One of the greatest benefits of cybersecurity outsourcing is that in critical moments the client has all the resources of the outer company at hand, which is usually substantially bigger than the cybersecurity staff in a bank. This was a comment by Ivo Dimitrov from AMATAS, given at the conference “Challenges for the cybersecurity of informational systems of financial institutions and their mobile services”, organized by the ‘Banker’ newspaper. Dimitrov and one more member of the company – Lyubomir Tulev, presented the possibilities for cybersecurity outsourcing in the financial sector.
The event was opened by Bistra Georgieva, Chief editor at ‘Banker’. Among the other lecturers at the conference were: Yavor Kolev, Head of the Cybersecurity Department of the General Directorate Combating Organised Crime, and representatives of some of the largest banking institutions and organisations in Bulgaria, such as Unicredit Bulbank, DSK, Fibank, Association of the banks in Bulgaria, et al.
“The cybersecurity service provider is capable of providing expertise, which is not accessible internally to the organization. This is totally understandable as specialized companies invest in their staff development precisely in this direction. Whereas banks allocate small part of their general budget for cybersecurity training of their staff”, Ivo Dimitrov explained – Cybersecurity Managed Services Manager at AMATAS.
He spoke about numerous instruments used by specialized companies in the cybersecurity sphere, which help their clients protect from a series of threats. Some of them are based on artificial intelligence and learn autonomously according to the behaviour in internet. Part of the programs and tests which Ivo Dimitrov presented, are specially devised for banks and other financial institutions.
Lubomir Tulev, cybersecurity expert at AMATAS, said that outsourcing primarily depends on trust between the client company and the firm taking care of its cybersecurity. He revealed that some of the most popular services in the sphere are social engineering and cyber forensic services. They are applicable in the frequently used attacks called “phishing”, “smishing” and “vishing” – misleading messages on different channels (email, sms and voice call). He demonstrated through one of his colleagues, who was unaware of the situation, how a simple app can make a name from your address book to appear on your phone screen although he/she is not calling you (but a hacker).
“The person is always the least protected factor. When the cybercriminal attacks a person, its chances to succeed are much greater”, Tulev said.
Therefore, simulations of potential hazardous situations are really important when cybersecurity experts work with company’s staff members. Targeted trainings, which are specially prepared for a company, are incomparably better than the plethora of general information available online.