The Gately Report: Kaspersky Fighting Anti-Russian Sentiment Due to War in Ukraine
Cybercriminals try to access IT Glue accounts via credential stuffing.
![War in Ukraine War in Ukraine](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltc2abb2d7e21f9448/6524130f522e7d205c0eb902/War-in-Ukraine.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: October is National Cybersecurity Awareness Month. What does that mean for Kaspersky and its partners?
Rob Cataldo: I really believe that partners need to be enabled and equipped. A lot of customers, especially in the SMB space, are still in the stages of their security maturity process where they haven’t necessarily established a culture of cybersecurity yet. And I think that spans across two specific areas. One is where you have a security program manager who is trying to help business leadership understand the importance of investment for cybersecurity, and building out and fleshing out a proper program. And so with that said, we deliver an interactive platform, we call it Kaspersky Interactive Protection Simulation, which is basically a tabletop exercise that allows an IT leader to bring business leaders through simulations of attacks and involve decision making around budget, what types of tools you might invest in security awareness, those types of things. And then at every turn within the game, there’s something else that seems to be going wrong and you have to react to it. It gives those managers an appreciation for what’s involved and the implications of being prepared, and having a true security program in place, and what value that brings to the table.
So that’s one aspect of security awareness, helping to establish that culture, and then along those same lines, extending it to the general user population. We also equip our partners to deliver a security awareness platform that is called Kaspersky Adaptive Online Training, which, unlike a lot of the security platforms for awareness that are out there, assesses a user’s current competency. And then based on that, it’ll make an automatic adjustment. So it adapts to that individual person’s competency level and then over time would change the curriculum to increase competency and learning, and knowledge as the course goes on. So that’s what we put in the hands of our partners to assess whether they’re trying to build that security culture or meet compliance standards, or just bring general awareness to the table. And then they can certainly recommend that in alignment with those needs.
CF: The latest Kaspersky research shows half of SMBs are confident that ex-employees can’t access the company’s digital assets, and 60% are sure former employees can’t use corporate accounts. What’s the overall message from this research? Can partners make use of it?
RC: There’s just a major concern, and rightfully so, about access to sensitive data on any level, whether it be from a former employee or a current employee, or whatever it might be. We all see the new prompts on websites that have to divulge whether they’re tracking cookies and tracking our web history based on what we’re doing on those websites. So data privacy is a major concern for today’s consumers as it should be. I think that’s a trend that will only continue. And the fact of the matter is threats out there are all targeting information. They’re targeting things that are of value to them or of value to that organization so that unfortunately, they can use it to exploit those companies. And we see it happening all too often, that these ransomware attacks are succeeding. And so we definitely deliver products and services that can help to prevent organizations from befalling a situation where their data is is exfiltrated or encrypted, or both mainly. And it’s happening both ways today with these types of threats. So that’s in one respect.
We can also provide the training for awareness to prevent such events from happening within an organization accidentally. And we see it as something that partners need to be educated about because they need to be talking to their customers about ways to prevent those situations because it will remain very sensitive for employees and companies alike.
CF: Earlier this month, Kaspersky announced the launch of a new machine-readable open vulnerability and assessment language (OVAL) data feed for the automated detection of vulnerabilities in operational technology (OT) software. Does this provide new opportunities for partners?
RC: We are thinking that it could actually pose a really good opportunity for a lot of our partners in Canada in particular, where there are a lot of heavy metals, oil and gas, especially in the western part of Canada. We believe the ability to find vulnerabilities across different OT platforms is something that is not only necessary in critical infrastructure, but across the board, across every company in general. And we certainly have tools that can speak to that. But specific to critical infrastructure, the problem with having an open vulnerability for that type of machinery and then the technology systems that are connected to that OT is that any form of a threat is that much more meaningful because it simply results in downtime that can impact power supply. They can impact water filtration. It can impact human lives. And so the implications that a threat could have in that industry are much more severe and can be much more damaging on many, many levels, which stresses the importance of being able to find those vulnerabilities and then enable companies to patch them. So I think there could be an up-and-coming opportunity for a lot of our partners that are dealing in Canada.
