Artem Mykhailov, ISSP Enterprise Solutions Director, talked to SafetyDetectives media. From the interview, you’ll discover many exciting insights about emerging cybersecurity threats, the role of risk assessment and vulnerability management, practices for building a solid incident report, and more.
Can you please introduce yourself and talk about your role at ISSP?
I've been immersed in the world of cybersecurity innovation for over 15 years. Back in 2008, I became a part of ISSP when I was achieving a Master’s Degree in information security at the National Technical University of Ukraine. Since then, I've successfully established and expanded ISSP cybersecurity ventures across multiple countries. At present, my primary responsibility lies in advancing the business growth of the entire ISSP Global.
What are some of ISSP's specialties that make it stand out?
ISSP is a private cybersecurity company founded in Ukraine and currently operating internationally. Throughout its history, ISSP has been at the forefront of responding to and investigating some of the most sophisticated cyberattacks ever recorded, notably including NotPetya and BlackEnergy. We offer comprehensive professional cybersecurity services that encompass the entire lifecycle, from initial assessment to the development, implementation, monitoring, and ongoing management of solutions.
ISSP's primary focus lies within six key areas of activity:
1. Consulting and Engineering Services: This encompasses cybersecurity architecture, compliance and risk management, as well as counterraid ecosystems tailored for the financial industry.
2. Cybersecurity Assessments: We provide services such as compromise assessments, attack surface discovery, and penetration testing.
3. Managed Security Services: ISSP offers cutting-edge SOC services designed specifically for large enterprises and critical infrastructures.
4. Professional Training and Upskilling: We provide specialized training programs to enhance and develop the skills of cybersecurity professionals.
5. Digital Investigations and Threat Intelligence: ISSP conducts investigations and analysis of cyberattacks, along with malware analysis.
6. Cybersecurity for Small and Medium Enterprises: ISSP has developed a turnkey cybersecurity product specifically tailored for SMEs.
We have recently redesigned and expanded our services to address the needs of small and medium-sized enterprises. This is because, despite the escalating cyber threats, many small business owners underestimate the risks involved and lack appropriate measures to mitigate the potential consequences of cyberattacks. Moreover, supply chain cyber threats have emerged as a significant strategy employed by hackers worldwide.
A turnkey cybersecurity product specifically tailored for SMEs includes incident detection, vulnerability management, and threat-hunting services that are customized for each customer based on an analysis of their business and a comprehensive cybersecurity audit. Our goal is to enhance the resilience of SMEs and equip them with the necessary tools and measures to combat cyber threats effectively.
What are the most pressing cybersecurity threats that organizations face today, and how should they prioritize their defenses against them?
Well, according to the Global Cybersecurity Outlook 2023, 43% of business leaders believe that their organization will become a victim of a cyberattack in the next two years. Understanding cyber threats and prioritizing defenses against them is crucial for maintaining the security and integrity of an organization's digital assets.
Here are some of the most pressing cybersecurity threats, which most of think-tanks agree on:
Ransomware Attacks: Ransomware attacks have seen a significant increase in recent years, with cybercriminals encrypting critical data and demanding ransom payments for its release.
Supply Chain Attacks: The objective of such attacks is to cause harm to a client/state/industry, using a smaller organization as an unsuspecting intermediary.
Social Engineering Attacks: Social engineering attacks exploit human psychology to deceive individuals into divulging sensitive information or granting unauthorized access to systems.
Web Defacement Attacks: Web defacement attacks cause reputation damage through the appearance of compromising content on an organization's website.
Cyberattacks Targeting the Availability of Services (DDoS Attacks): These attacks can have severe consequences, leading to financial losses, reputational damage, and significant inconvenience for both businesses and individuals.
Advanced Persistent Threats (APTs): APTs are sophisticated and targeted attacks carried out by skilled state-sponsored adversaries. The main victims of such attacks are governmental bodies, big enterprises, and critical infrastructure.
To effectively prioritize defenses against these threats, organizations must address underlying factors that contribute to their vulnerability.
