"What makes Cyprus particularly exposed (to cybersecurity threats) is its strong reliance on the cloud services, shipping, finance, tourism and cross-border digital operations sectors, which attackers increasingly target," Eleftherios Antoniades, Founder & Chief Technology Officer, Odyssey Cybersecurity suggests.
Speaking to GOLD magazine, Antoniades also shares his expert opinion on where companies continue to fall short in their cybersecurity posture and talks about what supply chain risks are most critical.
Among other things, he also elaborates on how AI has changed the speed and sophistication of the attacks and puts forward his thoughts on the one development he believes will reshape the cybersecurity environment by 2028.
What are the greatest threats to Cypriot companies and organisations right now?
The most damaging threats we currently see in Cyprus are ransomware-as-a-service, Business Email Compromise (BEC), identity-driven attacks and supply chain intrusions. Ransomware remains the fastest monetised attack but attackers are shifting towards data exfiltration and extortion rather than pure encryption. At the same time, identity abuse through compromised credentials and multi-factor authentication (MFA) bypass has become the primary entry point into organisations. What makes Cyprus particularly exposed is its strong reliance on the cloud services, shipping, finance, tourism and cross-border digital operations sectors, which attackers increasingly target.
Where do companies still fall short in their cybersecurity posture? Which practices or frameworks are proving most effective in closing those gaps?
The biggest shortfall is still strategic rather than technical. Many organisations invest in tools without integrating them into a unified operational model. Visibility remains fragmented, response processes are manual and Boards often view cybersecurity as an IT issue rather than a business risk. The most effective shift we see comes from adopting Zero Trust principles, NIST CSF 2.0 and ISO 27001 in combination with continuous threat detection and automated response. Equally important is the move from traditional security operations centre models to AI-augmented or autonomous security operations.
As digital ecosystems become more intertwined, what supply chain risks are most critical and how often do companies underestimate them?
Supply chain attacks have become one of the most underestimated yet dangerous threat vectors. Software updates, managed service providers, cloud platforms and logistics ecosystems are now prime attack surfaces. A compromise in a single third-party provider can cascade across hundreds of organisations. Many Cypriot companies still assess suppliers once a year through questionnaires, which no longer reflects real risk. Continuous third-party risk monitoring, contractual cybersecurity obligations and real-time telemetry sharing are now essential, not optional.
Given the EU’s heightened cybersecurity agenda, which policies or regulatory measures would be most pivotal in helping the local cybersecurity market grow?
NIS2, DORA and the EU Cyber Resilience Act will be transformational for Cyprus if fully enforced. They shift cybersecurity from “best effort” to legally accountable operational resilience. For a country like Cyprus, these frameworks create a unique opportunity: they force demand for advanced cybersecurity services while also enabling local providers to scale regionally under common EU standards. What is now needed is faster national transposition, practical guidance for SMEs and incentives for cybersecurity R&D and local innovation.
How has AI changed the speed and sophistication of the attacks you’re seeing? Which attacks are becoming hardest to defend against?
AI has dramatically shortened attack lifecycles. We now see reconnaissance, phishing, malware adaptation and command-and-control optimisation happening in near-real time. Deepfake voice fraud, AI-generated phishing at scale, autonomous malware mutation and AI-driven credential harvesting are among the hardest techniques to defend against. Attackers no longer reuse static patterns; they evolve faster than traditional detection models. Defending against this requires defensive AI that can reason, correlate and respond autonomously at machine speed.
Can you identify one development that will reshape the cybersecurity environment by 2028?
The defining shift will be the transition from human-driven security operations to autonomous cyber defence. By 2028, leading organisations will not rely on analysts manually inspecting alerts. They will deploy AI systems that detect, investigate and respond in real time with human supervision. This is not about replacing professionals but about augmenting them so that they can focus on strategy, risk governance and advanced threat hunting rather than operational firefighting.
Odyssey CyberSecurity
“We focus on highly regulated and critical sectors including financial services, shipping, energy, healthcare, government and critical infrastructure. Our specialisation is in Threat Detection, Investigation & Response (TDIR), AI-powered Security Operations, identity threat protection, DNS security and cyber resilience governance. We provide both technology platforms and fully managed cybersecurity services, combining real-time monitoring, autonomous response, regulatory compliance and Board-level cyber risk visibility. Our goal is not just to prevent breaches but to make organisations resilient in an AI-driven threat era.”
This interview first appeared in the December edition of GOLD magazine. Click here to view it.
