CYBERSECURITY: THEORY AND PRACTICE OF RELIABLE PROTECTION

The security of your personal and corporate data on the Internet is possible – when you know how to do it and have the needed support. You will find it at CyberSecurity. The Bulgarian company offers complete solutions created with clients' real needs in mind: a full range of cybersecurity services, subscription programmes, virtual resources such as secure VPN and Proxy servers, educational resources and trainings, security analysis by the so-called Blue Team and Red Team.

Kaloyan Vasilev, manager of CyberSecurity, tells more.

Which were the most significant changes in the field of cybersecurity in the past year?

The freeing of office volumes and their replacement with mobile ones. The change started as early as 2019, when some companies, mainly IT ones, realised that it was cheaper to have employees working from home. Many employees left the offices for significant periods of time which created the need to provide all of them with company devices. This happened en masse in 2020. The migration of employees created additional problems to the companies' IT divisions: providing secure connection to office resources, controlling a large number of unsafe home networks, protecting devices from external attacks, protecting data.

2020 was the year of migration from personal to company devices and upgrading of new work conditions. Threats also changed. Employees are not in a single network and location anymore, which decreases the benefits of attacking office networks. The increased use of cloud services and VPN connectivity improved the security of transferred data and forced hackers to use more and more complex phishing attacks to acquire access to services and devices. As a result we observed some very successful attacks that compromised thousands of users each day.

Which are the biggest mistakes companies continue to make?

The lack of employee training and education remains cybersecurity's main problem. It does not matter what protection software you use. It will not help you if users are not aware of the threats on the Internet and do not know how to react.

Currently, problems have been multiplying. Before they concerned the office only, and now they concern each employee, their home network and devices, the household's accounts.

Another common problem is user configuration. Small companies still register users as administrators in systems with access to key corporate services. The bigger problem is the lack of understanding about the nature of the problem. It is not about whether the owner trusts the employee, but what the hacker would have access to once they hack the employee.

How can CyberSecurity help?

Our analytic reports objectively describe the identified problems. If you follow our recommendations you will have a very high level of protection. An employee training is a wonderful addition. If the analysis seems too complicated and you do not know how to implement its recommendations, we can do it for you. When you need the highest level of protection we have services such as VPN connectivity, a private Proxy, sensitive data encryption, traffic filtering and others. We can always add something new to your systems and data security.

What is the first thing that CyberSecurity does when starting a partnership with a new client?

CyberSecurity offers a rich range of services such as penetration testing, device analysis for unauthorised access, system security auditing, system and device configuration etc. The approach is different in each service.

In penetration testing we take the role of hackers attacking the systems. During device analysis we create an anamnesis of the client, as if we are medical doctors – how is the device used, was some strange behaviour observed, etc. On the basis of this anamnesis we seek signs for compromised security.

In conscription programmes we analyse the work method and used tools. Offering customised solutions is important for the clients and depends on the analysis of their work processes. We propose future solutions on the basis of this analysis. We configure the systems in accordance to the requirements, we train the employees and then we retire in the shadows. We are still present, if we are needed, but clients do not have to notice us to know that we are protecting them. If there is a problem, we will react as fast as possible.

Should we own the last generation of technology to be protected?

No. Newer devices somewhat guarantee better protection, but this might be misleading – if the used systems are old or badly configured the protection will remain low. Imagine this situation. Two drivers are driving in the country, facing the sun. The first drives a new car and is speeding up. The other is in an old car and drives slowly. The low sun blinds them both. The new car driver is shading his eyes with his palm. The one in the old car is wearing sunglasses. Who is in a riskier situation?

It is the same with devices. Old technology is slower, the battery dies more easily. But this does not mean that it is riskier. When correctly configured and equipped with new systems an old device can be much more protected and reliable than a new one. Of course, old hardware has its drawbacks, but when we take them into consideration things can be safe.

What is the difference between your Red Team and Blue Team?

The two teams are in a constant competition. The Red Team constantly tries to breach the protection, and the Blue Team constantly tries to improve it. Their approaches are radically different.

The Red Team relies on analysis from a hacker's point of view. They do not know what systems are used, how they are configured, who and how uses them. On the basis of collected data they initiate different attacks to overcome the defence, often using reverse and social engineering. For the Red Team it is important to breach the defence and to show there are weaknesses in it.

The Blue Team relies on systems' analysis. They know very well how they are configured and used, and seek weaknesses and ways to isolate them. They rely on reverse engineering to solve problems that have not been foreseen by the manufacturer. The Blue Team is also responsible for damage control during an eventual breach.

www.киберсигурност.бг