Kaspersky Lab recently launched a new security solution for businesses designed to protect online assets and provide secure access. Endpoint Security for Business (KESB), the company’s new flagship corporate security platform, is said to provide the best level of protection against advanced malware and cybercrime, and effectively combat common enemies of IT security.
ITNewsAfrica spoke to Vasily Dyagilev, Managing Director of Kaspersky Lab in Emerging Markets about how the company’s current security solutions differ from previous versions, the state of security readiness among South African businesses and the single biggest threat to a connected business.
* How does the new Endpoint Security Solution differ from the previous one?
This is one of the key product launches for Kaspersky Lab in the last couple of years. Kaspersky was famous – and is still famous – for being a niche player in antivirus, for providing the best antivirus solutions. But our portfolio has been very narrow, to the extent that it did not allow us to provide extra solutions to our partners.
So this new product platform has been designed to cover new threats that appear in security – which are not actually connected to digital threats, but to the complexity and manageability of the systems that people use. People use different systems for fighting viruses, patching malware, license management and firewalls. The problem is that most of these systems are not designed to work together and the biggest target in the industry is not the vendor, but the holes that appear between incompatible systems.
What we designed with the new product range is a single platform people can use for mobile management, PC management and any management of a system within a corporate environment – everything from patching third party software that might be installed to providing rules and policies, as well as encryption. The platform was designed with security in mind and allows management from a single console.
The current security approach seems a bit strange to us – many people view security with only regulation in mind and simply to comply with certain rules. But they do not actually see that those rules might be outdated and may lead to a poor decision. A lot of people also think that introducing an antivirus program is sufficient – which it is not. We are doing our best to fight this ‘head-in-the-sand’ behaviour!
* How does the new product make the lives of IT administrators easier?
It is one single console and a single platform. When you have a zoo of different systems, the key admin needs to switch between Windows, between different servers. For example, the AV is updated, but the patch management system is not – this then needs to be done manually.
There is a lot to consider and most of these different consoles are issued with the same access passwords by admin in order to make things easier – and you know what? Sometimes they use those same passwords for their personal sites like Facebook and Twitter. So there is a risk when the password is discovered, it can actually be a bridge into the system. With the Kaspersky solution, you have one console that controls all your licenses and all your devices, and it has a lot of tools for the automation of patching and updating.
* How well protected are South African businesses?
The country is not that much different from the rest of the world – the only problem is that a lot of business in South Africa have emerged in the last couple of years. A lot of people have started their own businesses, but being inexperienced internet users, they do not know how to protect themselves.
In Africa, given the increasing speed connections, you will actually be far more vulnerable if you do not know how to protect yourself. Another reason is this same ‘head-in-the-sand’ mentality where they think it will not happen to them because they do not go to porn websites. It might happen to them without even being connected to the internet, with viruses like Stuxnet, Red October, Duku and miniFlame. They reached their targets after five years since creation without being connected to the internet.
* What is the single-biggest threat to businesses?
Ignorance. The biggest threat to IT security, in a lot of cases, is carried by IT persons. There is now a big debate that the security officer within the company probably should not have an IT background – he or she should have a background in business. IT now takes up to 50% of the financial load of financial assets in a company. The biggest threat to security stems from people. It is amazing to see how much information about systems and passwords one can find just by walking around an office – some people will even write passwords on a white board, and people stick passwords on computer screens. That is why companies should have password policies that make use of a sentence, such as ‘I love my dog’. It will increase the security and everyone will think of something very original that they will not forget.
* Will we see more corporate attacks in 2013 than previous years?
Yes, most definitely. The time of hackers doing things just for fun is long gone. It is a big business and there is big money involved. Just imagine an attack on an oil terminal – it will cause billions of dollars in loss of revenue and they will go to the competitor. We will see a lot of targeted attacks and we do see it happening more frequently in the last few years. It is a business, and when there is money to be made, people will find a way to breach the system and get valuable information.