These factors include the talent shortage in the cybersecurity industry, which is currently facing a shortage of over 3.4 million professionals globally. Other factors include low maturity in terms of integrating cybersecurity into the company's culture and processes, insufficient budgets allocated to cybersecurity, and inadequate management awareness and commitment to cybersecurity practices.
The leadership of the company must possess a thorough comprehension of potential attack vectors. For instance, management should understand how to respond if critical processes are being disrupted by an attack. It’s not possible to understand alone what actually is “an attack vector” and how many there are of those for your business leadership that should determine the budget allocations necessary to have a trusted expert or better a team for establishing robust defense systems. Additionally, they need to effectively manage external communication with partners and clients during an attack. It is vital to have a practical Incident Response Plan, which should be communicated to key team members.
Can you explain the role of risk assessment and vulnerability management in maintaining a robust cybersecurity posture?
Cybersecurity is a risk-based industry. You don't know what you don't know. How can an organization build robust protection without understanding the risks that the company is protecting against? Everything you do or plan to do in the realm of information and cybersecurity involves mitigating certain asset-based risks.
Organizations do not need to protect every asset from every possible threat. That is simply not feasible with limited resources. Rather, a company needs to establish which areas pose the most significant risks to the business and which assets these risks could affect.
A company needs to develop a risk management plan. For each risk, it should decide on appropriate mitigation actions to use. Critical risks should be mitigated, while others can be transferred (agreed upon with customers/partners/providers that they will be in charge of this risk), accepted (acknowledging the risk but taking no action), or avoided (changing something in the business process).
Furthermore, effective vulnerability management provides organizations with the visibility and reporting capabilities necessary to identify and respond to threats quickly and accurately. It helps to identify potential risks and vulnerabilities in an environment and take action to mitigate them as soon as they are detected.
With vulnerability management, organizations can reduce security costs, maintain compliance, and establish trust with stakeholders. However, it is important not to forget that building risk and vulnerability management is a continuous, ongoing effort rather than an instant cybersecurity solution. Keeping organization safe is a multi-stage process that needs to be developed step by step.
What are the essential elements of a comprehensive cybersecurity awareness and training program, and how can organizations foster a culture of security among their employees?
Every organization, regardless of its size, will benefit from cybersecurity awareness training. Employees who are cyber-aware will be able to recognize potential breaches in the system and report them immediately or even take necessary action. Additionally, cybersecurity awareness training helps employees understand the importance of adhering to the organization's security policies and enables them to identify suspicious activities.
In essence, cybersecurity awareness training is similar to life protection training; without regular threats reminders and practice, it becomes ineffective. It should be delivered in various formats such as Learning Management Systems (LMS), live training sessions, phishing simulations, and gamification. Relying solely on one approach, whether manual or automated, can significantly reduce its effectiveness.
Developing a cybersecurity culture should be an integral part of the organizational culture. While all employees should understand the importance of following security policies, it is especially crucial for those who do not work in IT or security, such as sales or marketing staff who handle sensitive information through emails or other channels.
They may not fully grasp the potential consequences of transmitting sensitive information without appropriate security measures. The organization should actively encourage such employees to learn about cybersecurity and provide support in finding answers to their questions.
If individuals do not care about the security and success of the organization, it becomes nearly impossible to establish a robust "human firewall."
Can you share some best practices for building a strong incident response plan and effectively mitigating cyberattacks?
Cybersecurity is the collective responsibility of the entire team, not just the individuals who are specifically engaged in information security within organizations.
Active engagement of management and development of effective incident response plans are crucial for businesses to minimize potential financial and reputational damages resulting from cyberattacks. In this context, the role of CEO is just as significant as CISO.
Incident response plans should be practiced and communicated to key team members. It makes sense to cultivate risk management and resilience capabilities internally within the organization - tabletop exercises, public communications, lessons learned, and internal communications, etc. At the same time, threat detection and incident response functions may be strengthened through external expert providers. This approach significantly aids in enhancing the organization's overall cyber resilience.