Is any company, no matter of its size and industry, an easy target for cyberattack?
Yes. Cybercriminals aren’t picky in this matter. There are some threats aimed at massive attacks on companies, no matter of their size, but there are also some attacks that hit concrete sectors such as industry, banking, etc. Large companies and corporations mean higher potential profits for cybercriminals, and, at the same time, more complicated preparations for such an attack. Small companies are an easy target as they’re usually less protected and mainly operate as sub-contractors, cooperating with larger companies. In result, they become the initial phase of larger attack.
Does location matter when it comes to hazard level? Are companies with head offices in one place more often attacked than others?
Location does matter when attacks are directed at concrete geographical regions. However, the majority of cyberattacks are massive and they aren't related with victim's location.
The number of threats is still increasing. Importantly, they’re more complex which makes providing full protection really difficult. How many companies deal with this problem?
Fortunately, many companies feel the need to allocate some resources to IT security solutions. Of course, it’s far from perfect, however, there is also one positive trend: it’s difficult to clearly estimate the proportion of well-secured companies but their number is definitely bigger.
Is artificial intelligence one of the security solutions?
The artificial intelligence mechanisms, and, more precisely, machine learning mechanisms, have been categorized as security solutions for quite a long time. When it comes to our products, they perform the following functions: detection of unknown threats and analysis of potentially dangerous behaviors in the system. If any company introduces modern security solutions, they automatically gain mechanisms using the artificial intelligence methods.
Threats tend to be associated with using the old-fashioned IT infrastructure. Are companies actually aware of the importance of the right internal IT environment?
It’s quite complicated because, in some cases, the replacement of computer equipment for a new one is very problematic, if not impossible. One of the main examples is industrial organization, as any break in the operation of the production process steering systems is really expensive. Additionally, the major part of software used in the industry doesn't operate properly in modern operational systems. Thus, the approach to cybersecurity has to include the priority of process continuity and allow for securing even the older systems (for instance, Windows XP). When it comes to business, we have the opposite situation; first and foremost, we need to take care of information security. Thereby, it’s necessary to install all updates for operational systems and applications as quickly as possible.
Do cybercriminals use illegal versions of software?
Illegal versions of software are one of the popular vectors of contaminating computers and mobile devices. These versions are often made available on suspicious websites as they characterize with no software verification. Installers of such illegal versions often put in the so called "backdoors" which allow cybercriminals to take control over infected machines.
Have you heard of one cybercriminal who used social engineering to steal data? How often does it happen? Is it one of the main functions of software?
Social engineering is definitely one of the most common tools in the arsenal of cybercriminals. Nowadays, this mechanism is used in phishing attacks, when the attacker tries to tempt the victim to click a link, launch an attachment or give confidential information in an entry form (for instance, “sign in” data, personal details, etc.). Social engineering is a perfect solution as an initial element of advanced directed attacks, during which cybercriminals case the joint at the beginning in order to know the structure of company’s network.
What are the main barriers for companies in implementing advanced IT solutions protecting against threats?
One of the main problems is old equipment. However, it’s less frequent and more common for public organizations. The standard symptom is reluctance to investments in advanced security solutions due to illusive sense of security, having the following thought in mind: “Why would that happen to us?”
How to build the organizational culture which could help companies to protect their data against cyberattacks? Is RODO actually helpful in this matter?
The cybersecurity culture should be built by providing regular training courses of the whole personnel, including "regular employees" and management board. RODO may be helpful in this matter as it imposes the obligation of having mechanisms allowing for identifying and neutralizing attacks that have impact on personal data security.
You’ve mentioned that the so called "regular employees" should be specially trained too. What is their impact on cybersecurity? What risky actions are made by them?
Their impact is actually huge. Even the most effective and innovative security systems won’t provide the right protection if employees aren’t trained. They can make fundamental mistakes without even knowing about it.
Lots of serious attacks that paralyze the operations of the whole company result from one person clicking the link in cybercrime e-mail concerning an alleged invoice or fabricated confirmation of designated package. It’s not without a reason that security system is as strong as its weakest link. When it comes to company systems, the weakest link is most frequently the human. Other risky actions are: connecting company devices to external networks, connecting private pendrives to company devices, exchanging data between company and home computers, weak passwords, sharing login data to corporate systems with colleagues. And so on…
In your opinion, does the phenomenon of social media have a significant impact on the increased risk of cyberattack?
Social media can be used by cybercriminals as a channel for infecting devices in companies by, for instance, sending damaging links in attractive posts and messages. A serious problem is posting details related to workplace on profiles in social media like information on equipment, photos of work stations, server rooms, etc.
Over a half of online data extortions last year are reportedly classified as financial frauds. How do cybercriminals gain access to money?
The most common fraud is related to login data to online banking systems. For that purpose, the attackers use phishing and they pose as banks and other organizations or they install Trojan horses on devices of their victims and intercept some marks from the keyboard.
How can we protect ourselves against phishing?
First and foremost, we should use an efficient security solution which selects the major part of deceptive and dangerous messages. What is more, it’s necessary to train employees so that they could recognize the tricks of cybercriminals by their own.
Cloud services help companies in everyday operation? Who is actually responsible for data stored in the cloud?
Protection of data stored in the cloud is a diffused responsibility. Of course, deliverers of cloud service have to maintain the adequately high security level, however, this doesn’t mean that clients remain unpunished because they’re the persons responsible for the principles of access to their data, making strong passwords and configuration. Even if the deliverer claims that they would take care of everything and covers all loses in case of leak (which is highly unlikely, but let’s assume that someone decides on such an obligation), what does this company communicate to their clients in case of data leak? Is it going to blame the external servicer? It wouldn’t stop the clients against resigning from this company in today’s world.
There are more and more intelligent devices connected with the Internet in today’s world. Is it safe to use them from the point of view of cybercrime? How can cybercriminals use the devices within Internet of Things?
The Internet of Things devices are equipped in computers which may be used the same as classic pecets or smartphones. Additionally, due to the necessity of providing easy use, these devices very often have scant security solutions or none. A spectacular example of using such devices by cybercrimers is Mirai, the network of infected machines (the so called botnet), which is mainly composed of printers and cameras connected to the Internet, which resulted in serious problems in the Internet functioning. In order to minimize the risk, it’s worth choosing the devices from producers who pay attention to the issue of security and take care of the fact that devices connected with the Internet don’t function with default passwords allowing for access to their configurations.
Let’s say that there was an attack. Is it easy to detect it? How to react to security-breaking?
It all depends on the type of attack. If we deal with, for instance, ransomware software, which consists in coding data for ransom, the attack will be detected very quickly because there is no option of using computers and cybercriminals inform us in a message that we should pay them for returning the access to our data. A different matter is that this detection gives us nothing. If the company has no backup, data is lost.
There are some directed attacks which can be active in the victim’s network for months or even years until cybercriminals perform their all actions. After such attacks, there are practically no tracks because cybercriminals are at very high technical level and they can successfully hide all results of their actions.
The idea “it’s easier to prevent that heal” is perfect for both cases. Thus, it’s more and more important to use the most innovative security systems which can detect anomalies in the company system and identify even the unknown cyberthreats.
There is no universal reaction to this incident. In this context, it’s very helpful to cooperate with companies from the security industry as they can provide help in the analysis of incidents and preparation of changes in company infrastructure in order to prevent future violations.