Interview with Pierpaolo Ali, director for Southern Europe, Russia, CIS, CEE & Israel at CyberRes

“The concept of cybersecurity gives way to the idea of ​​cyber resilience – the ability to keep working during and after a cyber attack”, says Pierpaolo Ali, director for Southern Europe, Russia, CIS, CEE & Israel at CyberRes

Cybercriminals are becoming better organized and specialized in each phase of their chain of action. They are well equipped to design and execute targeted attacks using ransom and data filtering software to quickly generate revenue. Attack tools and target information are easily collected and shared through closed channels, making it difficult for cybersecurity centers on mission to identify attacks in a timely manner and prevent breaches, said Pierpaolo Ali, director for southern Europe, Russia, CIS, CEE & Israel. CyberRes – Micro Focus Line of Business, and one of the leading speakers at the conference InfoSec SEE 2022, organized by COMPUTER 2000 Bulgaria on June 19-22 at Lighthouse Golf & Spa Resort Bulgaria.

“Knowing the corporate security stance is more important today than ever,” says Ali. This includes knowledge of the level of risk of company applications, data, the level of compliance with regulations, the presence of a clear vision not only of what is happening in the company, but also in other similar companies in other parts of the world. Such clarity helps to form clear processes that can be applied both for prevention and in response to specific cyberattacks.

CYBERRES is a Micro Focus line of business. They bring the expertise of one of the world’s largest security portfolios to help their customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. CYBERRES are here to help enterprises accelerate trust, reliability, and survivability through times of adversity, crisis, and business volatility. CYBERRES are a part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow’s opportunities.

Cybercrime and cybersecurity rapidly evolved during the last 2,5 years. Which is the biggest cyber threat today? Is it external or is it internal?

Criminal actors are becoming more organized and specialized in every single phase of the kill chain. They are equipped to develop and execute highly targeted attacks by vertical and industry, mainly leveraging ransomware and data exfiltration to monetize quickly. Attack tools and target information are easily collected and shared through a closed channel (e.g., Telegram) and makes it difficult for cyber defense centers to identify attacks early and prevent breaches.
The question is no longer therefore whether an internal or external threat is more dangerous or active, the “position” no longer exists, and if we wanted to indicate a parameter that increases the level of risk of a company or where it should concentrate its cyber resilience technologies and skills are the processes.
Engineering must now concentrate on creating processes that are lean but sufficiently safe, based on what the level of risk applied to the business or service is: doing so is not always simple, because it involves the precise knowledge of the corporate posture in the security: knowing the risk level of your applications, your data, the level of compliance with regulations, having a clear vision not only of what is happening in the company but also in similar companies in other parts of the world helps to create clear processes that can be triggered both in prevention and in response to cyber-attacks.

Business managers and HR experts often talk about “The Great Resignation” – workers tend to be leaving employers that do not respect people’s need for a better work/life balance. Does this trend cause any implications on IT security? If yes, could you please elaborate.

This trend is a recent social attitude that is globally active especially in recent years: the capitalist model is no longer an ideal for some segments of the population, especially in the most developed countries, the quality of life as a value no longer has to do with the profit or material well-being; having said this and returning to the “small” community of cybersecurity professionals, it is true that such a trend could also impact this specific group of workers, and doing so will cause trouble.
Recently Bloomberg in an article on the Cyber Knowledge Gap indicated that the number of vacancies in this sector in the USA alone was 600,000 and indicated that job offers had doubled in one year; according to an analysis by the Oxford University European companies are never able to fill the gap of expert figures in the cyber sector.
In the next few years, therefore, this skill shortage will lead to a situation of suffering for companies, the form of which could precipitate an alarm situation in the event of a high level of cybercrime activity which, as we have seen recently, peaks in times of political crisis or humanitarian: companies will therefore have to move towards serious retention policies for their internal talents by offering advantageous working conditions that could also have to do with their quality of life.

In an effort to have their data and IT systems well protected, a lot of organizations have implemented tens of different IT security solutions. And still there are data breaches, data leaks, unplanned downtime – why does this happen?

