Interview with Andrew Buldyzhov, CEO, H-X Technologies

27 Dec 2021 Author: Sofia Mashchenko

Dana Vioreanu from CyberGhost and Andrey Buldyzhov have met, and Dana has asked a few questions about cybersecurity, new types of attacks and the security of remote work

1. Please tell us a bit about your experience and how you ended up working at H-X Technologies.

My history with H-X Technologies starts in 2014, and in the beginning, I only helped my brother who is the founder of this company. Gradually, my involvement grew. In 2018, I formally joined the company and in 2020 became CEO.

Before that, I worked in industrial automation, and I have my own small company in this field, industrial control systems. So we combine deep experience from both of the worlds: IT and OT. This is quite a promising new direction in the market – cybersecurity for industrial control systems – and we make it our unique selling point. In Ukraine, where we’re based, and in Eastern Europe in general, this is not a very well-developed sphere yet.

We began primarily as pentesters because this is the traditional way of starting a business in cybersecurity. It’s also easier to sell, as customers can understand it better – they’re testing their systems for penetration and get immediate, tangible results. Then, we evolved into a more complex company that provides a full range of cybersecurity services. Mature businesses need more than just an occasional pentest.

Proper security is not a project but a process, when an information security management system (ISMS) controls every activity in the company. Our clients are mainly in Europe and the UK, and we have clients in Asia and America as well.

We also work with partners a lot. Other cybersecurity companies, including the American ones, outsource their services with us because we can offer good quality at a competitive price. We sometimes provide white-labeling services as well. We are also proud that we teach cybersecurity specialists from big international cybersecurity companies. And of course, we also learn from our partners, share our findings, and exchange experience.

2. Are most of your clients proactive or reactive? Do they usually come after they’ve faced a cybersecurity issue or vulnerability?

90% proactive, 10% reactive. Most of them come in advance.

3. Is there any recent cyber-attack that surprised you in any way? (In the sense that maybe it got you concerned about a new type of cyber threats that may emerge.)

Like some other countries (Estonia, some US states), Ukraine is developing a governmental initiative called State in Smartphone, which allows citizens to get various governmental services remotely, without any bureaucratic obstacles. The central part of this service is played by the Diya application. Recently, a combination of weaknesses in the national public key infrastructure and in the simplified banking identification procedure introduced during the quarantine has resulted in a new type of security incident.

A woman was not registered in the Diya application, her smartphone was not “attached” to it. The woman was cautious, didn’t tell anyone any passwords, used 2-factor authentication, etc. The crooks got a photocopy of her passport somewhere and issued a digital signature for the woman in a small bank and registered it in the Diya application on their smartphone. Then, with the help of the Diya application, the crooks on behalf of the woman got a loan in a microcredit company. As a result, the woman had to start a lengthy and costly trial, and it may still be going; at least, I haven’t heard of any conclusion.

Problems with the Diya app don’t end there. This application also contains the vaccination passports, and it is used for checking if a buyer is of age for alcohol and cigarettes. Because of this, delinquents make fake Diya applications and sell them. Quite regularly, the cyber police catch such offenders, who often turn out to be minors.

4. In your opinion, how did the term ‘hacker’ evolve in recent years?

Since the 1960s, when the word “hacker” appeared, for 40-50 years, it carried mostly positive meaning. Then, about 10-20 years ago, the word gradually acquired more negative connotation with the meaning of “computer criminal”. According to our observations, the positive meaning still prevails.

At the same time, we as professionals prefer to avoid the word “hacker” since it is ambiguous. Instead, you can use more unambiguous words like “geek”, “nerd” or “computer jock” to get a positive meaning and “computer criminal” for a negative one.

5. Name three cybersecurity habits every remote worker should apply.

There are some common cyber hygiene rules like “use 2FA (two-factor authentication) or 2SV (two-step verification) wherever possible and try not to use solely passwords” or “backup your data, code and configurations, and test the restoration regularly”. These rules are relevant for both remote and office workers.

However, remote work creates a specific threat landscape. In particular, phishing, physical threats, and attacks on routers and access points. Therefore, we can make these three most important recommendations:

1) Distrust anything you do not expect (letters, messages, calls, popup windows, etc.) and use alternative communication channels to check it.

2) Encrypt your local disks (Bitlocker, FileVault, LUKS, etc.) as soon as you have installed a new OS or at least as soon as you have read this.

3) Change the default password on your router and keep the firmware up-to-date. Consider using OpenWRT or a similar open-source firmware.

Other posts

The battle for cybersecurity: who is better — CISO or vCISO?
Cybersecurity program with your own hands