CyberLabs – all you need to know about cybersecurity

We’re launching our CyberLabs series on the latest news from the cybersecurity world. Based on practical examples, our pentester will give tips on how to prepare for potential threats and how to minimize the effects of cyber attacks. We introduce Michał, who talks about, among other things, his interest in cybersecurity topics and the latest techniques used by cybercriminals.

Technology has quickly taken over the world around us. Everything we do, both on a business and personal level, seems to involve technology in one way or another. We live in a digital age in which data plays a significant role, and our personal information is at risk more than ever before.

Just think how heavily the world relies on the Internet and email communications. The government, university community, healthcare or private industry not only collect, process and store unprecedented amounts of data in cyberspace, they also rely on critical infrastructure systems to perform operations and provide services. Any attack on this infrastructure can jeopardize more than just customers’ data or a company’s financial performance, it also affects community safety or economic security.

Phishing the most popular cyber threat of 2021

Each year, CERT Polska records an increasing number of notifications and cyber security incidents. In 2021 only, 116,071 notifications were recorded, based on which a total of 29,483 unique incidents were registered, an increase of 182% compared to last year.

The most popular incident type in 2021 was phishing – which made up as much as 76.57% of all incidents handled. The number of incidents classified as phishing compared to the previous year increased by 196 percent and reached 22,575 incidents.

Education a key element of cybersecurity

Just look at the headlines over the past few months: massive data breaches, companies selling personal information, browsers snooping on your sessions – all examples of new security threats which will require a talented and well-trained employees to contain and eliminate.

Security engineer and pentester – Michał Błaszczak – is responsible for the safety issues of email communication and our clients’ data. Michał is a true geek and a person whose goal is to constantly improve his knowledge and competence when it comes to cybersecurity. He has made a huge contribution to the implementation of ISO 27001 and ISO 27018 standards in our company. You will get to know Michał better later in this article and during the monthly “meetings” as part of the CyberLabs series on our blog.

Given the importance of cybersecurity, we’ve decided to create a CyberLabs series in which we will regularly discuss what exactly cybersecurity is, how to protect your email systems and data from attacks, and what resources you should follow to stay on top of emerging trends and technologies related to cybersecurity and email communications.

By following CyberLabs, you’ll learn how to implement individual steps to improve your company’s security. In the meantime, check out our interview with Michal.

1. Who are you, what are you doing and why is it cybersecurity?

My name is Michał Błaszczak and at Vercom company I’m a Pentester, so it can be said that I’m looking for a hole in the whole so that our data is safe. Why did I choose cyber(in)security? In fact, as long as I can remember, this subject has always fascinated me. As a kid, I remember watching movies in which someone hacked into systems in moments … Who wouldn’t. This fascination turned into my hobby, passion, lifestyle, and also my profession. I believe that cybersecurity is one of the most important elements of technological development. On the one hand, by finding errors, we improve the security of given systems and software, and on the other hand, it is through such activities that technology must develop to fix these errors.

2. Why is cybersecurity important nowadays?

Every day we exchange a huge number of messages via the Internet, be it via messenger or e-mail, we receive one-time passwords, we shop online, log into banks and others. Is cybersecurity important? Definitely yes! Were it not for this security element, no one on the website would have provided their data, including sensitive data. However, if this data were provided, I can say with certainty that it wouldn’t be safe for a long time. People trust various entities because they believe that the data they provide there will be safe, so it is worth making these people aware that they are right. However, cybersecurity is not only focused on web applications. One of the main attack vectors is man. It is his cybercriminals who try to trick you into following a given link in order to phish access data (phishing) or download malware. Therefore, in addition to system security, the focus should be on employees’ cyber knowledge.

3. Do you see any specific attack trend these days?

According to the CERT’s annual report for 2021, the main threat was phishing (over 22,000 incidents were reported in Poland), i.e. a method of fraud that involves impersonating a trusted institution or person in order to persuade the victim to perform some action in favor of the attacker, e.g. providing login data. I think that this number may increase significantly in the coming years. Recently, criminals have significantly improved their phishing techniques, and also enriched their attacks with, for example, Smishing, or phishing via SMS. Right next to phishing attacks, I could point out a ransomware attack that we can hear about more and more. In this attack, cybercriminals enter the corporate network, e.g. through phishing, and then encrypt the data and demand a ransom in return for decrypting the data. Of course, after paying the ransom, we are never sure if it will happen … Therefore, it is always worth having an emergency plan for such situations.

4. How are we supposed to protect ourselves?

Human error is at the heart of most attacks. What I mean here is the employees’ lack of awareness of the risks and what can happen, for example, after opening a malicious file. It is worth remembering that most of these people are non-technical, so it is worth preparing such training properly so as not to bore the listeners with technical vocabulary. Thanks to this, many people will certainly come out with much more knowledge about cyber threats. When it comes to the security of systems itself, it is worth focusing on regular system and software updates. In addition, for example, penetration tests should be carried out regularly, thanks to which the largest possible number of vulnerabilities in a given system is found, which may have a negative impact on the confidentiality, integrity and availability of the data being processed. And of course, I invite you to read the articles published as part of CyberLabs. There you will be able to learn about various cyber threats on an ongoing basis. In addition, a handful of good advice will be added to each article, which will help to significantly eliminate a given threat.

5. What will we find in your future CyberLabs articles?

As I mentioned, the monthly CyberLabs articles will provide information on various techniques and attacks used by cybercriminals. Advice will be added to each such article, and if we follow it, we will be able to significantly reduce the attacker’s capabilities. Articles will be written in such a way that technical and less technical people will find something for themselves. In addition, as part of the Newsletter, we will inform you about new critical vulnerabilities that may affect data security, it is also worth subscribing to it.

Thank you very much for the interview.