“Cyberattacks are no longer amateur activity. They are strategic, profit-driven operations,”
says Tomáš Vobruba, Lead Security Engineer, Check Point Software Technologies Ltd. So, is prevention truly the best defense? And what’s the right reaction once you realize you’re under attack?
What types of cyberattacks are most common for companies in the Czech Republic?
According to Check Point’s latest report, which maps incidents globally and locally, ransomware is clearly dominant. In the first half of 2022, the number of incidents rose by 42%. Long-standing threats such as cryptominers and banking malware follow right behind.
What’s the long-term trend?
The trend is clear: today, malware serves primarily for monetization and financial gain. It is no longer about amateur activity or mischief. We are facing strategic, profit-driven cyberattacks, which underscores the severity of the situation.
What do companies most often underestimate in security?
We see the same simple scenarios repeated:
“Backups will always save me.”
Not true. Even with backups, companies often lack a recovery plan — and more importantly, its testing. The result? Unpleasant surprises after an attack.
„It won’t happen to me. Why would anyone target us?“
Ransomware doesn’t ask who you are or what you have.
„It won’t happen again. Once was enough.“
This is what we call post-traumatic complacency. A company recovers from an attack, but the motivation to invest in prevention quickly fades.
Is prevention really the best defense?
Yes — but the key is the right technology. It’s better to read in the logs: “Malware detected and blocked, ransomware automatically mitigated” than “Ransomware detected but not stopped — admin must act.” If you only discover the problem hours later, it may already be too late.
Step-by-step response plan — what are the basics?
A simple framework: Identify – Protect – Detect – Respond – Recover. On paper, it looks easy, but reality is different. The key is to stay calm and act rationally — even drastic measures like disconnecting everything from the network can sometimes help.
Preparation and drills are critical. Effective response requires knowing the scope of damage, having infrastructure shutdown plans, a prepared response team, SOC, log collection, and the right tools. Adequate resources — both people and funding — are also essential, which is often a challenge.
Can response and recovery services be outsourced?
Yes. Companies can choose a partner to recommend technology, provide monitoring, and build recovery plans. For example, IXPERTA offers its own SOC and Incident Response Teams, supporting businesses both technologically and procedurally.
Who should be involved in a response plan?
Not just the CISO — but the entire C-level management, including those who can evaluate the company’s assets and associated risks. The response process differs for a bank, a government office, a manufacturer, or a small company with ten employees. And yes, even small businesses must plan, because ransomware can be an existential threat.
Support from the business owner is also crucial. Small business leaders often prefer to invest in production rather than security. But what if the company loses just two computers with accounting and contact data?
How should an attack be communicated?
It depends on the severity of the problem, the industry, the country, and local regulations. In the Czech Republic, it’s often appropriate (and sometimes mandatory) to inform SK-CERT. SOC teams and technologies usually define the procedures.
The most unusual case from practice?
At one customer site, as soon as we connected our devices, we detected active ransomware that neither their antivirus nor IT department had identified. Despite this, the company decided not to address the issue and made no plans for future protection.
Thank you, Tomáš, for an excellent conversation and valuable insights.
Published: 24. August 2022
Read also
Get first-hand technology news
Trends, practical inspiration and recommendations in your inbox