CF: Is economic uncertainty, with constant talk of recession, impacting Kaspersky and its partners?
RC: Fortunately, it’s not something that we’ve seen an impact on just yet. Every economic speculator out there is predicting some form of a recession, particularly here in the United States over the next six to 18 months. And so I know that would have an impact probably on many organizations that are out there. But right now we haven’t felt that. I’m hopeful that nobody feels that, obviously, including us and our partners. But if that should pass, then we’ll always be trying to find new ways, new strategies around economic uncertainty, or even slight recessions or full-blown recessions. The fact of the matter is, in cybersecurity, there are elements of cyber that are always a must-have.
I think this industry has grown so quickly over a relatively short amount of time that sometimes people get confused and caught up in sort of new, shiny objects and maybe some of those will fall to the wayside. But I’m really proud to be part of an organization that delivers … solutions that address the fundamental needs, the basic needs of their partners. And we don’t believe that will go away, whether it’s in a good or even a bad economy.
CF: What do you find most disturbing about the current threat landscape?
RC: With respect to the threat landscape, threats actually haven’t evolved much in the past five to seven years, with one minor exception being that ransomware has added data exfiltration to its traditional encryption methods, which actually makes their efforts for extortion that much more effective. You read the headlines today and everything points to more and more organizations being hit by ransomware. Another change that’s impacting the threat landscape is there’s a major increase in cybersecurity investments, which really has fueled more motivation for ransomware actors who at least at face value believe that their targets are now capable of higher payouts.
But all in all, there haven’t been that many changes. The volume of incidents and successful attacks, unfortunately, is not really declining. If anything, it’s staying the same or even increasing. So it really stresses the importance of partners being able to, again, be a trusted advisor for their customer and talk about the most vulnerable aspects of their environment that we see today that are most often responsible for the success of these attacks.
CF: What are you hearing from partners in terms of their most pressing needs? And how is Kaspersky helping with those?
RC: Partners long to be that adviser, that a customer can be educated by partners. They long to be the consultant that can really have a meaningful discovery conversation with their customers to find out where are the areas that they consider to be uncovered. What are the areas that they’ve already covered, but maybe they have solutions in place that aren’t necessarily fulfilling the promises that were made during the evaluation cycle of those customers evaluating those tools. With that, I think partners really need to be in that situation where they can help cover the basics, but also in many respects, simplify a lot of the complexity that’s going on in our industry.
You hear so much buzz around concepts and terms, including endpoint detection and response (EDR) and extended detection and response (XDR), and zero trust. We always train our partners to keep things simple, especially when you’re speaking to SMBs, which represents the majority of the organizations in North America and in most markets. We really help them distill it down to helping their customers care about or think about two major things. How do I reduce the likelihood of an attack and how do I reduce the impact of an attack. A partner can’t lead a customer to expect that they’re going to avoid every threat. But you can certainly do a good job at preventing. And that’s where I think we empower partners to deliver a comprehensive endpoint protection platform that is purpose-built for the SMB customer, who is very resource constrained and doesn’t have the funding to go ahead and invest in a full-fledged security operations center (SOC) with specialized analysts.
CF: What can partners expect from Kaspersky in the coming months into 2023?
RC: We won’t be making wholesale changes because as we talk to our partners, we don’t see the need to make major alterations or modifications. A lot of the changes to the program and the way of our specializations, the certifications that we make available, the trainings that we do to help those partners be the trusted advisors, the margin structure, the investments for MDF, and the rebate rewards, a lot of that will stay the same based on validation from partners that things are working.
But what they can count on is that continued commitment to education, the continued commitment to the support at any stage of the sales process within their customers. We are more than willing to dive in and work alongside their technical experts or their salespeople to help them through that process, to make the buyer’s experience as as simple as possible. And we want them to make sure that they have an opportunity to understand all of the elements of our solution as it aligns with their needs and the opportunities for improvement. And then we want to maintain that commitment to making their customers satisfied after they’ve implemented our solution with a world-class support team that is available here in the United States to them at all hours of the day, all days of the year.
