On technology From Europe Interesting people

Paula Januskiewicz: Understanding infrastructure is not the same as knowing how to attack it

31. 7. 2024

The number of cyberattacks will not decrease. Let's face it and defend ourselves. This is how one could sum up the words of Paula Januszkiewicz, a Polish cybersecurity expert who spoke this spring at Security 2024, Aricoma's annual conference about IT security trends. Januszkiewicz, whose company CQURE has four offices around the world, spoke about why companies and institutions can't resist attacks, how to get more experts, and where the industry is headed.

Actually, it's a paradox. We all already know the importance of cyber security, and we have the tools to make it happen. Yet the number of incidents and their negative consequences continues to grow. How is this possible?

Actually, it's a paradox. We all already know the importance of cyber security, and we have the tools to make it happen. Yet the number of incidents and their negative consequences continues to grow. How is this possible?

"Imagine your day is packed with tasks, but you know you won't be able to complete them in 24 hours. So you have to accept a certain level of risk, and you don't know in advance how big that level is. Cybersecurity as a field is very broad, and it is difficult for administrators to take into account all aspects and risks at once," Januskiewicz explains her view, and just simple data from the Czech National Office for Cyber and Information Security proves her right. It recorded double the number of incidents in 2023 compared to 2022.

Businesses and institutions know this and are taking the security of their networks and technologies far more seriously than before. Even so, in the never-ending battle, they're more like a cop chasing a thief. The energy spent on solving problems and preventing them is still too little, or going in the wrong direction.

The best defenders are those who are most worried about business

"We lack experts, some detection systems are set up poorly so people then ignore alerts, organisations lack plans on how to behave in the event of an attack, and new threats associated with the advent of artificial intelligence add to this," Paula lists the most common problems as she, along with more than 60 colleagues, helps set up security and deal with the aftermath of attacks around the world.

Their clients include governments, banking institutions, companies in the oil and gas industry, as well as manufacturing companies and hospitals. And if Januskiewicz has observed anything, it's that the companies that take the best care of protecting their networks and technology are those that value their business the most. "Banks are a good example. They know that the most valuable thing they have is their trust and reputation and they don't want to lose anything at any cost," she explains.

2024-03-28_TOM2225.jpg

She and her colleagues help with acute incidents, but more often they conduct comprehensive infrastructure audits before an incident occurs. "It happens repeatedly that companies don't have enough trained staff to deal with the situation, and that's when our expertise proves crucial. It's not that cybersecurity is not appealing, it's more that in our industry you have to learn a lot of new information beyond the normal IT and, more importantly, a different point of view. Knowing the infrastructure helps, but you don't build it, you have to know how to attack it," Januskiewicz flips the optics.

For many professionals, she says, this can then lead to feelings of insecurity: "Do I know enough?" "I am well aware of most of the developments in my field, it's my passion and my profession, I follow it. But I don't know about every new tool, I haven't read all the new research. I stay informed enough to be confident in my knowledge and skills. That if a customer is targeted, I'll always know what to do. But I understand that for newcomers to the industry, this constant flow of information can be overwhelming," she admits. That's also why she advocates the approach that you can't operate as a solitaire in cybersecurity, but have to network and share all the time. Because at any given moment, someone in the world is experiencing a new attack, which can then help other people. And by the way, this is why the Security conference exists.

2024-03-28_TOM1929.jpg

Paula Januszkiewicz

CEO and founder of CQURE, cybersecurity expert, penetration tester and trainer, Microsoft MVP and Microsoft Regional Director. A world-class cybersecurity expert, she provides consultation to customers worldwide. A 2017 graduate of Harvard Business School, she speaks at the world's largest conferences, conducts penetration testing, architecture consulting, training and workshops. She is a member of the technical advisory board at the Royal Bank of Scotland/Natwest. And to top it off, she has access to Windows source code.

"In our industry you have to learn a lot of new information beyond the normal IT and especially a different point of view. Knowing the infrastructure helps, but you don't build it, you have to know how to attack it."

Interesting people

Around the world on a motorbike in 606 days

11. 6. 2024

 

65,000 kilometres, 22 countries and 606 days. In 2016, motorcyclist and traveller Vojta Lavický set off with his then-girlfriend on the trip of a lifetime around the world. Thanks to this, he saw with his own eyes the remote villages of Peru and Huascarán National Park, the yurt pastures and wild horses of Kyrgyzstan or the Mongolian lunar-like landscape. The trip showed him many times that even bad things are good for something in the end and that the most important thing about travelling is to have the courage to actually go.
Interesting people

In time we will also protect AI works, but it still takes evolution

13. 12. 2023

 

New technology has arrived and with it a lot of new questions. How many times have you experienced this? Lawyer Petra Dolejšová has done it many times, and right now she is dealing with almost nothing but the legal aspects of using artificial intelligence. "We revolve around questions of who owns the output from AI, whether it is possible to generate images of specific people and whether you can use styles such as of the painter Mucha or heroes from Marvel movies. All of this is legally quite clear, but it turns out that people are still grasping the essence of copyright law," muses the expert, who believes we have much bigger thinking to do - who do we "pin" responsibility to for any potential transgressions of technology.
Interesting people

Hackers are not warriors in hoodies, but entrepreneurs

21. 6. 2023

 

When experts from Aricoma, a leading Czech cybersecurity firm among others, issued their industry outlook for this year, the message was clear: the number of hacktivist and politically-oriented cyberattacks will continue to rise. Why is this happening? Who are the people behind the attacks? And most importantly, how to resist their efforts? Maroš Barabas (MB) and Filip Zvařič (FZ) answer all this in our interview. And they point out that we often misunderstand what motivates attackers
Other articles
We care about your privacy

We use cookie identifiers that are necessary for the functionality of the website. By clicking on the "I understand" button, you also agree to use other types of cookies for statistical traffic measurement or to customize content and target marketing according to your interests.

The consent granted in this way can be revoked at any time or set according to your preferences. In the "Cookie Settings" option, you can find more detailed information on the whole issue.

I understand Cookies settings Only necessary cookies