do otherwise. An important area of training for new managers is dialogue building with the team, how to talk to the employees and how to solve conflicts. It is also important to know what makes the price and how to calculate the costs. This was included in the Skilled-up programme. But the decisive reason was that the training was specially designed for wood processing. I must also mention that the financial conditions for the Skilled-up programme were favourable. All these positive reasons made it possible to cope with the fact that the training took place during working hours.

Disclaimer

The European Commission’s support for the production of this publication does not constitute an endorsement of the contents, which reflect the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

72 | EVENTS Photo: AHK

Nowadays you drive at the AHK at 250 km/h

How have trends changed regarding companies’ requests to the AHK? At the very beginning, we at the AHK received enquiries by post. Now you just have to start your PC, but 25 years ago you went to the post box, picked up the letters and then read what was in there. The pace of work at the AHK has also increased a lot. If you compare the speed of 25 years ago and today, it’s like comparing a main road and a motorway - nowadays you really step on the gas and drive at 250 km/h. How has cooperation between Germany and Lithuania/Baltic states developed? “Made in Germany” has always played a very important role in our region. From the very beginning, everything from Germany could be delivered to the Baltic countries and everything was needed – from shoes to household goods and cars. The demand here for German products was great, but the reverse was difficult. We were not known at all and had been behind the iron curtain for many years. It took a lot of convincing to get things going. One thing that must be said, however, is that the Germans were already curious about what was happening in this region, although, until the Baltic countries joined the EU, they were more or less individual attempts to understand what Lithuania and the Baltic states actually were. After the EU accession, our relations with Germany really expanded and so did the AHK. From 2004 on, the main business of the AHK was to take care of the delegations from Germany – and we had them every 2-3 weeks. We met many companies, established contacts and organised communication exchanges. That was really a golden

The AHK in Lithuania celebrates its 25th anniversary this year. Baltic Business Quarterly asked the head of the Lithuanian office of the German-Baltic Chamber of Commerce (AHK) Audronė Gurinskienė to compare the AHK then and now. History has had many exciting twists and turns.

time for our region, when we could introduce ourselves to German investors. That is different now. Lithuanian companies have now grown to the point where they go to Germany themselves, and the Germans don’t come in delegations so much anymore, but do business individually. In the past, a big obstacle to international business, even with Germany, was language skills – we needed a translator or interpreter for every service we provided. Nowadays, that is no longer necessary. What else is different today? The topics we work with have also changed. Nowadays, we often do a monitoring of tenders, start-up screening, projects in the field of vocational training, deal with topics such as Industry 4.0, Green Deal and the leasing of employees to German companies. These are new areas and, of course, we have to develop further and reorganise our services accordingly, but it is also a very interesting process. How has Lithuania developed in these 25 years? Lithuania has often been seen as a Bangladesh by the EU, where goods can be produced cheaply. But this trend is changing, as we have grown from a cheap product manufacturer to a product developer and Lithuanian companies are increasingly seen as equal partners, also in Germany. For me personally, it is really exciting to see how surprised German companies often are that Lithuanian companies are even better organised in some areas or can offer something that amazes the Germans. Of course, 25 years ago it was completely different – Lithuanians looked to the Germans as role models. Everything that came from Germany was simply super. Now it’s becoming more balanced and the Germans can learn a lot from the Lithuanians too. IN CONNECTION WITH THE 25TH ANNIVERSARY OF THE AHK IN LITHUANIA, VARIOUS ACTIVITIES WILL BE CARRIED OUT, ABOUT WHICH WE WILL INFORM YOU STEP BY STEP. ALL CURRENT EVENTS CAN BE FOUND ON WEBSITE WWW. AHK-BALT.ORG AND OUR SOCIAL MEDIA CHANNELS.

