• United States



by Anthony Caruana

CSO Roadshow 2018: Getting ready to defend against APTs

Jul 02, 20184 mins
Backup and RecoveryBusiness ContinuityCareers

It’s fair to say security vendor Kaspersky Labs has had a hard time over recent months. allegations of spying for the Russian government against other nations, through their end-point software have resulted in a massive hit to their bottom line and reputation. But their local CEO Stephan Neumeier, stepped out in front of the crowd at the CSO Perspectives Roadshow to deliver the closing keynote. He addressed the challenges facing the security industry as well discussing what Kaspersky Labs is doing to address the challenges they’re facing.

“What many corporations don’t understand is that usually with new technologies, new cyber-threats get introduced as well,” he said.

Pointing to emerging trends such as wearable technology, IoT, big data, blockchain and other emerging technologies, we see threat actors try to exploit these potential new vectors before we’re ready.

“Security is not usually built in from day one,” explainedNeumeier. “It usually comes after the second or third wave, or after some thing serious happens”.

For example, he noted that the emergence of cryptocurrencies has given rise to the creation of cryptomining software that hunts for local resources to generate revenue for thieves.

Kaspersky Labs conducted some analysis of the global security threat landscape and market. The data revealed, perhaps surprisingly, that Austraia was the third most attacked country on the planet, having been hit with over 7.1 million unwise types of malware so far in 2018. Infection rates, though, painted a different picture with 16% of users infected, placing us in 113th place on that scoreboard.

Neumeier speculated that it’s possible our relatively slow internet speeds, when compared to other parts f the world, may actually be acting as a deterrent to threat actors.

But we ranked second globally in two categories; mobile banking and phishing threats. And he noted that we have been targeted by three different APTs, or Advanced Persistent Threats, over the last three years.

So, when considering that threat environment, how well prepared are Australian businesses?

The IDC research looked at 200 organisations in the Asia Pacific region. The research found 84% of companies have security strategies that are described as less than ideal. Almost two-thirds said ransomware was a major issue but almost one in five believed APTs were an opportunistic threat whereas the evidence suggests they are, in fact, highly targeted.

One of the challenges highlighted byNeumeier that came from the data was that there was a poor understanding of what APTs really are. The research found businesses were concerned with backdoors in legitimate software, unique attacks in their corporate environment and zero-day threats but didn’t see these as APTs.Neumeier believes that view is incorrect as, he said, those threats are all APTs.

“Targeted attacks are becoming more and more sophisticated,” saidNeumeier. “But on the other side there is a struggle with having the right understanding of what APTs are”.

And, as the volume of security events continues to rise, it’s becoming harder too process, analyse and respond to attacks with the prevalence of manual processes a major challenge.

Many security analysts promote a “Prevent – Detect – Respond” model when it comes to dealing with cyber attacks. But Kaspersky Labs has added a fourth element to this model: Predict.

By using their team of expert analysts, they use threat intelligence they collect and apply machine learning algorithms to that data in order to predict new threats so they can better engage in prevention. So, their model is”Predict – Prevent – Detect – Respond”.

When it comes to rehabilitating the company’s reputation,Neumeier said the company is a key partner to Interpol. But they have also been “pushed to create a new wave of transparency”.

They have invested in a new “transparency centre” in Switzerland that will house a lot for the company;s R and D, data centre capability, product inspections by an independent third party that look at source code, updates and other elements of the Kaspersky product suite.