When businesses switched to the digital world during the pandemic, cybersecurity challenges increased. Although not many new attacks have developed, the existing ones proved to still work due to a lack of cybersecurity awareness.
Whether it’s malware, ransomware, fraud, or other types of threats, companies are always at risk of being attacked by cybercriminals. There are various consequences that can come with it – losing finances, identity theft, ruined brand reputation, and more.
While regular Internet users protect themselves using such measures like Virtual Private Networks (VPNs), organizations should make use of more complex tools, such as threat detection, investigation, and response.
For this reason, we invited Raluca Saceanu, the Chief Operating Officer of Smarttech247 – a company that offers threat intelligence with managed detection and response services. Saceanu told us about the company’s products, discussed cybersecurity for organizations and the gender gap in the field.
Can you introduce us to Smarttech247? How did this project come about?
Smarttech247 is a leader in cybersecurity operations and we help secure some of the world’s largest organizations, including the Institute of Cancer Research UK, Aryzta Global, Laya Healthcare as part of AIG group, and many more. Smarttech247 is a multi-award-winning MDR (Managed Detection & Response) company, and our platform provides threat intelligence with managed detection and response to provide actionable insights, 24/7 threat detection, investigation, and response. Our service is geared towards proactive prevention, and we do this by utilizing the latest in cloud, big data analytics, and machine learning, along with our industry leading incident response team.
As XDR solutions are starting to gain popularity, some still might not be familiar with this topic. Could you briefly explain how it is different from traditional detection and response?
Extended Detection and Response is the optimum way of gaining visibility across an organization’s entire estate. XDR collects telemetry from multiple security tools (including AV, SIEM, network, email, cloud) to detect and more importantly, correlate threat data and unknown threats. This correlation is crucial in detecting anomalous behavior as it provides security teams with data quality, not only quantity. XDR allows teams to gain information and context in order to perform meaningful investigations in a matter of minutes.
What would you consider the biggest security risks nowadays that companies should be on the lookout for?
The past two years have been defining for the cybersecurity industry – attacks have got more sophisticated, more targeted, and better executed. One of the biggest risks that organizations are facing is our supply chain. The trend for leveraging weaknesses within the supply chain to attack the better protected, more lucrative targets further up the chain shows no sign of diminishing. According to recent research by the European Union Agency for Cybersecurity (ENISA), it expects a four-fold increase in supply chain attacks in 2021 compared with last year.
The rise of supply chain attacks is down to the increased interdependencies and complexities of digitized supply processes that necessitate linking systems to implement the end-to-end supply chain forecasting, planning, ordering, and shipping needed for minimum cost just in time supply processes.
If anything, the sophistication of attacks is growing, and the willingness of attackers to devote time and resources carefully infiltrating supply chains and moving across boundaries is increasing. Indeed, the scope of organizations affected by the SolarWinds incident at the end of 2020 demonstrates how patience and persistence can deliver impressive results for well-resourced and sophisticated attackers. We are going to see the same but improved tactics of attacking supply chains in order to gain unauthorized access to data and systems with a primary target of software vendors.
In your opinion, has the pandemic altered the cybersecurity industry in any way?
The pandemic has certainly had a massive effect on the cybersecurity industry. The world has gone through an accelerated and forced digital transformation that brought more threats and more cybercrime capabilities with itself. With the rapid cloud adoption, the attack surface increased and our dependence on complex systems has paved the way for new cyber threats. One particular area that has been under constant pressure throughout the pandemic was the healthcare system. Numerous (and successful) ransomware attacks have greatly affected hospitals around the world – hospitals that were already under so much pressure due to the pandemic but unfortunately COVID-19 presented itself as an opportunity for attackers. As an example to illustrate this point, in May 2021, Ireland suffered its biggest cyberattack ever when Conti ransomware crippled the entire national health system after launching a multi-layer ransomware attack on the HSE and its affiliated hospitals.
The belief that only large and well-known companies are prone to cyberattacks is only one of many misconceptions still prevalent today. What cybersecurity myths do you come across most often?
Companies should not underestimate their value to hackers. Nowadays, it matters not what size the company is but what information it has, if it is in the supply chain of another large company, and how important their continuity of operations is. The size of the company is most definitely a common myth.
You often stress that there is a diversity problem in the cybersecurity industry. Why is this issue so serious?
Smarttech247 pride themselves in being a fully diverse workplace. We have an Equality, Diversity and Inclusion policy in place which is shared with all employees when they start at Smarttech247.
In 2020, Smarttech247 identified a gap in the cybersecurity space which is that women are underrepresented in the cybersecurity industry and account for less than a quarter of the overall workforce around the world – in particular, women are even less well represented at senior management level. While there is nothing inherent in gender that influences men to be more interested or proficient at cybersecurity, organizations often fail to try to recruit women to work in the industry. We wanted to show how gender diversity comes with growth and learning opportunities for organizations. Closing the gender gap will help pave the way for a future of gender diversity in the cybersecurity field.
At the same time the industry was facing a growing global shortage of cybersecurity professionals; we wanted to help bridge this gap and launched the Smarttech247 Woman in Cybersecurity Academy initiative in 2020. This programme was designed to help develop the skills needed to get into cybersecurity and technology. This initiative attracted women of all ages to apply, regardless of experience from other jobs. The Cybersecurity training programme prepared the participants for their first role in Cyber. The programme had a total of 45 participants. We gave them the opportunity to develop the opportunity to gain the necessary cybersecurity knowledge and 100% of them found jobs in cybersecurity after the program. Our Academy program ran in multiple locations – Cork, Bucharest, or Krakow – and allowed candidates the opportunity to do it remotely.
Our recent Women in Cybersecurity Academy is a testament of our commitment to continue to be an advocate for diversity in cybersecurity. We employ people originating from over 15 countries around the world, our current workforce is striving towards a 50-50 gender diversity goal and we believe that a diverse team contributes to collective intelligence. Cybersecurity needs more diversity in thought and action to help drive innovation, improvement and resilience, especially now as the coronavirus pandemic raises significant risks in unprecedented ways.
In your opinion, what should companies do to ensure equality and diversity in the workplace?
The first and foremost issue obviously lies in the education gender gap. In Ireland, the proportion of women pursuing science, math, and IT courses is 37.5%, and the proportion of women employed in science, research, engineering, and technology is at less than 25%. So, solving the gender gap in cybersecurity could help fix skill shortage.
Secondly, organizations need to have diversity and inclusion on their agenda of priorities. Leadership teams must foster a culture of inclusivity and sometimes, having clear and measurable objectives in terms of managing a diverse workforce can help!
What tips would you give to women looking to break into the cybersecurity industry?
I would love to see more women pursuing tech degrees, particularly cybersecurity, forensics, software development, etc. Universities offer multiple computer science degrees that students can pursue. If they are interested in working in an IT environment, particularly in cybersecurity, it is a good idea to register for at least an introduction to cybersecurity course throughout their studies, irrespective of their major.
Networking is important as well – if you are interested in breaking into a particular industry, look for network opportunities and meet as many people as possible. Look for a mentor who can guide you on your career.
What does the future hold for Smarttech247?
We have very exciting and ambitious growth plans at Smarttech247. We are building security products that will transform security for global organizations. We are in the process of listing on the stock exchange this year and we are expanding into the United States, DACH, and UK regions quite aggressively. We want to double our workforce by the end of 2022 and continue to work on our Research and Development programs to release more security products onto the market in the near future. We will also be holding our flagship conference Zero Day Con this Thursday, March 10th, in the Dublin Convention Centre as an in-person event for the first time in two years - which we are all very excited about!