Anelia Kostadinova: The Cyber security Industry Remains Stable

2. A lady in the world of cybersecurity – it is rare to see. Does being a woman help when you run a business in this predominantly male sector – information security?

I get asked this question a lot. It is apparently rare for a woman to lead a company in an industry where 2/3 of the employees are men, and management positions are predominantly held by men. Bulgaria currently ranks first in the EU in terms of the share of women working in the field of information technology – with a 29.1% of those employed in the IT sector, and I am part of this statistic.

The idea of ​​developing a distribution of cybersecurity solutions in COMPUTER 2000 was brought to me by my insatiable curiosity and desire to learn new things. When I got acquainted with the portfolio of the first manufacturer of such solutions in our portfolio – McAfee, (at that time they were the largest and most successful company for information security solutions), a new, unknown, high-tech universe of knowledge was revealed to me, very different from the hardware products business. This naturally led later to a change in our business model – from an all-in-one distributor to a company with a cybersecurity focus. This is how we started in this industry, where we compete with the best in it as of this very moment.

I believe that personal and professional qualities are key when a person is an entrepreneur and a manager. Successful management requires a vision and a goal, you need to know where you want to go. It is a skill to make people in the company trust you and follow you. Entrepreneurship is an art, not a science, although textbooks say otherwise. It requires knowledge, but also skills that may be typically “feminine”, such as emotional intelligence and empathy, “soft power”, finesse and care for the destinies of each person on the team.

2. This year, the InfoSec SEE conference, which COMPUTER 2000 Bulgaria organizes and has turned into the largest regional event in the field of cybersecurity, will be held in turbulent conditions for the global economy – with geopolitical tensions, trade wars, instability in general. How does all this reflect on the sector, what are the moods among your partners and clients on the eve of the conference?

This year, we have the honor of organizing the conference jointly with the Commercial Service of the American Embassy in Sofia. The U.S. Commercial Service of the American Embassy not only will open the conference, but also are co-organizers with us. For us, as a distributor and representative of a number of leading American manufacturers of cybersecurity solutions, this is a great recognition and support. Despite the global instability, I believe that the cybersecurity solutions industry remains stable. There is no change or collapse in the market value of any American company producing cybersecurity solutions. It is no secret that the leading manufacturers in this industry are American and partly Israeli companies. Their technologies remain leaders with a significant market share, both globally and in our country. Accordingly, there is no decline in demand and in trade operations. I can say that trade wars remain out of our business for now.

In addition, there is no significant change among the main countries that traditionally sponsor hacker attacks. A few days ago, the Google Cloud Security report „M-Trends 2025“ was released, which analyzes threats, trends and incidents in cybersecurity from 2024. Mandiant analysts note an increase in targeted attacks by Russian and Chinese actors for the purpose of cyber espionage. Hence why there is no shift, no sensational headlines regarding roles and who is against whom in the entire geopolitical picture regarding cybersecurity.

3. Everyone, everywhere, is talking about AI. In the digital security space too – about how cybercriminals are using AI and how security teams and cybertechnologies are also using AI. What is the real value of AI in cybersecurity? And what is “much ado about nothing”?

Artificial intelligence has been used in the cybersecurity industry for many years, long before it was widely talked about. Due to the huge leap in digitalization in recent years, mainly due to the introduction of multi-cloud and hybrid work environments in organizations, AI has become an indispensable part of business processes. When hearing the term AI, most people imagine the way open models work, where artificial intelligence is trained from thousands of sources, often in conflict with each other.

Artificial intelligence used by cybercriminals is used to detect vulnerabilities or borrow scripts to break into a system. Highly specialized forms of artificial intelligence are used in cybersecurity. This is the natural evolution of machine learning algorithms, fed only with relevant data about the method of operation of threats and ways to deal with them, even if they are not encountered in the world before. Most leading cybersecurity solution manufacturers create their own algorithm tailored to work specifically with their solutions, often tied to public cybersecurity frameworks such as MiTRE, to achieve a high success rate, with minimal or no false positives. In the cybersecurity industry, artificial intelligence is used to detect threats in real time, as it can analyze huge volumes of logs and network traffic in seconds. Machine learning helps to recognize anomalies that would otherwise escape classical rules; to recognize unknown (zero-day) attacks – instead of relying on signatures, AI can notice strange behavior (e.g. lateral movement) and raise an alert even without prior knowledge of the threat. AI is used for automated incident response (SOAR), and can help automatically block IP addresses, isolate devices and run playbooks without human intervention. AI is used to collect and classify information from the darknet, forums and other sources in order to predict potential attacks, the so-called Threat Intelligence platforms. Using NLP (natural language processing), AI can analyze email and chat texts and detect phishing with high accuracy. Artificial intelligence helps to summarize a huge amount of information in seconds and can recommend to cybersecurity specialists the right countermeasures against attacks that have occurred.

It’s definitely not “much ado about nothing,” the solutions really work. But the idea that AI can completely replace human analysts is overblown. Without human judgment, there is a high risk of false positives or omissions. There is no AI that “knows everything and stops everything.” Model training, good data quality, and integration with the overall security strategy are needed. The real value of AI is in assisting, accelerating, and amplifying cyber defense—not in its complete automation. A “human + AI” approach is most effective.

