Anita Joseph, Editor, Security Advisor, caught up with Emad Haffar, Head of Technical Experts, META at Kaspersky, to find out more about the cybersecurity & threat landscape in a rapidly transforming business environment.
2021 has been an interesting year for spam and phishing attacks. What are some of the main attack trends being seen this year?
With today’s significant increase in online shopping, criminals have been exploiting these transactions by targeting the final step of the purchase, the delivery. The attack scams witnessed recently are related to the shipments via courier delivery services, where fraudsters call, mail or send SMS messages to the victims with a fake “pending” delivery notification requesting additional payment to finalize the order. With these mailings, victims are often routed to a fake website, where they risk not only losing money but also sharing bank card details.
Several cybercriminals have also launched websites that appear to offer the opportunity to purchase parcels that could not reach the intended recipients. Of course, the parcels never arrive.
Spam messages sent on WhatsApp with requests for money were also in the bag of tricks for fraudsters during the past quarter. These scams involve several different schemes, including one that asks users to take a survey about WhatsApp and send messages to several contacts to receive prizes or other rewards.
How can CIOs and other company bosses build an effective defence mechanism against hackers?
Genuine full-proofed cybersecurity should be based on a multi-layered approach that blends various protection techniques, from classic AV records to behaviour-based detection with deep learning models. Because newer, more sophisticated cyberattacks try to overcome existing protection, it is crucial to mount layered defences, covering both different levels of infrastructure and applying multiple protection layers of varied nature to every protected asset. This allows effective protection against different types of malware while making the system too well-defended for the majority of attackers.
The first layer constitutes a reliable and ultra-fast technology that detects malware by masks and hashes. The second layer uses emulation, which runs suspicious code in an isolated environment. Both binaries and scripts are emulated, which is critical for protection against web threats.
The third layer is a classic detection routine. It’s a tool that allows Kaspersky experts to write a code and deliver it directly to the user in databases. This technology is truly irreplaceable; it complements the solution with decryptors for ransomware and unpackers for legitimate packers. The fourth layer assumes the use of machine learning models on the client’s end. The models’ high generalization ability helps to prevent the loss of quality in detecting unknown threats, even if an update of databases was not available for more than two months.
The fifth layer is cloud detection using big data. It leverages threat analytics from all endpoints in Kaspersky Security Network, which, in turn, enables an unprecedented reaction to new threats and minimizing false positives.
The sixth layer is heuristics-based on execution logs. There is no more fail-safe way to catch a criminal than catching him in the act. Instant backup of data impacted by a suspicious process and automated roll-back neutralize malware the moment it’s detected.
The seventh layer involves gathering real-time behavioural insights on files to create deep learning models. The model is capable of detecting a file’s malicious nature while analysing a minimal amount of instructions. This helps to minimize threat persistence, and machine learning provides high detection rates even when a model update is unavailable for a long time.
Using machine learning on various layers of a file antivirus subsystem is, in its very essence, proof of Kaspersky’s functional, next-generation approach to protection.
What do you think are the main challenges companies face while implementing a cybersecurity framework? – Allocating a cybersecurity budget
We believe that organisations must allocate a specific budget to cybersecurity. This is, of course, challenging as c-suite executives want to see a direct return on any money spent.
Research shows, however, that even smaller organisations are also under attack. According to Kaspersky, 36% of micro-enterprises and 48% of SMBs experienced data breaches in 2019, up from 30% and 46% respectively the year before.
The average cost of a security compromise for a small to medium business (SMB) stood at US $108,000. Approximately half of this amount stems from damage to information and infrastructure, the rest resulting from disruption to normal operations. It’s therefore vital to make the case that this an investment in cybersecurity is an investment in business continuity and, thus, the company’s future.
Cyber resilience is a term not too many people are aware of. How vital is a robust cyber resilience strategy for organisations & what are some of the key things to keep in mind while doing so?
As mentioned, an effective cybersecurity strategy incorporates multiple layers of security techniques, and technologies. Given the changing nature of the threat and the scarcity of skillets in this area, we believe the key things to keep in mind when building a robust cyber resilience strategy for organisations is to implement a security solution like Kaspersky’s Managed Detection and Response (MDR) service. MDR providers can take care of a range of essential cybersecurity tasks, including the installation and maintenance of anti-virus software, firewalls and applications; virtual private network (VPN) management; e-mail monitoring and intrusion detection. A managed service provider may work remotely or enable internal staff to react on their own following instructions from the MDR. The latter is helpful at the beginning of a partnership, as a customer needs to ensure that the recommendations work with their network and processes. Also, some prefer to respond on their own in case critical assets, such as computers belonging to executives, are involved.
Individual behaviour is often overlooked while putting together a cyber-defence strategy. How important is individual behaviour in cybersecurity & how can such behaviour be made more accountable?
It is well known that humans are the weakest link in the cybersecurity chain. There are well established best practices that everyone should follow, including keeping passwords secret, beginning wary of opening unsolicited e-mails and exercising caution opening attachments, and using only work accounts and approved apps to handle company data. Raising cybersecurity awareness and ongoing end-user training is essential. Kaspersky offers a unique solution among security awareness training courses, combining content based on Kaspersky’s 20+ years’ experience in cybersecurity and advanced learning and development methodology developed by Area9 Lyceum on Rhapsode, the world’s first four-dimensional adaptive learning platform.
Finally, there is a lack of skill in cyber threat mitigation, even at the top levels. How do you think this can be addressed?
We believe there is a need for training at all levels of organisations, but different levels need different levels of training. With the Kaspersky Automated Security Awareness Platform (ASAP), organisations can simplify through automation. It takes just 10 minutes to simply upload a user list, divide users into groups and set target levels for each group. The platform builds an education schedule for each group, based on pace and target level, as well as delivering actionable reporting and recommendations.
