Country Manager Nigeria, CheckPoint Software Technologies, Rommy Okonkwo, spoke with Emma Okonji on trending security issues and how organisations could tame them. Excerpts:
How is CheckPoint coping with its technology business in times of economic recession?
Although recession is affecting every company in Nigeria but organisations must consider security very important for business continuity. Despite recession, organisations must give priority attention to security. The best measure for any organisation, even in times of recession, is to be proactive in protecting their data in terms of security.
What role can technology play in addressing the issue of recession in Nigeria?
Technology has higher chances to addressing the issue of recession in the country than anything you can think of. Globally technology is used to develop economies and in Nigeria, technology will play a major role in addressing the issue recession. I mean application of technology in the health sector, education sector, banking, manufacturing, oil and gas sector among others. Without application of technology, no organisation can actually drive business efficiently.
In the fourth annual report of CheckPoint, the company re-emphasised the need for customers to be conscious of known and unknown malware. How does malware get access to organisation’s network?
One way through which the malware can get access to organisation’s network is through the employees of the organisation, or through the vulnerability of the organisation’s network. Malware could also filter in through the devices, which could be laptops, notebooks, desktop computers, among others. It could also gain access through memory sticks and other Universal Serial Bus (USB) devices.
Why is it necessary for organisations to identity known and unknown malware?
There is great need for organisations to identify known and unknown malware to enable them get rid of the malware before they create serious damage in an organisations’ network. The unknown malware renders advanced and persistent threat to organisations’ network. These are malwares that people do not know that they exist, yet they do exist and could cause a lot damage to organisations. The known malware are the ones we are aware of, and organisations go all out to get rid of them because they see them as destructive.
Malware, whether known or unknown, gets access to the system and destroy vital data or corrupt vital data with an evil intention. It gains access to confidential files end either gets them corrupt or destroys them completely. The malware gets information from the system, sends the information to the command and control centre, from where they could make the entire system to malfunction. Someone who is in far away China can decide to launch an attack on a network space in Nigeria and it could be done successfully.
How can organisations get rid of unknown and known software?
For us at Checkpoint, we look at security from the endpoint position, because we offer complete technology solution that addresses a whole lots of issues. CheckPoint, a technology solution company, has solutions that address all of these, known as the sound boxing. Since we lead in the technology solution space, we decided to go a step ahead of the hackers in order to block every step they take, even though I am fully convinced that no solution has 100 per cent success rate in addressing the issue of unauthorised access to organisation’s network.
What the sound boxing solution does is to scan the system and ensure that malware has not gotten access to the system, and at the entry point, it sieves the malware and prevents it from gaining access to the entire network.
We did this because we have since realised that hackers come through the operating system (OS). So we go the extra mile to ensure that malwares are sieved through before they gain access, and this method is called extraction.
The extraction solution is able to scan all emails and remove the malware, before sending the mail to the email address. The solution scans the email and watch out for an abnormal behavior, before sending the mail to the recipient. So what the reader of the email does is to do the scanning and send the re-readable content to the ready without the reader knowing there was malware in the system.
At what point does the solution carry out the scanning for elimination of malware, and what happens to an individual system if the user opens his or her email before noticing there is malware in the system?
This where the CheckPoint solution comes into play. The solution also looks at post infection. If there is an existing malware in a particular system, the solution extract the readable content of the email and sends it to the user without the user knowing what is going on at the background. The solution looks at the bahavioral pattern of the folder containing the email and ensures that the folder does not gain access into the system, if it discovered an abnormal behaviour of the folder. The only time that the system get infected is when the corrupt folder is allowed to get into the system.
So what are the effects of malware on organisations?
The effect is enormous and one major effect is creating downtime for organisatons, and downtime in just few minutes, could cause huge financial loss for any organisation. When there is downtime, money is lost, workforce is affected, and the entire system is affected. So there is need to protect the server and data of any system.
At what time will CheckPoint advise organisations to apply security solutions that will safeguard their entire system?
As security solution expert, I will advise organisations to install security solution at the very beginning, before the system ever gets corrupted. Some organisations would want to wait till their network gets infected before applying security solution but such approach is entirely wrong for any organisation that runs critical data. The essence of security solution is to protect the entire system from being infected by malware or any malicious attacks. Malware can be very powerful to wipeout the entire system of an organisation within a short period of time, so there is need to deploy security solution in any organisation.
