Cyberthreat statistics are through the roof, especially since the advent of AI. The Wall Street Journal reported that AI increased cyberattack attempts on Amazon from 100 million to nearly a billion every single day, while The New York Times reported that 2024 saw up to 25 major ransomware attacks each day.
In response to the onslaught, jurisdictions worldwide have introduced more regulations. In Europe, the two major regulatory frameworks are NIS-2 for critical infrastructure and DORA—Digital Operational Resilience Act—for the financial sector.
“Cybersecurity is challenging enough without the additional regulatory compliance factors,” says Edita Pulkauninkė, Director of Squalio, a one-stop-shop IT solutions and cybersecurity services firm based in Baltics. “We help fintechs navigate all aspects of cybersecurity, including managing software licensing, end-user training, and ensuring fintechs are fully compliant with regulations like DORA.”
Achieving that compliance is no easy task. The DORA requirements are extensive, covering Information and Communication Technology (ICT) risk management, business continuity planning, incident reporting and management, testing and monitoring, managing third-party ICT suppliers and risks, and harmonisation of information and cybersecurity rules.
“With such a wide range of requirements, the burden can become overwhelming for organisations, which is why support from third parties like Squalio is often essential,” says Edita.
Join us at Baltic Fintech Days on April 2-3!
How Squalio works
Squalio provides a comprehensive suite of IT and cybersecurity services, ranging from fundamental software license management and AI implementation to fully-fledged CISO services.
They begin with a comprehensive risk assessment, evaluating the organisation’s current state of cybersecurity and regulatory compliance. This includes identifying gaps and non-conformities, followed by the development of a clear action plan with specific measures, tools, and services to tackle cybersecurity challenges and ensure ongoing compliance.
“We have a deep understanding of a fintech’s unique needs, so we can work within whatever framework is best suited for each client,” says Edita.
This includes tailoring solutions based on the existing technology stack, whether it’s heavily reliant on Google Workspace, or other platforms.
Squalio partners with over 300 vendors, including Google Cloud and other IT giants, optimising the most suitable solutions and services for business needs.
Join us at Baltic Fintech Days on April 2-3!
Deepfakes, AI, and the weakest link
One of the most alarming developments in cybersecurity is AI because it enables increasingly sophisticated attacks on a massive scale.
People often make the mistake of believing a threat actor is some guy in a hoodie, manually typing away at a keyboard. Instead, threat actors carry out systematic, large-scale operations driven by organised entities.
AI makes it possible for these entities to automate and scale their activities easily.
“Organised entities typically conduct widespread scanning to identify vulnerabilities that can be exploited. Once they’ve pinpointed potential targets, they can then move to a more dedicated attack,” says Edita.
In essence, AI does the grunt work until a victim or vulnerability is found. Humans can then move in with more targeted approaches, such as through sophisticated social engineering or targeted phishing campaigns. Even here, AI opens doors for hackers. Deepfake tech can now fake video calls or interviews, adding a new layer of risk.
“The weakest link is the human. Millions in security can crumble if one employee is tricked,” says Edita.
This is why Squalio also focuses heavily on training. “It’s not enough to get a training workshop once or twice a year. You need daily microdoses so the subject stays top of mind,” she says.
Squalio also offers purple-team testing services to strengthen the weakest link. “Purple team” is a method where a red team (attackers) and a blue team (defenders) work together to find weaknesses in a company’s security posture and then resolve them.
“If you’re the one with the key, you’re automatically a target. We put a lot of focus on making sure you don’t also become a victim,” says Edita.