12 Days of Security: Day 4

Speaker 1: Hello. Hello, everybody. Welcome to the 12 days of security. Today I am here with Liora Amina Berisha. My name is Akira Brand and I am your host for today. Liora, welcome.

Speaker 2: Thanks a lot, Akira, it’s really nice to see you.

Speaker 1: Nice to see you, too. For our listeners, Liora and I sometimes play head wars together so we know each other not only from Brite, but we’re also gaming buddies. So this is really cool to be able to interview you today for this little mini-podcast series. Liora, can you tell our listeners a bit about what you do at Brite?

Speaker 2: Okay, so my name is Liora Amina Berisha, and I’m from Sarajevo. It’s Bosnia and Herzegovina, located in Europe. Currently, I’m a customer support lead and I most of the time I work with cybersecurity support, let’s call it like that. Regarding our DAAS solution, and we do a lot of security work and a lot of different environments and everything. It’s really dynamic position and I’m happy to be in Brite in the first place.

Speaker 1: Nice. And how long have you been with Brite?

Speaker 2: I was two times with Brite. My first time was in the very early beginning of Brite Security. We called the company New Religion back then, and for now I’m a one and a half year.

Speaker 1: Nice. All right. Nice. Right on. Right on. So you joined a little bit before I did, but we’re kind of around the same. The same marker of time, which is cool. Yeah. Nice. So, Laura, tell me what happened this year in cybersecurity that really stood out to you?

Speaker 2: I wouldn’t start with this year, but a few years earlier, because we had that pandemic and all the dynamic movement in the interrelations of the Internet security and users companies and everything that happened within the pandemic era. So I think that attacks that mostly requires human interaction like social engineering, phishing, ransomware and other things persist nowadays. And they present a huge threat to not only end users but companies and different businesses around the world. Like we all know that most of the news, at least most of the news, is on daily basis, actually have some things about data breaches from the big companies, big data breaches and everything that’s going on in this digital digitalized era. So I think that this year we suffered a lot from data breaches, especially for end users and companies, and that we will see a very, very big fuss about that in the next period, especially in the context of of that persistent issue. I read some statistic about cyber attacks this year and it was more than 30% in raised and the past years. So we can expect a lot of dynamic in cyber attacks for the years to come.

Speaker 1: Well, 30% is not a small number.

Speaker 2: Yeah, it’s really big number. When you when you rethink about positions of many companies or many end users that are not that safe on the Internet, and even when you’re connected with your computer on the Internet, you’re already in some kind of vulnerability. So it can be in vulnerable position, sorry. So it can be very hard to put some shields up for that or vulnerabilities we currently have. But we can try to maximize our effort to be safer than years than past years.

Speaker 1: That’s a good way to put it. Like, you know, when you connect to the Internet, you’re right. You’re kind of inherently unsafe. But maximizing that effort so that you can get more toward that goal is a is a noble a noble effort for sure. For sure.

Speaker 2: Yeah. I also think that one of the biggest threats that we actually see for years, it’s inadequate security, education in many fields like formal education and formal educations, business places, company places. I don’t think that education is that valuable in terms of current trends, but we need to raise our effort to maximize that effort in education of end users of companies, and to have adequate education for employees in different companies and different sectors. Like, for example, health care will be will be a very, very hot topic in information security and cybersecurity following all the ransom attacks and things that are currently going on in cybersecurity dynamics.

Speaker 1: Yeah, I mean, that education component is such a key missing either for people that want to get into cybersecurity, it’s hard for people to learn the skills that they’re just not taught in post secondary education. They’re not taught in things like high schools. And then of course, sometimes training can be a burden when it’s done on the job. And so people can sometimes see cybersecurity training as this thing that they maybe don’t want to mess with. And that’s that doesn’t help anybody. Of course, that makes that makes perfect sense, which actually leads me. I’m so sorry. Which leads me to our next question, which is you personally, what challenges did you face this past year and how did you overcome them?

Speaker 2: So most of the challenges in my professional life are connected with user environments. So we face a lot of challenges in terms of how to deal with technology. As you know, algorithms are perfect, but we are humans and we sometimes can make mistakes. So it’s not worth if I say that it’s not it’s not bad if you make some mistakes, but if you make really large mistakes and you don’t secure yourself in time, that can be very huge loss for company and your professional environment. So it’s really important to work on different skills every day and different security models to ensure that everything is in perfect order. All the things that are normal in communication channels like spam and phishing to to shield up against that kind of attacks and to recognize them on time because that that is that are the attacks that requires human interaction and that requires strong and user security behavior. So I will rethink my position in this year regarding cyber attacks and I will put phishing and spam as my common security incidents. I have of course, nobody failed for that, but we have a really lot of attempts to make us vulnerable.

