In an online discussion, VMware officially announced the results of its study, covering some of the global trends related to cyber defence and the danger of hacker attacks, frequent phishing and ransomware cases in companies, as well as other issues.

The event was attended by guests and specialists in the cybersecurity sector, which are the main focus of our digital everyday life. Here is more from the discussion.

Diana Stefanova, Vice President of Global Sites Strategy at VMware, said that the Global Security Insights 2020– study involved 14 countries from all around the world, which makes it extremely comprehensive. The results can be defined as very interesting. 542 professionals from the cybersecurity industry took part in the study. 70% of them have stated that they have suffered at least once a breakthrough in the systems. 69% reported an increase in attacks by 60-70%. Stefanova commented:

“Thanks to COVID, we have had to move towards accelerated digital transformation. This has placed new challenges for security teams. 80% of the participants believe that they have been the subject of cyber-attacks because of the majority of employees working from home.”

Diana Stefanova gave an example of what happened to Colonial Pipeline, who were forced to pay a ransom to hackers in order to resume their work. Another example she mentioned was T-Mobile. According to her, in such cases, companies must react reactively.

According to the study, 79% of respondents say that cyberattacks have become more challenging and more difficult to deal with. Among the leading reasons of this, the study identifies several reasons:

14% responded that this is due to outdated processes, technologies and methods of organizations.

According to the panellists, some of the security measures that we should consider include Internal policies and updated technology. 98% of the respondents commented that they use the Cloud-first approach, which turned up to be a double-edged sword.

The key challenges that the companies have to overcome are three:

Too many surfaces to defend

Too many silos

Too little context.

Diana Stefanova introduced Ventsislav Pochekanski, the leader of the Carbon Black team at VMware, who is completely focused on security. Carbon Black is a new team for Bulgaria, built in the last year and is the main unit of VMware. He commented:

“More and more employees are mobile and work with different points of view, which is a problem. Multiple end devices are used to access the data. Organizations maintain their traditional applications, but also develop new ones. Both new data centres and new cloud technologies are available, and it is also important to use extremely complex networks to provide connectivity between customers, users, etc.,”

According to him, there is a lack of context in the operation of these protection systems. The goal is not to protect individual components, but the entire system. Pochekanski also said that systems must see all components of protection and understand the interconnections on them.

“Our vision at VMware is for a security system that is built into the infrastructure, instead of many tools that we need to take care of, update, maintain, etc.,”

According to him, there is a lack of context in the operation of these protection systems. The goal is not to protect individual components, but the entire system. Pochekanski also said that systems must see all components of protection and understand the interconnections on them.

“Our vision at VMware is for a security system that is built into the infrastructure, instead of many tools that we need to take care of, update, maintain, etc.,” he said.

The moderator of the meeting was Boycho Popov, Editor-in-Chief of Investor. bg, as well as a presenter at Bloomberg TV, who also introduced Yuri Genov, Executive Director and Head of IT and Operations at DSK Bank.

“The work of global companies and the publication of such research provide a good insight into how the market is evolving. We were very careful during the pandemic and focused on these aspects of staff work. It is always good for someone with authority to confirm what is happening on our market, “

What actually matters is that managers are starting to focus more and more on this topic. What the statistics show is that incidents are increasing dramatically – in 2019 attacks were less than 1000, in 2020- around 2000, and in 2021 the expected number is 3000. There are several reasons behind this:

  • COVID-19 pandemic
  • Visualization
  • Third-party software suppliers
  • Cloud usage.

But how does the transition to a virtual work model affect cybersecurity?

According to Yuri Genov, the current situation taught society many things, better discipline, better security measures, etc. As threats grow, so does the culture of citizen behaviour, awareness, and precautionary measures against phishing attacks. Security is not just about finance, because the problem covers bigger and bigger perimeter. The Cloud increases data security, but its model increases the potential for problems. Security starts with people’s behaviour and habits and is developed and supported by technology.

The discussion was also attended by Georgi Sharkov, who manages the interface of a software institute – Center for Eastern Europe and the Laboratory of Cybersecurity in Sofia Tech Park.

“Both phishing and ransomware attacks are on the rise because of the pandemic, but also because of the virtualisation of education, shopping, communication and our lives in general. The infrastructure and the environment in which communication is changed. New signals for attacks and imagination have also appeared on channels that have not yet been presented in Bulgaria,”

Vihren Slavchev made an interesting emphasis on new technologies such as AI, ML and Deep Learning. Their applications are very large and one of the reasons for their widespread penetration is that they can be applied on both the good and the bad side.

“We know how drones save lives, make deliveries, etc., but they can also hit military targets with extraordinary power. In terms of cybersecurity, we are at war. It runs between machines and machines. We position software, algorithms and centres, 95% controlled by AI. On the other side are those who attack. They use AI, which studies and analyses your behaviour so that it launches the attack very successfully. Even in a prepared organisation, we see phishing emails that are incredibly neat and done with research for months. Despite years of experience behind many specialists, out of 10 phishing emails, they manage to recognise 6, 7. At some point, people will become spectators of this war and as such will lose control.

On the question of who will win the war, Slavchev noted that historically, the attackers are always one step ahead. On the other hand, the defence must be approached with a great deal of study of all models of attack. Serious research is needed and millions of dollars can be spent on defence, but the weak link in the human factor, that could open the door and welcome the enemy every time.

Georgi Sharkov continued the military analogy, saying that there are no unconquered fortresses in world history. The defender is always in an unfavourable situation.

“A fortress that is not designed to be protected cannot be. We need to think about how to design the protection. The attackers have no ethical, moral or regulatory restrictions on the use of funds. They have an advantage. The AI ​​itself needs to be protected! AI’s cybersecurity is a very important aspect.

He added that in all wars, there is no winner, and cyberspace is not an exclusion. Sharkov also said that artificial intelligence is the only tool that could help against enemy AI.

On the question asked by DevStyleR “What are the three steps that a company must take after an attack

Ventsislav Pochekanski commented that if companies are thinking ahead, they need to ensure maximum protection for vulnerabilities and the traditional, outdated applications that are used. They are often attacked and this is done through constant monitoring. Current behaviour-based protection systems should also be used. It is also necessary to ensure the protection of internal systems. But when it comes to a cyber attack and a ransom demand, there is no technological solution.

Vihren Slavchev emphasized another curious thing – should the ransom be paid? If the company can recover relatively quickly, then there is no need. But attackers often destroy backups, which is already a big problem. He also noted that talks are underway to criminalize the payment of ransom.

As protection steps, first, he listed “trust a professional” because “pulling the cable and cutting services” is not good. Also, you need to isolate the perimeter. As a third step, you must have a crisis plan because if everything is done at the last moment, then it becomes very complicated.

Yuri Genov agreed that every company must have a ready-prepared plan and that Bulgaria has systems in place to interact with national authorities. He is of the opinion that the legislation should be observed and authorized persons should be dealt with. There are well-prepared organizations that can help, and paying a ransom should be an incredible last resort to save a business.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Nikoleta Yanakieva Editor at DevStyleR International