The business using malicious code is growing: The development of more and more detailed rules and regulations is positive, says the CEO of Telelink Business Services Ivan Zhityanov
Ivan Zhityanov has been appointed on the CEO position of Telelink Business Services since November 2017. His career in the company began in 2004 and since then has held various positions related to the operational activities. He has a Bachelor's degree in Telecommunication Engineering from the Technical University of Sofia and an MBA from the Madrid-based IE Business School.
One year after the WannaCry virus the business is investing much more in cyber security, but hacker attacks are evolving. "Cyber security is becoming more and more challenging, and the number of the "malicious code business users" is growing," says the CEO of Telelink Business Services Ivan Zhityanov. His company is part of the Telelink Group and is engaged in the business processes and customer needs in the field of IT infrastructure, information security, digital transformation and big data. At the end of May, he was one of the lecturers at the DigitalK Conference - the forum for digital technology for business development implementation. Zhityanov, together with the manager of the Israeli cyber security company SafeBreach Alex Litvak, talked about preventing and dealing with hacker attacks, accessible protection and automation of cyber security.
The hackers’ business model
According to the expert, hacker attacks are an indisputable business model. "It's hard to measure this sector and there's no need for a flying figure to try to fix it, but it's huge," says Zhityanov. "Recent years we have seen the development of the cybercrime as a service, which speaks clearly about its accessibility and business direction," he states. That is also facilitated by the development of the cryptocurrency. "Years ago, the hacker had to move the boundaries of the virtual world to monetize the win, which increased the risk of being caught easily being an environment where he does not feel that strong," Zhityanov says.
The cryptocurrencies and the anonymity that they carry, turn the cards in favor of the hackers. "Blockchain is an example of a brilliant technology that will find more and more useful business applications in the future, but it will also become a huge weapon in the hands of malicious people if left without any regulation," claims Ivan Zhityanov.
The attack evolution
"Years ago, in order to infect a system, human intervention was a must - downloading files, opening mail or using USB drive". More and more malicious code is trying to spread itself by using the vulnerabilities in operating systems or applications", Zhityanov states. In his words, hackers are more and more using cryptographic methods to "hide bad codes communication". The code is increasingly recognizing software testing environment and is becoming further misleading. More and more viruses "manage to deceive big public cloud providers and use leased resources from them, which are typically considered legitimate and with a high level of confidence, to start or manage malicious operations," Zhityanov says. The malicious code is now also targeting the Internet of things (IoT).
According to the cyber security expert, there is a risk of "hacking" bigger and vital IT systems, but this should not be exaggerated. There are similar examples from the past year, but coping with them happens in normal timeframes. "The crisis situation mobilizes the so-called defenders, and, I believe. they will continue to be more than the malicious individuals," says Zhityanov.
Regulations can bring security
"Over the past few years there has been a significant increase in the investment in regulations, rules, safety directives, and the resilience of certain business and government entities," says the manager at Telelink Business Services. "Though many people think this is negative, I personally believe that it is extremely necessary," he concludes.
In this sense, the politicians responsible for such regulations have two choices. They can "stop technological development and thereby reduce the level of vulnerability to cyber threats or regulate sufficiently different sectors of public life to prevent huge upheavals," Zhityanov states. In his view, the second option is a non-alternate. "Of course, this must be done in an intelligent and balanced way," he says. Companies can turn new rules and regulations into an asset or means to stand out instead of seeing them as a stumbling block.
Is the business protected?
Ivan Zhityanov believes that there is no way to objectively assess whether the overall level of cyber security is rising, but the subjective attitude is exactly the same. "Indicative evidence for this can be found in the fact that cyber security investments are growing, more and more business leaders see cyber threats as a serious risk to their companies, the cyber security industry is growing and generating a huge amount of innovation, there is an upsurge in legislative initiatives to regulate cyber cyberspace", he analyzes.
The security options are many, but the expert protects the idea of "cyber security as a service". "Growing number of companies and institutions realize that when IT systems are not their core business, it is far better to trust people for whom it is the primary source of living", Zhityanov explains. An example of this are the cloud services. The question is whether a company can build the level of "reserveness, security, reliability, regulatory norm" that Amazon AWS or Microsoft Azure provides, and how much time and resources it will take. In more and more cases, the response is in favor of the external suppliers. "That is why public / private clouds are growing each year, with enormous limps", Zhityanov says.
A step back and a glimpse ahead
Bulgaria, however, is still a step back in its reflection on cyber protection, the manager states. "The level of business awareness and targeted efforts to tackle cyber threats are greatly underestimated", Zhityanov claims. For malicious hacking, the scale does not matter, he stresses. "In many cases even smaller companies and countries are targeted and relying on a lower level of protection", says Ivan Zhityanov. In his words, the main conclusion from WannaCry is that a legitimate software (Windows in this case) should be used to update itself in a timely manner. The level of awareness is likely to increase with the introduction of new regulations, including the upcoming start date of the Private Data Regulation (GDPR).
In any case, however, the cyber security sector is evolving. In the coming years, it will probably focus on machine learning models and vulnerability detection investments. "More and more tools will be used to enable automated orchestration of the many different components of a company's IT environment", says Ivan Zhityanov. "I anticipate the emergence of new and advanced security management tools in hybrid IT infrastructures," he concludes.