A researcher for a cybersecurity firm that just got banned from the US market has some insights to share with readers
Tensions and conflicts in the geo-political arena can lead to increased state-sponsored cyberattacks targeting critical infrastructure, financial systems, and sensitive data.
Geopolitical rivalries also drive state-sponsored threat actors to exploit vulnerabilities in other countries’ networks to undermine political stability and economic security.
On the frontline, self-proclaimed hacktivists are also rising in force due to technologies that democratize their often-questionable activities.
With fears of the unknown driving the USA to ban Kaspersky from its shores, its director of the Global Research & Analysis Team, Igor Kuznetsov, is in a special position to share his thoughts about cyber tensions and geopolitical uncertainties with CybersecAsia.net…
CybersecAsia: Based on your research, what are the top three wrong perceptions that industries have about cybersecurity?
Igor Kuznetsov (IK): There are many myths and perceptions around the world as far as cybersecurity is concerned. However, these are the top myths which many corporations have:
- We can just buy one (cybersecurity) product that protects everything. But the fact is, even if you have all products, you cannot be assured that it protects everything.
- Everyone “hears” about ransomware. People think it will not happen to them. And even people who have proper data backups may think it can be stored on the same network.
- Mobile malware is something different. People have a wrong perception about the iPhone. The biggest myth they carry is, with these phones, no attacks can happen. The fact is, every phone can be hacked.
CybersecAsia: What are the most worrying trends to you in cybersecurity right now?
IK: Right now, the impact of sophisticated malware is almost infinite. Container related issues are also worrying: very few people understand how to manage containers, especially when we can have a container that runs as a machine orchestrated by something else. It is complicated to manage the same level of security with other cyber security aspects. Container-level security needs a separate product all together.
Another of my worries is the rise of supply chain attacks and exploitations of trusted corporate relationships. We are seeing an increase in the format of attacks where businesses trust their contactors or sub-contractors or suppliers across the industry.
Finally, zero day vulnerabilities are on the rise at a more rapid pace than ever.
CybersecAsia: Please tell us about the geopolitical factors in cybersecurity around the world?
IK: Cybersecurity in every region has different set of issues.
The Asia Pacific region (APAC) is actually is normal compared to other parts of the world. Elsewhere, there are different factors including activists and more. The region is predominantly threatened by ransomware and data breaches.
Elsewhere, geopolitical attackers are entering various countries. What we have seen in recent years, is the emergence of activists and a activists evolving as self-proclaimed ‘hacktivists’. Unlike malicious hackers, ‘hacktivists’ typically aim to expose corruption, promote free speech, or push for policy changes rather than personal gain.
Hacktivists navigate the ethical gray areas of technology, often raising questions about the balance between security and freedom in the digital age.
CybersecAsia: As the USA bids goodbye to various cybersecurity and technology firms that the country finds threatening, what advice do you have for its CISOs affected, to maintain a good cyber hygiene?
Igor Kuznetsov: It is complicated. However, here are some basic aspects for good cyber hygiene:
- Instagram is the highest channel of interest (45%) for APAC teams, closely followed by TikTok (43%)
- For securing not-so-tech-savvy workforces, organizations affected by the bans need to continue to isolate devices and assume that, at some point, some of the devices may get compromised. Education plays a key role in this. We need to train IT team to monitor endpoints diligently. Continual basic cyber awareness training is mandatory. Responsible organizations will not overlook this aspect no matter which cybersecurity vendor they use or lose.
- Regarding replacing banned cybersecurity and technology products and services, I personally believe, more investments should be made in multiple vendors instead of just one vendor. Next, boost investments in cyber training as part of overall holistic, advanced security strategy.
- Addressing shortages in cybersecurity talent is also important. I have seen more and more programs specializing in cybersecurity mushrooming across universities. The whole scene is moving fast. Cybersecurity is a hot topic in academia and more people are enrolling.
CybersecAsia thanks Igor Kuznetsov for his non-partisan views
Editor’s note: In withdrawing from the US market, Kaspersky has confirmed the layoffs of fewer than 50 employees in the USA, and has had its offer to open up its source code to the US government for inspection rejected. In its webpage of declaration of transparency, the firm states that its teams around the world will continue to “regularly cooperate with international organizations, such as INTERPOL, to help fight global cybercrime, and work with law enforcement agencies in a number of countries, providing technical analysis of malicious programs during investigations… ” According to Dominic Trott, Associate Research Director, European Security, IDC: “Kaspersky has surpassed other major security vendors in its transparency. This is exemplified by Global Transparency Initiative, committing to make the source code of its products available to partners and customers.”