EVENTS | 73 Photo: AHK

German-Estonian Conference on Dual Education “Vocational training in the workplace combined with learning in vocational schools, and independent quality assurance throughout the training process” are three of the key elements of a dual vocational training system, according to Tobias Bolle, coordinator of the Competence Center International Vocational Training at the DIHK. He was one of the experts from Germany and Estonia who discussed the two countries’ approaches to vocational education and training, and provided insights into the challenges and experiences at our virtual conference on 1 December 1 2020. The conference was opened by Christiane Hohmann, the German Ambassador to Estonia. 94% of the conference participants stated that they think Estonia should improve its dual VET system. We hope that this conference will start a thinking process on how to promote and support on-the-job training in cooperation with vocational schools in Estonia. Many thanks to all participants and speakers and to the German Embassy in Estonia! LN

74 | T R AV E L

Virtual Escapes While there is nothing comparable to seeing the beauty of the world through your own eyes, technology nowadays allows us to visit many places virtually. So even though travel is restricted at the moment, you can go almost anywhere from the comfort and safety of your home. Baltic Business Quarterly offers you some couch travel recommendations for the Baltics. by ALEXANDER WELSCHER

the

coronavirus lockdown has brought almost the entire world to a halt. People have been advised to stay at home and uphold social distancing as well as self-isolation. Avid travellers and keen explorers are having a hard time adjusting to a life of confinement at home, but there are still many ways to explore various destinations and venues. New technologies such as Virtual Reality (VR) and Augmented Reality (AR) are opening up a whole new way of immersing oneself in history, art and travel, and enabling us to enjoy interactive and entertaining content. They both allow virtual travel to far-away countries, as well as the exploration of cultural and historical sites from the comfort of your own four walls. This makes it possible to dream about all the fun you might have there in reality once the pandemic is over. All you need to do is put on your VR headset, sit back, and set sail on these virtual reality tours and experiences that let you move around in every direction and naturally communicate with the digital world. Just make sure that your stationary or mobile device is sufficiently charged. Many of the sites are also available without

VR headsets on various devices, such as smartphones, tablets, mobile phones and computers.

Take a virtual vacation

You might feel sad about not being able to travel and get a first-hand experience, but technology at least puts the whole world within your reach. Explore the world in high-definition virtual reality through Google Earth VR. This free desktop application compiles satellite and aerial imagery to reconstruct a simulated globe. You can use it to teleport virtually anywhere in the world. Browse any spot you want to visit – and you will be there instantly. Stroll down Broadway, fly over the Alps or soar along the Chinese Wall. Start your journey now! Digital explorers can also head to the Baltics where you can enjoy the virtual experiences offered by local tourism operators. Use your VR headset to stroll around Tallinn Old Town or do a virtual island hopping tour. Or learn about the story of e-Estonia via a collection of virtual reality videos narrating the birth and rise of the digital nation. You can even have a personal audience with both the current President Kersti Kaljulaid and the previous head of state Toomas Hendrik Ilves.

What are VR and AR? Virtual Reality (VR): immerses the user in a 360-degree digital environment, most commonly using a headset such as Oculus Rift or Google Cardboard. Augmented Reality (AR): integrates the physical, real-world environment with computer-generated digital content such as sound, video and graphics, most commonly via an app on a mobile device.

Along with its official website, Lithuania. Travel boasts a 360° journey experience on its YouTube channel. You can use your VR headset to watch a variety of videos presenting the natural and cultural heritage of Lithuania. Also Virtual Vilnius has much to offer: hop on a canoe and float through the city along the Neris river, tour around the best spots with a personal guide on foot, by scooter or bicycle, or sail on a yacht on the lake around the Trakai Island Castle. The special tour “Inside the Vilnius Ghetto” explores arts,

T R AV E L | 75

made culture available online to everyone through high-resolution images and immersive technologies. One can enjoy full virtual museum tours at the click of a button now. You can easily zoom in and out of paintings, sculptures and artworks by renowned artists. Or get a new perspective and explore some of the masterpieces in 3D or 360°. Discover artworks and artists alphabetically, by period or in a playful way with art trivia, visual crosswords, artistic jigsaw puzzles and colouring books. You can also be creative with arts and culture: take a selfie and transform yourself into an artwork or discover your artistic twin.

