… Businesses need to take care of their cybersecurity, because today, cyber breach can be fatal …
Often, businesses cannot afford to waste their time on cybersecurity as they need to focus on business. That is why there are available services that make sure you are dedicated to your business without having to worry about cybersecurity.
Carbonsec is a team of professionals who, with their extensive knowledge, provide business security in the digital world. They conduct penetration testing, where they look for the company’s weak security points, reducing security risk in industrial and SCADA networks. They conduct Red Teaming services, which aims to simulate a real cyberattack on the organization. They also perform a security analysis of the source code to help it be written on a solid security foundation. In addition, they also advise and assist in raising user awareness.
In 2020, the new CEO Matjaž Kosem took over the management of the company.
We know you as a connoisseur of cybersecurity in business, and more recently as an evangelist for the deployment of a security operations center, i.e. SOC. Why did you decide to make such a change?
Cybersecurity rests on two foundations. The first is protection in the form of various security devices, policies and user awareness, and is most easily imagined as a door to the vault. The second is detection that is achieved through dedicated tools and human judgment. A great analogy for this is the security cameras through which the security guard monitors if everything is in order. The true effectiveness of both pillars can only be improved through a simulation of a real attack, so I believe that this way we will be able to help clients more than ever before.
How do you see cybersecurity in CARBONSEC today and in the near future?
Cybersecurity is becoming a growing challenge. On the one hand, there is a need to constantly follow the wide variety of regulatory requirements which, unfortunately, do not yet mean real security, and on the other hand, to provide good technical protection, which must keep up with all the changes introduced with digitalization. And since the “human firewall” is the last line of defense, there is also a need for constant awareness training of company employees. It takes a considerable amount of time for a malicious person to reach his final goal. He can be stopped in time if we are prepared.
In the future, we see an increasing presence of artificial intelligence, but so far it does not indicate that it could replace human knowledge. The reason is that behind every advanced and methodologically posed cyber-attack, with a strong motive, lies a team of highly skilled hackers who are able to bypass even the most advanced algorithms in security devices. It is logical, if you think of it. Artificial intelligence is also “learning” from the attacks that have already taken place.
How will CARBONSEC help customers in this new era?
In addition to advanced penetration testing services, where we help clients not only identify but also address security flaws in their applications and networks, we will also help measure the effectiveness of defense capabilities, whether it is an internal IT team or even an internal or external SOC. Such simulations, specifically called Red Team exercises, are extremely challenging and last for a long time, typically 3 to 6 months. With such a project, the client will get a realistic picture of how well protected his systems are.
I suppose Red Team simulations also take into account how well aware employees are?
Certainly and absolutely necessary. More than 91% of all attacks which end in catastrophe start with social engineering via email. We like to say that users are the last line of defense in the cyber defense chain. Unfortunately, the level of user awareness is still relatively poor. We strongly believe that with the right and systematic approach, much can be done in less than a year.
The interview was originally published on the portal Racunalniske novice.