How to beat cyber criminals – Kaspersky
| March 24, 2015, 9:41 a.m.
By James Ratemo, Nairobi, Kenya
Cyber criminals are getting more daring everyday and everyone on the Internet should be wary and take precautions, warns Internet security solutions firm, Kaspersky.
Two decades ago, cyber threats were few and not as fraudulent as they are today.
Most cyber criminals now target to make money or simply cause destruction. Many cases come to mind lately: Stuxnet targeting nuclear facilities in Iran, Carbanak targeting banks, Envasion thought to have been sponsored by some governments to spy on multinationals and many more threats.
Mikhail Nagorny, Kaspersky Head of Global Business Development service said cyber criminals are coming up with new tricks every day with some now able to invade banks and transfer money from internal accounts or even command ATMs to release money.
Speaking to BiztechAfrica in Nairobi during a Kaspersky Awareness programme on Friday, Nagorny said the threats are getting vicious and even able to evade an anti-virus software, thus organisations need to have a comprehensive suite of security solutions to assure safety.
“Most companies employ anti-virus but not comprehensive security solutions for system watch…an antivirus is the main part of the solution but to catch sophisticated threats, you need to monitor activity all the time” advised Nagorny.
“We are trying to educate industry that they need to use end-point security solutions and protect their devices from intrusion. Employees need to use corporate approved USB sticks that allow encryption of data just in case they get lost or are stolen,” he said.
He said there are 325,000 new pieces if malware every day and Kaspersky Lab updates its signatures every hour to assure considerable safety from malware.
“Customers need to educate employees on security since cyber criminals often use employees computers or devices to penetrate into company networks,” said Nagorny, adding that Kaspersky offers onsite training for few employees but rest can access professional training online on how to fight malware.
Kirill Kertsenbaum, Kaspersky Head of Global Presales Management, said there should be a policy on which websites can be accessible over company network to reduce probability of installing malware.
“Companies should adopt file level encryption and full disc encryption. If a bad guy steals the hard disc, he cannot access the data. Our endpoint solutions come with integrated technologies.
Kertsenbaum said Kaspersky has solutions that allow for instance automatic encryption of all files from Microsoft Windows. This can only be done if there is at IT security policy in place.
“Antivirus is like a strong security door but cyber criminals can enter through the windows or back doors, in this case, the weak points like employees’ mobile devices that are connected to the corporate mail.”
Kertsenbaum said companies can buy the best expensive products in the market but still have vulnerabilities due to poor security policies and disuse.
Simple measures like remote wiping or encrypting stolen devices, avoiding jail breaking of an iPhone ups security.
‘Based on data from Kaspersky Security Network (KSN), overall, 32.2% of KSN participants in Kenya faced local threats (malware spread via removable USB drives, CDs and DVDs, and other “offline” methods) during October-December 2014. This puts Kenya in the 116th place worldwide.
Protection against such attacks not only requires an antivirus solution capable of treating infected objects, but also a firewall, anti-rootkit functionality and control over removable devices.
In the fourth quarter of 2014, 14.3% of KSN participants in Kenya faced web-borne threats. This places Kenya in 169th place worldwide when it comes to the dangers associated with surfing the web.
Protection against such attacks, requires an Internet Security class solution capable of detecting threats as they are being downloaded from the Internet and the timely installation of all the latest updates for the browser and its plugins.
Another key technology, developed by Kaspersky Lab, is Automatic Exploit Prevention, designed specifically to fight complex web threats, exploiting newly discovered vulnerabilities in software.