DefCamp #11: Ioan-Cosmin Mihai on the widespread issues that lack of cybersecurity training generates

Many people who find that cybersecurity provides the challenge, diversity, and development options that suit their mindset, skills, and know-how get so absorbed in it that they keep doing more and more of what they love.

Ioan-Cosmin Mihai is one of them. He is a researcher, professor, trainer, author and conference speaker. He’s leveraging his 15+ years of experience in cybersecurity, cybercrime, and related international cooperation to advance the field in a number of ways.

One of his main areas of focus is providing training for organizations such as the European Union Agency for Law Enforcement Training (CEPOL), the Romanian National Computer Security Incident Response Team (CERT-RO), the Romanian Centre of Excellence for Cybercrime (CYBEREX-RO), and Romania’s Superior Council of Magistracy (SCM), to name a few.

Ioan-Cosmin is also the Founder and Vice President of the Romanian Association for Information Security Assurance (RAISA), a professional group that works to promote cybersecurity culture and fights against cybercrime.

Naturally, we grabbed the chance to interview him and get his opinion on a few essential topics for the DefCamp community.

So let’s start with what Ioan-Cosmin does best: surfacing the key areas of focus for those seeking to elevate their knowledge and understanding of information security.

Building and advancing cybersecurity education – a fundamental focus

What Ioan-Cosmin believes is an insufficiently tapped opportunity for dealing with cybercrime more effectively is using OSINT. Here’s his perspective on how this could accelerate decision-making and the urgent actions required to effectively combat malicious hacking activities:

“Open Source Intelligence (OSINT) is very important for analyzing cybersecurity incidents.

OSINT refers to the process of collecting, processing, and analyzing data derived from sources openly available, legally accessible and employable by the public in response to official national security requirements. OSINT tools and techniques add value to cyber-investigations in the ability to obtain timely, reliable, and actionable intelligence related to cybersecurity incidents.

As part of a multi-disciplinary intelligence effort, the use and integration of publicly available information and open sources ensures that cyber investigators have the benefit of all sources of publicly available information to make informative decisions. OSINT provides a large amount of the information used by intelligence analysts and corporate cybersecurity analysts to identify potential risks or to make strategic decisions in time.”

One of the biggest security challenges Ioan-Cosmin is actively tackling is related to using OSINT but reaches far beyond it. Education on fundamental infosec concepts and practices is still an urgent necessity for everyone, but especially for companies and their employees.

“The biggest challenge in the field of cybersecurity is the lack of training.

People are often the prime target for the cyber-attacks. Employees continue to increase their digital footprint without being aware of the associated risks. Social engineering is becoming increasingly common technique cybercriminals use on employees to gain access to the confidential files.

Despite cybersecurity solutions, employees are still the most common entry points for cybercriminals. Rather than trying to breach a secure network, it’s much easier for attackers to discover an authorized member’s credentials in order to access the systems undetected.

The goal of cybersecurity training is to help employees to protect themselves and the company against cyber-attacks. Training empowers employees to recognize and mitigate the common cyber-threats. By making employees able to identify and eliminate cyber threats, organizations can avoid social engineering attacks and can better protect their fundamental resources for conducting business.”

How defenders are getting help

Luckily, technology is also advancing to help infosec pros scale their efforts to combat the ever growing threat of cybercrime. Here’s one of the evolutions in the field that Ioan-Cosmin believes could benefit more organizations if they choose to adopt it.

“Artificial Intelligence (AI) can be used to analyze large volumes of data and to make quick decisions that then get implemented through machine learning techniques.

Machine learning algorithms give computers the ability to learn and make predictions based on already known information. This technology proves its effectiveness especially when it comes to fighting millions of infected files detected every day.

Using these algorithms, cybersecurity solutions can react to new and unprecedented cyber-threats and malware.

Artificial intelligence would greatly help cybersecurity experts, which can use it to automatically define user privileges based on their role in organizations, avoiding vulnerabilities caused by escalating user rights.

It is also possible to automate the updates of the operating system or of the installed applications, being able to refuse non-compliant variants, monitoring the state of the entire system. Any anomaly detected in the computer network could immediately alert the designated cybersecurity staff, in order to avoid infecting the system. Even users may be warned if they want to access a phishing email or a link to an infected website.”

More collaboration = better results

Besides getting his perspective on untapped resources and key advancements in cybersecurity, we also picked Ioan-Cosmin’s brain for essential lessons he learned through hands-on practice. If the intersection between information security work and combating crime appeals to you, these are important things to consider:

“Prepare the proper environment for cyber-investigations

Before starting cyber-investigations, it is very important to be digitally secure with a clean computer and software which has not been compromised from previous activities.

Experts should have a dedicated computer for the sole purpose of cyber-investigations. It should be a computer or a virtual machine only used for cyber-investigations: no personal usage and no unnecessary activity.

If you only have a used computer, you have to completely reformat and reinstall all software. This will erase all data from your computer, so you must backup any important data. After reinstalling the operating system and the applications, you should have a computer with no previous Internet usage.

Don’t rely only on OSINT tools

There are many OSINT tools available for cyber-investigations. Some of them can return valuable information, but don’t rely on them exclusively. Sometimes, OSINT tools can miss sensitive information in critical cyber-investigations. That’s why cyber investigators should always check the results of OSINT tools.

Cooperation is the key to success

Many times, during a complex cyber-investigation, cybersecurity experts need to obtain different pieces of information to solve the puzzle. Don’t hesitate to ask for help or opinions of other experts to solve the issues. The key of a successful cybersecurity operation is the cooperation among public, private, and academic fields.”

It’s not just relentless learning, personal initiative, hard work, and collaboration that create the setup for effective infosec work. Having the means to practice what you learn and follow up on your proposals is just as important.

So we hope that Ioan-Cosmin’s perspective on increasing cybersecurity budgets materializes as we go through 2021 and beyond, leading to a powerful compound effect that benefits everyone.

“The COVID-19 pandemic accelerated the process of digital transformation and many services migrated to the online environment.

Unfortunately, in this environment there are many vulnerabilities that can be exploited by cybercriminals and the latest statistics presented that the number of cyber-incidents increased a lot. Many institutions and companies have fallen victim to different cyber attacks in 2020.

Protecting data and assets becomes more complicated as the cyber-threats evolve. I think that cybersecurity budgets will grow in 2021, reflecting this complexity.”

3 key takeaways to build on:

  • Making use of OSINT can help accelerate and improve decision-making when analyzing cybersecurity incidents
  • The biggest challenge in cybersecurity is the lack of training and malicious hackers and scammers are taking full advantage of this gap in knowledge
  • A cybersecurity specialist has a lot to gain by collaborating with peers and expanding their view with knowledge from other areas of expertise.

    Related articles​

    DefCamp #11: Cosmin Iordache (Inhibitor181) on the..

    BY andra.zaharia
    Seeing your business from an ethical hacker’s mindset can have an illuminating effect. Especially when that ..

    DefCamp #11: Gratiela Magdalinoiu on building a ..

    BY andra.zaharia
    If you stumble on the topic of cybersecurity education at every “corner” of the infosec community, know ..

    DefCamp #11: Konrad Jędrzejczyk on ownership, ..

    BY andra.zaharia
    Nuance is what makes information security both fascinating and highly complex. The spectrum of choices, the ..