This trend of increasing cyber-attacks suffered by companies that seems not to meet the expectations linked to a greater number of investments by companies is not really surprising, at least not those involved in this sector.
This amazement arises from an incorrect knowledge of the world of “attackers”: it is mistakenly thought that large companies should always have a greater capacity than a small group of bright and very intelligent young people, but the scenario has changed a few years ago!
Cybercrime is now perpetuated by groups that are real companies that have enormous revenues (cryptocurrencies, cybercrime profits) that continually reinvest in technology and human resources.
The best experts (although not all, thank goodness) work on the dark side and have a capacity for technological discovery and rapid change that large companies, or worse still nations, do not have often they are always one step ahead.
Precisely for this reason we no longer speak of defense but of resilience: aware of the fact that it is impossible to be completely safe, it is necessary to change our attitude and turn to technologies that are able more than to block attackers, to know how to effectively contain damage in case of attack, this is the purpose of cyber resilience which has now globally taken the place of cybersecurity, assuming a space more intrinsically connected to that of the corporate business than to the IT world.
CyberResilience is the attitude of always having the provision of the service and the ability to do business even during or after an attack that we can no longer exclude from our business plans, but that we must study and be ready to suffer with the appropriate technologies and postures organizational.

Now that the IT defense is so very complicated, how shall organizations move on – is there a way to get out of this complexity?

Approach is everything. Most organizations have already in place several technologies to protect their assets following the layered security best practices. But digital transformation, move to cloud, adoption of microservices, pervasive diffusion of AI/ML-driven applications and other factors have deeply changed the way IT works, and security solutions must be simplified and updated wisely as well to address this new landscape. First step is running a thorough assessment of assets, risk surface, protections in place, procedures and processes in place, skills and resources. Then, based on the outcomes, investment must be prioritized to complement or replace the most obsolete technologies and leverage AI/ML as much as possible to do less with more. SOAR solutions shall be adopted and learned to add automation and orchestration to threat analysis and incident management.

How far shall organizations rely on the promise of “Security as a Service”?

Not all organizations are made equal in terms of size, business mission, risk exposition, cybersecurity posture and awareness so there’s not a one-size-fits-all answer. Generally speaking security governance, strategy and risk management should stay within the company and part of the security operations, audit and monitoring services can be outsourced. Several service models are available in the market and the selection must be based on company reputation, expected service levels, complexity of internal IT and data environment, company dynamics based on M&As and other shaking events. Outsourced services should never become a bottleneck for the organization but simplifying the information security management process with cost optimization. And it’s not always true so Sec-aaS should be carefully evaluated case by case.

Moving IT security into the cloud – does this change the role and the responsibilities of IT security departments, IT security pros?

IT Security must keep its leading role more and more in this highly transformational age. Moving to cloud and rapid growth of public cloud adoption is changing the paradigm of IT security and widening the perimeter of action of CISOs and security professionals. Data and assets are spread across traditional on-premises, cloud and SaaS systems and applying the proper level of protection, prevention, monitoring, auditing and access control can be a real challenge. Business and architectures move faster then security and the main role of IT departments is keeping the pace of these changes and addressing the new threats they generate. In terms of skillsets security experts must be updated about how main public clouds work, their proprietary mechanisms, the security features they provide and what dark spots they leave. Traditional cybersecurity knowledge isn’t sufficient anymore.

Would you agree that “today’s attacks target people, not technology”? If yes, what’s the best solution?

In my opinion today’s attacks target data and core assets through people. Ransomware campaigns target individuals or companies locking their data to get paid. Cyber criminals target IT/OT/IoT systems, networks, and every possible entry point to get access to valuable data, exfiltrate and monetize them quickly. Nation-state attacks work at a different level and their prevention is a responsibility of governments and intelligence agencies. For most organizations the best protection is a mix of solutions: strong zero trust access implementation and governance; solid threat intelligence, detection, and response in place at Cyber Defense Center/SOC level; data centric security approach to secure sensitive data and personal information from breaches; comprehensive application security process implemented and maintained at DevOps level to reduce the intrinsic risk surface of exposed application and mobile apps. And a maniacal governance in place.

You will participate in InfoSec SEE 2022, the largest cybersecurity forum in our region, organized by COMPUTER 2000, can you say a few words about your participation.

COMPUTER 2000 is definitely one of our best Value-Added distributor, I’m proud of them and the great activity they are doing in the region, attending this event is for me an Honor as it is having the opportunity to briefly pitch CyberRes strategy and plan for the future.