{"id":145987,"date":"2024-01-03T11:18:07","date_gmt":"2024-01-03T11:18:07","guid":{"rendered":"https:\/\/www.techopedia.com"},"modified":"2024-01-03T11:22:12","modified_gmt":"2024-01-03T11:22:12","slug":"experts-on-cybersecurity-vladimir-svidesskis-head-of-security-compliance-and-risk-at-vaco","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/experts-on-cybersecurity-vladimir-svidesskis-head-of-security-compliance-and-risk-at-vaco","title":{"rendered":"Experts on Cybersecurity: Vladimir Svidesskis, Head of Security, Compliance, and Risk at Vaco"},"content":{"rendered":"

Techopedia speaks with Vladimir Svidesskis, director and head of security, compliance, and risk at talent and solutions firm Vaco and a CISO advisory board member of the Nashville Technology Council, about the current state of cybersecurity<\/a>.<\/p>\n

We also explore Svidesskis’s approach to cybersecurity and how he contributes to the advancement and innovation of the security and compliance industry.<\/p>\n

On the Current State of Cybersecurity<\/span><\/h2>\n

Q:<\/strong> What are your thoughts on the current state of cybersecurity?<\/em><\/p>\n

\"Vladimir
Vladimir Svidesskis<\/figcaption><\/figure>\n

A:<\/strong> I’ve noticed that attacks on vital components of infrastructure continue to increase. We’re talking about healthcare facilities, academic institutions, utilities, and local and federal government agencies. And it seems to be happening in groups \u2013 for example, not just one water facility in a particular location but three or four water facilities throughout a particular region. That’s not just in the United States; it’s also in foreign countries. The primary reason for the increase in these attacks is always financial, followed by the need to disrupt something. But for the most part, the reason is for financial gain.<\/p>\n

READ MORE: <\/strong>Cybersecurity Thanksgiving Attacks: Diverting Ambulances and Water Supplies<\/strong><\/a><\/p>\n

I’ve also noticed that –ransomware<\/a> payment discussions and cyber insurance conversations are also increasing. So, conversations around whether or not to make the payment, which is cyber extortion, and where cyber insurance fits into that.<\/p>\n

Q:<\/strong> How is the cybersecurity threat landscape for businesses evolving in the U.S. and internationally?<\/em><\/p>\n

A: <\/strong>I think these infrastructure attacks foster a need for a collaborative approach to national and even global efforts to rein in cyber extortion. I definitely think that’s going to happen because it’s a matter of the way we have our foreign policies.<\/p>\n

We have foreign policies where we have certain agreements with various countries or a group of countries, NATO [North Atlantic Treaty Organization as an example and OAS [Organization of American States], etc. We have collaborations of groups of countries for various reasons. And I think that will foster a more focused approach to addressing cybersecurity globally.<\/p>\n

Svidesskis’ Approach to Information Security<\/span><\/h2>\n

Q:<\/strong> What is your approach to information security<\/a>?<\/em><\/p>\n

A:<\/strong> A generic approach is keeping current. You need to keep current if anybody wants to look at information assurance or information security. You have to know technology. You have to know business constructs. You have to understand threats that are pervasive through technology to the business. You also have to understand the [compliance and regulatory] mandates \u2013 are they regional, local, or global mandates?<\/p>\n

Put that all together \u2013 you have to know where we are today. What’s the current news that’s going on? That’s what it means to keep current in the activities within the cyber space, the technology space, and the business space.<\/p>\n

You also have to establish relationships with key stakeholders in any one of those areas and inquire as to their understanding and concerns pertaining to their information assets. You want to go to the CEO, the CFO, the CHRO, and all the C-suite members individually and just ask them two questions. What do you think information security is? And what is your biggest concern? That doesn’t mean there are only right or wrong answers.<\/p>\n

What you’re doing is you’re establishing a relational communication foundation. You’re getting to know the individual, their persona. But you’re also getting to know what their perspective of information assurance is and what their biggest concerns are. Then, you’re opening a dialogue with them. And once you have that dialogue, it’s easier to establish an information security program because you each know what the other is talking about and where you’re coming from, and you have the right level of communication.<\/p>\n

I think some of my peers may have it in reverse because they come in and say, “I can do this, this, and this for you.” But you don’t even know what their concerns are or what their perceptions of information assurance are.<\/p>\n

Q:<\/strong> What keeps you up at night? <\/em><\/p>\n

A:<\/strong> That’s an interesting question. There are many vast components. There’s the network. There’s someone’s handheld device. There’s a vendor that has access to our system. There are customers who may click the wrong thing. But we also need to know if [employees] understand the alerting channel for any suspicious activity \u2013 that would keep me up. We’re going to make mistakes.<\/p>\n

But if we make a mistake, and we don’t know how or to whom to communicate that mistake, then that mistake goes unnoticed and can become worse. So information security leaders have to ensure people know the alerting channel for any suspicious activity.<\/p><\/blockquote>\n

Q:<\/strong> How do you contribute to the advancement and innovation of the security and compliance industries?<\/em><\/p>\n

A:<\/strong> I take time to volunteer at various national and local professional events and communities where discussions are fostered. I attend and contribute as much as I’m able to. I probably do about four to five a month, sometimes more. I participate in Q&A sessions, executive roundtables, panel discussions, or even just as an attendee, and I listen, pose questions, and take notes. And then you look at all that information, and you look at the industry you’re in, you look at the locale you’re in. Then, you aggregate all that so that you can deliver a more well-curated recommendation to those C-suite members so they can make more informed decisions on information assurance and where they want to take it.<\/p>\n

Impact of AI, GenAI on Cybersecurity<\/span><\/h2>\n

Q:<\/strong> In 2024, artificial intelligence<\/a> (AI) and generative AI<\/a> (GenAI) will enable malicious actors to execute more intelligent and personalized phishing<\/a> attempts against their corporate victims. In addition, ransomware will continue to be a major threat. From your perspective, how should organizations mitigate these risks?<\/em><\/p>\n

A:<\/strong> I wrote my first AI policy, I think, a little over a year ago, and the first bullet point is ensuring you have an awareness campaign in place, focusing on trust and attribution of activities. That means an awareness campaign to let people know what’s going on around a particular topic, focus, or discipline.<\/p>\n

Your organization has to ensure employees know how to validate whether a communication, such as an email, is actually coming from [a legitimate sender]. With AI, malicious actors can send [highly-personalized phishing emails that are difficult to differentiate from genuine emails]. They can automate such things as changing the source, changing the subject, and the attachments. So, information security officers need to provide more comprehensive awareness campaigns.<\/p>\n

READ MORE:<\/strong><\/p>\n