Established in 2017, Kerubiel is a leading GDPR (general data protection regulation) and cybersecurity consultancy located in Budapest, Hungary. It was founded by a renowned expert in the industry, László Dellei whose exhaustive list of certifications include CISA, CISM, CGEIT, CRISC, CISSP, CEH, OSCP, C|CISO, OSCE, CSA, CCSE, OSA, MCDBA, MCSE Security, and Certified expert witness (DS, ICT). Kerubiel’s mission is to provide complex and adaptive solutions supported by innovative applications to protect their client’s pool of information. As an organization, Dellei describes Kerubiel as an innovative scientific and professional community where experts from different fields such as information security, AI, VR, data protection, IT, and ICT technologies work together to provide support for key information infrastructures and ensuring the protection of all corporate entities from SMEs to multinational companies. As a specialist in the provision of ICT, information security, and privacy services, Kerubiel’s portfolio rests on three pillars of services. To learn how Kerubiel differentiates itself. We sat down with Founder and CEO László Dellei, who shared with us how he is steering his company to be a one-stop solution for the businesses and their security needs in an ever-changing business landscape.
“Kerubiel applies a holistic approach in which it uses all measures to solve a particular problem and tailors its solutions following the relevant standards and the expectations of the clients.”
Aspioneer (A): Starting from the three different kinds of services you offer at Kerubiel Consulting Ltd., what is the purpose behind your work? And as you move forward how are you innovating?
László Dellei (LD): Kerubiel offers unique services. The first is specialized IT and information security services, such as IT audits and information security counseling (e.g., IT risk assessment, IT security counseling), developing complex cybersecurity systems based on ITIL and AI applications, and counseling on business continuity and disaster recovery plans. In so doing, Kerubiel utilizes IT standards, such as the ISO 27000 and the NIST 800-53 controls assessment. On the other hand, the company provides complex counseling on data protection and data security measures based on GAP assessments, outsourced activities (DPO or CISO services), and other services, such as training and education. Finally, Kerubiel has a stable R&D department where projects focusing on emerging technologies, such as AI or VR, are currently underway.
Our goal is to tackle the existing issue of box solutions and fill the divide between the technical, organizational, and other measures, such as policies. Kerubiel applies a holistic approach in which it uses all measures to solve a particular problem and tailors its solutions following the relevant standards and the expectations of the clients. In 2019, Kerubiel has initiated its R&D department to keep up with industry trends. The company is participating in various R&D projects focusing on emerging technologies, such as AI or VR. One project aims to simplify cybersecurity utilizing a new AI-based solution. The other project is a VR-based health application to provide help for patients recovering from a stroke. Furthermore, Kerubiel is also developing a new IoT-based solution for the orthodontic, in close cooperation with knowledge centers, such as the University of Pisa and the University of Malta, and British and Cyprian research centers.
(A): What do you think currently is the level and impact of cyber risks to businesses? What are the key plans or strategies should businesses implement to deal with these risks?
(LD): In the information society and the so-called data-driven economy, information is the primary source of technological, economic, and social development. Online presence has become the main premise of social and commercial interactions during the global pandemic of 2020. However, the network is also increasingly vulnerable: The top threats consist of already known risks, such as phishing attacks, the vulnerability of IoT devices, deep-fakes, malware and ransomware attacks, and new ones, such as remote Worker endpoint security problems, cloud jacking, and 5G-to-WiFi Vulnerabilities. To combat these risks, companies may apply, for instance, automated patch and vulnerability management tools, backups, advanced AV/AM solutions. Each device connected to a specific system shall be protected at least by a local firewall, advanced malware protection, DNS filtering, and other encryption and secure authentication tools. Otherwise, a good cybersecurity strategy to mitigate such risks and threats is the starting point: it shall cover all assets, especially information processed throughout the operations of the entity, integrity, vulnerability and cyber threats, BCP and DRP, etc. The measure implemented thereafter may include open-source applications as well as tailor-made solutions. Open-source technologies may sound unprofessional but if applied properly, these solutions may provide the same level of protection as any other product. Finally, the company needs to periodically revise and test the measure already implemented to stay alert.
“The human factor, unprepared, or ignorant employees are especially targeted by criminals. Therefore, the best strategy to mitigate such threats is to maintain direct contact with the employees so that they know where to turn in case an adverse event occurs, and to train them.”
(A): According to you, how will the cybersecurity landscape change in the future? Besides, how do you help businesses to raise the Security IQ of their team members?
(LD): The utilization of AI technologies to protect the digital environment has become prevalent. These applications are commonly used to detect data leakages and other threats. In this respect, a certain race with time is taking place since cybercriminals and their targets, the companies, rush to develop and apply better and more intelligent technologies to exploit deficiencies on the one hand and to provide better security on the other. I think this trend will continue to become prevalent in the cybersecurity landscape. Apart from this, it is not easy to operate in a highly competitive market. Technological and legal developments constantly affect our working methods. To cope with this challenge, Kerubiel, as well as its experts, need fresh and up-to-date knowledge and skills, thus we not only work with the company but continuously train ourselves daily. Kerubiel views a trained employee as the fourth line of defense. The human factor, unprepared, or ignorant employees are especially targeted by criminals. Therefore, the best strategy to mitigate such threats is to maintain direct contact with the employees so that they know where to turn in case an adverse event occurs, and to train them. The latter is especially important when it comes to the protection of highly vulnerable infrastructures.
(A): Tell us what do you value most about your company’s culture as a CEO? What is your corporate culture and how do you demonstrate it?
(LD): Leadership may be described by two terms: inclusion and leading by example. The main strategies and issues that may arise throughout our operations are always open to discussion, and my colleagues are encouraged to take part in the decision-making processes and to share their views on specific topics. On the other hand, all employees are encouraged to widen their knowledge via training and obtaining different qualifications. As the CEO, I especially try to inspire them, therefore, I am also taking part in many of these events. As to the team, managing such a diverse and highly professional group may sometimes be challenging since there is healthy competition between each employee. But if one finds the most effective way to ensure cooperation, a forum to exchange ideas, and an overall goal to inspire the others, work becomes passion resulting in the most optimal solutions. Moving on, the thing I value the most about our culture will remain to be innovation and adaptability which makes our work an intellectual as well as a professional challenge.
(A): Forging ahead what would be your plan of action for the upcoming years?
(LD): As mentioned earlier, besides its traditional services, Kerubiel strongly focuses on R&D and the results of this work will only materialize in the upcoming years. R&D will become more central to the company’s operations. Hungary has just adopted its first, modern AI strategy which emphasizes the benefits of the technology and its applications. Kerubiel, as a member of the Hungarian AI Coalition, has contributed to this strategy and will keep on focusing on AI and related research projects. Furthermore, we are trying to establish a strong and fruitful connection in the region, cooperating with other experts. Thus, with its ever-growing clientele, valuable connections with leading experts from various fields, and with participation in national and international projects, the company strives to make an impact on a regional level. Hopefully, these developments will be as successful as our previous products.
