Paula Januskiewicz: Understanding infrastructure is not the same as knowing how to attack it

31. 7. 2024

The number of cyberattacks will not decrease. Let's face it and defend ourselves. This is how one could sum up the words of Paula Januszkiewicz, a Polish cybersecurity expert who spoke this spring at Security 2024, Aricoma's annual conference about IT security trends. Januszkiewicz, whose company CQURE has four offices around the world, spoke about why companies and institutions can't resist attacks, how to get more experts, and where the industry is headed.

Actually, it's a paradox. We all already know the importance of cyber security, and we have the tools to make it happen. Yet the number of incidents and their negative consequences continues to grow. How is this possible?

Actually, it's a paradox. We all already know the importance of cyber security, and we have the tools to make it happen. Yet the number of incidents and their negative consequences continues to grow. How is this possible?

"Imagine your day is packed with tasks, but you know you won't be able to complete them in 24 hours. So you have to accept a certain level of risk, and you don't know in advance how big that level is. Cybersecurity as a field is very broad, and it is difficult for administrators to take into account all aspects and risks at once," Januskiewicz explains her view, and just simple data from the Czech National Office for Cyber and Information Security proves her right. It recorded double the number of incidents in 2023 compared to 2022.

Businesses and institutions know this and are taking the security of their networks and technologies far more seriously than before. Even so, in the never-ending battle, they're more like a cop chasing a thief. The energy spent on solving problems and preventing them is still too little, or going in the wrong direction.

The best defenders are those who are most worried about business

"We lack experts, some detection systems are set up poorly so people then ignore alerts, organisations lack plans on how to behave in the event of an attack, and new threats associated with the advent of artificial intelligence add to this," Paula lists the most common problems as she, along with more than 60 colleagues, helps set up security and deal with the aftermath of attacks around the world.

Their clients include governments, banking institutions, companies in the oil and gas industry, as well as manufacturing companies and hospitals. And if Januskiewicz has observed anything, it's that the companies that take the best care of protecting their networks and technology are those that value their business the most. "Banks are a good example. They know that the most valuable thing they have is their trust and reputation and they don't want to lose anything at any cost," she explains.

2024-03-28_TOM2225.jpg

She and her colleagues help with acute incidents, but more often they conduct comprehensive infrastructure audits before an incident occurs. "It happens repeatedly that companies don't have enough trained staff to deal with the situation, and that's when our expertise proves crucial. It's not that cybersecurity is not appealing, it's more that in our industry you have to learn a lot of new information beyond the normal IT and, more importantly, a different point of view. Knowing the infrastructure helps, but you don't build it, you have to know how to attack it," Januskiewicz flips the optics.

For many professionals, she says, this can then lead to feelings of insecurity: "Do I know enough?" "I am well aware of most of the developments in my field, it's my passion and my profession, I follow it. But I don't know about every new tool, I haven't read all the new research. I stay informed enough to be confident in my knowledge and skills. That if a customer is targeted, I'll always know what to do. But I understand that for newcomers to the industry, this constant flow of information can be overwhelming," she admits. That's also why she advocates the approach that you can't operate as a solitaire in cybersecurity, but have to network and share all the time. Because at any given moment, someone in the world is experiencing a new attack, which can then help other people. And by the way, this is why the Security conference exists.

2024-03-28_TOM1929.jpg

Paula Januszkiewicz

CEO and founder of CQURE, cybersecurity expert, penetration tester and trainer, Microsoft MVP and Microsoft Regional Director. A world-class cybersecurity expert, she provides consultation to customers worldwide. A 2017 graduate of Harvard Business School, she speaks at the world's largest conferences, conducts penetration testing, architecture consulting, training and workshops. She is a member of the technical advisory board at the Royal Bank of Scotland/Natwest. And to top it off, she has access to Windows source code.

"In our industry you have to learn a lot of new information beyond the normal IT and especially a different point of view. Knowing the infrastructure helps, but you don't build it, you have to know how to attack it."

Czechs want to help, but it has to be simple. So we made it possible for them

7. 1. 2025

The need to adapt, to deal with server and database capacity, to scale. When you say charity, you don't associate any of those words with it. But David Procházka, the founder of Donio, the largest and well-known donation platform in the Czech Republic, doesn't tend to think that way. On the contrary, he talks about Donio as a technological tool that facilitates help. In the interview, he explains what it entails and what has made it so popular. He and his team have managed to solve old problems much more efficiently using new tools.

Let's ask children not only about how was school but also what’s up online

30. 12. 2024

It is pretty hard to imagine a job, a school day or life in general without computers, phones and technology in general. But daily exposure to them has an impact on people and contributes to shaping their lives. How can we make the most of them, the positive side, and not be influenced by the negative side? This is what psychologist David Šmahel has been researching at Masaryk University (MU) for years. In contrast to others, you will not hear apocalyptic scenarios from him. Instead, he speaks engagingly about all the consequences of the digitalisation of life that we are still unaware of. 

The future of AI? ChatGPT-based language models for businesses

22. 11. 2024

Chances are, you're already familiar with it and are no stranger to the word "prompt". The use of generative AI tools has massively increased in recent months, but they can't be used everywhere. Sensitive corporate data doesn't belong in the public domain. So people are looking for ways to create protected systems that allow analysis and generation of information without data leaks. Aricoma's specialised team is working on this and has therefore also teamed up with the mathematics institute of the Brno University of Technology.