CIOs, CISOs need to be critical while dealing with security vendors

0
1209

Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) need to be critical when it comes to working with cybersecurity vendors and they as well should not trust everything they are told by security ‘experts’ while coming up with cybersecurity strategies.

In an interview carried out by Harry Hare, Publisher CIO East Africa Anton Shingarev, Vice President (VP) for Public Affairs at Kaspersky Lab, in charge of Government Affairs, called on CIOs and CISOs to make security decisions on solutions based on facts.

“Kaspersky solutions are good and there even better solutions out there. When you choose your vendor for your organisations, don’t trust everything you are told. Trust facts and expertise and then make your own decision and keep your head switched on every time and never relax and remain on top of things,” he said.

Explaining his role as the VP for Public Affairs for Public Affairs, Mr. Shingarev said that his role involved relation with law enforcers, regulators, police and organisations around the world. He is also highly involved with organisations in United Nations, Europol, Interpol, Smart Africa and so on.

To what turned out to be quite interesting was how Kaspersky was working closely with the police which Mr. Shingarev gave areas in which they and why they collaborate in police operations in what has turned out to be a highly evolved landscape for cybercriminals.

“States are always hostile when it comes to security because they are armed and they protect because this is their domain. But when it comes to cybersecurity this is not the case,” he said.

He added, “First, states should know that cyberattacks don’t know boarders. For example, if you want to protect your cyberspace in Kenya, you cannot do it alone, you must talk to others. Cybercriminals can be in Russia, stealing money from Kenya, sending money to Tanzania and cashing it in South Africa. If you want to catch these guys, you need to collaborate.”

Kaspersky works with the police through sharing information around threats paused by Malwares. Shingarev, said that threats are international and know no boarders. Companies like Kaspersky see the global picture because they collect information about malware all around the world and share it with people and organisations, because they need this information.

“Governments are slow by nature. I don’t know the situation in Kenya but I know in most African Countries the cybersecurity divisions are just being created. If they are being created now, they need some time to get experience. You will find out that in most countries, the courses are being offered in Campus now and laws and policies being put in place, yet the threats are going every day. So even if they a cybercriminal is caught Governments have no idea on what to do with them. This is where we come in to help analyze the stolen data and the forensics around it,” he added.

On whether the police approach Kaspersky or does the company approach them, Shingarev said that their collaboration was both ways.

“If we see a crime in the territory of a country, we inform police. Another case is where if a bank is robbed by hackers and police don’t know what to do we help them out. At times from a commercial services point of view and at times we do it from a social responsibility point of view,” he added.

Kaspersky link to Russia’s hacking schemes

In July 2017, Kaspersky Lab which is Russian owned cybersecurity company and boasts 400 million users worldwide was linked to Russia’s hacking schemes but according to Bloomberg Eugene Kaspersky, Kaspersky’s Global CEO responded to the claims through Reddit saying that the claims were “unfounded conspiracy theories”.

The U.S. government didn’t however disclose any evidence of the ties. The claims were brought up because of the company’s huge technology reach which was partly because of licensing agreements that allow customers to quietly embed the software in everything from firewalls to sensitive telecommunications equipment none of which carry the Kaspersky name.

That success started to worry U.S. national security officials concerned about the company’s links to the Russian government. In early May six U.S. intelligence and law enforcement agency chiefs were asked in an open Senate hearing whether they’d let their networks use Kaspersky software, often found on Best Buy shelves. The answer was a unanimous and resounding no.

On his end Shingarev explained that the incident had not really affected the operations as they had still recorded a growth of 8% Year on Year.

“Of course, there is a significant impact in that and it is hard to measure. We must spend a lot of time explaining to people and organisations what we do and how we operate,” he said.

However, Shingarev added that in United States the situation was more serious as Kaspersky does not sell to the US Government at all. All its relations with the US Government were since frozen.

“It is even harder and harder to sell to enterprise’s in the US. In Europe it is different and not simple but we are fighting. We need to talk and spend more time explaining how we work and the global transparency initiative we announced is an effort to prove what we do,” he added.

In Africa and Asia however, the Kaspersky operations have not been affected though there are always some questions and noise that arise once in a while, but something Shingarev says doesn’t significantly influences Kaspersky’s work.

He also added that the market share in these regions has not changed much. “I think it’s more less the same but this year is critical because, there are renewals in a lot of areas. The whole noise started like half a year ago and affected just a few quarters. This year will be quite important and we cannot wait to see the figures published in February 2019,” he concluded.

LEAVE A REPLY

Please enter your comment!
Please enter your name here