Story image

Exclusive: The major risks of cyber Balkanization

Recently IT Brief had the opportunity to sit down with Anton Shingarev, VP of public affairs for Kaspersky to discuss some of the major risks of Balkanization to the cyber world. 

Can you tell me a bit more about Balkanization in the internet space? 

What we find is that the cyber world is falling apart. The united internet world is ceasing to exist. There are a few reasons why it's happening. 

You're from New Zealand? You may think come on, we are from New Zealand a remote country with no major enemies, who needs or who cares about us? 

In the modern interconnected world, you can be a very far remote peaceful country, but you can still be attacked, it can be collateral damage, it can be just random for criminals who want money, you can still be a victim. The whole country can be paralyzed, it’s a theoretical example but it can happen. 

The WannaCry attack that happened last year was a good example. Some industries were paralyzed. Myers, which is a huge transnational company was paralyzed for a week and many other companies were paralyzed, so the virus can disrupt the country and it can disrupt the economy. 

Congress finally realised that and they're scared and the natural response is to build walls and that’s why the world has fallen into many, many small pieces.

Why do you think governments are increasingly drawn to the idea of isolation? 

As I said, it's natural. When they see the threat, how can they then protect themselves from that? We think these stakeholders, the regulators think, okay, we need to impose new strict regulations and it's going to help. Sometimes it does help, but it’s not really a permanent solution. 

Once again, an example of New Zealand, there are hardcore laws in terms of bringing in foreign species. It's done to protect your unique ecosystem but you can’t do the same for the internet, right? You can’t say ‘dear hackers’, you need to check the file before sending it, please. 

So how do you overcome the challenge of governments closing themselves off? 

I would say that it goes in waves. Before everything was allowed. You could do whatever you want. You could collect as much data as you want, you could store it, whatever you want. Now, governments realize, okay, wait a minute, hold on, we need to control it. 

We aim to find a balance. So our approach is that when we're talking to governments, like regulators in Australia, we say, look, yes, there are new rules of the game so let's find them together.

What kinds of laws do governments commonly implement? 

It's about data localisation. How you store data and process data in specific territories, it's about what you can share, what is critical national infrastructure in terms of it, how you should protect it, what are the fines, what are the requirements. But like I said this kind of closing off is not great.

Can we talk a bit about GDPR, this has undoubtedly been one of the most commonly discussed initiatives, what is your opinion on it?  

I believe it's good, the intention is good. I've heard that it was one of the most discussed laws in European Union history, there were something like 1,000 amendments. It took about 7 years for the law to finally come into effect, so some parts of it are already outdated. 

But overall I think it’s a good law because it's a very clear signal, we're gonna protect the data of our users, you cannot do with data whatever you want. It's a good point to start, it should continue to evolve in my opinion. 

And there is a big discussion on EU privacy legislation right now. So I mean, if this the right direction, and also this is a good example for countries that don’t have similar laws yet, they can draft their own new laws based on GDPR.

As a cyber security company, what are some of the biggest issues Kaspersky faces when it comes to interacting with regulations and governments? 

A lack of clear rules and principles. Rules and laws are good if they exist, even if they're bad, at least there are rules. We can either follow them and operate in the country or if there are rules that are not acceptable to us, we just don’t operate there. But if there is a country without rules,
we don't know how to operate and it creates uncertainty, which is bad.

So really for us, it’s all about understanding the rules and regulations of a government and that’s why having candid discussions with them is so important.

How healthcare can prepare for My Health Record roll-out - Proofpoint
Australia’s healthcare sector is the continent’s biggest cybercrime target, according to a July report from the Australian Information Commissioner.
How DEX aims to guide process-enabled automation strategies
"Although automation is gaining a lot of momentum, there are many instances where early adopters have failed to achieve their business transformation and ROI goals."
Penten & Cyber Security CRC to research 'advanced cyber traps'
The research centres on how advanced cyber traps, which are used to identify data breaches as they happen, can be used in conjunction with tools such as artificial intelligence.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat
The CISO view on DevOps: How to protect privileged access in the cloud
While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods.
Nasuni receives AWS competency status for primary storage
The recognition certifies that Nasuni Cloud File Services meet AWS's strict technical proficiency requirements for primary storage.
How mass data fragmentation impacts business growth and compliance readiness
"About 44% of Australian businesses use six or more solutions to try to manage fragmented data sources and repositories."
LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.