Dragan Davidovic (Kaspersky): Staying ahead of cybersecurity threats in challenging times

Cybersecurity continues to be a key focus for business leaders as more and more threats emerge in these challenging times. All companies need to step up their digital defenses and adapt to a world where zero trust models are becoming the norm. The Ukraine-Russia conflict has sharpened the focus of state-sponsored cyber-attacks to cyberespionage efforts and destructive sabotage attacks, hacktivist groups and ransomware groups start to take various sides in the conflict, while individuals continue to be under the attack from hackers. To learn more about all these issues and find out why the company has recently come under scrutiny for alleged ties with the Russian government, and how much truth is behind those rumors, Business Review talked to Dragan Davidović, Territory Manager for Eastern Europe at Kaspersky, in a new, exclusive interview.

1. Over the last few months, Kaspersky has been again under scrutiny, with various regulating bodies and officials questioning its independence. How is the company responding?

It is, unfortunately, not the first time that Kaspersky needs to respond to such allegations. We have always taken these concerns very seriously and tried to address them with openness and fairness and all and any of the completed investigations revealed no evidence of any incident or abuse or no clear conclusions were made public.

To this day, no evidence of any incident of Kaspersky products being abused for malicious purposes has ever been provided and there are no arguments calling into question the quality of Kaspersky’s products and services from a security perspective.

Within the Global Transparency Initiative, that we started back in 2017, we have already relocated the data-processing infrastructure to Zurich, Switzerland: malicious and suspicious files (cyber-threat related data) voluntarily shared by users of Kaspersky products in Europe, the U.S., Canada, Latin America and the Middle East, and also several countries in Asia-Pacific are processed and stored in two Swiss data centers that provide world-class facilities ensure the highest levels of security.

Read more about

Cisco study reveals very few organizations prepared to defend against today’s threat landscape

read more

Beyond our cyberthreat-related data processing facilities in Switzerland, statistics provided by users to Kaspersky can be processed on the Kaspersky Security Network’s services located in different countries in the world (Canada, Germany, Russia, etc.).

Our business operations remain stable and the company guarantees the fulfilment of its obligations to partners – including product delivery and support and financial transaction continuity.

“Kaspersky, as a private company registered in UK, does not have any tie with Russian or other government.” Dragan Davidović, Territory Manager for Eastern Europe at Kaspersky.

2. There have been rumours of ties with the Russian government for several years now, but in the current context they have intensified. Is the company in any way associated with this, or for that matter, with any other government?

No. Kaspersky is a private global cybersecurity company, with its holding registered in the UK, and, as a private company, it does not have any ties to the Russian or any other government.

Our job is to protect our customers and their data across the globe, from any cyber threats.

3. Where are the Kaspersky research teams located in the world and how did the war influence their cooperation?

Our team of researchers and security professionals counts more than 40 experts working all around the globe – in Europe, Russia, Americas, Asia, Middle East. Both the director and deputy head of our global research and analysis team are based in Europe and work closely with other researchers and global security organizations from all around the world.

Development of Kaspersky AV software is also done globally. Moreover, every process of producing updates mandatorily involves Kaspersky experts from outside Russia – including the Kaspersky’s teams in the US and Canada. This is among the company’s safeguards to ensure the integrity of the updates. The Kaspersky process of the development and release of the updates audited and confirmed by the SOC 2 audit conducted by a ‘Big Four’ auditor, ensures that Kaspersky only delivers secure updates without any risks of malicious interference.

To ensure the highest security for our users, Kaspersky’s data services have been certified for IS0 27001 by TÜV AUSTRIA as well as re-certified in 2022 with extended scope, so that data services for processing both cyberthreat-related data and statistics are covered by the certification. The certification is valid for the company’s data services located in Data Centers in Zurich, Frankfurt, Toronto, Moscow and Beijing. The final report of the re-certification is provided to our customers and partners upon request.

4. What were the main changes in the cybersecurity world that you have noticed lately?

New cyberattacks taking place in Ukraine have been identified almost every week. At the same time, we observed a significant spike in the amount of attacks against organizations in other countries, most notably by hacktivist groups and ransomware groups taking various sides in the conflict.

So far, nation state sponsored APT groups that we track have focused mostly on cyberespionage efforts and destructive sabotage attacks. Destructive attacks include ransomware such as IsaacRansom, Fake ransomware (WhisperGate), Wipers (HermeticWiper, CaddyWiper, DoubleZero, IsaacWiper) and ICS/OT wipers (AcidRain, Industroyer2).

We have not noticed any particular coordination efforts, neither between separate instances of these attacks, nor with military operations occurring at the same time (with the notable exception of AcidRain). We have also been unable to identify any particular trends in the targeting involved. Our best guess is that separate groups decided to take advantage and wreak havoc immediately after the conflict erupted. In the future, we believe the following key trends will emerge in the relation ot the new challenges in the cybersecurity world following the war in Ukraine:

• Most significant attacks will continue to happen against critical infrastructure in Ukraine with a risk of this spilling into the west, most notably, towards NATO countries supplying military equipment to Kiev
• While most of these attacks have low sophistication, massive DDoS waves can still impact the operation of corporate and government websites, which can in turn affect the average user
• While coordination between APT actors and even cybercriminals may be low for now, we believe this can change in the future. APT-powered ransomware attacks or ransomware groups driving cyberespionage with help of hacktivists can be the next step in the cyber-conflict.

5. How did you address these new challenges?

We took special steps to deploy additional sensors in Ukraine and closely monitor  the events and their impact on the world. We present our findings regularly through webinars and our private intelligence customers receive reports with our discoveries and custom analysis of publicly known incidents. At the same time, our products are updated with knowledge derived from the latest attacks, exploits and data processing in our global datacenters, such as in Switzerland, is working at peak capacity.

6. What are the trends for 2022 in terms of cybersecurity?

Threat intelligence is a high demand, quality being an important differentiator here. Companies suffer both from global and local attacks and here, having both a broad understanding of the threats but also local knowledge is very important when selecting a cybersecurity vendor.

Focusing resources in the right technologies, in the right direction is also very important. For instance, we’ve seen cases when companies develop sophisticated authentication mechanisms but forget to invest in backup or securing cloud data. Nowadays, attacks are becoming much faster, which is easily achieved with automation and thanks to modern, fast internet infrastructures, including 5G.

Staying ahead means staying informed and this means educating employees about cyberthreats and having the right tools to defend your data.

***

Dragan Davidović, Territory Manager for Eastern Europe at Kaspersky

Dragan Davidović holds the position of Territory Manager for Eastern Europe since June 2022. He is coordinating and leading Kaspersky’s Eastern European team that takes care of a diverse client portfolio needs and requests, and is responsible for business growth and profitability in B2C, SMB and enterprise cyber-security throughout the markets of Eastern Europe.

Before joining Kaspersky in 2013, he held various managing and sales positions for some of the biggest distribution companies in the Balkans.