Cyber criminals 'may go for broke' in 2015
Cyber criminals 'may go for broke' in 2015
This year cyber criminals are expected to target banks and even develop malware to steal cash from ATMs.
Security technology experts believe that whilst much is being done to develop comprehensive IT strategies to combat threats, end-user behaviour remains a weak link in the IT security chain.
ITWeb Africa caught up with Bethwel Opil, Channel Sales Manager for East Africa at Kaspersky Lab to discuss these and other issue affecting IT security.
CHRIS TREDGER: Kaspersky Lab has found that cyber criminals may turn their attention away from consumers and head straight for businesses in 2015. We have also come across a report by Cisco which claims that users are becoming the loophole in accessing sensitive corporate data - what can businesses do to change user behaviour and reinforce existing security?
BETHWEL OPIL: Most companies around the globe understand the importance of IT security preventive measures and do implement them to varying degrees. Often, humans can be viewed as the 'weakest' link in the IT Security chain, however there are measures that businesses can investigate to avoid becoming victims to cybercrime - as a result of human error.
No matter their size, companies should develop IT strategies that include security solutions and security policies for employees. A complex security solution is a necessity now given how many different cyberthreats are appearing along with PC and Internet development and adoption.
Such a solution is easily manageable and delivers a broad array of tools and technologies to enable companies to control and protect all endpoint devices.
In terms of preventing internal threats such a solution should provide a strong encryption algorithm to protect sensitive business information, application control, device control, web control features and mobile device management to enforce IT security policies.
In order to minimise internal security risks, organisations can look to have network structures that, for example, separate mission-critical networks from other networks and use different levels of access privilege to IT systems.
Employees do not always comply with existing corporate security policies, often due to the fact that these are not clearly outlined, and as such it is important for businesses to have these policies in place and to communication the repercussions should these not be adhered to – there should be a clear outline of the sanctions and disciplinary procedures for when IT security policies are breached.
CHRIS TREDGER: You've pointed out that online and mobile banking remains a serious concern. Is it accurate to suggest that those countries actively pursuing mobile banking (and related technology) are more at risk than other countries?
BETHWEL OPIL: With the growth and uptake of mobile devices that can access the Internet, all countries are at risk of being targeted by cybercriminal attacks aimed at mobile platforms. Yet, it is accurate to say that cybercriminals pay attention to a country's 'weak points' in cyber security.
So for example, looking at Kenya, the country is embracing mobility at a fast rate, however at the same time, consumers and businesses alike might not be fully aware of the IT security risks associated with these technology trends just yet, as they have not yet experienced these first hand, as in other countries, and for that reason don't necessarily take precaution steps.
Cybercriminals use this to their advantage and as such target the weakest points.
CHRIS TREDGER: Is enough attention being paid to security when it comes to the rollout of mobile payment platforms, banking and financial solutions? If not, why not?
BETHWEL OPIL: From a platform perspective, security measures for these platforms are being put into place and there is a strong focus on such security measures currently from many organisations, given the growth of IT related threats and targets over the past few years.
However, it is also important for the consumer who uses these platforms to have a solid understanding of IT security and cybercrime, and the risk associated to using such platforms, as cybercriminals are becoming more advanced in their attacks – developing new ways of attacking and new tricks, regularly.
So while some businesses are paying careful attention to security, there are still too many people that follow the misconception that being a victim of a cyber-security attack online won't happen to them. This means that they don't pay enough attention to their own device's IT security. Many of the threats appearing today are highly sophisticated. This is especially true for targeted attacks, where cybercriminals develop exploit code to make use of unpatched application vulnerabilities, or create custom modules to steal data from their victims.
However, often the first kind of vulnerability exploited by attackers is the human one – social engineering is used very often to infect a device or network. For that reason home users should also secure their devices and financial transactions with comprehensive solutions and be attentive to suspicious messages, attachments, links, even SMSs.
CHRIS TREDGER: Kaspersky has released its predictions for 2015 - with the overall idea being that cyberattacks will be more prevalent next year. Do you think companies will be more proactive in their security strategies, more vigilant?
BETHWEL OPIL: Certainly – it is becoming evident that businesses are paying more attention to cybercrime and how to go about protecting their networks and infrastructures. This is also partly due to the fact that they might have faced some of the treats themselves, not just read about them in media space. The topic is also discussed widely on a global level, for example it was a key one for business leaders at the recent World Economic Forum in Davos.
CHRIS TREDGER: Is there a greater awareness in Africa about what technology can and can't do when it comes to protection and security of data especially?
BETHWEL OPIL: Ensuring that people and businesses are educated about IT security – the threats that exist and the realties regarding cyber-attacks - is a key focus area for Kaspersky Lab globally. In line with this, Africa has been a focus for us and certainly we are making headway in educating the continent about IT security threats and the importance of the necessary security needed for technological devices. There is a good awareness of these realities building in Africa; governmental organisations are also paying attention to this, so we can say that the awareness is rising.
CHRIS TREDGER: What attacks should businesses be most mindful of in 2015?
BETHWEL OPIL: For businesses specifically, the financial sector should be aware that cyber criminals are growing in confidence and with that, they have been attacking users of banking services, seeing them as the weak link in the financial security chain. Also for 2015 Kaspersky Lab experts anticipate high-stake targeted cyber-attacks - pinpointing the banks themselves. And the fraudsters won't stop here; Kaspersky Lab expects predict that they will go for broke and try to develop new malware that can take cash directly from ATMs.
What else to expect in 2015:
• Attacks against virtual payment systems
• More Internet-bleeding stories: dangerous vulnerabilities appearing in old code, exposing the Internet infrastructure to menacing attacks.
• In-the-wild attacks against networked printers and other connected devices that can help an advanced attacker to maintain persistence and lateral movement within a corporate network.
• Malicious software designed for OSX being pushed via torrents and pirated software packages
• A shift where the bigger, noisy cyber-threat actors splinter into smaller units, operating independently of each other. This in turn will result in a more widespread attack base with more diverse attacks coming from more sources.
Beyond this, cyber espionage is also anticipated to increase significantly. For companies, the high prevalence of internal threats will remain the biggest security threat in the months, and possibly, years to come.