Photo: Kristi Sits

education and creative endeavours within the former ghetto in the 1940s and the people behind them. In Latvia, many interesting places have also been made available through virtual tours and 360° panoramas. Just set up your headset and start the application to visit Riga and numerous other places across the country throughout the seasons, travel along the Baltic sea coastline or immerse yourself in historical re-enactments of different epochs. Or join video livestream explorations of the Gauja National Park that allow you to remotely attend traditional cooking lessons, history classes, and participate in walks or

boating tours. Other virtual tours without VR lead along the never built metro in Riga or repeat the legendary performative walks along the Bolderāja railway. Indulge and enjoy!

Explore museums from home

When did you last go to a museum, art gallery or cultural site? Most of them have currently closed their doors for visitors, but that does not mean their treasures are lost. Museums, heritage sites, famous landmarks and hidden gems across the world are now at your fingertips and can be accessed from anywhere with Google Arts And Culture. The website and app of Google’s free initiative has

AR allows you to project 3D models into the real world through the camera on your phone. It also lets you decorate your home with famous paintings, ancient artefacts or contemporary art. The stunning visuals will even keep your little ones entertained – and there are plenty of interesting facts to pick up along the way, too. You can explore physical and contextual information about artworks, compile your own virtual art collection and discover iconic cultural heritage sites from the Pyramids to Pompeii. Alongside the world’s most prestigious exhibition halls, museums and galleries in the Baltics have also made their collections available online in 3D and on virtual platforms. Please check our website https://www.ahk-balt.org/ for a list of online experiences in the Estonia, Latvia and Lithuania. Explore history, art and educational information from home at your own pace without being disturbed by other visitors, and get as close as you want.

76 | A H K N E W M E M B E R S

SERVICE

Pedersen & Partners

INDUSTRY

Thorsteel OÜ

Tech Group AS

Tallinn, Estonia Signe Vilipus +372 581 434 28 signe.vilipus@ pedersenandpartners.com www.pedersenandpartners. com/offices/tallinn/estonia Pedersen & Partners is a leading international Executive Search firm, founded by Poul Pedersen in 2001. We cover 5 continents through 54 wholly owned offices across 50 countries. Our global team consists of more than 330 employees from over 50 nationalities. We strive to make a difference to our clients by providing high quality advice on management recruitment, and by consistently providing our clients with access to the best available leaders and managers.

INDUSTRY

Tallinn, Estonia Jaanus Kikas +372 52 70 543 jaanus@ thorsteel.eu www.thorsteel.eu

Tallinn, Estonia Märt Lepik +372 667 0845 info@techgroup.ee techgroup.ee Tech Group is passionate about building machines and delivering innovation. The company’s experts cover the entire process of a machine building project to precisely meet the scope of their clients’ requirements – from analysis, design and engineering; all the way to purchasing, production, assembly, testing and logistics. Tech Group specialists tailor their services to meet their customers’ needs. For 16+ years, Tech Group has been delivering contract manufacturing machine building projects not only for multiple global OEM’s but also for startups and scaling technology companies.

SERVICE

Lidl Eesti OÜ Tallinn, Estonia Jakob Josefsson +371 29269231 +372 643 7166 info@lidl.ee www.lidl.ee The retail company Lidl, part of the Schwarz retail group headquartered in Neckarsulm (GER) is one of the leading food retail companies in Germany and Europe. The turnover of the Schwarz Group amounted to 113.3 billion euros in 2019. Lidl is represented in 32 countries worldwide and operates 11,200 shops and more than 200 logistics centres in 29 countries worldwide. Lidl employs more than 310,000 people. Lidl offers its customers fresh products of the highest quality, meat and bakery products as well as industrial goods at the lowest prices. Lidl Eesti OÜ founded in 2018, is currently focused on building a store network across Estonia.

