We talked with Andrew Buldyzhov, Chief Executive Officer at H-X Technologies about application security and best practices for remote work.
1. Please tell us a bit about your experience and how you ended up working at H-X Technologies.
We began primarily as pen testers because this is the traditional way of starting a business in cybersecurity. It’s also easier to sell, as customers can understand it better – they’re testing their systems for penetration and get immediate, tangible results. Then, we evolved into a more complex company that provides a full range of cybersecurity services. Mature businesses need more than just an occasional pen test.
Proper security is not a project but a process, when an information security management system (ISMS) controls every activity in the company. Our clients are mainly in Europe and the UK, and we have clients in Asia and America as well.
We also work with partners a lot. Other cybersecurity companies, including American ones, outsource their services with us because we can offer good quality at a competitive price. We sometimes provide white-labeling services as well. We are also proud that we teach cybersecurity specialists from big international cybersecurity companies. And of course, we also learn from our partners, share our findings and exchange experience.
2. Are most of your clients proactive or reactive? Do they usually come after they’ve faced a cybersecurity issue or vulnerability?
90% proactive, 10% reactive. Most of them come in advance.
3. Is there any recent cyber-attack that surprised or concerned you in any way?
Like some other countries (Estonia, some US states), Ukraine is developing a governmental initiative called State in Smartphone, which allows citizens to get various governmental services remotely, without any bureaucratic obstacles. The central part of this service is played by Diya application. Recently, a combination of weaknesses in the national public key infrastructure and the simplified banking identification procedure introduced during the quarantine has resulted in a new type of security incident.
A woman was not registered in the Diya application, her smartphone was not “attached” to it. The woman was cautious, didn’t tell anyone any passwords, used 2-factor authentication, etc. The crooks got a photocopy of her passport somewhere and issued a digital signature for the woman in a small bank and registered it in the Diya application on their smartphone. Then, with the help of the Diya application, the crooks issued a loan for the woman in a microcredit company. As a result, the woman faced a lengthy and costly trial, and it may still be going; at least, I haven’t heard if she has won or lost it.
Problems with the Diya app don’t end there. This application also contains the vaccination passports, and it is used for checking if a buyer is of age for alcohol and cigarettes. Because of this, delinquents make fake Diya applications and sell them. Every two weeks, the cyber police catch such offenders, who often turn out to be minors.
4. In your opinion, how did the term ‘hacker’ evolve in recent years?
Since the 1960s, when the word “hacker” appeared, it carried a purely positive meaning for 40-50 years. Then, about 10-20 years ago, the word gradually acquired a negative connotation with the meaning of “computer criminal”. According to our observations, the positive meaning still prevails. At the same time, we prefer to avoid the word “hacker” since it is ambiguous. Instead, you can use more unambiguous words like “geek”, “nerd” or “computer jock” to get a positive meaning and “computer criminal” for a negative one.
5. Name 3 cybersecurity habits every remote worker should apply.
There are some common cyber hygiene rules like “use 2FA (two-factor authentication) or 2SV (two-step verification) wherever possible and try not use solely passwords” or “backup your data, code and configurations, and test the restoration regularly”. These rules are relevant for both remote and office workers. However, remote work creates a specific threat landscape. In particular, phishing, physical threats, and attacks to routers and access points. Therefore, we can make these three most important recommendations:
1) Distrust anything you do not expect and use alternative communication channels to check it.
2) Encrypt your local disks (Bitlocker, FileVault, LUKS etc.) as soon as you have installed a new OS or at least as soon as you have read this.
3) Change the default password on your router and keep the firmware up-to-date. Consider using OpenWRT or a similar open-source firmware.