BSG Sponsors OWASP 20th Anniversary Celebration

The BSG mission is to help our clients develop more secure and reliable systems. To do so, we help companies directly – by providing world-class consulting services and application pentests, and indirectly – by advancing the cybersecurity profession and contributing to the cybersecurity industry. In line with our mission, we are proud to announce that BSG is a sponsor of the OWASP 20th Anniversary Celebration – a virtual global event held on September 24, 2021!

OWASP`s 20th Anniversary Celebration
Continue reading “BSG Sponsors OWASP 20th Anniversary Celebration”

Mitre D3FEND – ATT&CK’s sibling from a Blue Team

The NSA and Mitre Corporation have introduced the Mitre D3FEND framework – a matrix of defensive techniques that map to Mitre ATT&CK. ATT&CK is, of course, the well-known registry of offensive tactics, tools, and procedures. Along with offensive techniques, Mitre ATT&CK contains references to corresponding mitigation steps. Putting these defensive techniques all into a separate D3FEND framework will help blue teamers a lot.

The final stage of any pentesting project is providing recommendations on remediation. This is indeed the most crucial phase in every security assessment. Unless the pentest produces a report with clear guidance on improving the cybersecurity of an organization, system, or application – it is virtually useless.

We at BSG do not invent remediation steps for our recommendations, as it is more of the security engineers’ job. We, the hackers, are here to find, investigate, diagnose the problem, and advise our clients on how to fix it. When it comes to application security, giving advice is pretty simple. The problem is apparent in the software code or application configuration. Unlike appsec, infrastructure or organizational pentest recommendations can become vaguer, as the corresponding problems can be solved on various levels.

Continue reading “Mitre D3FEND – ATT&CK’s sibling from a Blue Team”

Congratulations on Successful CISSP Certification, Andriy Varusha!

The BSG team is proud to announce that  Andriy Varusha, a co-founder & CSO at Berezha Security Group, is officially CISSP now!

The CISSP exam is a challenging, 100-question marathon with 70% of the CISSP passing score requirement.

The vendor-neutral CISSP credential confirms technical knowledge and experience to design, engineer, implement, and manage the overall security posture of an organization. 

Required by the world’s most security-conscious organizations, CISSP is the gold-standard information security certification. It assures information security leaders possessed the breadth and depth of knowledge to establish holistic security programs that protect against threats in an increasingly challenging cyber world.

The CISSP (Certified Information Systems Security Professional Certification) covers the following topics and attained skills such as: 

  • Access Management
  • Asset Security
  • Communications Security
  • Identity Management
  • Network Security
  • Risk Management
  • Security Assessment
  • Security Engineering
  • Security Management
  • Security Operations
  • Security Testing
  • Software Development Security.

The CISSP Certification is conducted by the International Information Systems Security Certification Consortium or (ISC)².  (ISC)² promotes the CISSP exam as an aid to evaluating personnel performing information security functions.  

With the new business achievement and obtained experience, all the BSG cybersecurity professionals are set up for success under the leadership of Andriy. Congratulations on your achievement!

*The Certified Information Systems Security Professional (CISSP)

Join our free webinar: “How to invest efficiently in cybersecurity?”

Are you a top manager, business owner, or CISO responsible for your company’s information security?

Do you want to understand how much you should invest in cybersecurity, and what is more important – how to showcase and measure the effectiveness of security investment (ROSI)?

And what are the indicators you should follow when evaluating your company’s security program and optimal security investment?

Berezha Security Group professionals will help you deal with these difficult questions on this webinar.

Continue reading “Join our free webinar: “How to invest efficiently in cybersecurity?””

Top 5 Popular Misconceptions about Cybersecurity of Small and Medium-sized Businesses

In the ever-evolving threat landscape that we live with, data breaches, hacks, and cyberattacks, knowing what is real and misinformation is crucial.

Despite the increased focus on securing the business, discussions about some cybersecurity topics take place, as many are still controversial.

These myths can lead small businesses to make dangerous decisions about securing their data, leaving them open to attack. To deal with these common misconceptions in a small business, it is essential to know them first.

Myth 1: Small and medium business is too small and unimportant to be a target

No one cares about how large or how small your business is. Attackers hack you first and think about how to monetize it later.

Continue reading “Top 5 Popular Misconceptions about Cybersecurity of Small and Medium-sized Businesses”

10 Steps to Protect Business from Cyberattacks

If you’re operating a small business, it doesn’t mean you’re safe from cyberattacks. 

81% of all cybersecurity breaches happen to small and medium-sized companies, as they are often unprepared. 

