Eugene Kaspersky says cyber-crooks coined it during COVID and will take a break to spend their loot

Not so fast, says infosec boffin, because crims know returning workers will be easy prey


Kaspersky CEO Eugene Kaspersky has suggested that the end of the COVID-19 pandemic will bring a slowdown in cyber-crime.

Speaking yesterday at the Kaspersky-sponsored Asia Pacific Online Policy Forum, the CEO said: "If the pandemic goes away, criminals will go away and on vacation.” He added that one reason for the slowdown would be taking time to spend all the money they stole during the pandemic, and that a return to robbery-as-usual can be expected a few months later.

This theory was swiftly shot down by Australian infosec boffin, Dr. Greg Austin, a professor of Cyber Security, Strategy and Diplomacy at the University of New South Wales.

Austin's counter-argument asserted that as workers return to offices, risky behaviour like falling for phishing emails will follow. He described cyber-criminals as opportunists who will take advantage of changes in group behavior and called for a renewed emphasis on security training and education.

Disgust emotion

Reading El Reg while working from home? Here's a pleasant thought: Kaspersky says 1 in 10 of you are naked right now

READ MORE

At the onset of the forum, Kaspersky said COVID-19 has seen new entrants to the online crime industry.

“More junior criminals are joining cyberspace,” said Kaspersky, adding “I'm afraid this is the next step in a cyber war, to hack not just the traditional computer systems and smartphones, but also to get into the industrial systems, into infrastructure, including critical infrastructure.”

The Forum also featured government officials from Vietnam, Malaysia and Indonesia, all outlining their national approach to information security.

Vietnam's Vice Minister of Information and Communication, Nguyen Huy Dung, detailed the country’s adoption of a four layer protection strategy that includes in-house security, 24-hour security services provided by an external professional, additional independent security, and a monitoring system. He also stated Vietnam had a public infosec awareness campaign, but said he sees a need for further such education.

Azleyna Ariffin, principal assistant director of Malaysia's National Cyber Security Agency, described the security of Malaysia's cyberspace as a collective effort requiring both regional and international collaborations. She also discussed a national cybersecurity awareness campaign that extends from primary school education to adulthood.

Director of National Critical Information Infrastructure at the National Cyber and Crypto Agency in Indonesia, Achmadi Salmawan, outlined the importance of engaging all players big and small, particularly in geographically and culturally diverse Indonesia where motivations and approaches greatly vary.

While the government officials largely discussed education as awareness campaigns, Dr. Austin presented an argument for a pipeline of capable, educated professionals. He said that university degrees were not enough and organisations therefore need to invest in up-to-date on-the-job training. He specifically suggested simulations and red teaming activities.

Let the (cyber) games begin. ®


Biting the hand that feeds IT © 1998–2021