Kaspersky Lab and EY Warn Organizations to Get Prepared for Cyberthreats

Kaspersky Lab’s Cyber Security Weekend for the Middle East, Turkey and Africa is taking place on April 26-29 in Lisbon, Portugal and brings together specialists from the company’s Global Research and Analysis Team (GReAT) and Global Product and Technology Marketing Department, an invited expert from EY, journalists and business guests. During the conference they discussed global and regional cyberthreats and security trends, corporate IT issues, and what security measures are needed.

“At Kaspersky Lab we believe that to eliminate the risks brought by the Internet and new technologies a combination of factors is needed: comprehensive technologies, including those for critical infrastructures and high-risk industries; education of the general public and businesses; and law enforcement and international cooperation. A complacent attitude towards cybersecurity doesn’t only put money, data and reputation at risk, but also prompts the spread of cyberthreats,” said Sergey Novikov, Deputy Director of GReAT, Kaspersky Lab.

Kaspersky Lab’s analysis of IT threats in the first quarter of 2015 indicates that in the Middle East, Turkey and Africa (META) region an average of 41% of users had security incidents related to local networks and removable media while 21% of users faced web-related threats. Kaspersky Security Network cloud service statistics for January-March 2015 show that Egypt continues to have the highest number of users affected by local threats (50.5%), followed by Qatar (46%), Saudi Arabia (45.8%) and Turkey (44.6%). The highest numbers of web threat incidents were reported in Qatar (31% of KSN users faced these threats), UAE (29%), Turkey (25%) and Saudi Arabia (24%). Kenya, South Africa, Bahrain and Lebanon have somewhat lower threat levels: 14-18% of users affected by online threats and 33-37% by local ones.

Speaking about the threats facing organizations, experts referred to statistics from the 2014 Global Corporate IT Security Risks survey conducted by B2B International and Kaspersky Lab: depending on their country, anywhere from a quarter to more than half of the organizations in the region said they faced viruses and other malware, spam, phishing and software vulnerabilities in the past year. Along with these threats businesses are also preoccupied with network intrusions and targeted attacks, DDoS, loss of data on mobile devices, file sharing and data leaks.

Raddad Ayoub, Partner, EMEIA Advisory Center, EY, shared the company’s expertise in his presentation about the realities and trends of corporate cyber security in the region. He commented: “Companies need to address cybercrime — which, like other threats has the potential to cause significant reputational and financial damage. In a recent EY study on cybercrime, we discovered that organizations are making progress on building the foundations of cybersecurity — and this progress is important. However, most respondents report having only a “moderate” level of maturity in their foundations. This clearly means that there is still a lot to do.”

He added: “To get cybersecurity right, the first step is to get the foundations right. Given how much attention recent cyberattacks have received, no one can claim they do not know the dangers; so there can be few excuses for organizations that are still not putting basic cybersecurity systems and processes in place. Once the foundation has been mastered, the next stage is to make your cybersecurity more dynamic and better aligned and integrated into key business processes. Without taking this crucial step, organizations remain vulnerable — particularly when they, their environment and the cyberthreats they face are all changing. And then comes the real opportunity: the chance to get ahead of cybercrime. By focusing your cybersecurity on the unknowns — the future and your business’s broader ecosystem — you can start building capabilities before they are needed and begin to prepare for threats before they arise.”

Continuing the topic of threats faced by organizations, Sergey Lozhkin, a Senior Security Researcher with GReAT at Kaspersky Lab, made a presentation about targeted attacks and cyber-espionage campaigns. Today we see business supply chains are under attack, cyber-mercenaries becoming a “commodity” and more APT (advanced persistent threat) groups appearing, so organizations have to take special care of their data protection, business continuity and reputations. Mitigation strategies for advanced threats should include security policies and education, network security, comprehensive system administration and specialized security solutions, like Kaspersky Endpoint Security for Business, that include software patching features, application control, whitelisting and a default deny mode.

Ghareeb Saad, Senior Security Researcher, GReAT, Kaspersky Lab, said: “The trends that we see globally are also reflected in the region, including APT trends. The Desert Falcons cyber-espionage group, considered by Kaspersky Lab experts to be the first known Arabic group of cyber-mercenaries to develop and run full-scale cyber-espionage operations, simply confirms that. Another thing we see is cybercriminals exploiting of political tensions, big events, and headline news to gain users’ attention and install a Trojan, get access to credentials and more. To stay secure we advise taking precautions measures and use a comprehensive security solution.”