Clouds and Yevgeny Kuryshev | 25.05.2020
Currently, companies operating in the field of information security, and cloud providers are on IT-forefront – because the demand for their services has increased significantly, and difficulties in the work clearly did not become smaller. We
spoke with members of these segments of the IT market about what problems customers face today like have changed the dynamics of cyber attacks and how to protect yourself from security threats while working remotely.
The first problems
Alexey SABANOV (“Aladdin R. D.”):”One of the pressing issues is the unwillingness of many organizations to support a secure remote access – do not allow to scale any hardware or software components. IT services do not emerge from data centers and server rooms, many perform feats, to infrastructure work and business processes are maintained at the same level. Began the sequestration of the budget, the numbers are different, on average, about 20-30%”.
Deputy General Director of “Aladdin R. D.” Alexey SABANOV notes that it is especially hard now, budgetary organizations and small businesses. The reality is that decisions need
to accept here and now, budgeting has at least a two-year period of maturation. So, to ensure complete secure remote access for a period of self-isolation
needed urgent procurement of hardware and software components, and this could afford only organizations able to smuggle part of the budget for urgent needs.
Mr. Sabans emphasizes that the demand for laptops has grown in March-April in the tens or even hundreds of times, just below was the demand FOR and means of information protection. Now the voltage drops, but the problems
remain. In particular, the implementation of the approved plans in terms of isolation becomes more complicated: the meeting in an online format, all mastered, but not always, this format can replace personal communication, business
meeting. “From small businesses, the situation is even more serious, many companies are on the verge or have already lost everything that was established before the pandemic. Survive only the strongest and most prepared, capable
to adapt to the new conditions. However, in this environment, surviving businesses still care about protecting remote access to its information resources,” says Mr. Sabans.
Nikita SEMENOV (CALMER):”If earlier it was assumed that only a small portion of employees will work remotely, now clients are faced with a massive transition to udalenku and, as a consequence, understand that their protection system is geared to ensuring the required safety level only in the controlled area, and not outside it”.
Head of information security of the company TALMER Nikita SEMENOV says it is a question of lack of capacity (e.g., lack of licenses and poor performance of gateways
terminating remote access), and it is a global problem of the lack of certified systems remote access to sensitive information and information systems, its processes. Even
major customers are faced with the lack of a video conferencing system that allows you to remotely discuss issues relating to a commercial or banking secret, he said. In these circumstances, one of
the important fact is related to the protection of client devices – laptops, tablets, and phones, home computers of employees. Today, many work on devices on which security service information security
the customer knows nothing, believes g-n Semenov. In addition, superimposed acute problems of incompatibility of certain means of protection from unauthorized access with wearable devices. “Not all
companies have EMM and VDI solution for 100% of users. Not all have sufficient number of licensed sessions VPN, a situation which is easier, since everything
major vendors provide unlimited licenses for remote access functionality for the period of the pandemic,” – concludes g-n Semenov.
Murad MUSTAFAYEV (“Onlanta”):”For customers the quality and continuity of cloud services by our company in the current situation has not changed.”
Head of information security of the company “Onlanta” (part of LANIT group) Murad MUSTAFAYEV noted that his company is still, even after the transfer of all employees to work remotely
complies with all regulations and SLAs and is making efforts to maintain a high level of service.
Ivan Melekhin (INFORMZASCHITA):”Now, after experiencing the first weeks of contingencies associated with the mass transfer of employees to remote work, the main difficulties faced by our customers are challenges in monitoring cyber threats in this new reality.”
Director SOC AO NIP “Informzaschita” Ivan MELEKHIN said that the old, well-guarded security perimeter today destroyed, and a huge number of potential points of penetration
made abroad organization. While a large number of personal devices have access to corporate resources in the most subtle ways, while protection configured for
control flows coming through other routes, not fully or not at all converted, in connection with which a host of new vectors for attacks. Services of IB in the same emergency mode as
IT departments some time ago, I have to rebuild the protection circuit for the new reality.
Vladimir ULYANOV (Zecurion):”The biggest problem is the fight against internal threats. Security is always a balance between usability of information and its security. With the transition of companies to remote work balance is clearly violated”.
According to the head of the Zecurion analytical center Vladimir ULYANOV, the main challenge for security researchers today – how to reduce the risks of leakage and to preserve the possibility
to work properly. It is theoretically possible to tighten the policy of use of data, he said, but at the same time, it is impossible to leave without changes the workflows of companies and so difficult in
connection with the total transition to online.
Giorgi MEGRELISHVILI (the”Sblood”):”Since the mass transfer of companies to the remote mode it’s been a month, and in General many of them question the organization of such work decided. Now at the forefront of the “mistakes””.
Executive Director of “Sblood” Georgy MEGRELISHVILI believes that the companies have entered a period of rethinking and finding ways to improve the measures previously adopted. In this regard, about
the move to the cloud started to think even those who was determined to solve everything on their own. The second important issue is the complication of supply of equipment. “The rejection of CAPEX in favor of OPEX weighty argument
always, and in crisis,” he concludes.
Alexander BURAVTSOV (“New Cloud”):”In a pandemic, our customers are faced with the need of remote access to its information resources. They require the creation of new channels of communication and adding new network segments to the infrastructure of the company.”
Director of IB “Maiofis” (“New Cloud”) Alexander BURAVTSOV said that in the process of organizing remote access level of security is often compromised and the entire network
becomes equal to the level of the weakest link. In this regard, it is to store corporate data in a secure perimeter of the organization and to ensure the maximum level of safety. “Our
clients using the platform “Maiofis”, which is the concept of private cloud successfully overcome these difficulties,” – said Mr. buravcov.
