10Guards: Cyberattacks through social engineering are inevitable

Извините, этот текст доступен только на “Английский”. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.

Looking at the posts and comments in our LinkedIn Security Industry Group, it is clear that cybersecurity is a key topic for many of our members, even if their primary focus is on physical security. In our current world there is no physical security if there is no information security. Sufficient reason to talk to an expert about the current state of affairs in cybersecurity. We have had the privilege to speak to Vitaly Yakushev from 10Guards, a cybersecurity company from the Ukraine.

Can you briefly introduce yourself, your organization and your occupation?

10Guards is a cybersecurity company with over 12 years of specialized experience. Our HQ is in Kyiv, Ukraine and in addition we have seven corporate entities worldwide.

We have mainly served the markets in the European Union (EU), the United States of America (USA), Australia and the United Arab Emirates (UAE).

10Guards helps companies become cyber-resilient by providing business solutions that protect vital
assets before, during and after cyberattacks. We provide business continuity through services that detect, analyze and eliminate cyber
vulnerabilities. We help define internal business processes to reduce vulnerability. We help business recover from cyber attacks and other malicious events.

Services 10Guards provides:

    A comprehensive security focused audit of a business structure and processes, technical security, resilience and outsourcing processes.
    Penetration tests, cybersecurity drills, bug bash, application & IoT device security reviews.
    An assessment of compliance of data management processes within a company from a technical and legal prospective.

10Guards is very experienced in the field of information security and cyber security. What are currently the threats or topics that you are mostly dealing with for clients?

The main topic in information security and cybersecurity is the fact that a cyberattack is inevitable. And the main goal for companies should be building a cyber resilient business. Cyber resilience is an ability of a company to be prepared before a cyberattack (make costs of a cyberattack too high for “black hat” hackers), have a strict action plan what to do during an attack (to minimize its duration and intensity) and quickly restore after an attack with minimal losses. Building cyber resilient businesses is our main challenge for today. It includes a widespread list of services depending on the maturity of a company.

Many people talk about the inevitable convergence of information security with physical security. How do you perceive the progress that has been made so far in this area? What do you expect to be the next steps in this converging process?

The process of convergence was started many years ago. Since specialists started using IT tools for physical security purposes – for example, a system of video surveillance and access control system with remote Internet access, etc. Unfortunately, most of the vendors which are producing such devices (they are called Internet of Things) don’t implement security-by-design and the devices become low hanging fruits for black hackers. Breach of such elements can lead to different unpleasant consequences, for example:

  • to help criminals in a robbery by switching off video surveillance, access control system or alarm system with remote Internet access;
  • to use hacked devices as a tool for cyberattacks, for example, a part of botnets for DDOS attacks.

We expect growth of IT technologies which help to improve physical security. Market pressure will enforce vendors to strengthen the security of the devices. And in parallel new technologies will be developed which will improve the security of legacy IoT devices.

What advice can you give to physical security managers and CSO’s to improve their competence and performance in the field of cyber security?

Security is the process so is improvement of competence. We are permanently upgrading our skills by sharing knowledge with colleagues inside the company and outside. Our experts are members of different professional associations, communities, and groups (e.g. ACSP, ASIS and more) where they get up-to-date input from the whole world. So 10Guards does recommend to security experts and specialists to share the experience with professional communities.

Which major cyber security threats do you anticipate in the years ahead of us?

Predictions are ungrateful things. Cyberspace is changing every second.

But I can predict some trends:

  1. Number of social engineering attacks (exploiting human factor) will increase.
  2. Growth of geopolitical tensions will lead to an increase in cyberattacks within cyberwars. Accordingly, it will lead to the growth of cyberattacks on critical infrastructure with exploiting IoT (Internet of Things), IIoT (Industrial Internet of Things) and OT (Operational Technologies).
  3. The dark market of cybercrime has turnover about $1-2 trillion per year and continues to grow, so commercial cyberattacks will increase, in particular ransomware attacks.

Exploiting information security vulnerabilities has become a major activity in some corporate and governmental organizations. How would you advise the global society of private and public entities to defend themselves better?

Most of the successful cyberattacks were exploiting social engineering, human factor (more than 88%). So cyber hygiene awareness is a trend today and will continue to be in the nearest future. Security specialists should understand that the main components of cybersecurity are technology, processes, and people. If one of the components is missing, then cybersecurity won’t work. It’s necessary to build a security system with a comprehensive approach based on risk management procedures.

Is there something else that you would like to bring to the attention of the security industry? 

Aligning business strategy with IT strategy and cybersecurity strategy is the main business task for cost optimization. When cybersecurity serves to business goals then it becomes an investment and not a cost.

Thank you very much for your insights and advise Vitaly and good luck with your business.


Link on the original interview — http://bit.ly/2LcbTC8

Related Posts


Как искусственный интеллект помог киберпреступникам

Необычный случай с участием искусственного интеллекта произошел в Британии. Киберпреступники использовали программное обеспечение на основе AI, чтобы подделать голос руководителя, и попросили перевести $243 тыс. Это сработало. По словам генерального директора пострадавшей британской энергетической компании, он действительно подумал, что разговаривает по телефону со своим боссом — главным исполнительным директором немецкой материнской компании. Звонивший попросил перечислить […]


Stuxnet — одна из самых сложных кибератак в истории

Многие годы атака Stuxnet, разработанная для саботажа иранской ядерной программы, оставалась загадкой и будоражила фантазию людей. Как же США и Израиль внедрили свои вредоносные программы в компьютерные системы завода по обогащению урана, если он был непреступен? Stuxnet задействовали в 2007 году, чем фактически положили начало эпохе цифровых воин. Атака стала возможной благодаря иранскому инженеру, завербованному […]


Названы главные угрозы умных городов

Инвестиции в кибербезопасность умных городов «сильно отстают», тем самым создавая благоприятную почву для будущих уязвимостей экосистемы IoT, предупреждают исследователи ABI Research.   В 2024 году на финансовые, информационно-коммуникационные технологии (ИКТ) и оборонную промышленность будет приходиться 56% от прогнозируемых общих затрат на кибербезопасность критической инфраструктуры США. Оставшиеся 44% будут распределены между предприятиями в сфере энергетики, здравоохранения, […]

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *