back to article Eugene Kaspersky says cyber-crooks coined it during COVID and will take a break to spend their loot

Kaspersky CEO Eugene Kaspersky has suggested that the end of the COVID-19 pandemic will bring a slowdown in cyber-crime. Speaking yesterday at the Kaspersky-sponsored Asia Pacific Online Policy Forum, the CEO said: "If the pandemic goes away, criminals will go away and on vacation.” He added that one reason for the slowdown …

  1. Potemkine! Silver badge

    I'm afraid this is the next step in a cyber war, to hack not just the traditional computer systems and smartphones, but also to get into the industrial systems, into infrastructure, including critical infrastructure

    I wonder why cybercrooks didn't target industrial systems massively yet. Maybe because the "traditional market" is still lucrative enough?

    Cybersecurity in industrial systems is most of the time a joke. I know an example of an industrial device provider asking for an open connection 24h a day to its system without even being able to provide a fixed public IP to filter (a little bit) the input. The same provider did not realize why it was wrong, and moreover didn't care.

    There's a bright future for cybercrooks, they have plenty of devices to play with.

  2. Mike 137 Silver badge

    Excessively technocentric once again (as always)

    "... organisations therefore need to invest in up-to-date on-the-job training. He specifically suggested simulations and red teaming activities." [Dr. Greg Austin, professor of Cyber Security, Strategy and Diplomacy, University of New South Wales]

    In over 20 years of infosec consulting, I've never found in practice (or in any breach report) an organisation that was breached despite robust security management. A reactive technocentric stance is almost universal, coupled with perfunctory risk and awareness management. The result is unwitting soft targets everywhere. Simulations and red teaming typify such strategies of reactive response. They are necessary but far from sufficient.

    The most important contributions to real cyber security are [1] executive commitment so the problem is taken seriously and the necessary resources are available to manage it; [2] genuine risk management expertise so the results of assessments are not total nonsense; [3] adequate communication upwards and sideways as well as downwards in a no blame culture so those in charge find out fast what's really happening. In my experience these attributes are practically never present in any organisation, regardless of size.

    As a result we skirmish with bandits in their own territory so we lose. The reality of cyber defence is that it's not primarily a technology issue - it's a management issue with technological aspects.

    1. ThatOne Silver badge
      Thumb Up

      Re: Excessively technocentric once again (as always)

      > it's a management issue

      Like everything, everywhere. The solutions usually exist, but not the will to implement them.

      Security (of all kinds) is not even an afterthought, and if there were no compelling laws with costly penalties, most corporate buildings wouldn't even have fire extinguishers and emergency exits. After all, everybody knows bad stuff only happens to other people, so what's the point in squandering your hard-earned money?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021