Aviva Zacks of Safety Detectives enjoyed sitting down with Mihai Barloiu, Co-Founder, Partner, and General Manager of Cyber Dacians. She asked him about his company’s product Stage One.
Safety Detective: What motivated you and your co-founders to start Cyber Dacians?
Mihai Barloiu: We started the company in early 2019. My background is in international security, but because cybersecurity is becoming more and more important in the international relations arena, I studied it from a theoretical point of view. Because I’m originally from Romania where we have a very good pool of talented people in cybersecurity (the Romanian National Team won second place at the European Cybersecurity Challenge in 2017, and in 2019 they won the gold medal). I connected these two aspects: the growing importance of cybersecurity on the private level and the public level, coupled with the talent that we have in Romania. I decided with the co-founders of the company to start Cyber Dacians. Dacians were the ancestors of Romania. They lived 2,000 years ago during Roman times. We try to mix the historical aspect with the modern-day challenges.
SD: Can you tell me about Stage One?
MB: Initially, when we started Cyber Dacians, we were focused on the service aspect, providing penetration testing services for different companies. And at a later stage, around seven months ago, we decided that we should develop our own product called Stage One.
Stage One was inspired by the advanced persistent threats (APTs) that are commonly being used by state actors, sometimes non-state actors. They provoke major havoc in the world of cybersecurity. We decided that we should get this weapon, study it, and transform it for a good cause. Stage One at the core is an APT but it’s an APT designed to protect or simulate the very advanced attack on the digital infrastructure. And then make a report after that attack, show all the different avenues of vulnerabilities for the digital infrastructure of the designated target, and then, together with the security team, help the client to create a more robust security architecture.
SD: Do you have any other services that you’d like to tell me about?
MB: With Stage One, we were mostly concentrated on providing penetration testing for the different clients that we engage with. These penetration testing services were based on our talent from the team—people with a high level of experience in terms of cybersecurity and also young, talented people with a very creative way of doing penetration testing. We mix up this experience with the creativeness of young people. So that was the first service that we launched—penetrating testing—which was very effective and all our clients were pretty satisfied with it.
After that, we continued to do penetration testing, but in a more specialized way—the ATM penetration testing for different financial institutions. And we also did general consulting services for companies in terms of cybersecurity, meaning that we had meetings with them, discussing their overall security architecture, problems, legislation that they need to comply with, and so on.
SD: What verticals use your services?
MB: It’s a pretty wide range of companies that use our services. For the penetration testing services, we engage with digital start-ups and industries like e-commerce. Also, we had financial institutions on a larger scale for ATM penetration testing.
And now, with Stage One, we started having a different type of dialogues with major companies because Stage One is mostly designed for big companies. As an example, one of the companies was from the Middle East and it’s partially owned by a state, partially private; they’re very, very into the security industry and they’re interested in integrating Stage One in their military academies.
SD: What do you think is the worst cyberthreat today?
MB: We have state actors that disrupt critical infrastructure in other countries, which is probably the biggest technical challenge that we have. But this also affects businesses because when you disrupt critical infrastructure, you get businesses that are affected. Besides the state actors, you’ve got international criminals that are very, very active in cybercrime right now and they’re using ransomware which is a very large and famous avenue of attack and threat. This continues to provoke a lot of hazards. We see ransomware being used in different types of scenarios. For example, because we have this medical international crisis with COVID, they’ll be using the ransomware to attack the critical infrastructure of hospitals and disrupting their activity, which can lead to the loss of life.
SD: How do you think that the pandemic is going to change the face of cybersecurity for the future?
MB: I think the first consequence of the pandemic will be that it will force digitalization worldwide, which was already in place. We’re living in this new industrial revolution era, so digitalization was already happening. But COVID-19 is just an accelerator of this reality. Big companies are already doing this. Also, the medium and small players who are following the line of the big companies will be eventually forced to do this to move their operations into the digital realm.
When you’re in the digital realm, obviously, you need to be secured because if you’re not that’s a zero-ground game for your operations and for your business. My motto in terms of cybersecurity is “There can be no business without security.” Because you are moving a lot of businesses into the digital realm due to COVID-19 in a very fast way, we’ll need cybersecurity more and more.
From my experience and my interaction with the companies that we had until today, not a lot of clients are very aware of the need for cybersecurity. It’s a very fashionable subject to discuss today, so they do know about cybersecurity and cyber threats. The vocabulary is becoming very common right now, but on a deeper psychological level, for their business, it breaks down to, “Would you invest this amount of money to protect your infrastructure?” And that’s where you see if somebody truly, truly understands the industry and the domain or not.
From my experience, the percentage is not as high as it should be, but due to the course of reality that we’re facing right now, I think it will grow for the better for the industry. And I think cybersecurity will grow exponentially because it has to protect the new economy that will mostly be carried on in the digital world.