Aviva Zacks of Safety Detectives sat down with H-X Technologies’ CIO Andrew Buldyzhov and asked him about his company’s app security and pen-testing services.
Safety Detective: What was your cybersecurity journey to H-X Technologies and what do you love about it?
Andrew Buldyzhov: I came from an industrial automation background. What I love about H-X is that here I can combine the two worlds, industrial automation and IT. These two domains had totally different approaches and solutions until quite recently when IoT and Industry 4.0 started.
The industrial world is now starting to use up-to-date IT solutions, which makes all the processes much more efficient and robust. But, unfortunately, there are drawbacks as well, one of the biggest ones being security. With the implementation of Internet and all those nice IT features, software and hardware, into industrial systems, we also introduce immense risk. Wherever we have all this connectivity and computing power, we also have exposure. Industrial IT systems can and will be accessed by hackers. We are already seeing examples of such intrusions into critical infrastructure.
For me, personally, this is quite a promising development in my career and a new line of business for H-X Technologies.
SD: What services does your company offer?
AB: We offer quite a wide range of services starting with penetration testing and security assessment and audits, but also, we provide managed security, compliance, and Security Operation Center (SOC). One of our strengths is application security. We work with software-as-a-service (SaaS) and other IT companies, helping them to develop software securely and teach software developers, architects, and testers.
SD: How does your company stay ahead of the competition?
AB: I think our main selling point is that we provide high quality for a very good price. We have the best quality-to-price ratio and we also have strong competencies in penetration testing, red teaming, and compliance. For example, we are among the leaders in the automotive industry. We have been the first to implement TISAX certification in Eastern Europe.
Another strong point is our versatility and flexibility. We can start with very small budgets and we have solutions for even the smallest of companies. But, of course, we are ready to tackle challenging projects for big corporate clients as well.
SD: What are the worst cyberthreats today?
AB: There was a recent attack on SolarWinds — an APT (Advanced Persistent Threat) and a supply chain attack, which was very serious. A supply chain attack means that even if your system is perfect, and you have protected it from everything, and your personnel behaves perfectly, you are still vulnerable because one of your suppliers can be hacked and you get malware from them.
Nation-states and big corporations now have their own teams of hackers. Such threats are very difficult to resist because those guys are really smart, and they constantly grow. They are very determined, and they build up their attacks step by step. It may take them years, sometimes, to penetrate a system, and then they can stay there for years. So I think this is the biggest threat at the moment.
SD: How do you think cybersecurity is going to change now that we’re living through this pandemic?
AB: Since the pandemic and quarantine started, cybersecurity is becoming more and more important for technical, psychological, and social reasons. The technical reason is, obviously, that we are all working remotely, and so we are lacking the protection of the company perimeter and have limited support from IT departments.
Psychologically, people are more agitated, and they are more susceptible to attacks. They can follow hackers’ links connected to COVID cures or other solutions to their problems.
And socially, your kids and even pets can play on your keyboard if you leave it unlocked. And that is also a cybersecurity risk, albeit not a usual one.