Cyber veteran Eugene Kaspersky outlined the need to transition from cybersecurity to cyber-immunity during a session at this week’s IRISSCON 2021.
Kaspersky, CEO of the Russian-headquartered IT security vendor of the same name, said humanity is entering a new stage of its evolution – the cyber age. In this era, we will become increasingly reliant on digital technology, which will offer huge benefits to individuals and society at large.
However, there are significant barriers to this age. “Unfortunately, we have problems – cybercrime,” stated Kaspersky. He split the types of cybercrime into two main categories: mass cybercrime and targeted attacks.
Mass Cybercrime
Kaspersky described the levels of general cybercrime as “off the scale.” Incredibly, he revealed that Kaspersky detects around 360,000 unique, malicious attacks daily, comprising a mix of automated and “handwoven” attempts. Regarding where the attacks are coming from, Kaspersky noted the most spoken language among cyber-criminals is Chinese, followed by Russian and Spanish/Portuguese.
He added that the perpetrators of these day-to-day threats are junior or mid-level threat actors. This means most threats are not particularly sophisticated and can be prevented by following good cyber-hygiene and security technologies.
However, some of these threat actors are of particular concern. “They are learning, they are exchanging technologies, they’re buying new technologies, and they’re joining cyber-criminal gangs,” explained Kaspersky.
Targeted Attacks
These attacks are generally perpetrated by professional cyber-criminal gangs, of which there are thought to be around 900 in operation throughout the world, according to Kaspersky. “They’re able to develop very sophisticated technologies,” which are deployed on high-value targets. He said the first attack of this nature was undertaken by the Carbanak gang in 2013/14, who infiltrated around 100 banks worldwide, making off with up to $1bn over two years.
Now, we’re seeing “many more gangs who are on the same level or even worse.” Kaspersky said most of these groups are Russian-speaking, and they tend to have the best technical expertise compared to gangs based in other parts of the world. As a result, “it requires more skilled technologists to protect us from these types of attacks.”
Worryingly, as numerous incidents in the past year have demonstrated, these attackers are “slowly shifting to industrial systems.” Kaspersky expects these cyber-criminal gangs to ramp up their targeting of critical infrastructure, and for these systems, “cybersecurity simply doesn’t work.” This is because cybersecurity is a form of risk management, which requires the ability to predict the damage caused by attacks to balance security investment with risks. While this approach works for individuals and ordinary businesses, for critical infrastructures like power grids, healthcare and transport, “the damage is unpredictable,” meaning “cybersecurity doesn’t compensate the risks.”
Transitioning to Cyber-Immunity
Therefore, in respect of critical infrastructure, Kaspersky believes we need to move to a cyber-immunity approach. Describing the difference between the two concepts, he said that while cybersecurity “is a mask over your face,” immunity means developing systems that are secure by design. He added that a system can be defined as immune “if the cost of an attack must be more than the possible damage.”
While acknowledging there are many different ways to build security by design, Kaspersky believes the best approach is an ‘immune platform,’ which his company is developing. Under this concept, all applications and parts of a system are split into micro modules, each of which can only interact through the ‘security layer.’ This security layer checks all permissions. “So it’s kind of a prison for permissions, and every cell is untrusted, but the system itself is trusted,” explained Kaspersky. As a result, if one part of a system is compromised, “it can’t get to the rest of the system,” creating immunity.
Kaspersky admitted the system is less flexible than traditional security systems, but such a strict approach will be essential for protecting critical infrastructure as humanity enters the cyber age. He concluded by saying: “I dream we will get there before I retire!”
James Coker Reporter, Infosecurity Magazine