In other cybersecurity news …
IT Glue recently urged all users to change their passwords and recommended they enable IP access control. That’s because it detected a significant increase in “nefarious” activity by individuals attempting to access IT Glue accounts utilizing credential stuffing tactics.
Jason Manar is Kaseya’s CISO.
“We made the decision to enforce mandatory password resets and multifactor authentication (MFA) setup for all user accounts in order to ensure a higher level of security for their environments,” he said in a statement. “We would like to stress, once again, to all IT Glue customers that there is no evidence of a breach of IT Glue. What our advanced monitoring tools have detected is that there has been a significant increase in attempts to access IT Glue users’ accounts in a concerted credentials stuffing campaign.”
This past August, the FBI warned of a rising trend of cybercriminals using proxies to conduct large-scale credential stuffing attacks across various companies, Manar said.
According to the FBI, credential stuffing attacks, commonly referred to as account cracking, apply valid username and password combinations, also known as user credentials or combo lists, from previously compromised online resources or data leaks.
“We take the security of the software tools we provide our customers very seriously,” Manar said. “And we have a dedicated team working to protect you and your business against the relentless, increasing stream of attacks typical of today’s threat landscape. As a key part of IT Glue’s architecture, there are several security capabilities designed to help our customers protect themselves.”
Kaseya remains “hyper-focused” on proactively monitoring this situation and “we are confident that the enforcements put in place over the past few days are necessary to help our customers maintain a proper level of security,” Manar said.
Last week, 11:11 Systems announced it is buying another Sungard Availability Services (Sungard AS) business — this time it’s recovery services. It’s also buying the company’s cloud and managed services (CMS) business.
11:11 said once completed, acquiring these two Sungard AS businesses will cement it as “one of the largest and most experienced cyber resiliency and disaster recovery providers.” In early 2022, 11:11 Systems announced the acquisition of both Green Cloud Defense and iland, two market leaders in the cyber resiliency and disaster recovery space.
Brett Diamond is 11:11 Systems’ CEO. He spoke to us this week about what these acquisitions will mean for 11:11 Systems partners.
“Our partners will see benefits and new opportunities as a result of these acquisitions,” he said. “In our commitment to adapting to evolving customer needs, and rapid market and technology changes, these acquisitions will enable our partners to offer a holistic solution for cyber resilience. On the cloud side, partners will have broadened opportunities to design, implement and manage public and hybrid cloud environments for customers of all sizes. The recovery services will provide the ability to address more complex use cases around legacy infrastructure and enterprise application resiliency, and provide even more managed recovery opportunities for partners.”
The purchase of the two businesses will double the size of 11:11 Systems and give it the ability to provide recovery services to customers, ranging from the simple backup solution to the most complex DRaaS use case, Diamond said.
“The addition of Sungard AS’ infrastructure recovery, backup and vaulting, managed recovery and consulting services complements our cloud, backup, disaster recovery and managed security solution suite,” he said. “This combination of solutions, services and expertise will form a complete cloud, recovery and resiliency offering available regardless of the customer use case or where data resides.”
The depth and breadth of solutions in the combined entities will enable 11:11 Systems and its partners to become a one-stop-shop solution for the channel, Diamond said.
“This opportunity will bring in hundreds of new customers in the recovery space along with new employees to help us service these customers,” he said. “With these acquisitions, 11:11 Systems will be cemented in its position as one of the largest and most experienced cyber resiliency providers in the market today, providing our partners with the resources and expertise needed to excel in this area as well.”
A new survey from FTI Consulting reveals the heightened pressure felt by CISOs as company boards and leadership seek to improve oversight of cyber risks in the face of growing regulatory, investor and media scrutiny.
FTI Consulting polled 165 CISOs and those in charge of information and cybersecurity, representing U.S. companies with $4.4 trillion in aggregated revenues and employing over 528,000 people.