To ensure your business is secure, review our recommendations (10 steps) you can take today with a minimal or zero budget and significantly decrease the risks of hackers` attacks.

  1. Educate employees.

Humans are not the weakest link. Humans are the best weapon you have against malicious hackers. You just have to train them.

  1. Enforce two-factor authentication.

There is no excuse for not doing so. Turn on two-factor authentication on every website, in every system, in every app you use.

Continue reading “10 Steps to Protect Business from Cyberattacks”

Berezha Security has Rebranded to BSG: New Identity – New Achievements

Berezha Security has rebranded to BSG – Berezha Security Group – and we are happy to present our new identity, which better reflects our company’s philosophy and values we carry in the world.

“Defeating tomorrow’s security challenges – today” became the BSG mission.

We like to think about ourselves as time travelers from the future who help organizations avoid disastrous cyber incidents.

The rebranding reflects our striving for growth. It became a logical next step in the BSG development as it highlights our profound knowledge, experience, and professionalism in the cybersecurity industry.

Continue reading “Berezha Security has Rebranded to BSG: New Identity – New Achievements”

Вебінар “Побудова ефективної системи кіберзахисту бізнесу”

З чого почати малому та середньому бізнесу, щоб захиститися від кібератак?

Які дії, скільки часу та коштів потрібно інвестувати, щоб ефективно захистити бізнес в рамках обмеженого бюджету?

Доєднуйтеся до онлайн-події від Berezha Security Group, де ми розвінчаємо основні міфи про кібербезпеку та поговоримо про практичні кроки з побудови ефективної системи кіберзахисту вашого бізнесу.

План зустрічі: 

  1. Поширені хибні уявлення про кібербезпеку малого та середнього бізнесу.
  2. 10 кроків протидії кіберзагрозам. Як ефективно захистити бізнес в рамках обмеженого бюджету?
  3. Питання та відповіді.

Час події: 25.05. 2021 о 17:00

Участь безплатна за умови попередньої реєстрації.

Тривалість 1,5 – 2 години.

Continue reading “Вебінар “Побудова ефективної системи кіберзахисту бізнесу””

How to Demonstrate Security Return on Investment

Showing investors and top managers your security return on investment is not an easy task. But for a CISO, Return on Investment (ROI) in cybersecurity is their Key Performance Indicator and is often among their Objectives and Key Results. A whole science of Cybersecurity Economics exists to deal with optimal security investment, but it goes far beyond what we could cover in a blog post. Instead, we will show how to demonstrate security investment efficiency in real life.

Why must you demonstrate the effectiveness of security investment? This one is simple: because otherwise, no one will be able to see it. Security is a tricky thing: unlike software features or business objectives, it is obscure. Investing in features and sales obviously pays off or does not, based on the investment’s effectiveness and many other factors.

The point of investing in security is less apparent. After all, the best thing that may happen if your security investment is effective is that nothing happens. Cybersecurity Economics teaches security managers how to identify and measure the prevented loss of security incidents. “Prevented” loss meaning that the loss never occurred because the CISO has made the right choice when investing company resources.

Science aside, what good indicators of effective cybersecurity investment show that you have put the money in the right place? We could name five.

Continue reading “How to Demonstrate Security Return on Investment”

How to invest efficiently in cybersecurity? (Return on Security Investment)

Are you a top manager, business owner, or CISO, responsible for your company’s information security?

Do you want to understand how much you should invest in cybersecurity, and what is more important – how to measure the efficiency of security investment (ROSI)? 

Do you want to know how much other organizations invest in a corporate security of small, medium, and enterprise businesses in Ukraine and the world? And what are the indicators you should follow when evaluating your company’s security program?

We will help you deal with these and other difficult questions, different points of view and find some answers on the webinar by Berezha Security Group professionals.

Questions to discuss:

  1. What should CISOs and top managers know about Return on Security Investment?
  2. Average costs of corporate security for small, medium, and enterprise businesses.
  3. Investing in cybersecurity: how to showcase the effectiveness? 
  4. Leading indicators of cybersecurity investment effectiveness on practice.
  5. Are there any “secrets” of effective cybersecurity investment?
  6. What cybersecurity strategy will bring the best Return on Security Investment?
  7. Strategic services for planning a cybersecurity program.
  8. Questions and Answers.

Data and time: 27.04. 2021 (Tuesday) at 6:30 p.m. (Kyiv time)

Free to join by registration link: http://bit.ly/cyber_investment 

Duration: 1.5 – 2 hours.

Continue reading “How to invest efficiently in cybersecurity? (Return on Security Investment)”