Checklist: how businesses can prepare for cyberattacks during a hybrid war Insights from Yurii Shatylo's speech at Forbes Tech 2024.

Over the past three years, MODUS X has successfully defended against more than 137.5 million attempted cyberattacks. In 2022, during the peak of the full-scale invasion, over 58 million attacks targeted the company’s infrastructure. By 2023, through the optimization of policies and the implementation of new cybersecurity protocols, the number of attacks decreased to 27.5 million. However, in 2024, the number of attacks rose again to 51.5 million, reflecting the expansion of the services provided by the company.

These figures highlight the high level of malicious activity and underscore the critical need for a systematic approach to cybersecurity.

Primary cyberattack targets: key objectives of attackers

During the discussion, it was noted that the primary goal of most attacks is to disrupt business processes. For energy sector companies like DTEK, this primarily means targeting energy generation, which is critical to ensuring the stable functioning of the entire country. Additional objectives of attackers include:

• Compromising user accounts;
• Infecting infrastructure with malicious code.

«Most attacks are aimed at halting energy generation or destabilizing the energy system. In Ukraine’s case, these attacks not only target companies but also seek to disrupt the lives of millions of people», — noted Yurii Shatylo.

MODUS X in action: what cybersecurity looks like in practice

Since the fall of 2021, when the active phase of hybrid attacks began, the MODUS X team has adopted a shift-based work model, providing 24/7 cybersecurity protection. This approach has enabled the company to respond promptly to potential threats, ensuring they do not impact critical infrastructure.

During the full-scale war, the MODUS X team quadrupled in size, enhancing existing system protection and developing new counter-strategies. The company employs advanced technologies for monitoring system and user behavior, which help detect potential threats at early stages.

Identifying anomalies, such as unusual access to the corporate network or atypical system activity, has become a cornerstone of attack prevention. This systematic approach ensures effective protection even under the growing pressure of malicious actors.

Proactive approach to cybersecurity: staying ahead

Traditional methods of combating cyberattacks, where companies react to threats after they occur, are becoming a thing of the past. Yurii Shatylo emphasized that modern cybersecurity requires not only reactive but also proactive strategies. A proactive approach enables the anticipation of potential risks and neutralization before attacks even begin.

The MODUS X team works tirelessly to stay ahead of cybercriminals, proactively preventing both attacks and their consequences. A notable example is the large-scale DDoS attack on DTEK’s website during the blackouts in the fall of 2022. The attack was promptly detected and localized within just 10 minutes, thanks to the team’s swift response.

Proactive cybersecurity requires more than just advanced technologies; it demands a shift in a company’s security culture. It is essential for employees to be actively engaged in the process and to understand their role in protecting data.

The importance of continuous employee training

The human factor remains the most vulnerable link in cybersecurity. According to the Head of Cybersecurity at MODUS X, even the most advanced technologies are powerless if employees don’t know how to respond to threats properly. The need for training became particularly evident during the COVID-19 pandemic when many employees shifted to remote work. This introduced new cybersecurity challenges, as staff began accessing corporate systems from personal devices, often via less secure networks. In response, MODUS X launched a comprehensive employee training program to enhance cybersecurity hygiene skills.

Every month, the company runs phishing simulations crafted by the cybersecurity team, sending fake phishing emails to employees. Those who fall victim to these simulated attacks undergo additional training to understand their mistakes and learn how to respond in similar situations in the future.

Furthermore, MODUS X implemented a system that automatically restricts access to critical resources for employees who fail the tests. Access is restored only after successfully retaking the test and mastering the foundational concepts where errors were identified. This approach mitigates potential threats and motivates employees to expand their cybersecurity hygiene skills.

«Every month, we run phishing campaigns not only to assess employee awareness but also to increase their preparedness for real threats. It’s an ongoing process, as cyber threats constantly evolve, and we must adapt to new challenges», — emphasized Yurii.

Emerging cybersecurity technologies: recognizingdeepfakes

Deepfakes, powered by artificial intelligence, pose a growing threat to businesses, particularly when aimed at top management. According to Yurii Shatylo, deepfakes can mimic voices, speech patterns, and even the appearance of real people, making them difficult to detect. However, there are several signs that can help identify them.

First, pay attention to atypical behavior from the person you’re communicating with: unusual call timing, an uncharacteristic communication style, or requests that deviate from normal practices. For example, if the CEO unexpectedly reaches out via video call at an odd time, it’s worth being cautious. Additionally, observe details such as accents, facial expressions, and inconsistencies in the video — AI still struggles to replicate these elements perfectly.

The Head of Cybersecurity at MODUS X also recommends using code words to confirm identity, or suggesting ending the call with a promise to call back. A simple callback can often be the most effective method of verification. At MODUS X, regular training sessions simulate such scenarios, teaching employees to respond confidently and quickly, even in the most challenging situations.

Steps businesses must take to stay protected from cyberattacks

Being prepared for cyberattacks is not just about implementing advanced technologies — it requires a comprehensive approach encompassing people, processes, and tools. Yurii Shatylo emphasized that the first step is employee training. Regular cybersecurity hygiene workshops, realistic phishing campaigns, and clear instructions significantly reduce risks. Employees must know how to handle suspicious emails, calls, or unexpected situations.

The second key element is well-defined processes. Companies must develop detailed playbooks — comprehensive guides for handling cyber incidents. These should include not only response protocols but also plans for restoring systems after an attack. Regularly testing these plans under real-world conditions helps identify vulnerabilities and prepares the organization for worst-case scenarios.

«A company needs clear playbooks — response scripts for specific incidents, including recovery actions and post-incident plans», — noted Yurii. 

The third key element is investing in modern technologies. Passwordless access systems, data backups, and AI-driven threat analysis tools are must-haves for any business striving to remain competitive. It’s not enough to merely respond to incidents; predicting and preventing them is essential. One of the cornerstones of a proactive approach is leveraging AI-based systems. These technologies can process vast amounts of data, including information from the darknet, closed Telegram channels, and specialized forums where attack scenarios are often discussed.

Yurii emphasized that cybersecurity is not a one-time action but an ongoing process. Businesses must regularly review and adapt their security strategies to meet emerging challenges. Only by combining expertise, clear processes, and cutting-edge technologies can companies effectively counter threats and ensure resilience in even the most demanding conditions.

MODUS X exemplifies leadership in cybersecurity by implementing innovative solutions that not only address threats but also prevent them. The company continues to enhance its systems and train its employees, ensuring robust protection for its clients under the most challenging circumstances.