Thorsteel has 11 years of experience in producing large variety of stainless steel multifunctional batch mixers and process tanks. Clients, many being key players in their industries, highlight that the uniqueness of Thorsteel lies in tailor-made solutions, poised with efficiency and quality as our team provides the Design, Engineering and Production of all our products. Welding Management System has been certified according to ISO 38342:2005 by BVQI, management system fulfils ISO 9001:2015 requirement.

INDUSTRY

HANZA Mechanics Tartu AS Tartu, Estonia Emöke Sogenbits +372 746 8800 hanza-mechanics-tartu@hanza.com www.hanza.com HANZA Mechanics Tartu offers a complex manufacturing solution solution (like HANZA slogan “All you need is one” says) for mostly medium size companies, while using multiple technologies in one location. We have sheet metal, machining, cable harnesses in one location, which are used for both serving the customers separately, but also for complex final assemblies, testing and shipping to end customers. The biggest value offer is sustainability – instead of buying all components from different suppliers, the customers will receive full solution from one place. Our main partners are industrial engineering, medical technology and food industries.

A H K N E W M E M B E R S | 77

INDUSTRY

N2 Global N2 Global Manufacturing Rīga and Liepāja, Latvia Valdis Libans valdis.libans@ n2global.net +371 29224422 N2Global is a Canadian-Latvian company that develops and produces innovative nitrogen fire-suppression generators for global markets. The company’s R&D process is done in Toronto, Canada as well as in Riga, Latvia, where the best experts in the field are constantly working on streamlining the clean agent fire suppression technology, while production process, in line with the world standards, is being held in Liepaja, Latvia. Our mission is to provide customers with total confidence that N2G generators are keeping their crucial infrastructure, property and valuables safe 24/7.

SERVICE

Stena Line SIA

Vivanti Europe

Rīga, Latvia Oskars Osis +371 63607220 salessupport.lv@ stenaline.com stenalinefreight.com

Rīga, Latvia Elvijs Gulbis elvijs.gulbis@ vivanti.eu +371 27730967 www.vivanti.eu Vivanti is dedicated to supporting our clients and evolving right along with them. We know that our clients need a total strategy for how to market to their ideal customers and also how to build a business with sustainable growth. That’s why we’ve built a powerful creative and design team to support your overall content needs and brand. As a result, our multidisciplinary team focuses on three areas: multichannel marketing, creative solutions, and educational programs. Each area has grown organically out of real client needs and stand as pillars that support the Vivanti mission of growing your business today and preparing it to reach new heights tomorrow.

INDUSTRY

Primekss

Stena Line is one of the largest ferry companies in the world with the widest route network in Europe. The main business sector is based on passenger and freight transport. The company operates 34 vessels on 17 different ferry routes, operating in 6 different European regions. Our vision is written on our ships - “Connecting Europe for a sustainable future”. We at Stena Line believe that it all starts with care. This means that we care about our customers, our business, the environment and take care of each other. The company employs more than 4,300 employees of 50 different nationalities.

SERVICE

Corporate Solutions Rīga, Latvia Baiba Blake baiba.blake@primekss.com +371 29461172 primekss.com

Primekss, founded 1997, is a concrete contractor and one of the leading concrete technology companies, with own R&D center. Company has developed own high-performance truly joint-less concrete flooring system – PrīmX. PrīmX Self-Stressing Steel Fibre Reinforced Concrete is made with chemical compressive pre-stress to have a stronger material and stiffer section along with improved hygral shrinkage control. PrīmX concrete flooring system is the choice of some of the most sophisticated customers. Technology is available worldwide, delivered via own resources or qualified licensee partners

Rīga, Latvia Imants Felsbergs + 371 678 477 62 info@csolutions.lv www.csolutions.lv Corporate Solutions is a group of IT companies that provides fullservice IT services to companies throughout Latvia. We implement any scope of IT projects, incl. design, implementation, maintenance and support of ICT infrastructure, data transmission networks, data centres, information systems, as well as security solutions of any kind.