Speaker 1: So it sounds like there’s a lot of preying upon the human element of things.

Speaker 2: Yes, actually. And we as the world globally, we have a lot of issues with under-development, digitalization, efforts. So many people doesn’t have proper resources to educate themselves against this kind of attacks. And they we have of course, we have a lot of different aspects of inequality in this world. So cybersecurity education is one of them. But in our professional atmosphere, we have adequate education in fields of cybersecurity and all the relevant new technology trends. So I’m very proud that Bright is putting a lot of effort in cybersecurity and helping employees to deal with different issues.

Speaker 1: Yeah, absolutely. Again, it kind of circles all the way back to that education component. We got people or what? So next year, looking into the future, you have a magic eight ball. What do you predict will happen next year, for good and for worse?

Speaker 2: Okay. I don’t have a terrorist card with me right now, but I think that I think that we will more seem to have to maximize privacy and data centric security, especially human security that will correlate with different environments. For example, I think that the world will be moving and shifting in terms of the adoption of privacy and change. Enchanting software. And in the end, hardware alone as one of potential vulnerabilities for different actors in cyber world is outdated hardware. So I think that software and hardware will be in a focus in the next years. But also I am rethinking a lot role of artificial intelligence and machine learning in the future of cybersecurity models. As we know that artificial intelligence and machine learning can numerously and change and chance cybersecurity, but it can also be used by malicious actors in the cyber world to, for example, identify patterns of vulnerability, especially new ones or track user behavior with artificial intelligence and vulnerable systems, and with that, to exploit and gain different benefits. That benefits can vary as bad or malicious actors can find financial gain in different data breaches or ransoms or anything that is that is very trendy nowadays. And I think that shifting security model will be in the next years will be more oriented towards end users and developer for security model in a company and business world, including mass erasing companies that will apply some security models and follow up with cybersecurity trends. As some statistics are saying that about 60% of companies didn’t implement any security model. So it’s really important to rethink, again, if you need cybersecurity or information security, just to make sure that your losses will be minimized in terms of potential risks and attacks that can occur.

Speaker 1: I know that A.I. and cybersecurity especially is a very hot topic right now, just with the kind of buzz going on around things like Chat, GPT and things of this nature. And it’s interesting to think that not only can it hinder, but it can also help, right? As these models get more and more sophisticated, they will be able to help human operators find vulnerabilities as well and shore up against them. So that’s that’s a very interesting point. So it seems that a lot with a lot of technology right now, there’s a there’s two sides to the same coin, right? There’s a good side and there’s a bad side almost for every single tech out there right now. Yes.

Speaker 2: But if we can gain more benefits from artificial intelligence and machine learning in terms of I don’t know that solutions or anything else, we can use that against malicious actors and malicious situations in the cyber environment. But also we can expect that that kind of threats will raise and it’s bad and good cop in these terms. So we can always make the best effort out of something to make sure that everything is under control. Let’s call it like that.

Speaker 1: Absolutely. And again, kind of circling back to that earlier point, too, of like just giving that best effort is what’s important right now. It’s not necessarily perfection, but to get as close as we can to that. Absolutely. That makes sense. So my last question for you is, what security gift do you want for the holidays? So what we mean by this is it could be literally a gift like, I don’t know, like a machine that is impermeable to attacks or something like that or wish that you have such as every developer gets secure code training and passes with flying colors.

Speaker 2: Um, I will repeat one sentence. We cannot achieve 100% of security, but we can rethink security as a process of maximizing our efforts to minimize our risks and losses if account if attack happens. So it’s really important to put efforts and keep our shields up. I would like to see more increase in development in developer first security and also increase in privacy security and anonymity oriented models for end users and all humans in in this planet. And also I would like to see rise of the efforts for for a relationship of technology and nature. I would like to see how technology can help us to preserve this beautiful nature we have and to to help animals and plants and everything that is currently under the attack of difference modern things. And I would like I would I would really like to see if technology can can propose some new models of preserving the nature.

Speaker 1: I personally resonate with that on a very deep level. So I really appreciate you saying that. That’s beautiful. I think that if we can. We can secure humans and secure nature at the same time, then I think we will have absolutely one in our lifetime for sure. Absolutely.

Speaker 2: We can use technology for so many good things that we each day we get up with some new ideas and we have all the resources in the world to make that happen. So let’s unite and do the best for everybody.

Speaker 1: I agree. I agree. All right, everybody. This has been the 12 days of security with lira. Lira. Thank you so much for your time. It was a pleasure speaking with you. And to all of our listeners, thank you again for tuning in. We hope to see you at brightsec.com to check out our product and learn a little bit more about us. That’s how you can find us out. And happy holidays from all of us here, Bright. And we’ll see you next time. Bye bye