The European cybersecurity summit is just a few weeks away. On May 18, the Panda Security Summit (PASS2018), a key date for European CISOs and CIOs, will be held in Madrid.
The event will see experts from companies such as Gartner or Deloitte offering their perspectives and analyzing the global cybersecurity panorama and trends in protection and threats. Attendees will also be able to see the workings of PandaLabs -our laboratory where the cyberdefense techniques are coordinated- through the eyes of its director, Pedro Uría. We have spoken to Pedro to get a preview of his talk, in which he will explain how to keep organizations protected, secure and resilient when malware is no longer a problem.
What’s the biggest challenge facing organizations and companies with respect to computer security today?
The biggest challenge is to make them aware that the security of their IT assets is critical and that they face a constant risk of attack. According to the INCIBE, Spain witnessed a record number of cyberattacks in 2017 with more than 120,000 incidents, a 140 percent increase in just two years. The forecast is for this figure to rise in 2018, and with more complex attacks.
What can we learn from security breaches based on vulnerabilities, such as Equifax?
That no organization is safe from cybercriminals. The use of vulnerabilities to infiltrate a company’s systems is a common technique. This case is the largest leak of personal information data ever known. Hackers stole the data of 147.9 million Americans.
Zero-day vulnerabilities are traded on the Deep Web and are a highly successful vector of silent attacks for criminal organizations. For example, Microsoft has just released an urgent patch for this type of critical vulnerability in the Windows Defender antivirus on Windows 10. As you can see, not even organizations such as Microsoft are secure on such critical issues as its antivirus.
Malwareless attacks and attacks without files are new trends, how can organizations and governments combat them?
The challenge for the future of cybersecurity lies not in malware, but in hackers. They are expert, highly-trained cybercriminals with resources, capable of compromising a system in an organization without being detected as they don’t use malware or files that could give them away.
To combat them, companies have to protect each and every one of their IT systems with an advanced cybersecurity solution able to constantly monitor in real time what happens on every computer. They must also be able to ascertain whether actions taken are genuinely legitimate, even though they are performed with legitimate applications or without malware.
How can we achieve resilience in the face of malware attempts to evade the scanning of security solutions?
To achieve cyber-resilience, all of the organization’s IT resources must be protected with an advanced security solution capable of detecting, preventing and remedying attacks. Similarly, the solution has to monitor in real time all processes and actions taken by users locally on the physical computer. This requires the monitoring, supervision and attestation of all processes and actions by a specialized team of experts, like the PandaLabs team.
It is also important to educate managers, workers and contractors to prevent them from being tricked into becoming an unwitting vector for attacks.
We talk about keeping organizations secure, protected and resilient when malware is no longer a problem. Have we already reached that level of protection or is malware still the main problem for companies?
It depends to a large extent on how mature a company is in terms of the importance given to cybersecurity, and the advanced protection solution it uses to protect its infrastructure.
For Panda Security, malware is no longer a problem thanks to the high visibility we have with our advanced solution, Panda Adaptive Defense and the model for classifying 100 percent of the processes that run on the endpoints we are monitoring. Thanks to this, we are able to anticipate attacks and protect the systems of the companies that place their trust in us.
Similarly, the Threat Hunting service, delivered through the Panda Adaptive Defense platform, is focused on discovering new threats, including malwareless attacks.
For other companies, malware continues to represent a big problem. Every day there is more malware, the number of incidents is greater and the trend for 2018 is set to see an increase in the volume and complexity of attacks.
Want to see real cases of attackers uncovered by PandaLabs? Don’t miss Pedro Uría’s talk at #PASS2018!