78 | A H K N E W M E M B E R S

Novatronas, UAB Kaunas, Lithuania www.faberis.eu info@novatronas.lt + 370 67318383 UAB Novatronas is a developer & manufacturer of products that combine wisdom; innovation and quality. We have been manufacturing a wide range of products for our customers for 18 years. Many of our prototypes became serial products that our customers used in their factories. We also manufacture for system integrators - companies that create production lines for which we design parts/ modules.Our specialists offer individual and innovative solutions. We are particularly proud of our high-tech products: Measuring, sorting, loading, cutting, mixing, dosing, packaging equipment, etc. Our qualitative products are distributed in many countries worldwide.

SERVICE

INDUSTRY

Achemos grupė, UAB koncernas

Memel Consult MB Vilnius, Lithuania Genadijus Smertjevas + 37068571156 gs@memelconsult.lt memelconsult.com

Vilnius, Lithuania info@achemosgrupe.lt + 370 2492000 www.achemosgrupe.lt The Lithuanian group of companies ACHEMOS GRUPĖ manages over 40 companies from Europe in the fields of fertiliser production/trade, agribusiness, handling & logistics, energy, gas production/trade and development. The group’s products are exported to more than 30 countries worldwide. With 4.6 thousand employees, the Group is one of the largest employers in Lithuania and actively participates in activities of associations that bring together national and European production sectors; Fertilisers Europe, Lithuanian Industry Association (LPK), Stevedoring Association, Lithuanian Wind Power Association, among others.

INDUSTRY

SERVICE

Autokurtas UAB Kaunas, Lithuania Marius Giedraitis +37065299645 info@autokurtas.com

The Lithuanian company Autokurtas is a leading fullservice truck repair service network that has been operating in Lithuania for 21 years. They currently have four branches in the Baltic state (in Kaunas, Vilnius, Klaipeda, and Siauliai). The company specializes in maintenance and repair of commercial vehicles, supply of truck spare parts, long-term service of the Lithuanian army, superstructures for food logistics solutions and auxiliary heaters. The team consists of 110 professional specialists who repair about 1,150 trucks per month.

Regardless of your size, where you are and what you do, you have something to sell to German customers. We will show you how to do it. With you at every step of the project - from market research and planning to implementation and evaluation. Memel consult team always uses a hands-on approach with the aim to transmit the best of Made in Lithuania to Germany.

Teisės riba UAB Kaunas, Lithuania Kristina Cipkuvienė info@teisesriba.lt www.teisesriba.lt +37060545421 The legal services company Teisės Riba unites lawyers in Lithuania and abroad (Europe, CIS countries), who act as corporate law partners, advisors and consultants. We are a fully integrated regional law firm providing business legal services in Lithuania, Europe and the CIS countries. By sharing experience and knowledge between offices, teams and sector groups in different countries, we save client’s time searching for information, so we can focus on creating the solution that best meets the customer’s needs, creating solutions based on close partnership and growing customer business.

A H K S P E C I A L | 79

Sharing memories of Feuerzangenbowle

Photo of Agnė Ambrazevičienė CMO, Hegelmann Transporte UAB

Florian Schröder, CEO at the German-Baltic Chamber of Commerce (AHK), introduced the Feuerzangenbowle in a short festive video speech.

Dr. Lada Kalinina CEO, Jungheinrich Lift Truck SIA

Photo: AHK

the end of year 2020, we introduced our Baltic colleagues to the German tradition of drinking the burnt punch known as Feuerzengenbowle, and watched the famous 1940s German comedy, which is also called “Die Feuerzangenbowle”. The members and friends of German-Baltic Chamber of Commerce (AHK) received a bottle of rum and the two sugar lumps required to make their own Feuerzangenbowle. Additionally, we asked our members to post a picture of them and their Feuerzangenbowle to our AHK app by 31 December 2020. With a hint of a Christmas miracle, some of them won a secret prize – publication of their picture in the Baltic Business Quarterly! We hope the Feuerzangenbowle also gave your Christmas a new tasty touch with an old German tradition. LM

