Interview: Addressing the lack of IT Security Specialists with technology

Next story

Read the interview with Michal Jankech, the Principal Product Manager at ESET, discussing major security challenges and cyberattacks faced by large companies nowadays.

The six biggest security challenges faced by large businesses:

1.    Ransomware – an encryption-based malware
2.    Targeted attacks and hacking
3.    Various operating systems – there’s always at least one Mac computer in a company
4.    Insufficient network visibility and the pursuit of greater operational efficiency
5.    Bad security behavior of employees
6.    Lack of workforce

ESET has recently released security solutions designed for the enterprise segment, i.e., for businesses with thousands or tens of thousands of employees. You have spoken directly with such companies to understand what they expect from security solutions. Since IT security is a sensitive matter, are organizations willing to confide in you that they have fallen victim to cyberattacks?

If we sign a non-disclosure agreement they don’t have a problem with confiding in us. They understand that it’s better to acknowledge these issues and share the information because it can help us, their security solution provider, prevent similar kinds of attacks in the future. In some cases, this dialogue has been the reason companies decided to switch to ESET. There have also been businesses with outdated or badly configured security protection. From our perspective, receiving this information is essential. Having a high-quality product alone is not enough: good intel, configuration and implementation are just as important. This implies that there is always room for improvement, for instance, in documentation, support, or implementation services. What we aim to achieve is that our customers can properly implement the product and use it optimally, or alternatively, allow us to provide the same function for them as a service.

Have you learned anything that really took you by surprise during interviews with enterprises?
In some cases, I was really surprised at the high tolerance by customers for security problems. We visited organizations where it was considered acceptable for ten percent of their network to report problems. We noticed this especially in the education sector. The reasons behind this were that they lacked not only financial but also human resources.

During the customer interviews ESET conducted, companies were asked to identify six major security issues from their perspective. Ransomware, i.e. malware that blocks the contents of a device and demands ransom to restore access to the data, was described as a primary one. Ransomware has been around and discussed for years, so why does it still create problems for companies?

According to our survey, ransomware has recently been replaced by phishing as one of the top security issues. As a matter of fact, they both function on the same principle. Attackers simply try to take advantage of an employee’s poor security awareness in order to upload their malicious code onto a company’s network. In the past, it was mainly ransomware. Ransomware was seen as the number one enemy due to highly publicized attacks, such as WannaCry and NotPetya, that caused multi-billion dollars in damages and appeared in articles across the world’s top media. So, even a person who had never experienced any ransomware infection perceived it as a grave threat. Our customers informed us during the interviews that they saw scope for further assistance from our side.

How did you address this matter internally?
We had long been providing our customers with very good behavior-based malware detection. We already had HIPS (Host-based Intrusion Prevention System), which allowed customers to set custom rules that protected them against ransomware. What we’ve added since, was our Ransomware Shield, a specific behavioral module with the ability to detect ransomware based on its behavior and activity. However, this is the very last layer of protection in case all the previous security layers fail to detect the threat.

For the sake of prevention, it is best to check potential ransomware and detect it before it enters the network. We found that e-mail remains the most common ransomware distribution medium. Usually, it all starts with clicking a suspicious link, for example, a link to a fictitious invoice from a delivery company. Therefore, we formulated a solution that works in the following manner: it moves the suspicious e-mail or communication into a secure sandbox where it simulates the user’s behavior, i.e., it opens the e-mail, clicks on the links, downloads the attachment, and eventually triggers the infection. Thereafter, thanks to our detection engines and Machine Learning, the customer receives information regarding whether the e-mail is malicious.

But what is the real cause of such infections? Skilled attackers or careless employees?
What caused the spread of WannaCry? Operating systems without security patches. Attackers exploited a known vulnerability, so the only action companies needed to take in terms of prevention was to “get vaccinated” against the infection, i.e. install the available security patches. The companies that failed to do so suffered the consequences.

Targeted attacks and hacking ranked second in the list. Are they real threats that large companies encounter, or is it caused by a fear of the attacks mentioned in the media?
Companies do actually experience these problems. We can see, mainly in western countries, that there are certain types of attacks that are specifically targeted at the business activities of the given organization. Targeted attacks can often be used as a form of competitive struggle. In most cases, the objective of such attacks is so-called data hunting, i.e., obtaining interesting business information.

Companies also mentioned the shortage of IT professionals. Is the situation global?
As far as IT is concerned, the situation is not that bad. However, we face a bigger problem in the field of IT security. Finding a good IT professional is challenging; however, finding a good IT security specialist is next to impossible. Although, if a company lacks IT security specialists, it is still not the worst-case scenario. In many small and medium-sized businesses, IT is perceived as a necessary evil – in the health sector, for example. This results in a huge outsourcing trend and growing customer expectations in terms of what they receive when they buy your product. The bigger the client company, the more specific its expectations are. Large companies expect tailor-made service – special approach, presentation, and customizations if something doesn’t fit their needs – it’s a completely different level. Each enterprise-grade company is specific and, therefore, the implementation costs differ. Before the implementation phase, we conduct an analysis of their needs and provide the client with recommendations regarding measures that would be suitable for the company with respect to its physical capacity, network topology, etc. This is why we have prepared several packages for the enterprise segment. In addition to the products, these packages also include the services of our IT security experts.

The IT security company ESET regularly visits its largest clients in order to learn directly about the security challenges they face and how ESET could be of help to them. Based on these visits, ESET was able to identify the six biggest security issues for large companies. In our series of articles, we explain what each of these security problems involves and how to avoid them.