10Guards: Cyberattacks through social engineering are inevitable

Извините, этот текст доступен только на “Английский”. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

Looking at the posts and comments in our LinkedIn Security Industry Group, it is clear that cybersecurity is a key topic for many of our members, even if their primary focus is on physical security. In our current world there is no physical security if there is no information security. Sufficient reason to talk to an expert about the current state of affairs in cybersecurity. We have had the privilege to speak to Vitaly Yakushev from 10Guards, a cybersecurity company from the Ukraine.

Can you briefly introduce yourself, your organization and your occupation?

10Guards is a cybersecurity company with over 12 years of specialized experience. Our HQ is in Kyiv, Ukraine and in addition we have seven corporate entities worldwide.

We have mainly served the markets in the European Union (EU), the United States of America (USA), Australia and the United Arab Emirates (UAE).

10Guards helps companies become cyber-resilient by providing business solutions that protect vital
assets before, during and after cyberattacks. We provide business continuity through services that detect, analyze and eliminate cyber
vulnerabilities. We help define internal business processes to reduce vulnerability. We help business recover from cyber attacks and other malicious events.

Services 10Guards provides:

    A comprehensive security focused audit of a business structure and processes, technical security, resilience and outsourcing processes.
    Penetration tests, cybersecurity drills, bug bash, application & IoT device security reviews.
    An assessment of compliance of data management processes within a company from a technical and legal prospective.

10Guards is very experienced in the field of information security and cyber security. What are currently the threats or topics that you are mostly dealing with for clients?

The main topic in information security and cybersecurity is the fact that a cyberattack is inevitable. And the main goal for companies should be building a cyber resilient business. Cyber resilience is an ability of a company to be prepared before a cyberattack (make costs of a cyberattack too high for “black hat” hackers), have a strict action plan what to do during an attack (to minimize its duration and intensity) and quickly restore after an attack with minimal losses. Building cyber resilient businesses is our main challenge for today. It includes a widespread list of services depending on the maturity of a company.

Many people talk about the inevitable convergence of information security with physical security. How do you perceive the progress that has been made so far in this area? What do you expect to be the next steps in this converging process?

The process of convergence was started many years ago. Since specialists started using IT tools for physical security purposes – for example, a system of video surveillance and access control system with remote Internet access, etc. Unfortunately, most of the vendors which are producing such devices (they are called Internet of Things) don’t implement security-by-design and the devices become low hanging fruits for black hackers. Breach of such elements can lead to different unpleasant consequences, for example:

  • to help criminals in a robbery by switching off video surveillance, access control system or alarm system with remote Internet access;
  • to use hacked devices as a tool for cyberattacks, for example, a part of botnets for DDOS attacks.

We expect growth of IT technologies which help to improve physical security. Market pressure will enforce vendors to strengthen the security of the devices. And in parallel new technologies will be developed which will improve the security of legacy IoT devices.

What advice can you give to physical security managers and CSO’s to improve their competence and performance in the field of cyber security?

Security is the process so is improvement of competence. We are permanently upgrading our skills by sharing knowledge with colleagues inside the company and outside. Our experts are members of different professional associations, communities, and groups (e.g. ACSP, ASIS and more) where they get up-to-date input from the whole world. So 10Guards does recommend to security experts and specialists to share the experience with professional communities.

Which major cyber security threats do you anticipate in the years ahead of us?

Predictions are ungrateful things. Cyberspace is changing every second.

But I can predict some trends:

  1. Number of social engineering attacks (exploiting human factor) will increase.
  2. Growth of geopolitical tensions will lead to an increase in cyberattacks within cyberwars. Accordingly, it will lead to the growth of cyberattacks on critical infrastructure with exploiting IoT (Internet of Things), IIoT (Industrial Internet of Things) and OT (Operational Technologies).
  3. The dark market of cybercrime has turnover about $1-2 trillion per year and continues to grow, so commercial cyberattacks will increase, in particular ransomware attacks.

Exploiting information security vulnerabilities has become a major activity in some corporate and governmental organizations. How would you advise the global society of private and public entities to defend themselves better?

Most of the successful cyberattacks were exploiting social engineering, human factor (more than 88%). So cyber hygiene awareness is a trend today and will continue to be in the nearest future. Security specialists should understand that the main components of cybersecurity are technology, processes, and people. If one of the components is missing, then cybersecurity won’t work. It’s necessary to build a security system with a comprehensive approach based on risk management procedures.

Is there something else that you would like to bring to the attention of the security industry? 

Aligning business strategy with IT strategy and cybersecurity strategy is the main business task for cost optimization. When cybersecurity serves to business goals then it becomes an investment and not a cost.

Thank you very much for your insights and advise Vitaly and good luck with your business.


Link on the original interview — http://bit.ly/2LcbTC8

Related Posts


Черные лебеди, Канарейки и кибербезопасность

Кому-то юмор помог стать президентом, а мне он однажды помог на мероприятии Startup Crash Test выиграть бумажную книгу Нассима Талеба «Черный лебедь». В то время я читал электронные книги, и эта книга пропылилась на полке примерно год, пока у меня не сломалась электронная «читалка». Пробежав глазами по книжной полке, заметил ценник на книге Талеба, подумал: «Дорогая […]


Управление ИТ активами — больше, чем инвентаризация

Информационные технологии (ИТ) и департаменты, ответственные за их эксплуатацию в компании, долгое время было принято воспринимать как расходы и только. О том, чтобы совместить слово «актив» и ИТ даже речи быть не могло. Директора по ИТ привычно боролись на совещаниях и советах директоров за право на существование и развитие, поскольку всем заправляли бизнес подразделения. Прошли […]


Киберстрахование. Cтрахуем риски, но не ждем чуда

Первые страховые продукты для покрытия ущерба от ошибок и проблем, связанных с информационными технологиями, появились еще в 1980х годах. Позже в 90–х годах эти продукты сформировали отдельную нишевую отрасль в страховом бизнесе, и пережили пик своей популярности в ожидании и страхе от Y2K (ошибки, связанной с переходом в 2000 год и потенциальным отказом вычислительных технологий, […]

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *