Cybersecurity Dialogue in Kyiv: How Business is Changing Its Approach to Cybersecurity

Particular attention was paid to the panel discussion “Insider Cyberattacks: Experiences and Insights of Ukrainian Business.”

Among the speakers were participants of the Union and leaders in digital transformation, including Oleksandr Potii, Head of the State Service of Special Communications and Information Protection, Andrii Zhukovskyi, CEO of Kyivstar.Tech and CIO of Kyivstar, Oleksii Turchyn, Vice-President of GlobalLogic in Ukraine, Denys Niesin, CEO of DarkCloud, and Serhii Kulyk, Country Manager at iIT Distribution.

The participants of the discussion drew attention to one of the common problems in Ukrainian companies: cybersecurity is often perceived as a set of separate products. They purchase several solutions, configure them, and consider that sufficient.

In reality, this creates an illusion of security. At the first serious incident, it appears that tools are not integrated, processes are undocumented, and those responsible don’t know what to do during the first hours.

Another common mistake is concentrating solely on infrastructure while ignoring access rights and user behavior. A company may have basic technical protection but remain vulnerable due to excessive permissions or lack of control over contractors.

Since 2022, the situation has begun to change. Businesses pay more attention to backup, monitoring, and access control. This is noticeable both in company requests and market discussions. At the same time, attacks have become targeted and swift, without unnecessary “noise.”

According to Sergiy, attacks often do not start with a technical breach. The easiest way is through corporate email or an employee’s account.

Once the perpetrator gains access to corporate email, they get a complete picture of internal processes: who is responsible for finance, how payments are processed, who makes decisions. After this, a technical breach is no longer needed—it’s enough to interfere with communication. A typical scenario: substituting details in a payment slip or a ‘manager’ message with necessary instructions.

Particular attention should be paid to external services and outdated settings. These are rarely reviewed, thus remain convenient entry points.

Another risk is contractors. A company does not exist in isolation: if a partner has weak protection, it automatically creates a threat to the entire interaction chain.

It is impossible to predict a specific attack, but minor deviations usually precede them. The problem is that they are not taken seriously.

For example, it could be an unusual system login, a change in account behavior, a strange email, or an atypical request from a colleague. Employees notice such things, but the company reacts too slowly or only carries out a formal check. When similar signals accumulate, they create a clear risk picture. The question is whether the company manages to act before it turns into financial or operational losses.

Cyber protection is gradually moving beyond the IT function. It needs to be integrated into business management—into processes, access, and interaction with partners.

Companies that understand this work with risks differently: they track access, respond more quickly to anomalies, and separately plan how to act in case of an incident. Ultimately, this affects not only security but also the company’s ability to continue during an attack.

Cybersecurity is no longer limited to technical tasks. It directly impacts whether the business can continue operating during an incident. This involves access control, trust management among teams, the speed of problem detection, and the readiness to act without delay.

The focus has shifted: companies no longer discuss the mere possibility of attacks. Instead, they evaluate how quickly they can detect them and whether they have a clear action plan that can be implemented without losing time.

We sincerely thank Diia.City Union and DarkCloud for the invitation to dialogue and the high-quality organization of the event. Such meetings provide the opportunity to openly discuss complex cases and find common approaches to risks and solutions faster than any formal discussions.