The emergency provisions related to COVID-19 have been active for some time and more and more companies are allowing their employees to work from home. We asked Our Chief Technology Officer Vladimír Sedláček, a seasoned administrator of ICT, corporate systems, cybersecurity, and experienced developer, about his opinion on current affairs.
The Coronavirus pandemic impact is discussed everywhere, but few people seem to realize that despite all the physical risks, digital issues still present a significant problem. How do you see the current situation, and what do you consider to be the biggest risk in terms of virtual infections, and their possible outcome for companies?
It would be naive to assume that the global crisis would lead to a drop in cyberattacks or will result in a ceasefire. On the contrary. In nature, each weakened individual becomes prey. Regardless of any previous “ceasefire declarations”, we see an increase in the number of attacks and targeted at the SARS-NCov-2 situation. Obviously, we can expect contacts from faux health inspectors and money collectors. Even my inbox has received several phishing emails offering nano-silver infused masks. In addition to attacking the weakest part of cybersecurity – the user – we also see an increase in scanning; looking for vulnerable computers and security holes in firewalls or hastily constructed VPNs and remote desktop gateways. In the end, all of this contributes to latent disclosure of company secrets, production, and patent documentation, or personal data. Infiltration by extortion malware also becomes a threat and can mean a total production halt, as seen both last year and recently in some hospitals in the Czech Republic.
What do you see as the most common errors from employers and top management regarding data exposure; and how does the risk increase with massive deployments of quarantine provisions where most employees work from home?
Right now, the risk is increased by companies laying off contractors, often those working on infrastructure, promoting rotating furloughs, and allowing their administrators to work from home. This can cause a delay in necessary security patching and increased response time. Also, ad hoc suspension of certain user accounts can leave the access ripe for unauthorized access restores later. Last, but not least, some companies have allowed their employees to work from home using their home computers. VPN has thus become a gateway for free access directly into company networks, and to internal company systems, all thanks to home devices with uncertain security postures, possibly outdated operating systems, obsolete software, or a load of games full of spyware. These systems are being used by home-bound users surfing the web with local superuser rights. It is very similar to allowing the usage of personal devices (BYOD) and letting them directly connect into internal, as opposed to guest networks. A lot of companies do not, however, tackle the situation accordingly, and have not familiarized their employees with relevant security policies. Without in-depth employee training and without respecting the basic rules of cyber hygiene, internal data can leave the control of responsible people working with it. What has not received much attention so far is the risk of company device theft in conjunction with wiping such devices clean. Partly due to the fact that the employees “stay home” and are convinced that they have good visibility over their physical environment. However, thefts will happen, and the security angle will need to be tackled. I cannot understand why so few administrators allow internal networks to stay open, and who pay attention to their internal network traffic with only commonly used tools for network monitoring. Same tools that are deployed normally are themselves a potential attack target.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.
MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.
MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.