5. February 2021

Interview with ROMAN ČUPKA

Mr. Roman Cupka is Senior Principal Consultant at Flowmon Networks, and a CEO & Co-Founder of Synapsa Networks.
Mr Cupka has more than 15 years of experience in ICT with the main focus on computer networks, ICT infrastructure technologies, information & cybersecurity and business intelligence. He specializes in network monitoring & cybersecurity frameworks that bring a new dimension in the field of AI/ML, networks & applications monitoring, cyber threats detection, response and automation.
Flowmon Networks, where he currently works as Senior Principal Consultant, is a privately held technology company that develops network performance monitoring and network security products utilizing information from the traffic flow.
He is also a successful businessman and Co-Founder of Synapsa Networks, which focuses on cybersecurity automation to prevent human error failures. Synapsa Networks is developing intelligent software tools for cyber security automation. The founders have many years of experience in the field of cyber security and enterprise networks operation.
Mr. Cupka brings to companies and organizations of public administration new modern visions of building monitoring of network infrastructure concerning current legislative requirements, especially from the environment of cybersecurity. In recent years, he has been working on technologies that use artificial intelligence and machine learning methods to ensure the smooth operation of critical services provided to the public and corporate customers.

1. Digital transformation and automation of the transport and logistics sector are booming. That, however, means that it has become an easy target for cybercrime. What are the most common threats that logistics companies are facing at the moment?
Logistic companies and freight forwarders, as well as carriers, do not fundamentally differ from organizations in other industries. They use information systems to process the data of customers, partners, and employees, issue orders, invoices, and other documents while moving steadily toward digitalization. Principally, the same people are working in logistics as in other industries, however, with their shortcomings, humans are the weakest link in cybersecurity.
There has been increased demand for work from home since the pandemic began, and the threats of violating digital security multiplied in logistics. There are three most frequent threats, i.e. phishing, business email compromise, and ransomware. Phishing means a threat of obtaining sensitive information or data. Business Email Compromise typically targets employees of companies who regularly send wire transfers to their partners, or even CEO, usually forcing someone to make a payment. And finally, ransomware is a threat that gains access to data or systems and thus blocks the user’s access to those data using encryption. This malicious software can thus paralyze the entire organization until the victim pays a ransom in exchange for a decryption key that allows the user to access the encrypted data.
Maersk company, for instance, has announced a loss of 300 million USD following a ransomware attack. Naturally, such losses depend on the size of the company, yet these attacks are very common. According to last year’s research by Flowmon Networks, Synapsa Networks, QuBit Security, and SecTec, 15% of respondents have encountered this type of attack in the previous 12 months among Slovak and Czech organizations.
2. It is estimated (according to the PwC report) that around 38% of logistics companies have unresolved questions surrounding data privacy and security. Could the presence of the Chief Information Security Officer help to manage the potential risks more efficiently?
 It is not predominant if CISO or someone else will, but the responsibility shall be assigned accordingly to ensure data privacy and cybersecurity, create the structure of competent people, set up the processes, and decide on high-performance technologies.
If a company does not have its resources, it can utilize external service providers such as SOC (Security Operation Center) provider, or choose to outsource security only partially.
Nevertheless, large logistic corporations can also have their own central SOC and provide a remote network security service for their branches at full capacity, or with the support of capacities in individual countries.
Generally speaking, logistic, forwarding, and shipping companies experience frequent cyberattacks since they rank among smaller enterprises not bound by legislative requirements related to cybersecurity and GDPR, hence they will follow limited precaution, or consider it as a formality.
3. There is a significant vulnerability in the supply chain due to third parties being involved. What would you recommend the companies should do to increase the awareness of their employees about the potential cyber-attacks?
Transportation and logistics are a type of business largely based on cooperating with partners, where continual digital communication is indispensable.
Such created supply chain information network encourages hackers to infringe the system in its weaker units. Supply chain attacks or so-called third-party attacks allow the attacker to hack into the system and to infiltrate the system through an outside partner with access to the company’s systems and data. There is no doubt that the risks inherent in this kind of business interaction are even more critical. Exemplary in this respect was the recent SolarStorm attack potentially threatening the eighteen thousands enterprises.
Therefore, the main focus needs to be placed on network visibility and automation, which not only helps to detect harmful events but also enables faster prevention. The same applies to manufacturing companies, which often have their own large logistics departments and manage extensive supplier-customer relationships.
4. Security products are currently focusing on traditional IT and not on Operational technology (OT). Do you think this might be one of the reasons why companies are more vulnerable to hacker attacks?
I certainly do. Industrial OT networks are inherently not as secure as traditional administrative IT networks, so even the companies using them may be exposed to greater risks. Nowadays, there are security solutions available on the market that focus on IT as well as on OT security, however, there is not one universal tool securing both environments. The situation is also complicated by the arrival of IoT and 5G networks. Yet it should be noted that most of the threats, including those targeting OT, originate presently from a lack of visibility and weak IT security.
Unlike in the past, there is increasing convergence between IT and OT nowadays. They begin to operate as one interoperable unit and are vitally connected with the outside world. During the attack on Maersk, hackers got into OT via IT, and that has caused enormous damage. Therefore, data protection must be perceived as a whole lot with  IT, OT, and IoT.

Flowmon Networks empowers businesses to manage and secure their computer networks confidently. Through our high-performance network monitoring technology and lean-forward behaviour analytics, IT pros worldwide benefit from absolute network traffic visibility to enhance network & application performance and deal with modern cyber threats. Driven by a passion for technology, leading the way of NetFlow/IPFIX network monitoring that is high performing, scalable and easy to use. The world’s largest businesses, internet service providers, government entities or even small and midsize companies rely on our solutions to take control over their networks, keep order and overcome uncertainty. With our solution recognized by Gartner, we are one of the fastest-growing companies in the industry.

Synapsa Networks is developing intelligent software tools for cybersecurity automation. Synapsa platform provides easy to use application which helps to save significant workforce during change and incident management procedures. The main areas of expertise have been derived from Security Orchestration, Automation and Response (SOAR), Security Policy Change Management, Cyber Threat Intelligence and Incident Response Automation.