Cyber Immune product helps organisations to accelerate business value from new streams of industrial data
Amir Kanaan, Managing Director, Middle East, Turkey and Africa at Kaspersky.
Kaspersky is one of the fastest growing information technology (IT) security vendors worldwide, operating in almost 200 countries and territories worldwide. The company employs more than 4,000 professionals and IT security specialists in 34 dedicated regional offices across more than 30 countries, and its cybersecurity technologies protect over 400 million users around the world.
In 1997, Eugene Kaspersky, a world-renowned cybersecurity expert and successful entrepreneur, founded the company.
Amir Kanaan, Managing Director, Middle East, Turkey and Africa at Kaspersky, explained to Khaleej Times the importance of cyber immunity during an exclusive interview:
Edited excerpts from the interview:
Why is cyber immunity important?
The world has changed drastically over the last two years, making digitisation an inseparable part of our lives. Whether it is industrial plants, energy facilities, cars or smart city systems, critical infrastructure cannot afford to face cyberattacks as the consequences. This also calls for our attention to the way we implement or deploy cybersecurity. So, Kaspersky decided to reinvent cybersecurity and coin the term “Cyber Immunity”, a way to develop IT systems with innate protection. Kaspersky’s Cyber Immune approach is a means to create solutions that are virtually impossible to compromise and that minimize the number of potential vulnerabilities. Think of it as cybersecurity at the core, rather than being required to add additional layers of protection at a later stage.
Can you tell us about the Kaspersky IoT Secure Gateway 1000?
Kaspersky IoT Secure Gateway 1000 is the company’s latest Cyber Immune product for organisations embracing digital transformation, helping them to accelerate business value from new streams of industrial data. The gateway connects IoT devices and controllers with business applications and cloud platforms. It th . 0111en ensures the security of these interactions and the data transferring through them due to the secure KasperskyOS in the gateway’s core and its network attack protection capabilities. Customers operating smart city systems, including utilities, street lighting and road infrastructure, or in manufacturing or energy production and distribution projects, get a secure IoT system and visibility across all connected devices. The solution is presented at GIitex Global in Dubai, UAE as a pilot project.
The new Kaspersky IoT Secure Gateway 1000 is a hardware appliance with firmware based on KasperskyOS and Advantech UTX-3117 devices. It ensures the security of the entire IoT system at the gateway level thanks to its secure-by-design approach and built-in protection capabilities.
The gateway is made immune to most attacks by KasperskyOS, which sits at its core. The operating system features a microkernel which minimizes the risk of vulnerabilities and decreases the attack surface through just a few thousand lines of code. The minimal number of trusted components in the operating system, security domain isolation, scanning of inter-process communications and the Multiple Independent Levels of Security (MILS) architecture ensure that most types of attacks are not able to affect the gateway’s functions. Its security goals were defined at its inception, making Kaspersky IoT Secure Gateway 1000 secure-by-design.
What trends do you forecast for the cybersecurity sector in the UAE and the region in the next year?
Firstly, targeted attacks by APTs will always be a threat to governments and enterprises not only in the UAE but on a global level. The sophistication in their attacks is becoming more and more complex. Kaspersky’s researchers are currently tracking 29 APT groups across the Middle East, 16 of them are active in the UAE and targeting the country’s governmental and diplomatic institutions as well as educational, financial and healthcare organizations. For example, in mid-2021, Kaspersky researchers discovered a wave of new attacks by the Middle Eastern Advanced Persistent Threat (APT) group, DeftTorero, also popularly dubbed as the Volatile Cedar. First detected in 2012, the APT group has been actively targeting the Government, Military, Education, Corporate and Telecommunication industries particularly across the UAE, the Kingdom of Saudi Arabia, Egypt, Kuwait, Lebanon, Jordan and Turkey. Kaspersky researchers have been monitoring Volatile Cedar since 2015. Since the group went radio silent and no new intelligence or intrusions were reported until 2021, Kaspersky experts suspected a possible shift in the tactics, techniques and procedures (TTPs) of the threat actor to camouflage their activity using fileless malware and remain undetected.
Industries using critical infrastructure have to tighten their security strategies because even a small vulnerability can be easily exploited. Kaspersky’s data shows that every third industrial computers were targeted in the Middle East in the first half of this year.
The Internet of Things (IoT) plays an important role in building smart cities, digitizing power plants and refineries, and ensuring seamless connectivity across industrial organizations. These devices must be protected, especially that increased connectivity also means an increase in vulnerabilities and threats. Kaspersky’s telemetry shows more than 67,000 infected IoT devices in the META from January to September. These infected IoT devices were responsible for 11 million attacks.
Another important trend witnessed both regionally and globally is cyber education as well as capacity building. Given that employees are the first line of defence, companies must invest in educating their employees on basic cyber hygiene practices. We’re also seeing that governments around the region are investing in capacity building for students in order to prepare the next generation of cyber experts and equip them with the knowledge and tools to embrace new technologies safely.
Moving to the digital universe, with the emergence of the Metaverse, we need to consider and prepare for a new wave of unknown threats. Similarly, the government, education and healthcare also have to strengthen their cyber defences as they go increasingly digital.
How will Kaspersky be evolving to protect enterprises in the Middle East?
The Middle East is a very important region for us. We’ve been operating in the region for 15 years and have been growing year over year. In 2021 we reported a 24 per cent growth in business-to-business (B2B) sales. In the first half of 2022, we had an 8 per cent year-on-year YoY overall growth. We are on a successful streak and we continue it by empowering our partners, distributors and customers with award-winning cybersecurity solutions. We also opened a new office in Saudi Arabia to further expand our network in the Middle East.
What should enterprises be doing today to keep their systems and data safe?
The risk is real but there are three things enterprises can do to defend themselves:
Involve the C-suite leadership in cybersecurity teams: It is in great interest to have the board and cybersecurity teams engaged in regular conversations about security standards. The C-suite can have a broad-level, strategic view while the cybersecurity team fills in the details of the why, when and how.
Invest in strong cybersecurity training: Security is every team member’s responsibility. Half the battle is won if you have a skilled and well-trained workforce. Rely on threat intelligence platforms to help you develop regular training sessions for the teams. This way you know what new techniques are being used by cybercriminals, which groups are active and threatening to your enterprise, what their methodology is and how you can protect yourself.
Make your cybersecurity team more diverse: There are more than three million vacant positions in cybersecurity globally. This is an opportunity for every enterprise to tap into the potential of their existing workforce and upskill or reskill them so that they have a diversified skill set too.