Cybersecurity Director of Softline EE&CA: “Ensuring the information security of a company is by no means a project. This is an ongoing process.”
Tashkent, Uzbekistan (UzDaily.com) -- Information security is one of the priority areas of Softline’s activities. The COVID-19 pandemic has become a real test for the units responsible for ensuring the information security of enterprises.
The shift of companies to remote work has led to an increase not only in the number of information security incidents, but also in the scale of their consequences.
Vyacheslav Aliseevich, Director of Cybersecurity at Softline EE&CA, answered the main questions related to information security in modern conditions.
- Hello, Vyacheslav. Do you think the COVID-19 pandemic has accelerated the development of digital innovation in cybersecurity?
- COVID-19 has accelerated digital adoption in a wide variety of areas. The transition to the online environment has been accelerated by medicine, education, trade, the film industry and, in general, the organization of the work of enterprises. However, digital transformation has given rise to certain problems for information security services: new vectors of threats and an expanded range of vulnerabilities for potential attacks by cybercriminals.
- What new threats do cybersecurity professionals face?
- I would not say that there are any new threats. As you know, everything new is well forgotten old. Remote communications systems attracted a lot of attention from cybercriminals: Zoom, Skype, Webex, Slack, etc. The share of attacks on individuals through social engineering, phishing, etc. has increased. The rise in online payments has led to an upsurge in QR code and mobile payment fraud. Supply chain attacks are widespread. The most notorious attacks were against Blackbaud and SolarWinds. The attackers also focus on tools for organizing remote access. The well-known RDP service got a second wind (a vulnerability in Windows Remote Desktop Services - remote execution of malicious code on the attacked system).
- What vulnerabilities were highlighted by the transition of employees to remote work?
- It is always easier to protect, control and maintain a single, albeit large, perimeter of an IT infrastructure than several small ones. The abrupt and large-scale transition of employees to remote work (up to 75%, and somewhere 100%) blurred the boundaries of the protected perimeter. The main problems of many companies are:
- impossibility of fast scalability of information security solutions;
- weak integration of information security solutions and, as a result, low automation of all information security processes and non-transparency of information security incidents in complex IT infrastructures;
- supply chain vulnerabilities mentioned earlier;
- low cyber literacy of the society;
- and, oddly enough, the crisis of personnel in the field of information security.
- In your opinion, has the transition to the cloud led to an increase in the number of potential threats? Has it increased the opportunities for attackers?
- With the advent of COVID-19, the use of cloud services has turned from a strategic advantage to a guarantee of business survival. Clouds are not only convenient and profitable in terms of savings, but also traditionally fast and simple in terms of implementation. Traditionally, security risks in the cloud have been rated higher than traditional on-premises IT environments. The main threats to the clouds:
- incorrect cloud configuration (access, etc.);
- unauthorized access to confidential information;
- insecure cloud access interface.
The main reason for all the concerns is the fact that traditional defenses are not designed to solve complex cloud security challenges.
- According to the McAfee Labs Cyber Threats Report for Q1 2021, cybercriminals have begun to abandon mass campaigns in favor of single attacks, but more profitable. The targets in such cases are large enterprises, for which ransomware is specially created. How do you think we, as a cybersecurity solution provider, can use this?
- Countering cyberattacks often resembles a game of "catch-up". Unfortunately, most often the players of the light side are in the role of the catch-up. No system is secure. There is even a film of the same name, in which a group of young hackers infiltrate the network of the German Federal Intelligence Service, use social engineering and phishing. As a global provider of cybersecurity solutions and services, using our experience and the experience of our respected vendors, we can make the task of cybercriminals as difficult as possible and reduce the risks of a particular attack, as well as assess the already implemented protection measures at the client. At the same time, in the place of large enterprises, I would think about the presentation of certain requirements for providing information security to smaller counterparties, especially those who, for a number of reasons, have access to the IT infrastructure or information systems of a large enterprise. After all, it is much easier to hack a small counterparty than a large company, provided that it maintains information security at the proper level.
- One of the main trends of 2021, Gartner calls the concept of adaptive security. Could you tell us what “adaptive security” is and why it has become one of the main trends this year?
- Provision of information security for a company is by no means a project. This is an ongoing process. Taking into account the fact that technologies, principles and vectors of attacks are constantly changing, information security systems must constantly evolve. By itself, the methodology for building adaptive security implies the creation of a continuous and adaptive process, security, risk and trust, which, ideally, anticipates the risk from ever-increasing cyber threats (from the fight against ransomware to the cyber attack itself). The situation with COVID-19 is just proof of the correctness of this approach. Not all companies and information security systems were able to quickly adapt to the realities of doing business in a pandemic.
- Please also tell us about the "zero trust" policy. What does this mean for ordinary employees?
- The "zero trust" policy is a set of network security paradigms based on the principle of "trust no one." In contrast to the classical approach to security, which pays great attention to protecting the perimeter of the organization and its segments, the model of "zero trust" focuses on the protection of resources. Within this model, users, devices and applications are subject to verification every time they request access to a particular corporate resource, and it does not matter whether it is internal or external.
- Vyacheslav, thank you for the interesting conversation!