In as much as organisations are aware of the danger that malware could cause, some are afraid of the huge cost of security solution. How would you advise such organisation?
As solution provider, I will always advise organisations not to be discouraged by the amount of money to be spent on security for the purpose of business continuity. Organisations that do not want people to have unauthorised access to their system, must always do well to protect the system. It is better to spend money to protect an organisation than to leave it open for any kind of attacks.
SMEs are key to national development, despite the small size of their business. Does CheckPoint have affordable security solution for SME business?
Yes we have solution for virtually every verticals and space irrespective of the size of their business. We provide security solution for both the big enterprise business and the small and medium enterprise (SME) business at affordable rates, depending on what the SME or the big enterprise business actually needs in terms of security. We also provide security as a service, where organisations do not need to invest in security hardware, and this could cut down on cost to a great extent. We can provide a full range of security solution as a service for both enterprise and SME business, thereby cutting down on cost. Again, we provide on-premise and off-premise solution service for organisations, depending on their security needs and budget.
What are the most trending malware in the Nigerian technology space and how can organisations avoid them?
Several malware are trending in the Nigerian technology space. There is the Sality, which is a family of file infectors that spread by infecting .exe and .scr files as well as via removable drives and network shares.
Systems infected with Sality can communicate over a peer-to-peer (P2P) network for spamming purposes, proxying of communications, compromising web servers, exfiltrating sensitive data, and coordinating distributed computing tasks to process intensive tasks.
During the infection phase, Sality follows certain rules such as avoiding files located in specified folders or avoiding files with specified strings in the file names.
There is also Gamarue malware, which is a modular bot with a loader, which downloads additional modules from its server. The loader has both anti-VM and anti-debug features. It injects into trusted processes to hide itself and then deletes the original bot.
Locky is a ransomware Trojan that targets the Windows platform. This malware sends out system information to a remote server and receives an encryption key to encrypt files on the infected system.
Virut is another malware distributor in the internet. It is used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through executables originating from infected devices such as USB sticks as well as compromised websites and attempts to infect any file accessed with the extensions .exe or .scr. Other malware include Angler ek, Dorkbot and Zeus. All are very dangerous to any network and must be prevented good security solutions.
What kind of specific security solution does CheckPoint provide for organisations?
We provide various security solutions from different levels of operations. From the access point, we provide next generation firewalls with lots of intelligence that instantly stop any unauthorised access into organisations’ network. We also provide encryption solution that encrypts the hard disc of organisations, such that no one can access to corporate information of the hard disc, even when they gain access to it. We provide virtual security to protect the virtual environment.
People use mobile devices a lot to access the internet and the devices could easily be infected. How can people protect their mobile and handheld devices while on the move?
Our security solutions also cover mobile and handheld devices. For example, the CheckPoint Sand Blast Zero-Day Protection solution that runs on enterprise networks, can also run on mobile devices. Organisations that allow staff to use their personal devices to access the organisation’s network, must also protect the personal mobile devices of staff.
How flexible are your solutions, when it comes to interoperability with existing solutions of an organisation?
We do not have issues with interoperability, because we handle situations where organisations that were already running other security solutions, ask us to install CheckPoint security solution on their system and we do that successfully without affecting the operations of the entire system. Our solution can easily integrate and synchronise with existing solutions of any organisation.
What is your view about Nigeria’s cybercrime law in protecting people and organisations online?
The cybercrime law is good for our country, but there is need for proper implementation. The cyber security law can only be effective if there is proper awareness and implementation process.
What would you say is the best security solution for organisations?
The issue with security solution is very vast and there is no one specific way of addressing security issues. What we preach as a security company is about application of multi-layer security.
Managers should learn to have security solution on all layers of the organisations’ network.
What is the percentage growth of cyberattacks in Nigeria?
Cyberattacks on organisations in Nigeria is on the increase and if I should quantify it in terms of percentage growth, then we should be looking at 20 to 40 per cent growth as of today. The financial service sector is most affected cyberattcks in Nigeria.