On November 27-30 Kaspersky Lab held a Cyber Security Weekend conference in Warsaw, Poland, to explore the latest cybercrime trends and discuss how European businesses can survive in a world of cyber security threats.
On November 27-30 Kaspersky Lab held a Cyber Security Weekend conference in Warsaw, Poland, to explore the latest cybercrime trends and discuss how European businesses can survive in a world of cyber security threats. Kaspersky Lab’s Global Research & Analysis Team (GReAT) experts and an invited specialist from Europol gave presentations to journalists from 15 countries.
“As an international company Kaspersky Lab has a wide-angle view of the modern IT security landscape and we are glad to share our expertise about the cyber threats that are out there and how to protect personal and business assets”, said Marco Preuss, Director of GReAT in Europe. “The security of small businesses was among the topics raised at this event. Despite their size, they need to protect important data just as urgently as bigger enterprises and can easily fall victim to cybercrime, so we hope advice that we gave will be useful for them.”
Kaspersky Lab speakers Marco Preuss, and Sergey Lozhkin, Senior Security Researcher at GReAT, spoke about the most resonant security incidents of 2014 and presented their forecasts for 2015. They gave an overview of the advanced persistent threats (APTs) that were in the center of attention in 2014, like Epic Turla, Energetic Bear/Crouching Yeti, Regin and the recently discovered DarkHotel. They also gave a reminder of the dangers of long-established malware, such as banking Trojans, ransomware, rapidly developing mobile threats, and the scams that cybercriminals love to perpetrate around the major events such as the Olympic Games or the FIFA World Cup. The experts also presented an overview of the threat landscape in Europe in 2014 based on details of how many Kaspersky Security Network users faced web-related and local threats (spread in local networks, via USBs, CDs, DVDs). These numbers varied greatly: for example 47% of users in Turkey and 42.8% - in Ukraine faced local threats, while in the Netherlands 18.1% encountered malicious activity online.
*Statistics refer specifically to the countries that took part in the Cyber Security Weekend
Among the predictions of future threats the experts discussed the possibility of today’s big cyber threat actors splintering into smaller, independent units. That would lead to a more widespread attack base with more diverse attacks coming from more sources. Experts believe that 2015 will bring more attacks against ATMs and payment systems, more malware incidents where banks are breached using methods coming directly from the targeted cyber-attack playbook. More incidents compromising the Internet of Things will most probably appear, and there may be more Internet-bleeding crises: dangerous vulnerabilities might be found in old code, exposing the Internet infrastructure to menacing attacks.
The expert guest - Javier Egea, Seconded National Expert, Focal Point Cyborg, European Cybercrime Centre at Europol - spoke about the aims, functions and solutions of this organization, listed different kinds of current cyber threats, and introduced the cybercrime structure drawing on the recent joint campaign when Kaspersky Lab helped to wage against the criminals behind the Shylock malware. He proceeded to raise the important issue of private-public cooperation against cybercrime.
“Today cybercrime is reaching across geographical boundaries. We work all over Europe. But to successfully disrupt existing criminal organizations, there should be joint efforts of organizations like ours, of law enforcement agencies and private industry, including businesses that face threats and are ready to report on them”, he said.
The issue of finding to solutions to threats facing businesses, especially small ones, was addressed in the presentation that Olga Orlova, Senior Product Marketing Manager, Corporate Product Marketing at Kaspersky Lab, made with Marco Preuss and Stefan Tanase, Senior Security Researcher, GReAT, Kaspersky Lab. According to the Global Corporate IT Security Risks 2014 survey, conducted by B2B International in collaboration with Kaspersky Lab, viruses, worms, Trojans, and other types of malware were problems for 61% of respondents. Meanwhile, according to companies’ representatives around the world, the average cost of a single data security incident was $720,000 for a large company.
To avoid falling victim to cybercrime, companies are advised to use effective and comprehensive security solutions that meet their needs and allow them to easily manage the whole IT infrastructure. Like Kaspersky Endpoint Security for Business, these solutions should include technologies such as automatic exploit prevention that safeguards against even newly-minted zero-day threats used by APTs, phishing websites and others. Encryption technology can greatly help in many cases, for example when transmitting sensitive data via cloud services or keeping it secure even if it is on a device that is lost or stolen. In addition, mobile device management tools are advisable as IT administrators have to keep track of an increasing number of mobile devices attached to the network. These, and other important technologies, should be used alongside reliable security policies for employees, who are often the weakest links in the security chain.
Advice on how small companies can secure their businesses was a special topic of the event. Small businesses often believe that they are too insignificant to attract the interest of cybercriminals, wrongly assuming that crooks want to chase bigger, wealthier organizations. But this complacent attitude offers cybercriminals a great opportunity for easy money.
This carelessness can cost a huge amount of money or even lead to the closure of a business. The 2014 survey figures showed that the average cost of a data breach in a small or medium sized business can reach $47,000 worldwide; in Western Europe the figure climbs to $55,000. This includes lost business opportunities, hiring external IT support to fix the problem and potentially even new equipment. The costs are not just financial: 57% of data loss events had a knock-on effect that damaged the operation of the business. A company’s image and reputation – something that absorbs so much time and effort when developing marketing strategies – can be ruined overnight. More than half of lost data events (56%) have a negative impact on a company’s reputation or perceived reliability.
The key to protecting VSBs is to appropriately prioritize security needs. A small company does not need to start by investing in things like data-loss prevention (DLP), or an in-depth management console. VSBs can focus on the security issues that are critical to the individual company or to the field it works in, and pick a security vendor that can scale up as their business grows. At the outset, a very small business needs the baseline protection supplied by anti-malware software and a firewall. Once these businesses become operational and start processing orders, they need data encryption technology to protect payment information or customer information, and this sort of protection is often mandated by law. If they begin hiring employees who work outside the office, then basic mobile security features will be appropriate.
To secure themselves VSBs often find themselves trying to choose between consumer software that lacks key features needed for business, or enterprise-level software that is overly complex and expensive. This can result in spending unnecessary time and money on a solution that still doesn’t fulfill the business’s needs. That’s why it’s better to choose a solution tailored for them, such as Kaspersky Small Office Security, with purpose-built management and financial protection that is easy for a layman to use, as well as business-critical tools like file encryption and file server protection.
