He emphasized that while education and tooling is vital in fostering cyber resilience, it cannot stand alone.

In conversation with Infosecurity, Antonio Russu, Head of Cybersecurity, Resillion, underscored the necessity of cultivating a robust cybersecurity culture, akin to the societal approaches employed during the Covid-19 pandemic.

Resillion is renowned for its expertise in quality engineering, cybersecurity testing, conformance and interoperability and media content quality control.

Instead, a multifaceted approach incorporating tools like pen testing is essential to safeguard organisations in this dynamic cyber landscape. The firm has recently unveiled its innovative Powerhouse Pentest-as-a-Service.

The Permanent Digital Pandemic

It is well known that today’s threat landscape is complex and constantly evolving with no single solution capable of addressing the multifaceted cybersecurity challenges that organisations encounter.

Russu told Infosecurity that cyber threats today can be compared to society’s experience during the Covid-19 pandemic where we accepted that the virus was a constant threat.

This he called the “permanent digital pandemic.”

“Cyber threats, like a virus, are not going to disappear,” he said. “We must change our behaviour in order to cope with the threats and reduce the level of attacks we can expect.”

The speed and acceleration of cyber threats is something that all practitioners are aware of.

Russu particularly noted that as AI becomes smarter and the adoption of AI increases, attackers are at the same time becoming more sophisticated.

“Phishing emails are no longer obviously fake, and new ones are becoming very difficult to spot. Attackers are becoming very smart with their use of logos and key words,” Russu noted.

While cybersecurity has often been seen as the responsibility of the IT department, tackling cyber threats must be considered a cultural challenge across all parts of our lives, both personal and in business, Russu argued.

“Educating your people will be the first part, but it’s not a silver bullet. They will need to work with companies like Resillion that have experience across different industries where we will be able to advise about the adoption of strategies such as pen testing or red teaming,” he said.

Getting Regulation Right

Against this backdrop of complex and evolving threats, organisations must also keep pace with a changing regulatory landscape.

Notable legislation impacting cybersecurity includes the EU’s NIS2 Directive and Digital Operational Resilience Act (DORA) as well as the upcoming Cyber Resilience Act (CRA).

Russu commented that regulations are useful to force for change where an industry is reluctant to do so, especially when they do not see it as a value-add.

Many of these new frameworks mean that organisations must now guarantee that certain hardware and software applications are secure before they are integrated.

“Certain types of hardware need to be verified, so manufacturers are upgrading the way that they're developing the hardware or use of components,” Russu explained. “Companies that develop software have to improve how they put defence systems within the environment.”

He noted that regulation implores firms to adopt a different type of behaviour which leads to a journey for the company, its people and tools.

With regulations varying between countries and regions, Resillion is able to leverage its global experts to prepare clients for upcoming requirements.

For example, some standards are being quickly adopted in Europe and while other nations, like the US, may not have regulated in certain areas yet Resillion is able to anticipate future regulations and provide blueprints for adoption.

Integrating the Right Tools, Including Pentesting Services

Selecting the right cybersecurity tools to support your programme can depend on multiple factors including whether the organisation is looking to grow or whether there is already a mature programme in place.

In the context of the permanent digital pandemic, organisations must consider an offensive and defensive approach incorporating education and training, the role of the security operations center (SOC) as well as digital forensics and analysis.

Pen testing also plays a significant role in how a firm can identify weaknesses or vulnerabilities in their environment. Such services can also support compliance and regulatory commitments.

“A pen test is taking a picture of your environment, and you’ll have experts that start investigating a pre-agreed environment, whether that’s a software website, an application or even hardware. They will look for vulnerabilities in that environment,” Russu explained.

However, he cautioned that pen tests are not able to provide complete protection against cybersecurity threats on their own.

“That information provides a picture of a single moment in time about the product or software application,” he commented.

Resillion recently launched its Powerhouse Pentest-as-a-Service solution to support organisations in identifying vulnerabilities before attackers do.

Pen testing must be part of an ongoing effort to maintain resilience across the organisation as part of a wider security strategy that encompasses multiple tools combined with cultural shifts.

How Resillion Can Support Your Cybersecurity Programme

As a global player, Resillion is present in the UK, Europe, India and is soon to open cybersecurity services in the US.

Having a global perspective, with experts across different regions, allows the company to understand both specific industry needs and cultural aspects of cyber defence.

As firms grow through merger or acquisition process, a global perspective is vital in ensuring companies remain cyber resilient.

“Frequently we support the due diligence of a merger or acquisition. That’s not only the financial and the accounting part. There is also the part related to the cyber resilience of the company so that when a new unit comes into the environment, they're not bringing in vulnerabilities that they were not aware of,” Russu explained.

Resillion’s cybersecurity services allow organisations to protect, defend, respond and recover from the permanent digital pandemic organisations are battling in.

“Resillion offers multiple products. Here, we have focused on cybersecurity, but in a vehicle, such as a train or an airplane, you have an infotainment system. We have experts in content and software development who will be able to support clients in that sector in formatting the content to whatever they want to broadcast in a specific environment. So, we offer a crossover of knowledge that we bring to clients across different industries,” he concluded.