In the modern world, everything goes into digital and is automated, because in order to save company data is not enough to put an alarm in the office and increase security. Cyber attacks on business happen more and more often, vulnerabilities of websites and programs lead to large-scale data leaks, and hackers come up with thousands of new ways to circumvent the protection of the corporate network perimeter. Inna Solovyova, CEO Integrity Vision and Oleg Polovinko, Head of Information Security, told about trends in 2019, business problems related to IT security and their solutions in the modern world.
Have you personally encountered with ineffective security protection?
Oleg: If we estimate the average temperature in Ukraine on a 10-point scale, this will be 3 point. But! We made a jerk from 1 to 3 over the past year. And I see a positive trend. Well, in fact, there are a lot of cases, and we will sort them out at UA.SC.
What high-profile IT-security incidents have occurred?
Oleg: In fact, I believe that global incidents in IT-security occur every week. Only in the last month such companies as Google and Facebook have encountered this, plus our country is in a state of cyberwar, where events happen every day. In addition, it is difficult to forget about the virus NonPetya and WannaCry – they had a global scale and caused great damage to the companies that faced with them.
What will be the trend in IT security for 2019?
Oleg: First, elections will soon come to Ukraine, cyber attacks from the northern partner will increase. The sad experience of Estonia, Georgia and ours proves it. The question is how to protect critical infrastructure, the election process and what business should do during mass attacks. The second is the active monitoring of vulnerabilities and threats, especially considering the growth of IoT devices. Third, the clouds, the perimeter has expanded not even by one cloud, but by 3-4, these are new challenges for information security.
Does the business have an understanding of when they need to ask for an IT security solution, or are they only turning after incidents?
Oleg: Information security is a story about risks. Someone considers these risks, calculates, and someone constantly hopes for the best. The cipher virus NonPetya confirms this, but it is only a vaccine, the effect of which is still valid. Many people survived this moment and thought: “good, we survived it, so we will survive the rest”, and someone thought and changed tactics. Everyone has their own approach and all assess risks in a completely different way.
Plus, the weak position of the state leads to the fact that, for the most part, everybody evaluates a threat himself. GDPR is a decision maker in Europe, but we have more declarative orders. And if you estimate the damage that was done only NonPetya, only by conservative estimates is 0.5 GDP.
Is it possible to independently determine the need to implement a specific solution to protect the business?
Oleg: Information security is a complex solution, and the construction policy cannot go against the work of the business. In the process of determining what to implement – it is important to consider the strategic plans of the business for the future, the risks that it faces. But it is in a classic form. In practice, everything is different, from the chaotic extinguishing of fires to the purchase of solutions that are more like.
It is also important to remember that if hackers have never reached you, you shouldn’t say this to the whole world, because for someone it can be a real challenge.
Is there an indicator after which you definitely need to improve IT security, a bell, that everything is under threat?
Oleg: For the owners of the Ukrainian business, this bell rings without stopping and loudly. Ukraine is essentially a laboratory for Russia in rolling back cyberattacks, testing new methods. We are constantly under the gun and are now attacking everyone, and everyone can be used for a targeted attack in the future.
It’s time to get used to the fact that we live in the digital age, this implies that you can be attacked. When we talk about people, nothing is impossible: any person can hack. If you are taken into the development – no two-factor authentication or confirmation via SMS will save – everything is intercepted and broken, the price of the question is quite small. You just have to be ready for this.
What can Integrity Vision do to protect client IT security?
Oleg: Comprehensive IT protection is our main task. The global trend for digitalization increases security requirements. We help to do this in accordance with standards such as ISO2700 (0-5), NBU regulations # 95 and GDPR requirements.
Separately, we pay attention to working with vulnerabilities and preventing their exploitation. In our portfolio there are solutions that constantly scan the infrastructure and help company employees to look at the company through the eyes of an intruder, such a view from the outside.
The next stage is to prevent attacks. Here we are dealing with analytics and the identification of threats. Also, according to statistics, 30% of CISO consider the source of threats to be their own employees, and we agree with that. Managing users, mobile devices of employees and especially privileged users, these solutions are now especially in demand.
Separately, we note this introduction of SIEM systems designed for integrated monitoring and analysis of events and vulnerabilities. An umbrella that collects information from all IT assets of a company and analyzes data on the fly, according to pre-configured information security rules. Solution without borders, we can see unauthorized activity of employees or intruders, monitor the work of critical services or detect the vector of potential attacks.
Why did you create an IT-security conference?
Inna: We understood that there is a shortage of such platforms in the market. We annually made conferences for customers and talked about those solutions that we considered relevant and in demand. When Integrity Vision launched the information security direction, we decided that it was an easy way to gather everyone and discuss the pressing problems of the industry and thereby benefit both customers and partners.
Why did you call the conference UA.SC and cover the all-Ukrainian scale?
Inna: Integrity Vision is the leading system integrator in Ukraine, so it was logical to create a conference of all-Ukrainian scale only. We position ourselves as a platform for the corporate segment, where issues of building comprehensive business protection are being addressed: regulatory policy, regulatory framework and the impact of world standards.
What distinguishes UA.SC from other IT security conferences?
Oleg: Throughout the year, there are many events related to information security, for the most part they are for “hackers” black or white, students, information security engineers. They analyze vulnerabilities, analyze attacks or participate in CTF (Capture the flag) competitions.
Inna: UA.SC is aimed at people who are responsible for building an information security system, where a balanced approach to the choice of solutions is important. In one day, we bring together top vendors, world experts and the corporate segment to provide a large amount of useful information, which is then used to perform daily tasks and to build comprehensive information protection.
The conference is held for the third year in a row: what has changed, what will be new?
Inna: Today the demand for information security solutions has increased. Previously, there were only 2-3 vendors in one segment, at moment the same number of vendors gives different approaches to solving similar problems. Every year the number of vendors represented by the conference is increasing, the number of reports is growing. It will be interesting, come!