IT-security. Interview with Oksana Stepenko, Head of Branch Office, Representation of Axoft in Azerbaijan - FCHAIN в России

 

Cyber crime-related losses of small and large businesses around the world are just one of the reasons for developing and using data security software. It is even higher priority for government offices and banking institutions.

Long experience, unique expertise and professionalism of Axoft personnel ensure reliable data protection practices.

 

 

Hello.

1. The Russian company Axoft is one of the most popular software distributors in CIS and has been operating in Azerbaijan since September 2016. How well did plans and expected outcomes correlate with the actual performance of the company?

During the last two years the company successfully implemented a number of large projects both in the public and private sectors. It is Axoft that brought new brands in the Azerbaijani market while strengthening positions of the existing ones there. Also, the project on integrated anti-virus protection of business facilities was successfully implemented. The work was done together with Trend Micro company and a government organization.

2. Just two years ago Axoft staff aimed at assisting local business in getting through the crisis and entering international market, what are the plans today? Do they respond to cyber attacks that became more frequent recently?

Axoft company helps its partners and their clients improve and strengthen resilience to cyber attacks. During the last two years we did a few projects for businesses. We also raise clients awareness about modern threats and how to respond to them.

We try to do free pilot projects for all clients to demonstrate information security level that the business community can obtain. Launch of such software solutions often helps identify vast number of vulnerabilities and issues in information security systems. Many of them might be even beyond the management’s knowledge.

3. How strong are the needs of public and private sectors in effective information security in Azerbaijan? Is it the case that even recently they could get alone with the simplest anti-virus software?

Business security level should be enhanced with new solutions and the overall information security framework should be adequately built.  As to the public sector, large efforts are ongoing and certain future actions are already outlined.  Threats level is far beyond routine infected spam messages. Speed and automation level of attacks are higher than ability of qualified personnel to make sophisticated and timely response not mentioning that of ordinary staff.

Therefore, we offer automated and prompt response-oriented information security systems. Today information security system is a large set of protection tools that also include anti-virus solutions. But such security solutions are much less present today than they were in the past, somewhere they are just 10-15%. Today information security priorities are sandbox protection tools, heuristic analysis and DLP.

We offer solutions that allow to build automated multi-level security system.

4. The government of Azerbaijan is concerned with increasing cyber attacks both for the country and the business community. Was it an incentive to develop information security products?

Following a number of incidents in business companies that entailed financial losses, attacks on government and media web sites, the government of Azerbaijan initiated  process of development and introduction of information security software. This refers both to the public and private sectors. This is really necessary considering exponential growth of both cyber attacks made by individual perpetrators as well as cyber wars that unfold between countries.

5. Should SMEs be concerned about reliable information security? How can cyber criminals harm, for example, a cosmetics company?

When we talk about environment, we speak about hygiene, i.e., we wash our hands, keep our clothes and house clean. Information space is also part of our environment that requires digital hygiene and security.

The whole world witnessed a number of financial information leaks including both money theft from bank accounts of ordinary individuals and illegitimate use of personal data. Digital correspondence, private photos, private life of people are accessible in social media and become a magnet for cyber attackers. Therefore, both SMEs and individuals at large need to take care of data protection. Speaking about the above-mentioned example, I can cite the following risks for the cosmetics company:

• email hacking for spam purpose and infected files mailing to clients and company partners;
• access to bank details and passwords to transfer money on the attacker’s account, for example, through replacing the supplier’s bank account number with that of the attacker;
• theft of the company’s confidential information to sell it to its competitors.

An organized cyber attack usually has certain goal or the initiator but anyone needs to take care of security.

6. Is it true that information leaks occur through mobile devices? How does it happen?

It is quite a large portion as mobile devices play significant role in life and communication of individuals. Many information systems are oriented on mobile devices, not desktop computers. As the business has become mobile, mobility has also become a business. Main information leaks are:

• viruses installed via email and chat messengers to collect all confidential data;
• when employees lose their mobile devices that have unsecure access to personal and financial information;
• as private mobile devices may not be controlled by the company’s management, perpetrators can forward email from the business email server to the private email address and make screenshots of data, for example, bank account balance.

The last type of threat should be thoroughly addressed by the management and security service, as regular checks for such leaks will safeguard not only data but also financial capital of the company.

7. Can regular use of social media by the employees during the working day affect information security of the company? Can you give an insight of how it is possible?

Yes, possibility is incredibly high. It is worth mentioning at least three factors:

1. Information leaks through social media.
2. Infection of corporate software with viruses received through social media.
3. Long hours spent in social media during the working day that affect productivity of employees.

The last factor impacts not only efficiency of employees but also includes risk of financial loss, for example, due to failed contracts conclusion.

8. According to statistics, 90% of information leaks are purposeful, but what are the remaining 10%?

The remaining 10% are either intended cyber attacks or errors of the employees. For example, if someone sends bank details of the client to the wrong email address.

9. What is the situation with the human resources and their qualifications? Are there any options to address the issue?

Qualification level is low, though there is some progress. The solution is education and training. Many employees have certificates on products and systems but do not understand their underlying principles.

10. Should information security of public and private sectors have legislative framework? Why?

This ensures minimum security standards in the country. For example, there are certificates of reliability and safety in construction including concrete and steel used. They are necessary to prevent collapse of buildings and casualties among people. Information security also needs guaranteed safeguards in public and private sectors.

11. How well is the government of Azerbaijan prepared for cooperation? What can be the benefit of integrated data protection between government institutions and banks?

Launch of e-government cloud, integrated anti-virus protection and common email service for the public sector is a foundation for protection from cyber attacks. Integrated data protection of financial and government institutions will facilitate prompt response to such threats and attacks and use of the accumulated experience in future.

Such systems are already operational abroad, for example, in Ukraine and Russia.

12. Should we assume that increased incidence of cyber attacks are related to launch of internet banking in the country and do they also have political reasons?

It’s important to make distinctions. Business becomes increasingly online and so do criminals making cyber wars.

13. Can the longest and most elaborate password protect the system? What should be kept in mind in such cases?

Elaborate password is necessary but it is not a universal solution. Therefore, most systems require two factor authorization, for example, use of password and sms code.

14. What are information security prospects in Azerbaijan and worldwide?

Many new projects are already underway. Azerbaijan can be commended for services which had been introduced earlier than in some other countries including Europe. But launch of new services requires thorough protection and security which mean there is a lot of work to do.

15. What operating principles made Axoft successful in the highly competitive environment?

Offering really efficient software solutions, extensive IT experience and expertise, constant contacts with clients even after implementation of programs and services, willingness for self-improvement, meeting clients’ requirements and finding solutions for their problems.

16. What news and wishes will Axoft have in the upcoming year?

We wish everyone reliable and secure information space that will allow our citizens to work comfortably, live happily  and smile to every new day. We are ready to create a wonderful world of information security.