Cybersecurity for businesses in Bulgaria: How can we protect our companies from attacks and human error?

Almost every second company in Bulgaria has been the target of a cyber incident – either through falsified invoice data or phishing emails that block systems and cause financial damage. Despite clear signals, cybersecurity remains underestimated.

The data shows that nearly 50% of companies do not consider cybersecurity a priority, and 81% do not offer training to their employees on the topic. In addition, about 60% of companies do not conduct security tests, which is an alarming sign,” says Veselin Troyanov, general manager of Check Point for Bulgaria, citing data from Check Point Research Cybersecurity: Annual Report for 2025.

According to the expert, small and medium-sized enterprises often invest less in security because their focus is on quick returns from digitalization rather than on sustainability and protection. The main reasons are limited resources, a lack of experts, and the perception of cybersecurity as an “IT issue” rather than a strategic business risk.

However, we are seeing a gradual change—more and more companies, even small ones, are beginning to realize the need for protection,” Veselin Troyanov adds.

The evolution of cyber threats: how AI is becoming a tool for attacks

Hackers do not choose targets based on size, but on the ease of profit. Cybercriminals work with business logic – they look for low costs and high returns.

The main goal of cyberattacks remains the theft of data and information, but artificial intelligence is changing how they are carried out.

Thanks to artificial intelligence, phishing campaigns are becoming more realistic, more widespread, and more difficult to recognize,” adds Veselin Troyanov.

He points out that another threat remains the compromise of the AI systems themselves, which are now integrated into almost every business process.

That’s why organizations need to think not only about protecting themselves from AI-based attacks, but also about protecting their own AI solutions,” says Veselin Troyanov.

And while regulations in Europe are clear—the GDPR defines what is legal when using artificial intelligence, especially when it comes to personal data, images, and information about identifiable individuals —and violations are quickly sanctioned, this is not the case in the US, where thousands of AI-related lawsuits are pending.

Many people upload entire databases to artificial intelligence platforms, including the paid version of ChatGPT – confidential files with sales, delivery prices, pricing policies – and want AI to analyze them,” says Radoslav Yordanov, IT Account Manager at Balkan Services.

He emphasises that the legality of such practices is debatable. Still, it is undoubtedly a bad practice, as every bit of information uploaded to an AI platform is used to train the model.

“This means that if another user asks the model for an example, it can use the uploaded know-how and even quote numbers or data from the uploaded corporate database. This can reveal trade secrets, pricing policies, or internal information,” the expert explained.

According to Radoslav Yordanov, such cases can be resolved by introducing clear internal policies for accessing and working with documentation—for example, a technical ban on uploading files to AI platforms.

The weakest link – email and employees

Against the backdrop of the exponential growth of AI platforms, email remains the most common vector for attacks. Phishing campaigns are becoming increasingly sophisticated and personalised thanks to improved social engineering and automation techniques. In most cases, human error is at the root of successful attacks.

NIS 2: What does Bulgarian business need to know?

Employees have always been, and will remain, the weakest link in the cybersecurity chain. Thanks to regulations such as NIS2, more and more organisations are required to pay attention to staff training and awareness.

The results of phishing simulations are often alarming—in some companies, over 90% of employees click on fake links. This clearly demonstrates the need for ongoing training, practical testing, and building a culture of cybersecurity at all levels of the organisation,” notes Veselin Troyanov.

How can companies limit the risk of cyber incidents caused by human error?

For small and medium-sized businesses, it is critical that work computers operate in a domain environment—a closed internal network managed through a centralised tool. This allows for centralised access rights and policies,” explains Radoslav Yordanov.

He gives an example of a best practice approach to work, according to which: “Employees are not administrators of their devices. They cannot install software, change system files, or perform other risky actions. Policies are automatically distributed through a centralised tool, and user behaviour can be monitored and controlled through the antivirus system console.”

In other words, there are practical tools that protect users from their own mistakes.

Where does cybersecurity begin in any company?

Proper cybersecurity begins before implementing protective technologies. Most companies reduce the concept of “IT security” to computer viruses, but the real threats today are related to identity theft. This includes not only personal data, but also credit card data — whether personal or corporate.

Therefore, the first step is to assess existing, potential, and unrecognised risks.

When a client comes to us for IT support and cybersecurity, we start with the most important step—a detailed analysis of the current IT infrastructure. We assess whether risks already exist and to what extent the organisation is aware of them—in many cases, companies are unaware of the vulnerabilities they face.
That’s why our team conducts a full IT audit, including antivirus protection, network security, the domain environment, and access control systems.
This is the foundation on which any effective cybersecurity strategy is based,” says Radoslav Yordanov.

Balkan Services’ IT services

Today, Balkan Services provides a comprehensive IT audit focused on information cybersecurity, designed to give complete protection to the organisation. The audit covers the entire spectrum—from assessing current security systems and implementing stricter policies to recommending upgrades or implementing new security solutions where necessary. The scope includes expertise and checks for the development and management of a centralised tool, network segmentation, backup systems, multi-factor authentication, centralised antivirus and XDR solutions with DLP, Next Generation Firewall, SIEM system, mobile device management, and more.

How to calculate the return on investment in an ERP software? (part 1)

At Balkan Services, each cybersecurity solution is developed individually—not based on industry standards, but on the organisation’s real needs. When building protection, the team considers the number of employees, the specifics of the IT infrastructure, and the risks that need to be addressed or prevented.

That is why no two projects are the same – just as there is no universal protection. Balkan Services builds solutions tailored to each environment to ensure the most effective level of security for every business.

Nowadays, no business can grow and be competitive without using IT systems. Choosing the right software solution and implementing it is a complex, difficult, but critically important decision.

At Balkan Services, we have expert knowledge of business, technology, and legislation, and we are fluent in all three languages. We will listen to you carefully and advise you on choosing the right business system for your needs.

Balkan Services has been supporting businesses on their path to digital transformation since 2006. We have already helped over 270 companies digitize their business by implementing proven software solutions and managing their IT infrastructure.