Cybersecurity in action: how to detect, prevent and respond to threats?
on December 5, 2025The article was originally published in Polish on www.xyz.pl
In a world full of growing digital threats, technology alone is not enough. Successful defence requires a combination of modern tools, skilled analysts, informed employees and effective risk management processes – both internal and external ones. Przemysław Jaroszewski, Head of Cyber Defence Centre, and Marcin Juszko, AVP Cyber Threat Response at Standard Chartered Poland, in an interview with XYZ, discuss what a comprehensive approach to cybersecurity should look like in action.
With the rise of new technologies and artificial intelligence, as well as widespread cyberattacks, many people wonder whether it is possible to completely eliminate the threats posed by the internet. The answer is no. However, what hugely matters is the right awareness and skills across the entire team, from management to rank-and-file employees, and not just in the IT department.
As Przemysław Jaroszewski and Marcin Juszko from Standard Chartered Poland point out in an interview with XYZ, the only method that would be 100% effective would imply going back to working entirely on paper, without any digital tools. Since this is not a realistic option, in fact, one cannot predict all the threats and weaknesses of one’s systems.
“The level of security boils down to a business decision, i.e. an organisation should decide how much it is willing to invest in protection and what risks it is prepared to accept,” says Jaroszewski.
“Another critical point is how quickly and efficiently an organisation will react and restore its operational readiness following a security incident,” adds Juszko.
Cool head the key to success?
Marcin Juszko notes that when it comes to cybersecurity, the greatest success is… another day without an incident.
“This means that the mechanisms one has rolled out are working effectively, deterring potential attackers or making an attack unprofitable. Such daily little victories prove that the well-configured protection system actually fulfils its role,” he says.
But problems sometimes simply cannot be avoided. In such situations, efficient communication management is key. Teams need to know what to do, and customers should be informed clearly, specifically, and in as much detail as the situation allows.
As Juszko stresses, communication errors during a crisis can only aggravate the consequences of an attack, which is why keeping a cool head and coordinating actions are just as important as technical competence is.
Alarms, analysis and response time
Przemysław Jaroszewski highlights how important it is to process alarms generated by security systems correctly.
“Correlation systems analyse events and generate alerts in fractions of a second, but human response always takes some time,” he says.
Even with advanced automation, response time will not reach real-time levels. However, AI tools and system integrations can significantly reduce it to a minimum.
Jaroszewski points out that traditional correlation engines have their limits.
“As we want to process more and more signals and data, the sheer volume of it all is becoming a challenge for analysts. This is where artificial intelligence and machine learning come in, as they let us embed events in their situational context, identify anomalies, and support human decisions,” he explains.
Artificial intelligence: support, not replacement
Marcin Juszko points out that AI plays a supporting role in cyber defence.
“At this stage of development, AI does not make all the decisions. It is still humans who decide. AI speeds up context analysis and provides information, but it cannot replace the experience of analysts,” he says.
External and internal threats
Standard Chartered experts emphasise that in today’s cyber world, threats can come from both outside and inside of an organisation. The example they give is that of so-called social engineering attacks. Criminals employing deepfakes can generate a live video connection, not only with the company’s fake CEOs, but also with the entire management board. Hence, employees must be cautious, assertive and verify information and even the people they see on their computer screens, especially when it comes to sensitive data or financial matters.
The above is one of the external threats, but internal threats are no less important. These may include unintentional mistakes made by employees or deliberate actions by agents working for criminals or foreign countries.
“The signals are scattered – from IT, through HR, to physical access control systems. A complete picture of the situation requires combining all of them,” explains Przemysław Jaroszewski.
“An example of a nondeliberate threat is an employee sending documents to a private device to complete a task faster. They are not doing anything wrong from their own perspective, but this creates a risk for the company,” adds Marcin Juszko.
Red Teams and legal penetration tests
Experts underline the role of Red Teams and penetration testing.
“Such teams operate on the brink of permissible scenarios. In so doing, they verify vulnerabilities in systems by simulating the actions of attackers. Not every company might have its own Red Team, but they are also available as external services,” says Juszko.
Jaroszewski points to the importance of legal testing of external system security.
“Bug bounty programmes enable vulnerabilities to be identified in an orderly and safe manner, unlike so-called wild hacking, which carries the risk of criminal liability,” he emphasises.
Analysts’ skills in the digital era
Experts point out that analysts’ skills are critical to effective cyber defence. Marcin Juszko makes a distinction between hard and soft skills.
Hard skills include knowledge of new attacks, cloud environments, programming and process automation, and the use of AI in data analysis.
Soft skills, on the other hand, include curiosity, inquisitiveness, meticulousness, the ability to thoroughly analyse and interpret data, and open communication within the team.
On top of that, as Przemysław Jaroszewski adds, understanding the fundamental mechanisms of the internet helps employees link different signals and fully understand the context of threats.