Veniamin Levtsov
What would you name as the hottest issues at the moment in terms of cyber security?
I think these are ransomware, targeted attacks and financial threats.
Ransomware and specifically encryption malware deserve special attention because cybercriminals are continually changing the tools they use, including cryptographic schemes and infection vectors. If a victim is not properly protected by a cybersecurity solution and has no backup, chances are high that the encrypted data will be non-restorable, even if the ransom is paid. We suggest to victims not to pay the ransom, as it only provokes cybercriminals to distribute the malware further. Projects such as the No More Ransom (www.nomoreransom.org) campaign that we recently launched together with our partners are aimed at informing the public about the dangers of ransomware and helping victims to recover their data when possible without having to pay ransom to cybercriminals.
Targeted attacks are types of cyberthreat that have been developing very fast in the recent years, both in terms of their number and sophistication. A targeted attack is a continuous process of unauthorised activity in the infrastructure of the attacked system that is remotely and manually controlled in real time. APT — Advanced Persistent Threat — is a combination of utilities, malicious software and mechanisms for using 0-day vulnerabilities and other components specifically designed for the implementation of an attack. To protect themselves from targeted attacks organisations need experts and technology to secure their perimeter from the majority of threats, and also intelligence and technology (such as the Anti Targeted Attack solution) to identify and remediate attacks inside the perimeter, should they happen.
Financial threats vary greatly from mobile Trojans and phishing aimed at customers to attacks on banks related to their networks and ATMs. These threat vectors should be kept in mind and protected against in a relevant way.
What do you consider as the three pillars of IT security?
Have robust security solutions, corporate security awareness programmes and security policies in place. These three aspects are the core of a holistic approach to cyber security.
How would you describe the ideal endpoint security solution?
The solution should include not just anti-malware protection, but also other technologies such as vulnerability assessment, patch management, application and device controls, data encryption, etcetera.
It should cover all IT network elements (mobile security, virtual machines, file and mail servers) and be easily manageable from one console, preferably allowing an IT administrator to manage the issues remotely.
What three pieces of advice would you give to SMMEs?
Choose the security solution that fits your needs. Free anti-virus solutions don’t provide enough protection for a company as they only offer a basic level of security not expansive enough to protect confidential company information, with security updates and IT support also in question. Programmes for home users don’t cover business needs, while solutions for large companies are more expensive and harder to manage. It’s better to use solutions developed specially for small businesses. For example, Kaspersky Small Office Security for companies with up to 50 employees and Kaspersky Endpoint Security Cloud for businesses of 50-1 000 employees offer advanced functionality and proven protection that can be managed easily via a simple cloud-based console with an intuitive and user-friendly interface.
Have strong passwords. This applies both to business owners and their employees — passwords should be strong, regularly updated and different for all accounts. Remember to have passwords on mobile devices.
Back up — you can lose data as well as money in a cyber attack or even a simple hardware break, so it’s important to make regular back-ups.
What would you name as top suggestions for enterprises?
Make cybersecurity assessments from time to time.
Think about not just preventing the penetration of malware inside the perimeter, but also about detecting breach incidents if they were successful (such as in case of a targeted attack when malware is already in the network), reacting to these properly and predicting possible incidents in the future by analysing the evolution of threats and breach tactics.
Consider investing in training and threat intelligence services, which will keep your employees and IT specialists informed of emerging threats.
What would be your three pieces of advice for resellers and system integrators?
Stay informed about the changing threat landscape. Kaspersky Lab has many resources, both public ones and partner-oriented with such information.
Don’t just sell the products but also be able to provide services, i.e. consult on most effective cybersecurity strategies. We see the demand for security intelligence from customers, so we are sharing our 19-year expertise with them and our partners.
We see great potential for IT companies serving small, medium and micro organisations, because their role is really important in raising awareness about cyberthreats and in making these businesses safe.
Technologies that you would advise businesses to pay attention to:
Application control (Whitelisting and Default Deny), targeted attack detection instruments based on Standalone Sandbox, and I think encryption. I would also add SIEM (security information and event management) platforms supported by Threat Intelligence in a form of Indicators of Compromise and different threats data feeds, but this stands a bit separately.
What are your newest proposals for businesses?
Kaspersky Lab proposes a strong suite of prevention products, recently reinforced with solutions for detection, prediction and response, and also shares the best security intelligence with our customers, in the form of security services. In addition to our flagship Kaspersky Endpoint Security for Business and targeted security solutions, we have recently released:
- Kaspersky Industrial CyberSecurity — a specialised solution designed to provide comprehensive cybersecurity for industrial networks and critical infrastructure, regardless of the level of industrial automation. The solution includes unique technologies, specialised services and educational programs.
- Kaspersky Anti Targeted Attack Platform provides real time monitoring of network traffic — combined with object sandboxing and endpoint behaviour analysis, delivering a detailed insight into what’s happening across a business’s IT infrastructure. By correlating events from multiple layers — including network, endpoints and the global threat landscape — Kaspersky Anti Targeted Attack Platform delivers “near real-time” detection of complex threats and helps to enable retrospective investigations.
- Kaspersky Endpoint Security Cloud — a new Software-as-a-Service solution that provide small, medium and micro-sized businesses with multi-layered IT security. It delivers industry-leading protection that’s quick to roll out, easy to run and requires no additional hardware investment. The centralised cloud management console does not require advanced IT skills and can be used from any location to remotely distribute software, and to monitor and manage the security for multiple endpoints, mobile devices and file servers.
What are your most demanded services for businesses?
I would say they are equally popular — different services within three categories: Security Assessment; Cybersecurity Training service; and Intelligence Reporting. Our Kaspersky Security Intelligence Services are designed to meet the most frequent demands of large organisations, governmental agencies, internet service providers, telecoms and managed security service providers, so their popularity depends on the organisations’ particular needs.
Top three possible top future threats?
I would name targeted attacks; internet of things that might bring new cyber threats; and attacks on industrial facilities.
What three informational resources would you advice for IT security?
It’s easiest for me to name our resources: www.business.kaspersky.com for business, www.securelist.com and www.threatpost.com for IT specialists.