10Guards: Cyberattacks through social engineering are inevitable

10Guards: Cyberattacks through social engineering are inevitable

Looking at the posts and comments in our LinkedIn Security Industry Group, it is clear that cybersecurity is a key topic for many of our members, even if their primary focus is on physical security. In our current world there is no physical security if there is no information security. Sufficient reason to talk to an expert about the current state of affairs in cybersecurity. We have had the privilege to speak to Vitaly Yakushev from 10Guards, a cybersecurity company from the Ukraine.

Can you briefly introduce yourself, your organization and your occupation?

10Guards is a cybersecurity company with over 12 years of specialized experience. Our HQ is in Kyiv, Ukraine and in addition we have seven corporate entities worldwide.

We have mainly served the markets in the European Union (EU), the United States of America (USA), Australia and the United Arab Emirates (UAE).

10Guards helps companies become cyber-resilient by providing business solutions that protect vital
assets before, during and after cyberattacks. We provide business continuity through services that detect, analyze and eliminate cyber
vulnerabilities. We help define internal business processes to reduce vulnerability. We help business recover from cyber attacks and other malicious events.

Services 10Guards provides:

    A comprehensive security focused audit of a business structure and processes, technical security, resilience and outsourcing processes.
    Penetration tests, cybersecurity drills, bug bash, application & IoT device security reviews.
    An assessment of compliance of data management processes within a company from a technical and legal prospective.

10Guards COO Vitaliy Yakushev

10Guards is very experienced in the field of information security and cyber security. What are currently the threats or topics that you are mostly dealing with for clients?

The main topic in information security and cybersecurity is the fact that a cyberattack is inevitable. And the main goal for companies should be building a cyber resilient business. Cyber resilience is an ability of a company to be prepared before a cyberattack (make costs of a cyberattack too high for “black hat” hackers), have a strict action plan what to do during an attack (to minimize its duration and intensity) and quickly restore after an attack with minimal losses. Building cyber resilient businesses is our main challenge for today. It includes a widespread list of services depending on the maturity of a company.

Many people talk about the inevitable convergence of information security with physical security. How do you perceive the progress that has been made so far in this area? What do you expect to be the next steps in this converging process?

The process of convergence was started many years ago. Since specialists started using IT tools for physical security purposes – for example, a system of video surveillance and access control system with remote Internet access, etc. Unfortunately, most of the vendors which are producing such devices (they are called Internet of Things) don’t implement security-by-design and the devices become low hanging fruits for black hackers. Breach of such elements can lead to different unpleasant consequences, for example:

  • to help criminals in a robbery by switching off video surveillance, access control system or alarm system with remote Internet access;
  • to use hacked devices as a tool for cyberattacks, for example, a part of botnets for DDOS attacks.

We expect growth of IT technologies which help to improve physical security. Market pressure will enforce vendors to strengthen the security of the devices. And in parallel new technologies will be developed which will improve the security of legacy IoT devices.

What advice can you give to physical security managers and CSO’s to improve their competence and performance in the field of cyber security?

Security is the process so is improvement of competence. We are permanently upgrading our skills by sharing knowledge with colleagues inside the company and outside. Our experts are members of different professional associations, communities, and groups (e.g. ACSP, ASIS and more) where they get up-to-date input from the whole world. So 10Guards does recommend to security experts and specialists to share the experience with professional communities.

Which major cyber security threats do you anticipate in the years ahead of us?

Predictions are ungrateful things. Cyberspace is changing every second.

But I can predict some trends:

  1. Number of social engineering attacks (exploiting human factor) will increase.
  2. Growth of geopolitical tensions will lead to an increase in cyberattacks within cyberwars. Accordingly, it will lead to the growth of cyberattacks on critical infrastructure with exploiting IoT (Internet of Things), IIoT (Industrial Internet of Things) and OT (Operational Technologies).
  3. The dark market of cybercrime has turnover about $1-2 trillion per year and continues to grow, so commercial cyberattacks will increase, in particular ransomware attacks.

Exploiting information security vulnerabilities has become a major activity in some corporate and governmental organizations. How would you advise the global society of private and public entities to defend themselves better?

Most of the successful cyberattacks were exploiting social engineering, human factor (more than 88%). So cyber hygiene awareness is a trend today and will continue to be in the nearest future. Security specialists should understand that the main components of cybersecurity are technology, processes, and people. If one of the components is missing, then cybersecurity won’t work. It’s necessary to build a security system with a comprehensive approach based on risk management procedures.

Is there something else that you would like to bring to the attention of the security industry? 

Aligning business strategy with IT strategy and cybersecurity strategy is the main business task for cost optimization. When cybersecurity serves to business goals then it becomes an investment and not a cost.

Thank you very much for your insights and advise Vitaly and good luck with your business.