Cyber security is becoming an increasingly important issue for governments, businesses and individuals. Cyber criminals are becoming ever more sophisticated and cyber espionage is on the rise. Receiving advanced warning of incoming threats can prove advantageous for organizations looking to defend themselves from a host of cyber threats. ExecutiveBiz recently had the opportunity to talk with Panos Anastassiadis, COO of Cyveillance, a world leader in cyber security, recently acquired by QinetiQ North America. Anastassiadis has over 30 years experience in high-tech management, specializing in cyber security for the past 10 years. In this interview, he discussed the increasing sophistication of advanced persistent cyber threats, how to provide early indications and warnings to limit undetected penetrations and Cyveillance’s plans for the future.
ExecutiveBiz: What are some of the key services that Cyveillance provides?
Anastassiadis: What we provide is cyber security through advanced indications and warnings of various threats that we detect on the Internet. Traditional approaches to cyber security are all based around the notion of hardening the perimeter, hardening the firewall, and locking down the network. We are quite different than that. What we do is provide advanced indications and early warnings of threats detected in the wild before they hit your perimeter. We can find websites that conduct social engineering schemes that can fool some individuals and allow the adversaries to actually penetrate your perimeter defenses and successfully infiltrate your organization. And, we package this in various ways; one option is the classic open source intelligence where we will scour the Internet to find advanced threats against individuals, infrastructure, and information. We also provide brand intelligence, meaning we will protect the equity of these brands online and we will give indications and results to the company about market and industry trends and perceptions. We do a lot to protect companies against fraud through our anti-phishing and fraud services that protect individuals from identity theft. We also provide IP blocking which helps protect organizations by not allowing traffic towards malicious websites that, if you do visit them, you would be exposed to malware or you can get infiltrated.
ExecutiveBiz: Late last month Cyveillance released the “2 Half 2009 Cyber Intelligence Report.” Tell us a bit about the report. What were some of the key findings?
Anastassiadis: To compile the report, we use our unique capabilities to find and identify the various types of threats online. We look at the composite data and this helps us identify trends and give some valuable information to help the markets stay ahead of online criminals. What we saw in the most recent report is that the adversaries have started to move from quantity to quality. We observed a reduced total number of phishing attacks however; they stand to be more effective because the quality comes from targeting a specific high value target individual, rather than attacking 2 million people and then hoping for the best. We observed more brands being targeted and we also see a wider net cast by the criminals who target more enterprises, not focusing themselves to just the financial sector like in the past.
We also observed that traditional antivirus solutions continue to lag behind in malware identification. Because we are able to find the malware in the wild before it hits your perimeter we can provide two to three weeks advance warning on new types of threats. Through early indications and warnings we alert our customers to what is coming before it arrives at your perimeter.
ExecutiveBiz: What are some areas where Cyveillance is seeking to expand its offerings?
Anastassiadis: We’ve always had an extremely active R&D and culture of innovation in this company. We see two areas where we sense a growing market demand. One is the classic data overload and the second is around compliance issues. Let me start with the data overload. Every organization; commercial or government has way more data than it can reasonably handle. What they are asking us, is for a new type of capability – specifically a type of search that is more robust than the classic search engines and can “digest” huge amounts of data, sift through them in near real time and find the proverbial needle in a hay stack. This will allow them to “connect the dots” between relevant data points, documents or other content. This is something that we have heard loud and clear from the market and we will be unveiling a breakthrough solution in the very near future.
The second issue is around compliance and is again related to the issue of huge volumes of data. If you are one of the Fortune 1000 the amount of internal data generated is significant. You basically need to find the “needle in the hay stack” to ensure that you meet mandated regulations because non-compliance can be costly in so many ways. These are the two major areas that we have recently addressed with new offerings.
ExecutiveBiz: Concerns over phishing attacks recently have continued to grow. What are some effective methods to combat the growing levels of spear phishing attacks taking place?
Anastassiadis: That is an excellent question, the phishing attacks have evolved from the classic spelling mistakes and grammar mistakes to extremely sophisticated spear phishing, targeting high power individuals and even more. In addition to traditional approaches to the problem, we see two things that can dramatically reduce the effectiveness of spear phishing attacks. One is education of your employees; spear phishing attacks are initiated through social engineering scams because it works and people are the weakest link in the security chain. We are all human and we all make mistakes, especially as the criminals continue to get better at what they do.
The next thing would be to implement advanced IP blocking. We can provide organizations a “real-time alert data” of malicious IP addresses that access should be blocked from an organization’s employees; these are the freshest IP addresses available, many are social engineering scams we discovered while trolling the Internet. These two approaches can considerably help to eliminate phishing attacks and minimize potential damage.
ExecutiveBiz: What’s the impact of a DDoS attack on a company or a nation?
Anastassiadis: DDoS attacks happen to many companies literally every single day. What I would ask myself is ‘what could be more dangerous; a DDoS attack where there are solutions that will immediately remedy the problem or a silent infiltration by an adversary who is also engineering a malicious program to gain access to critical records’? I personally think a silent infiltration is more dangerous because you don’t know it happens. Once the adversaries are in your system, they can selectively exfiltrate information or even worse, alter or manipulate your data. That can go on for months before it is discovered, in which case you will no longer be able to trust or validate the purity of your own data. That can be catastrophic. Some recent infiltrations were launched for the sole purpose to provide some financial gain or gain access to valuable data providing the adversaries competitive or strategic market advantages.
ExecutiveBiz: The Department of Homeland Security just announced a competition to develop a plan for cyber education. How important is cyber education to cyber security broadly? What advice would you give to individuals crafting plans for the competition?
Anastassiadis: We are all human and we are prone to make mistakes. Considering that people are the weakest link in the security chain, it is absolutely critical to educate every individual that has access to the Internet. We see through schools and colleges the phenomenal growth of social media. You can “friend” someone you have never seen in your life or you may think you became a friend of somebody you know but it is a total stranger who wants to stay anonymous. We have a false sense of intimacy but without the trust. I believe we should train every single employee on the risks of the Internet. This kind of sensitivity training is extremely important as the use of social media is increasing rapidly. Considering that everybody is going to use more and more social media they should get the essential training to understand the threats and risks associated with it and be aware that social media can be used as the perfect vector for social engineering schemes.
Also, it is very easy for criminals and adversaries to understand how our system works and to game it. From time to time I see some social engineering schemes and I wonder how these guys from Eastern Europe know how the U.S. Social Security System works here? Does anyone know how the Social Security works, if it exists, in Belarus or in Armenia or other countries abroad? I don’t. I’m always impressed on how well they know our system and how well they can game it. In the U.S., it is easy to find the information you are going to look for because we are a wired, open society, everything is on the Internet and you can collect an incredible amount of personal information. Once combined, it creates an extremely fertile ground for online criminal activity.