Aspioneer (A): Starting from the three different kinds of services you offer at Kerubiel Consulting Ltd., what is the purpose behind your work? And as you move forward how are you innovating?
László Dellei (LD): Kerubiel offers unique services. The first is specialized IT and information security services, such as IT audits and information security counseling (e.g., IT risk assessment, IT security counseling), developing complex cybersecurity systems based on ITIL and AI applications, and counseling on business continuity and disaster recovery plans. In so doing, Kerubiel utilizes IT standards, such as the ISO 27000 and the NIST 800-53 controls assessment. On the other hand, the company provides complex counseling on data protection and data security measures based on GAP assessments, outsourced activities (DPO or CISO services), and other services, such as training and education. Finally, Kerubiel has a stable R&D department where projects focusing on emerging technologies, such as AI or VR, are currently underway.
Our goal is to tackle the existing issue of box solutions and fill the divide between the technical, organizational, and other measures, such as policies. Kerubiel applies a holistic approach in which it uses all measures to solve a particular problem and tailors its solutions following the relevant standards and the expectations of the clients. In 2019, Kerubiel has initiated its R&D department to keep up with industry trends. The company is participating in various R&D projects focusing on emerging technologies, such as AI or VR. One project aims to simplify cybersecurity utilizing a new AI-based solution. The other project is a VR-based health application to provide help for patients recovering from a stroke. Furthermore, Kerubiel is also developing a new IoT-based solution for the orthodontic, in close cooperation with knowledge centers, such as the University of Pisa and the University of Malta, and British and Cyprian research centers.
(A): What do you think currently is the level and impact of cyber risks to businesses? What are the key plans or strategies should businesses implement to deal with these risks?
(LD): In the information society and the so-called data-driven economy, information is the primary source of technological, economic, and social development. Online presence has become the main premise of social and commercial interactions during the global pandemic of 2020. However, the network is also increasingly vulnerable: The top threats consist of already known risks, such as phishing attacks, the vulnerability of IoT devices, deep-fakes, malware and ransomware attacks, and new ones, such as remote Worker endpoint security problems, cloud jacking, and 5G-to-WiFi Vulnerabilities. To combat these risks, companies may apply, for instance, automated patch and vulnerability management tools, backups, advanced AV/AM solutions. Each device connected to a specific system shall be protected at least by a local firewall, advanced malware protection, DNS filtering, and other encryption and secure authentication tools. Otherwise, a good cybersecurity strategy to mitigate such risks and threats is the starting point: it shall cover all assets, especially information processed throughout the operations of the entity, integrity, vulnerability and cyber threats, BCP and DRP, etc. The measure implemented thereafter may include open-source applications as well as tailor-made solutions. Open-source technologies may sound unprofessional but if applied properly, these solutions may provide the same level of protection as any other product. Finally, the company needs to periodically revise and test the measure already implemented to stay alert.