Story image

Exclusive: The major risks of cyber Balkanization

Recently IT Brief had the opportunity to sit down with Anton Shingarev, VP of public affairs for Kaspersky to discuss some of the major risks of Balkanization to the cyber world. 

Can you tell me a bit more about Balkanization in the internet space? 

What we find is that the cyber world is falling apart. The united internet world is ceasing to exist. There are a few reasons why it's happening. 

You're from New Zealand? You may think come on, we are from New Zealand a remote country with no major enemies, who needs or who cares about us? 

In the modern interconnected world, you can be a very far remote peaceful country, but you can still be attacked, it can be collateral damage, it can be just random for criminals who want money, you can still be a victim. The whole country can be paralyzed, it’s a theoretical example but it can happen. 

The WannaCry attack that happened last year was a good example. Some industries were paralyzed. Myers, which is a huge transnational company was paralyzed for a week and many other companies were paralyzed, so the virus can disrupt the country and it can disrupt the economy. 

Congress finally realised that and they're scared and the natural response is to build walls and that’s why the world has fallen into many, many small pieces.

Why do you think governments are increasingly drawn to the idea of isolation? 

As I said, it's natural. When they see the threat, how can they then protect themselves from that? We think these stakeholders, the regulators think, okay, we need to impose new strict regulations and it's going to help. Sometimes it does help, but it’s not really a permanent solution. 

Once again, an example of New Zealand, there are hardcore laws in terms of bringing in foreign species. It's done to protect your unique ecosystem but you can’t do the same for the internet, right? You can’t say ‘dear hackers’, you need to check the file before sending it, please. 

So how do you overcome the challenge of governments closing themselves off? 

I would say that it goes in waves. Before everything was allowed. You could do whatever you want. You could collect as much data as you want, you could store it, whatever you want. Now, governments realize, okay, wait a minute, hold on, we need to control it. 

We aim to find a balance. So our approach is that when we're talking to governments, like regulators in Australia, we say, look, yes, there are new rules of the game so let's find them together.

What kinds of laws do governments commonly implement? 

It's about data localisation. How you store data and process data in specific territories, it's about what you can share, what is critical national infrastructure in terms of it, how you should protect it, what are the fines, what are the requirements. But like I said this kind of closing off is not great.

Can we talk a bit about GDPR, this has undoubtedly been one of the most commonly discussed initiatives, what is your opinion on it?  

I believe it's good, the intention is good. I've heard that it was one of the most discussed laws in European Union history, there were something like 1,000 amendments. It took about 7 years for the law to finally come into effect, so some parts of it are already outdated. 

But overall I think it’s a good law because it's a very clear signal, we're gonna protect the data of our users, you cannot do with data whatever you want. It's a good point to start, it should continue to evolve in my opinion. 

And there is a big discussion on EU privacy legislation right now. So I mean, if this the right direction, and also this is a good example for countries that don’t have similar laws yet, they can draft their own new laws based on GDPR.

As a cyber security company, what are some of the biggest issues Kaspersky faces when it comes to interacting with regulations and governments? 

A lack of clear rules and principles. Rules and laws are good if they exist, even if they're bad, at least there are rules. We can either follow them and operate in the country or if there are rules that are not acceptable to us, we just don’t operate there. But if there is a country without rules, we don't know how to operate and it creates uncertainty, which is bad.

So really for us, it’s all about understanding the rules and regulations of a government and that’s why having candid discussions with them is so important.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.