During the upcoming InfoSec SEE 2025 conference, starting on May 14-th, we have included a live discussion on the topic of artificial intelligence and cybersecurity in the agenda, which will feature leading world experts such as Mike Hart, Head of GOOGLE CLOUD SECURITY, Jonathan Fischbein, CISO at CHECK POINT SOFTWARE TECHNOLOGIES and member of Forbes Technology Council, Dirk Schrader, VP of Security Research at NETWRIX, Mo Cashman, Senior Director EMEA Field CTO at TRELLIX and others. I would like to invite everyone who is interested to come in person or join online, there will be a live broadcast, and online participation in the conference is free, only registration is required!

4. Many large software companies have started laying off programmers because it turned out to be cheaper for them to use generative AI to produce code. Is there a danger that the same thing will happen in the world of cybersecurity – that specialists will “burn out” because they enthusiastically introduce AI?

No, there is no such future perspective. In the field of cybersecurity, a lot of analytics and consideration are required, and artificial intelligence cannot replace human expertise and intuition, as it does not understand the context like a human. Cybersecurity requires adaptability and creativity. Incident response requires human judgment. In the event of an attack, decisions with legal, ethical and technical consequences must be made quickly. AI can automate some processes such as log analysis, filtering false alarms, collecting indicators (IoCs), generating initial analyses, but it cannot lead an investigation. AI will not replace analysts, but it will replace specialists who refuse to work with AI. Those who accept it as a partner and learn to manage it will be the most valuable experts in cyber defense of the future. People who are able to understand AI models, adjust and interpret them, and combine analytical thinking with technical expertise will be sought after.

5. In the last few years, at various cybersecurity conferences in our country, lecturers have struggled to answer one question: since humans are the weakest “link” in cyber defense and we need to train employees how to be the “front line” of cyber defense, why does staff training always remain out of the spotlight of IT security leaders? What is your explanation for this problem? And how can it change?

Cybersecurity is traditionally managed by people with a technical background – they think in terms of solutions like firewalls, SIEM, EDR, etc. The focus is on technology, not behavior. “Training” is perceived as a soft measure, it is difficult to measure it, automate it, make it “hardened”. When training does not happen, there is no immediate direct collapse, but when the firewall does not work, there is. This leads to prioritizing “hardened” measures over “soft” preventive initiatives. Moreover, in most cases the organized trainings are boring and ineffective. People do not change affected by PowerPoint presentations. They change through short micro-trainings, gamification, phishing simulations with feedback, personalized content. For there to be a change, training must become part of an organization’s cyber strategy, not a side project. It must be seen as a necessary control, as something mandatory, like antivirus or VPN, for example, because technology protects systems, but people protect the organization itself. Here we, as cybersecurity solution providers, can also help, because there are already such training platforms available. Our contribution could be to translate them into Bulgarian and adapt them for Bulgarian users, because global solutions are never in Bulgarian. In our portfolio we have such a world-class solution, Fortra Teranova Security Awareness Training Solution.

6. What are the most trending cyber threats at the moment and what is your forecast for the next 5 years? No, we are not looking for prophecies and oracles here, but we invite you to outline what businesses need to do now to be prepared and to be safe in the long term.

We are currently witnessing an extremely dynamic evolution of cyber threats, with attacks becoming smarter, more targeted, more automated and focused on the human factor. Right now, most analysts define the Top 5 most current cyber threats as:

1. the presence of AI-enhanced attacks, we have an “AI vs. AI” battle between defensive and attacking AI;

2. Double and triple extortion ransomware, attacking not only to disrupt systems, but also stealing data, which is then used for extortion or sale, e.g. LockBit, BlackCat, Royal.

3. Cloud and SaaS vulnerabilities, as more and more data is moving to the cloud, but poor configurations, lack of Zero Trust policies and weak authentication are commonly observed.

4. Supply Chain attacks, where malicious codes are injected through third parties (suppliers, software, partners).

5. Attacks on OT/critical infrastructures such as manufacturing, energy, transportation are becoming the main target of APT groups sponsored by states, usually China, Russia, North Korea, Iran. As a leading report on the topic of geopolitical threats and forecasts, I can point to the Google Cloud Security report “Cybersecurity Forecast 2025”, which points to three important conclusions: Artificial intelligence will play an important role in both defense and attack strategies; Continuous monitoring and threat intelligence will be crucial for organizations; Compliance with regulations and preparation for post-quantum cryptography will play a leading role.

What businesses need to do now is to accept cybersecurity as a business issue, not just an IT infrastructure issue. Cybersecurity tomorrow will not depend on what software we use, but on how we think as an organization. This means: building a culture of security through ongoing staff training, phishing simulations, internal communication; investing in a Zero Trust architecture by strengthening access controls; updating business continuity and recovery plans; assessing and monitoring third parties – suppliers, partners. Businesses that treat cyber risk as part of their corporate strategy will survive and prosper.

Source: TechNews.bg