Among CISOs surveyed, 85% said the prominence of cybersecurity on their board’s agenda has increased over the last 12 months, with 79% feeling heightened scrutiny from senior leadership. The lack of executive leadership understanding CISOs’ roles (55%) prevents CISOs from articulating critical priorities, with 53% saying their cybersecurity priorities are not completely aligned with their organizations’ C-suite leadership.
Other key survey findings include:
With mounting pressure, 82% of CISOs claim they feel the need to positively exaggerate their role to their board.
Even as cybersecurity awareness grows, 58% of CISOs struggle to communicate technical language to their boards, and 63% feel that their concerns are not aligned with senior leadership priorities, potentially leaving companies exposed to a possible incident or regulatory sanction.
While 88% of CISOs surveyed have experienced a cyber incident in the last 12 months, 46% of the respondents claim these incidents were not mitigated quickly, and continue to struggle to rebuild trust and confidence among leadership following the incident.
Meredith Griffanti is a senior managing director at FTI Consulting.
“There is increasing evidence that boards and leadership teams recognize the growing cybersecurity risk to their organizations,” she said. “But our research found a clear communication disconnect between executive teams and their CISOs that is hindering organizations from being fully prepared for this risk.”
Joseph Carson is chief security scientist and advisory CISO at Delinea.
“CISOs must invest time listening to their executive board and business peers to learn how they measure their organization’s success,” he said. “Our role within cybersecurity is not to simply put technology in place for sake of security, but to put technology in place that contributes to business success — while ensuring cyber risks are either reduced or eliminated.”
The CISO must become the bridge between the board and the IT security team to ensure that a business-first approach is made with each and every security decision. Carson said.
“How does implementing a security strategy help your business, the executive team, your business peers and your employees be successful in their tasks and goals?” he said. “In the past, security was typically enforced on the business, typically creating a negative experience and slowing down employees trying to achieve their goals. The CISO needs to make security a fundamental core to the business, and employees must never be afraid to speak out when they see something suspicious. Promote a culture where employees are never afraid to ask for advice or report suspicious activity, even if it was the result of something they clicked on. The earlier an employee reports something, the lower the potential impact and cost to the business it will have.”
John Bambenek is principal threat hunter at Netenrich.
“A problem for technical people is that we live in our technical world while many business leaders do not,” he said. “Specifics of vulnerabilities don’t matter, business risks do. CISOs need to articulate threats in terms of risk and impact so boards can do the math in their own language.”
Gartner says three factors are influencing growth in cybersecurity spending. Those are the increase in remote and hybrid work, the transition from VPNs to zero trust network access (ZTNA), and the shift to cloud-based delivery models.
Key findings from Gartner’s latest forecast analysis include:
Spending on information security and risk management products and services should grow 11.3% to reach more than $188.3 billion in 2023.
Security services including consulting, hardware support, implementation and outsourced services is the largest category of spending, at almost $72 billion in 2022, and should reach $76.5 billion in 2023.
Gartner predicts that by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.
Ruggero Contu is senior director analyst at Gartner.
“The pandemic accelerated hybrid work and the shift to the cloud, challenging the CISO to secure an increasingly distributed enterprise,” he said. “The modern CISO needs to focus on an expanding attack surface created by digital transformation initiatives such as cloud adoption, IT/OT-IoT convergence, remote working and third-party infrastructure integration. Demand for technologies and services such as cloud security, application security, ZTNA and threat intelligence has been rising to tackle new vulnerabilities and risks arising from this exposure.”
Cloud security should have the strongest growth over the next two years, Gartner said. As organizations increase focus on environmental, social and governance (ESG), third-party risk, cybersecurity risk and privacy risk, the integrated risk management (IRM) market will show double-digit growth through 2024, until greater competition results in cheaper solutions.
Due to multicloud environments, organizations face increased security risks, as well as the complexity of operating and managing multiple technologies. This will lead to a push toward cloud security and the market share of cloud-native solutions will grow, according to Gartner.