Vasily STEPANENKO (DataLine):”IT Department of some companies were not ready for remote work of employees during a period of isolation. Does not always help even the fact that many vendors provide free VPN clients for the period of a pandemic, since it is not always in the state are qualified engineers, able to tune everything correctly”.
According to the Director of cyber center DataLine Vasily STEPANENKO, some employees were not ready to work remotely: not all homes have the appropriate requirements PC.
The lack of instructions on connecting to the corporate network caused a flurry of requests in technical support, which was able to overcome only after a couple of weeks. According to Mr. Stepanenko,
solutions class NAC (Network Access Control) are not used, therefore does not validate employees ‘ personal devices for compliance with the information security requirements (updated
antivirus OS with all updates, rights, etc.), as a result there is the possibility of infecting the corporate resources of our clients. Besides, hardly anyone uses two-factor
authentication and captchas, and attackers get a chance at a successful bust passwords to available corporate resources from the Internet such as OWA (Outlook Web Access), warns Mr.
Stepanenko.
Is and cyber attacks
Increased the number of cyber attacks on the company in connection with the growth of their remote activities? If so, which ones and to what extent?
Alexey SABANOV (“Aladdin R. D.”):”On a serious increase in the number of cyber attacks have not heard. Stable growth in recent years has fluctuations, if there are, they are yet within the limits of these fluctuations.”
Nikita SEMENOV (CALMER):”the Number of cyber attacks increased significantly, but the quality and degree of maturity declined sharply. Basically we have seen a surge of the simplest phishing emails, spam and botnet activity. Perhaps this is preparation for something greater, but more like the actions of low-skilled attackers”.
Nikita SEMENOV (CALMER) is convinced that from the entire list of the most noteworthy botnet activity, which may remain unnoticed due to the transition to remote work, especially
if the customer has not deployed a specialized means of protection – anti-botnet and IPS.
Murad MUSTAFAYEV (“Onlanta”):”In March the average number of blocked attacks stood at 112 thousand. And in April – 142 thousand, which is approximately 30% more.”
Murad MUSTAFAYEV (“Onlanta”) ‘m sure criminals are working continuously. But such a small increase in attacks, equipment and network of the company is kept easy so it does not
affected provide customers with services.
Ivan MELEKHIN (“Aquarius”):”In terms of remote work in the first place increased the number of phishing attacks, which exploit the topic of coronavirus”.
Ivan MELEKHIN (Informzaschita) also notes the increasing infiltration attempts into the corporate network through the newly organized access point – VPN-gateways, terminal servers. “The number
our observed SOC events compromise of the asset increased in comparison with January 2020 by 48% and associated with malicious software – 20%,” he says.
Vladimir ULYANOV (Zecurion):”the Number of attacks has significantly increased, but not all, namely insider, from their own employees. In March, our analytical center predicted an increase of leaks of confidential data in two or three times in connection with the transition of the companies on udalenku, and now we can say that the forecast was justified.”
Vladimir ULYANOV (Zecurion) believes that the reasons for the rise of insider attacks are many: reduced loyalty, insecurity, the desire to play it safe and copy the information
“just in case”, reducing the fear of breach if it is detected by the security service (because it is physically located somewhere far away and you can always catch something out). This
you can add the frequent cases of poaching of personnel, recruitment of insiders competitors and cyber criminals, increased vulnerability to social engineering methods. In fact we are talking about
that people are trying to compensate for the loss of income by the employer, considers g-n Ulyanov.
Giorgi MEGRELISHVILI (the”Sblood”):”Our partners in the area of is an increased number of attacks on the network “home” providers, as they moved a significant amount of corporate traffic. This is a reason to consider additional protection, VPN channels and personal devices that employees use for work tasks”.
Alexander BURAVTSOV (“New Cloud”):”Work from home objectively increases the risks of data leakage. The company has to consider the facts of the use of personal computers, is now more difficult to control IN established, transition, and surfing the web resources or access to the Network across an insecure connection”.
Alexander BURAVTSOV (“New Cloud”) cites the results of a study conducted by “Kaspersky Lab” long before the pandemic: 62% of business owners and their employees use
personal devices for work, with 92% of them hold sensitive corporate data on their smartphones and tablets. In terms of remote operation, these figures will be even higher, he said, and
recalls that at least 30% of attacks are perpetrated by installing malware. The threat also have unsecured Wi-Fi network and open storage of access keys. “A new direction
cyber attacks, which is actively growing during the period of the pandemic, became domestic “smart” devices — they often do not change factory default passwords,” he says.
Vasily STEPANENKO (DataLine) confirms that the number of clients his company has faced with phishing attacks, a lot of infections of servers with malware with the aim of illegal
activities, including DDoS attacks. “We know about such facts in complaints about IP addresses that are owned by us and leased to customers. The customers rarely share this information, and
those who have we are administering remedies of particular bursts to date are not marked. Statistics is almost the same as before isolation, even at retail,” he explains. Most often
complaints come from resources such as @spamhaus.org, @netcraft.com, @bitninja.io @blocklist.de, spamcop.net, NiX Spam botnet.tracker. Taking this opportunity, Mr. Stepanenko gives them gratitude
for the work.
(To be continued)
Journal: Journal IT-News [No. 05/2020], Subscription to magazines