Karina Kovalova, Client Relationship Manager, Skrivanek Baltic SIA

80 | SHOOTING STAR

Founder and CEO of Veriff: Kaarel Kotkas

Building trust online by ALEXANDER WELSCHER Photo: Veriff/ Jake Farra

Identity verification has become an essential part of any business online. The Estonian start-up Veriff has developed a technology that enables companies to authenticate if a person really is who he or she claims to be.

dentity theft on the Internet continues to rise. On an average, business enterprises worldwide annually loose over 200 billion US-Dollar due to identity theft, according to the Global Identity Theft Protection Services Market report. The Estonian start-up Veriff wants to prevent this and is working on solutions for this problem that recently has increased significantly due to increased online activities as a result of the coronavirus pandemic and the ensuing lockdowns. “We are dealing with the main issue of online communication and electronic business transactions: the secure identification of a person,” says company founder and CEO Kaarel Kotkas. “We make sure that a person is who it claims to be and has not been involved in any fraudulent activity.“

The 26-year-old Estonian entrepreneur can point to relevant personal experiences – he himself once also pretended to be someone else on the Internet. At the age of 14, Kotkas tried to buy biodegradable rope for hay bales to be used on his

parents’ farm on Estonia second largest island Hiiumaa. But the security system of the online marketplace did not allow him to register because of his age. Thus he quickly photoshoped the picture of his ID, changed his birthdate and made himself ten years older – and so managed to order and buy the rope he needed without any further problems. In his youthful recklessness, Kotkas did not realize that he had done something illegal back then. But when he discovered some years later that he could still bypass the systems of some global online market players with the same trick, he decided to do something against the intimidatingly low barriers to secure online identification. The one-time-scammer set up a company in 2015 and named it Veriff – a portmanteau of ‘verify’ and ‘sheriff’. Since then, the Tallinn-based start-up helps companies to verify the identities of individuals, so that they always know their customers. To ensure that no fraudsters are at work, Veriff has developed

its own technique – a highly automated verification process driven by Artificial Intelligence. What might sound difficult happens in reality rather quick and simple: “All in all, it usually takes less than a minute. First, you have to take a photo of your ID, then a selfie, and finally submit the information. In the background we record a video of the verification process to make sure it is done voluntarily and crosslinks all the datapoints to make sure the person really exists,” Kotkas explains. “We compare face and photos, check the validity of the document and analyse the network and device data that is used for the verification process. Our algorithms are so precise that we can even distinct twins.” Veriff is now supporting identity checks of over 9,000 different government issued ID-documents from all over the world and is available in 36 languages. The core markets of Veriff are the US and Europe with Great Britain and Germany. Customers include banks, fintechs and cryptocurrencies but also mobility service providers, e-commerce

websites and sharing economy platforms are relying on Veriff that uses the collected data for identity verification purposes only, according to Kotkas. During the COVID-19 crisis, Veriff entered new industries such as remote access, notaries, and education. The privately held firm saw its customer base grow 3.7-fold in 2020 and raised also an investment round. It is currently one of the fastest growing companies in Estonia and predicted to soon become the sixth Estonian startup to surpass a billion Dollar market value and attain unicorn status. However, for Kotkas, who has been ranked among the top 25 most influential young entrepreneurs in northern Europe, it is not the valuation, but the impact that matters. “Our ambition is not to become a unicorn but solve this identity problem and to make honest people trusted in the online world”, he claims. „Ultimately, for all the software and technology, what Veriff stands for is building trust. And in order to trust you have to properly verify – be it online or in real life.“

Subscribe Baltic Business Quarterly and be informed about business in Baltic States - trends, topics and events that determine the business landscape. It is the only business and investment orientated magazine with a special focus on the Baltic region as a whole.

10.00 € for whole year! w w w.abonesana.lv/product/bbq