What does taking care of a company’s cybersecurity involve in practice?

Michał Bednarczyk – an IT specialist with extensive experience in implementing ITSM systems for public and financial institutions. For several years, he has been involved in implementing and developing IT security systems, particularly solutions in the field of security task automation. Currently, he is engaged in the development of a SOAR-class system for BNP Paribas CIB.

IT specialists today bear greater responsibility than ever for cybersecurity. The security of systems operated by companies and their often highly sensitive data is an absolute priority for practically all enterprises, especially global giants. Employers place immense importance on the experience and practical skills of candidates in this area.

What kind of IT engineers are safeguarding cybersecurity?

The number of people employed with a focus on cybersecurity depends on the size of the organization. The largest companies, especially those in sectors where data security is particularly crucial (such as financial organizations), have the most extensive structures in this regard.

Typically, specialists are responsible for:

• workstation security
• network security
• responding to detected security incidents

In the latter case, it is most often analysts working in Security Operations Centers (SOCs) who, by verifying logs and events in systems and networks, can determine the impact and consequences of a security incident.

Various tools and systems are used in each of these roles. Starting from network firewalls, through protection against malware on servers and workstations, to application layer network traffic decryption. Individual systems detect potentially harmful events and inform administrators and analysts about incidents.

What are SIEM and SOAR systems?

In the case of cybersecurity, support from IT engineers with the right knowledge and familiarity with solutions is extremely important. However, for their work to be as smooth and effective as possible, appropriate security task automation systems are needed. These are SIEM and SOAR class systems. The former gather and correlate entries from device logs and security systems. The latter provide automation of security tasks, analysis, and enrichment of events based on predefined playbooks, reflecting the typical work of a security analyst. SOAR systems can also automatically respond to detected threats and update policies on organization devices and security systems.

Companies emphasize absolute professionalism

A company that falls victim to cybercriminals can lose its data, good name, and customer trust. All of this translates into real costs. Criminal groups can monitor the resources of a potential victim, track employee habits, attempt to impersonate an employee, or infect a workstation with malware using attack techniques that may not be widely known.

Considering these elements, it is not enough to simply have security systems; proper administration of these systems is crucial, as is tracking information in the cybercriminal world (assisted by Threat Intelligence systems) and promptly responding to detected vulnerabilities in one’s own infrastructure. Obtaining information about an employee’s credential leak and promptly forcing their change in the domain will prevent an intruder from accessing the company’s internal network.

Also, considering that current military conflicts are associated with simultaneous attacks on the teleinformatics infrastructure of strategic enterprises and state institutions, ensuring cybersecurity plays an increasingly significant role in companies’ operations. There are no half measures here – employers seek specialists whom they are confident approach their work professionally and continually develop their skills.

This is how the cybersecurity industry is changing

Currently, cybersecurity specialists face many challenges. First and foremost, attack techniques are changing. For example, in the past, a workstation only required an antivirus based on known malware signatures. A firewall was sufficient for networks. Nowadays, workstations require tools capable of detecting malware based on its activity (behavioral analysis). This necessitates the use of increasingly sophisticated security systems, thereby necessitating the continual development of cybersecurity specialists. In network traffic, SSL inspection systems are currently indispensable, capable of monitoring employees’ internet traffic and company clients’ traffic to client systems. All of these systems should be integrated with each other and mutually feed information about detected threats. The main challenge for cybersecurity specialists has remained unchanged for years: to stay as far ahead of cybercriminals as possible, secure their infrastructure as much as possible at any given moment, but in a way that does not hinder the company’s employees from completing their tasks and allows the company to achieve its business goals.