October has been recognized as Cybersecurity Awareness Month. To honor this campaign, we decided to speak with Nenad Andrejevic, our colleague and Chief Security Officer at Seavus, and discuss the importance of cybersecurity in light of the increased digitalization, the types of cyber threats and the ways to prevent them.
Nenad also provided us with a deep insight into the work of Seavus’ Cybersecurity Team and the ways Seavus is empowering its employees to prevent cyber-attacks.
When it comes to cybercrime, employees are the first line of defense. Can you tell us a little more about Seavus’ Cybersecurity Team?
- I have the honor to be working with a great team of cyber security specialists and experts, who never fail to help our customers protect their businesses regardless of their technology. We have a long track record of successful projects, ranging from security assessments, Security Operation Centers on the client-side or in our Managed Services, to the Penetration testing services. The motto of our team is: Make the world a safer place. Working here is interesting and dynamic.
What is the role of cyber security given the rise in the digitalization of all processes and procedures within companies?
- The Covid-19 pandemic has brought us the “new normal”, presenting us with new challenges as well as opportunities for a faster digitalization process. Businesses and markets using a traditional business model, such as the financial sector, fastened their digitalization during the pandemic and are shifting from traditional to digital business models. Moving into the internet business, companies are struggling to establish the same level of trust they had in the traditional business model. Additionally, companies are faced with the imperative to go digital and the pressure to shorten time-to-market, which often causes them to neglect the security and security requirements. By building trust with new customers, cybersecurity has assumed an even greater role in the trust chain. We could safely say that cybersecurity is the enabler in digitalization.
Can you tell us a little more about the potential cyber security threats?
- Threats grow every day, and we are constantly exposed to many challenges from the Internet. Our daily routines have changed; the way we work, how kids attend school and learn, and how we shop are only a few examples. Threats are all around; we face them every day, and every one of us is responsible for preventing cyber-attacks. Most common threats we all face are malware, phishing attacks, and spear phishing (a more sophisticated form of phishing, where an attacker learns about the victim and impersonates someone that he knows and trusts), but also trojans, ransomware, attacks on IoT devices, data breaches, and so on. Our main challenge is the fact that cyber threats come from a variety of places, people and contexts, and we are confronted with them around the clock.
How do you prevent cyber security attacks?
- Different flavors of cyber-attacks are all around, from software and hardware manipulation to human manipulation. Prevention of security attacks is everyone's job. Information security starts with knowledgeable employees, and everyone has the power to stop security attacks following cyber security hygiene. This has become a routine and integrated part of our daily job.
Do you organize some kind of training and education for your employees?
- As I said before, knowledgeable employees are the key to great information security. Regardless of their position in the organization, every employee is educated on the importance of information security and privacy. Protecting business accounts from cybercrimes starts with empowering the people inside the organization. This is now more important than ever, having in mind the widespread work-from-home model, whether permanent or hybrid.
Is it harder to control security in the work-from-anywhere mode?
- I wouldn’t say harder, but it is different. We have also adopted a hybrid model, both centralized and decentralized, and have strengthened our controls through a mixture of on-premise and cloud solutions.