The combined market for cloud access security brokers (CASB) and cloud workload protection platform (CWPP) will grow 26.8% to reach $6.7 billion in 2023. Demand for cloud-based detection and response solutions, such as EDR and managed detection and response (MDR), will also increase in the coming years.
Gartner says three factors are influencing growth in cybersecurity spending. Those are the increase in remote and hybrid work, the transition from VPNs to zero trust network access (ZTNA), and the shift to cloud-based delivery models.
Key findings from Gartner’s latest forecast analysis include:
Spending on information security and risk management products and services should grow 11.3% to reach more than $188.3 billion in 2023.
Security services including consulting, hardware support, implementation and outsourced services is the largest category of spending, at almost $72 billion in 2022, and should reach $76.5 billion in 2023.
Gartner predicts that by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.
Ruggero Contu is senior director analyst at Gartner.
“The pandemic accelerated hybrid work and the shift to the cloud, challenging the CISO to secure an increasingly distributed enterprise,” he said. “The modern CISO needs to focus on an expanding attack surface created by digital transformation initiatives such as cloud adoption, IT/OT-IoT convergence, remote working and third-party infrastructure integration. Demand for technologies and services such as cloud security, application security, ZTNA and threat intelligence has been rising to tackle new vulnerabilities and risks arising from this exposure.”
Cloud security should have the strongest growth over the next two years, Gartner said. As organizations increase focus on environmental, social and governance (ESG), third-party risk, cybersecurity risk and privacy risk, the integrated risk management (IRM) market will show double-digit growth through 2024, until greater competition results in cheaper solutions.
Due to multicloud environments, organizations face increased security risks, as well as the complexity of operating and managing multiple technologies. This will lead to a push toward cloud security and the market share of cloud-native solutions will grow, according to Gartner.
The combined market for cloud access security brokers (CASB) and cloud workload protection platform (CWPP) will grow 26.8% to reach $6.7 billion in 2023. Demand for cloud-based detection and response solutions, such as EDR and managed detection and response (MDR), will also increase in the coming years.
The war in Ukraine has created challenges for Kaspersky because it’s based in Moscow, but says it has no ties to the Russian government.
It’s also helping businesses in Russia stay secure in the aftermath of U.S.-based cybersecurity firms pulling out of the country in response to the war. That’s according to Rob Cataldo, Kaspersky’s managing director of North America.
Kaspersky’s Rob Cataldo
“We have to fight, as you might expect, because we’re originated there, although we have nothing to do with the Russian government itself,” he said. ” In fact, we’ve produced many Russian-speaking advanced persistent threat (APT) reports that talk about all of the implications for those types of threats, what they did, what types of language they speak, etc. So we have nothing to do with the Russian state itself. Here, we have to fight certainly strong anti-Russian sentiments about anything Russian, which is completely understandable based on on what’s happening.”
Professional Cybercriminal Gangs Surging
According to The National, Kaspersky CEO Eugene Kaspersky said the number of “highly professional” cybercriminal gangs has surged to about 900 from about a dozen five years ago, with most engaged in state-sponsored espionage.
“Within Russia itself, there’s actually been a lot of U.S. cybersecurity providers and other providers who have left the country,” Cataldo said. “So it actually creates different opportunities for the Kaspersky Russian team because there are gaps in the security landscape that didn’t exist once that now do exist. So they’re trying to develop to that end and fill the need that exists because there are companies there that still obviously need to be secured.”
Last month, Kaspersky unveiled new United Partner Program enhancements, including a revised rebate system, extended training courses and more rewards for MSPs. This change allows rebates to become more transparent and predictable, and covers more Kaspersky products and services.
Kaspersky has over 100,000 partners globally, including over 500 in North America.
“Lately we haven’t received much feedback in the way of having to make major changes, which I see as a good thing because it sounds like we are being a good manufacturer, a good partner to many of our VARs and our large-area resellers,” Cataldo said. “But I know what partners can continue to expect is really a commitment on educating our partners to be the trusted advisors that they want to be, who focus on the areas that drive the most impact for their customers in terms of their security posture.”
Scroll through our slideshow above for more from Kaspersky and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like