Interview With Uladzislau Murashka – ScienceSoft
PIA spoke with Uladzislau Murashka, Penetration Testing Consultant at ScienceSoft, about the company’s services, the challenges of working in cybersecurity, how the field has evolved, and some tips for staying one step ahead of bad actors.
Private Internet Access: Thank you for taking some for us, can you tell us a little about ScienceSoft and the services you provide?
Uladzislau Murashka: ScienceSoft’s history goes all the way back to 1989. It started as a small software development company, but thanks to competent management, it has been able to attract talented IT professionals and achieve excellence in many IT domains. In 2003, ScienceSoft got into cybersecurity. Since then, we’ve completed more than 200 IT security projects for over 30 industries. Our security testing team — which I’m happy to be a part of — performs vulnerability assessment, penetration testing, source code review, compliance testing, and social engineering testing. To the customers that need of a more comprehensive security checkup, we can offer a tailored IT security audit, risk assessment, compliance assessment, cloud security assessment, and more.
Plus, we don’t limit ourselves to detecting vulnerabilities and giving remediation advice. Our compliance consultants and security engineers can help develop a robust security program or policies from scratch, design and build secure applications and networks, and so on.
PIA: Do you have solutions for B2B, B2C or both, and what are your flagship products?
UM: When it comes to our security team, we’ve always had an ambitious goal to develop a well- rounded offer of high-quality services. So now, with a full range of offensive and defensive security services, we are a kind of a one-stop shop for businesses that need to handle their security and compliance issues all at once.
However, we also have a proprietary security solution that we’re proud of. Our QLEAN App Suite was designed to help enterprises using IBM QRadar enhance its performance to ensure the prompt investigation of vulnerabilities and complete network security coverage. It was named a global IBM Beacon Award finalist in 2020 and 2021.
PIA: What do you love about working in cybersecurity?
UM: First of all, it’s doing something that really makes a difference. Cybersecurity professionals are the shield that guards against the ever-evolving cyber threats. We help create a secure IT environment for businesses to grow and deliver better services and products. Also, security testing is rarely boring and offers endless room for personal and professional growth. To succeed, I need to think like a cybercriminal and stay aware of the state-of-art hacking techniques. Each project we partake in is unique: there are no identical IT infrastructures, different apps have their specific nuances, each industry has its own data security regulations, and so on. All this makes my job challenging but very rewarding.
PIA: How have cyber threats evolved in your time at ScienceSoft?
UM: While cybercrime was always present, it has definitely reached new heights since 2014 when I joined ScienceSoft. In almost a decade since then, it has reached new heights. Simple malware like Trojans has given way to more complex ransomware such as NotPetya or WannaCry, and there’s no limit to the evolution of hacking technology.
Cybercriminals have always kept an eye on major changes in the society as well as digital technology and looked for innovative ways to take advantage of them. For example, they eagerly target new technology, such as IoT, VR/AR or blockchain, as they know that these domains lack security for now. The COVID-19 pandemic also turned out to be a golden era for cybercrime. The worldwide shift to remote work made corporate IT infrastructures more complicated, less controlled, and therefore more vulnerable. No wonder we witnessed a spike in security breaches at that time.
To sum it up, cyberattacks have been growing in number while getting more sophisticated and devastating. Of course, the capabilities of security tools have evolved as well. In particular, AI- powered solutions and security operations automation enable IT teams to efficiently detect and respond to cyber threats.
However, to win this arms race, we need to understand that security is the responsibility of everyone, not just cybersecurity experts. Organizations must nurture corporate security culture and adopt a security-by-design approach when developing their new services and products. Plus, we, as individual IT users, must stay vigilant and practice good cyber hygiene.
PIA: Why is a VPN an essential online security tool for businesses and individuals?
UM: VPN is a convenient and affordable addition to your security. It provides encryption to protect the data you transfer and disguise your online activity. For businesses, it serves above all to secure remote access to corporate data, apps, and IT networks. For individuals, VPN is a way to enjoy some privacy and anonymity online as well as secure their data when using public networks.
PIA: What can the average person do to protect their data and prevent cyberattacks?
UM: Even if you aren’t tech-savvy, you can do a lot to protect yourself against cyberattacks. There are simple yet efficient measures that many people, unfortunately, fail to apply consistently. Firstly, it’s strong authentication mechanisms, which means creating and securely managing passwords. Never use default passwords; choose complex and unique combinations of numbers, letters, and symbols for each account or device you have and store them in a reliable password manager. Adding another verification factor, such as biometrics, is always a great idea.
Secondly, don’t leave cybercriminals a chance to exploit known vulnerabilities in the software you use. Install fresh updates as soon as possible. Delete unused apps and accounts, and switch off Wi-Fi and Bluetooth on your device when you don’t need them. It will reduce the number of potential entry points hackers may use. Plus, with social engineering attacks on the rise, it’s important to be wary of suspicious messages or calls. Finally, install at least the most basic security solutions: firewalls, antimalware, and VPN by trusted providers.